State or Confusion (was:RE: [thelist] Pop-up when user leaves sit e.)
Peter-Paul Koch
gassinaumasis at hotmail.com
Tue May 22 03:50:49 CDT 2001
>Thanks, err, Mr. Koch. (How shall I address you, sir?)
Eventually everyone end up saying 'ppk', though I admit 'Mr. Koch' is rather
stylish <g>.
>I might think, then, that the security mechanism is what is prohibitive
>about reading it out.
Yes, this is a security feature. The purpose is to prevent reading out too
much information about the user. If the mechanism weren't there, I could
easily write a script that goes through the other open browser windows,
notes what pages are shown and thus allow me to create a profile of the user
and sell it to advertisers. No go.
>So, generally speaking, it would seem that site-experience management is
>not very well developed in the web model.
What do you mean by 'site-experience'?
>As deke points out in his latest post, the web is stateless. What I wonder
>is the usefulness of capturing the transition from one site to another.
At the very beginning of the WWW, it was determined that the HTTP protocol
would be state-less, which basically means that it doesn't remember
anything. Any HTTP request that asks for a page, is new to the server.
Meanwhile cookies and session variables have been invented to allow one
server to keep track of what a visitor has done, but this doesn't work
cross-domain. Besides, as you will note, this is an extra feature built on
top of the statelessness of the WWW.
>Perhaps in terms of security, privacy, credibility, etc., it may be useful
>to know of transitions from and to other sites. But, wait, maybe this is
>where third-party certification steps in...
From a privacy point of view this is *not* useful to know, it actively
endangers privacy as we see it now.
As to security, you shouldn't let your security model hinge on where a user
comes from. Passwords and such are a much better idea.
Credibility: don't know what you mean.
Anyway, this whole model is based on the statelessness of HTTP.
Statelessness wasn't invented to protect privacy, it was done to keep the
tasks of a WWW server simple, but it serves rather well in protecting
privacy.
>BTW, is this level of <euphemism>abstract thinking</euphemism> allowed in
>this list?
I should hope so!
ppk
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
More information about the thelist
mailing list