Bugtraq mailing list archives
Re: IE4 and channels
From: hallam () ai mit edu (Phillip Hallam-Baker)
Date: Thu, 2 Oct 1997 22:42:43 -0400
On Thursday, October 02, 1997 2:14 PM, Jon Cargille [SMTP:jonathan.cargille () CyberSafe COM] wrote:
The only real question is whether the the logs that are uploaded also reveal your IP addr, and I don't know the answer to that question. The "Extended Log File Format [W3C-WD-logfile]" that IE uses for the logs certainly _supports_ client ip-addr as one of the fields in the log, but is by no means a _required_ field. So, the logs that are being uploaded may be innocuous in that regard (I haven't checked). If not, that would be an issue.
I wrote the W3C logfile draft, if you look at the archives you will note it has two sisters, a session ID draft and a logfile exchange scheme for demographic data. The drafts were written after a conference on demographic data for the explicit purpose of facilitating limited exchange of information to facillitate payment for content. The reason why I was concerned is that without such schemes sites are forced to use cache busting techniques to increas their income, they cannot know how many exposures they get through a cache so they bust it. To do otherwise costs them income - hard to justify if like all online content you are loosing money. I'm fully aware of the privacy issues etc and I believe that in the long term P3 will be a big advance for everyone. The problem I had to deal with was very short term however. - it still took almost 2 years for this to reach product, the development of the Web moves at a glacial pace. If Microsoft are uploading a field I would hope it would be the statistically unique session Id I describe. This is unique for each site but does not need stupid cookies to track a person through a site. The cookies are cryptographically formed making it impossible to correlate them across site except by exporting them through a URL of some sort. Phill
Current thread:
- IE4 and channels Alan Cox (Oct 02)
- TCPwrappers race condition Thamer Al-Herbish (Sep 28)
- Re: TCPwrappers race condition Nicolai E M Plum (Oct 03)
- Re: TCPwrappers race condition Wietse Venema (Oct 03)
- Re: TCPwrappers race condition John W. Temples (Oct 03)
- Re: TCPwrappers race condition Wietse Venema (Oct 03)
- Majordomo 1.94.4 released -- SECURITY FIXES Aleph One (Oct 03)
- web.sql vulnerability Aleph One (Oct 03)
- TCPwrappers race condition Thamer Al-Herbish (Sep 28)
- IE4 and channels Jon Cargille (Oct 02)
- <Possible follow-ups>
- Re: IE4 and channels Phillip Hallam-Baker (Oct 02)