Quote:
Originally Posted by pseudonym
I think you might be creating the wrong type of cookie there. (uid & OPTED_OUT are webwise.net "master" cookies)
According to R.Clayton the phorged cookie will be labelled / contain "webwise" and the value of the opt-out cookie will be "OPTED_OUT".
|
Just looking at the text of Richard Claytons analysis... it is very confusing.
It talks about a 'webwise' labelled cookie for the UID. Does that mean the cookie is named webwise, or the name is chosen by Webwise?
And when it talks about the method used to copy the 'OPTED_OUT' value, it says "If the user has set a cookie within the webwise.net domain indicating that they do not wish to be tracked, then this preference setting will be copied (by the method already outlined) into the cookies created for all other domains. That is, the cookie for these domains will have a generic "OPTED OUT"
value and there will be no UID".
Is that
name "OPTED_OUT" and
value "YES" per the webwise domain??
This whole thing is such a technical shambles. See para 33 - if you opt out, your UID is sprayed across every site you ever visited. Your visits to those sites would still be profiled, even though you thought you'd opted out, while the copied UID cookies persisted.
We must stop this cack every being launched. It is
cack. Utter utter utter
cack.