(no subject)

James Pitkow (pitkow@cc.gatech.edu)
Thu, 27 Jul 1995 04:48:06 -0400 (EDT)


rst@ai.mit.edu (Robert S. Thau) wrote:
[example of a site with hacked session ids and its disadvantages]
> To put it another way, the ostrich approach to, say, the privacy
> issues with session-id won't work at all. If you're concerned, try
> something else.

No sale. I remain firm in my position that privacy on the Web can be maintained by
policies like those in Europe and now by MSN that do not allow data fusion with out
consent. These policies forgo a lot of the technical issues.

For instance, television has had the ability to be instrumented with the capability
of monitoring what you watch and when. Despite market pressures, it has never been
done (though it may very well happen under our eyes with interactive TV).

The W3C may decide that it wants to help protect the privacy of Web users, and then
again, it may bow down. Regardless, within site analysis with consent is more or less
benign and there are plenty of ways to technically accomplish this. Enabling the client
to control and override ids is a must in my opinion, but this again is not a technical
issue, but one of interface and policy, which the W3C could either decide to impose
requirements upon their presence or not. Market pressures, while strong, do not always