1997-04-20 - Re: SSL weakness affecting links from pa

Header Data

From: Adam Shostack <adam@homeport.org>
To: steve@edmweb.com (Steve)
Message Hash: c5faf59009a42deebdf77f088a60c15472a217883a3e4a3187374df57ed21735
Message ID: <199704202032.PAA05999@homeport.org>
Reply To: <199704192038.NAA19881@kirk.edmweb.com>
UTC Datetime: 1997-04-20 20:35:33 UTC
Raw Date: Sun, 20 Apr 1997 13:35:33 -0700 (PDT)

Raw message

From: Adam Shostack <adam@homeport.org>
Date: Sun, 20 Apr 1997 13:35:33 -0700 (PDT)
To: steve@edmweb.com (Steve)
Subject: Re: SSL weakness affecting links from pa
In-Reply-To: <199704192038.NAA19881@kirk.edmweb.com>
Message-ID: <199704202032.PAA05999@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


Steve wrote:
| > If the Netscape folks would integrate digicash into Communicator,
| > then I could program my browser to only send referer to sites that
| > paid for the information, and rent cookie space.  Want your cookie to
| > live till 1999?  Thats 24 months, at 50 cents per month...do you want
| > to pay?

| That would only work until someone abuses it. People could create web
| robots to run around selling referers and several gigabytes of
| worthless cookie space. Worthless, because nobody cares about the web
| browsing habits of J. Random Robot, and they certainly don't want to
| blow $50 e-bucks on the bot's repeated visits.

	Thats true, but can they avoid it?  I'm considering writing a
database pollution bot, which runs around, claiming to be Mozilla or
IE, and randomly following a link once per minute.  Why?  Database
pollution.  If there are a few thousand of these randomly collecing
links and creating arbitrary (or perhaps biased) viewing habbits in
the databases of the advertisers, then their individual data becomes
worth less.  They'll need to actively solicit peoples permission to
collect data before doing so, to avoid people polluting their
databases.

	Similarly, putting a randomly generated email address in those
sign up fields produces pollution in the data used by spammers, which
costs them (and no one else) money.  If you run your own site, you can
even bit bucket the email, trading their bandwidth for yours, and
making them think they're delivering more junk email than they are.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume







Thread