JavaScript considered harmful (was Re: New online index to Beazley's tutorials)
Alex Martelli
aleax at aleax.it
Tue Jan 8 09:52:55 EST 2002
"Mike Brenner" <mikeb at mitre.org> wrote in message
news:mailman.1010495230.15673.python-list at python.org...
> Alex Martelli said:
> > ... We need some client-side state to ameliorate this.
> > That's basically what cookies are FOR, no matter what
> > paranoia many people choose to attach to them
> > as 'anti-privacy devices'.
>
> "Paranoia" is the wrong word, since it means an unreal rear. Unencrypted
cookies
"Just because you're paranoid, it doesn't mean they aren't REALLY all
conspiring against you". A specific manifestation of paranoia might
turn out to correspond to reality without making it any less paranoic.
> police forensics, marketers, spies, thieves, and government agencies, it
is
> normally not in the interest of the user.
The only subjects on this list that can be reasonably (non-paranoically)
be presumed to set cookies on my machine are marketers. And the assumption
that it's not in my interest to receive (e.g.) targeted banner-ads rather
than the usual shotgun approach bears examination. Say that a marketer
does learn (oh horrors!) that I'm interested in Python, spanking,
Wittgenstein,
Byzantine history, classic motion pictures, Baroque music and Leonard
Cohen's
lyrics. If this means that half of the banner ads I currently get for
online
casinos, mortgage refinancing, magazine subscriptions and jewelry are
instead
replaced by ads for products and services I might conceivably be interested
in purchasing, am I suffering grievously thereby...?
That doesn't mean it's OK for personal information to be collected for the
purpose (whether it's OK or not depends on legislation that may vary between
different jurisdictions -- it's illegal in Italy); but it does mean I can
evaluate as "paranoic" (in a hyperbolic sense, of course) the personal
choice
of doing without substantial convenience in order to protect such info.
Of course, if I'm interested in attracting visitors to a site, I don't
particularly want to turn them off just because I may consider them to
be over-reacting to perceived threats -- that's their business, and mine
is still to attract them anyway. I may therefore have to advertise a
"no cookies, protect your privacy!" option, just as I may have to put
disclaimers that "no bits were damaged in the course of this production",
or reassurances that all of the pages of this site use 100% recycled HTML
tags. Whatever it takes to drum up traffic, of course.
But I still want to offer optimal convenience to those visitors (which I
believe will outnumber the, ahem, "extremely prudent ones") who care more
about such things. Again, I judge this will work in favour of attracting
regular visitors to the site.
Being able to visit a site effectively, without having to turn on Javascript
(or Java, for that matter), does substantially increase my safety. Cookies
are just not in the same league as a security threat.
Alex
More information about the Python-list
mailing list