JavaScript considered harmful (was Re: New online index to Beazley's tutorials)

Mike Brenner mikeb at mitre.org
Tue Jan 8 14:05:52 CET 2002


Alex Martelli said:
> ... We need some client-side state to ameliorate this.
> That's basically what cookies are FOR, no matter what 
> paranoia many people choose to attach to them 
> as 'anti-privacy devices'.


"Paranoia" is the wrong word, since it means an unreal rear. Unencrypted cookies violate the user's privacy completely, and even encrypted cookies can tell which web pages the use has been visiting and what has been done. In addition, cookies violate statistical anonymity; for example, by examining such things as cookies, logs, side-channel messages (for example sent by adbots or licensebots), etc., a lot of information can be gained about a user. While this information is very useful to police forensics, marketers, spies, thieves, and government agencies, it is normally not in the interest of the user.

A better word would therefore be "fear" instead of "paranoia".





More information about the Python-list mailing list