Security is a big issue that will become even more significant as more of us get broadband connections that are always on and that have a consistent (although rarely permanent) IP address. More and more products will probably focus on users who find their machines have become open to attack because of their nifty high speed connections.
But there will always be tradeoffs between convenience and security. The most secure networked machine will be difficult and inconvenient to use. Because of that, most of us accept some security risk for the sake of convenience.
Which brings me to cookies...
The new SI therefore won't function unless you enable cookies, which means they can keep track of the various threads/pages you use.
SI doesn't need cookies to do that. Cookies would, in fact, tell them less than what they can learn from server logs. Whether we use the new cookied site or the old non-cookied site, SI could -- if they wanted to -- find out who we are and where we go since we must log in to use the member version of the site. That could tell them what the current IP address of that user is. The server logs would then tell them where that user went anywhere within the "Go2Net network". Some folks are so paranoid about that kind of thing that they will use IP masquerading services. But the big question is: Why would they care what one person does on their site? Unless you're trying to do something wrong -- like maybe masquerade as a different user -- they'd have no reason to follow the trail of a single user.
The kinds of things they are probably interested in knowing are marketing issues like: How many users go from SI to the Go2Net home page or some other feature of the site? They might even want to "drill down" (as such folks are likely to say) to find out if users of particular threads are more or less likely to use particular features of the site.
Cookies are rarely useful in such studies except in this way: Sites can use cookies to determine if and how often a user comes back to that site. (Only with great difficulty can they be used to find out where else the user has been.) But again, that's information that's useful only in a generalized sense.
In the particular case of SI, they use cookies for two things: They allow a user who chooses the option to automatically log in to the site and they store configuration information. (The arrangement of the toolbar at the top of the page is stored, not on their servers, but on the individual's machine in a cookie.)
It is usually a convenience issue. I actually like cookies. When I click on the "Go2Net" logo up there, I get a personalized page that includes only the items that I want to see. When I click on the "e" logo in the right hand corner of the browser, I get a personalized version of the MSN portal page. That convenience happens because of cookies. I'm willing to accept the slight security or privacy risk that arises because of them. I know, for instance, that Microsoft could, if they wanted to, figure out not just where I go in their site, but also that I own NT 4, Office 97, Office 98, FrontPage, and so on. They could even figure out my address and phone number if they wanted to, since they have that information. They could figure out all that stuff if they wanted to.
But it's the "if they wanted to" that's important. They don't want to and are unlikely ever to want to. MSN.com doesn't care about me as an individual. Neither does Go2Net or Snap or Amazon or any of the other sites I visit and which store cookies on my drive. To the extent that I ever even make it onto their radar, it's as a generalized entity, as a member of some marketing class. To GNET, I might be considered a member of the class of users who post on SI. To Microsoft, I might be considered a member of the class of users who only rarely visit the MSN home page. |
