[SC-Help] Re: antiphishing.org
nobody at spamcop.nwt
Thu Apr 1 12:46:06 EST 2004
Honest Marjolein, I'm not trying to turn this into a phissing contest (pun
intended), but I feel I'm either communicating poorly or being misunderstood
here. So, I wish to politely make a couple of clarifications and I'll drop
the subject. I am fully aware that I am communicating with a person in a
different country. In fact, I look for your name when I'm looking to see
what quality of responses to people are. You are one of about 5 people I do
=== Pls see inline:
"Marjolein Katsma" <nobody at spamcop.net> wrote in message
news:Xns94BBDFF7282EFhomesitehelp at 18.104.22.168...
> Spam Pop (nobody at spamcop.nwt) wrote in
> news:c49gqg$4pk$1 at news.spamcop.net:
> > Yeah, I know I can ignore or block all. But I don't.
> > In a way I do agree with you, but past experience has taught me that
> > if they have to have more than a couple of cookies per page, and if
> > they are third party cookies especially, then they are doing more than
> > just checking on which of their pages I found interesting and where I
> > was before I arrived there.
> If the site is just as usable without cookies they're unlikely to be
> using them, actually. Some server-side software simply generates cookies
> and makes it very hard hard for a webmaster to prevent them from being
=== See, that's my problem: If they aren't using them, the should either
1. Not use them, or 2. Explain why they cannot control them and maybe even
what's being collected. I've seen it happen lots of times on trusted sites.
Ignoring is too often a lie by commission and a lie by omission.
> Third-party cookies are just that - cookies not sent by the site itself
> but by whatever serves some of the embedded content (such as ads); the
> site itself can't even get at those cookies.
=== Let's see, we're discussing phishing.org, right? Off-site, I agree
they have no control or access to the cookies. That's MY decision to go to
or not. I chose not in most of the cases. However, several of the cookies
were from pages with phishing.org in the address, so ... third party cookies
have no business being there and since they are sent covertly, have an
apparent "bad guy" value. I don't care for first party either, but endure
them in several cases for obvious reasons, as I will also endure rebaking of
I expect ONE cookie from most sites, and don't mind as long as they
aren't data miners aimed at my internals. I'll go so far as to allow three,
depending on when they come and whether I can tell when they're presented
what they're doing. Session cookies of first party get an almost instant
pass from me - up to 3 times per page, unless it's 3 times for EVERY page.
I go a lot on gut feel plus the content/meit of the cookies for up to
three. After that, all rules go away and it's personal.
> > First party cookies are bad enough, but when they're third party or
> > of
> > the wrong type, I draw the lines UNLESS they have told me I'll get
> > them, and what they're doing with them.
> They can't do anything with third-party cookies because they're not
> getting them - only the third parties in question will (if you allwo
=== That's my point. Pls see above.
> > Near's I can tell, http://www.antiphishing.org/phishing_archive.htm
> > is
> > an OK netizen and responsible, but I get paranonoid when any site
> > wants to know that much about me - why they waste so much of my BW for
> > things they don't need.
> "That much"? They're maybe sending cookies they don't need, and third-
> party cookies don't count. What is it they want to know? They have a
> reporting form, but you don't need to use that, just use the email
=== Yes, that much. If they send cookies they don't need, why send them?
I'm not sure I understand what you're getting at here. But, "that much"
wise, back in the "old days" before I got picky about security, at 4k hd
space per cookie, they were totalling many Megabytes of wasted space that I
had to devote unnecessary time and effort to get rid of. Then, sure as
heck, you'd discover too late that you actually wanted a couple of those
cookies (they ARE useful in less than 0.1% of the qty received).
So, when the point came I was switching macines, I took the opportunity
to also start managing the cookie situation. I was pretty rudely surprised
at the uses and intents of many of them, so from there it went to per-cookie
control which at first was a pain but is now a simple process and takes
little disk space..
So as a result of all the above, whenever I run into a site with an
onslaught of cookies, I avoid them. Yeah, it's easy enough to just deny
them, but it's even easier to not go where they are in the first place since
they are ALL delivered covertly, and keep them off my system. It's bass
asckwards to expect ME to know when cookies come - the server of the cookies
is the one responsible. Then on the other hand, there are cookies that I
want. So IMO, I've approached the ideal situation and done so with a small
amount of security to boot.
OK, OK, I'll quit ranting, which I just realized I was doing. We're all
entitled to our opinions, those are some of mine in this area. Obviously
our opinions don't align, and that's fine. Normal even ;-}. Cookies aren't
inherently bad, but their malicious use is.
> Marjolein Katsma - Amsterdam, NL - http://hshelp.com/
> Spam reporting addresses: http://banspam.javawoman.com/report3.html
> Spammers steal resources: they're my enemy.
> Cyveillance steals resources: they're my enemy.
> The enemy of my enemy can be my enemy, too.
More information about the SpamCop-Help