FTC: Consumer Privacy Comments Concerning The Junkbusters Corporation--P954807 (Part1) JUNKBUSTERS (TM) News Release Contact: Jeannette Boccini Oboccini@krantzgroup.com)
FOR IMMEDIATE RELEASE JUNKBUSTERS TELLS FTC: PRIVACY LAWS SHOULDN'T
BE RESTRICTED TO --Junkbusters Corp. President Jason Catlett Urges FTC and Legislators to Address Americans' Basic Privacy Needs-- New York, NY -- June 4, 1997 -- Junkbusters Corp. today announced that it will urge the FTC and legislators to consider the fundamental privacy needs of Americans, not just to react to recent problems on the Internet. "Privacy legislation that is specific to the Net is probably attacking symptoms rather than the disease," said President and CEO Jason Catlett. He pointed out that Americans still lack the right that most Europeans were guaranteed more than twenty years ago to examine and change the records kept about them by businesses. "People should have a free, simple and legally enforceable way to tell all companies not to sell or 'share' information about them, regardless of whether that personal information goes on the Internet." Junkbusters's written comments before the Federal Trade Commission propose a way that legislators could give consumers the right to protect their names from commercial exploitation without their consent. The proposal extends an existing law governing the US Postal Service, which gives consumers a free way to stop any company from sending them unwanted solicitations by mail, simply by filling out the USPS's brief Form 1500. The Federal Trade Commission's Bureau of Consumer Protection has invited Junkbusters to make presentations at its Public Workshop on Consumer Privacy on June 10-13. The Commission's investigations into commercial databases of personal information, privacy on the Web, and junk e-mail will culminate in a report to Congress, which is currently considering a flurry of proposed privacy laws ranging from Social Security Numbers on the Web to junk e-mail. Addressing increasingly widespread concerns that marketers are using "cookie" technology to turn the World Wide Web into a global surveillance device, Junkbusters will demonstrate its free software product, the Internet Junkbuster (TM), which counters cookies and other threats to online privacy. "Most people still think that nobody else knows what they do with their Web browsers. They haven't heard the bad news that marketing companies are building long-term comprehensive profiles of everything that people search for, what they click on, and what sites they visit. The good news is that the tools are now freely available to make Web browsing practically anonymous. but few people are aware that such products exists. What's urgently needed here is education, not legislation," said Catlett. Junkbusters counsels caution to legislators even on the increasingly vexing issue of junk e-mail ("spam"), which Junkbusters has taken a leading role in helping consumers to exterminate by using strategies for private legal action. Junkbusters's written submission to the FTC examines difficulties with simply banning spam, such as jurisdictional limits. It points to legal methods of forcing spammers to bear the costs of their actions, which if widely used would render spamming uneconomical. Catlett will discuss these methods on an FTC panel to include prominent lawyers, consumer advocates, Internet leaders and spammers. Junkbusters's web site (http://wwwjunkbusters.com) is a leading consumer resource on the control of telemarketing calls, unwanted mail, email, and commercial invasions of privacy. The company's flagship service, Junkbusters Declare (SM), gives consumers a free and easy way to say what they want and don't want from direct marketers, and to tell companies that sell mailing lists not to "rent" their names. Its other free, web-based service, Junkbusters Spamoff (SM), has become one of the Internet's most popular ways to deter junk emailers. Its widely-used free privacy-enhancing software, the Internet Junkbuster (TM) blocks unwanted cookies and banner ads. Junkbusters is a "virtual corporation" whose mission is to free the people of the world from junk communications. The Delaware-registered company has an international team of technology and marketing specialists on three continents. This document is http://www.junkbusters.com/ht/en/nr5.html Consumer Privacy 1997 -- Comment, P954807 (Original Doc. No 32) Excerpted from http://wwwjunkbusters.com Additional Material Submitted to FTC by Junkbusters Corp. 1. How Web Servers' Cookies Threaten Your Privacy 1.1 You can be tracked from your mouse clicks 1.1.1 The pages you read tell marketers what junk to push on you Imagine that your remote control informed stations the second you switched to them, and that they could sell this information to their advertisers to help them decide what junk mail to send you. Would you want to be pushing buttons on a remote that could tell an insurance company to phone you while you're watching a program about financial planning? Well, your mouse and browser may be giving them exactly that power, except that instead of just the channel number, they are getting the exact URLs of the Web pages you look at. We want you to know how they can identify you individually and how you can protect your identity from being discovered and sold. Don't let them use your browser as a tool of surveillance. 1.1.2 What your browser tells them Your browser is probably revealing more than you might want: which computer you are coming from, what software and hardware you are using, details of the link you clicked on, and possibly even your email address. For specifics on your browser click on our demonstration page. If your ISP is running an identd demon, servers can ask for your identity at the time your browser requests a page. Try our test to see whether this is happening to you. Some firewalls (rightly) block these requests, so if the browser goes silent just interrupt the transfer request with the stop button. 1.1.3 How they can find out who you are All they may need is your email address because various databases let them look up your name and address from it.
1.1.4 Cookies tell them it's you every time you click Many organizations use "cookies" to track your every move on their site. A cookie is a unique identifier that a web server places on your computer: a serial number for you personally that can be used to retrieve your records from their databases. It's usually a string of random-looking letters long enough to be unique. They are kept in a file called cookies or cookies.txt or MagicCookie in your browser directory/folder. They are also known as "persistent cookies" because they may last for years, even if you change ISP or upgrade your browser. The two most popular browsers support cookies; almost all others don't. If you look at your cookies file you may see the names of web sites that you have never heard of. They were probably put there by companies that resell advertising space from a large number of popular sites. Those ad placement companies maintain huge databases recording details of who looks at which pages. The larger ones have cookies in place on millions of peoples' browsers. If you use one of the popular search engines, the queries you type are probably being logged and analyzed too. We wonder whether some companies are selling your identity as part of the package. Any web site that knows your identity and has cookie for you could set up procedures to exchange their data with the companies that buy advertising space from them, synchronizing the cookies they both have on your computer. This possibility means that once your identity becomes known to a single company listed in your cookies file, any of the others might know who you are every time you visit their sites. The result is that a web site about gardening that you never told your name could sell not only your name to mail-order companies, but also the fact that you spent a lot of time one Saturday night last June reading about how to fertilize roses. More disturbing scenarios along the same lines could be imagined. 1.1.5 How to disable cookies There are of course many convenient and legitimate uses for cookies, as Netscape explains. But because of the possibilities of misuse we recommend disabling cookies unless you really need them. The Internet Junkbuster is a good first line of defense, stopping perhaps 99% of cookies. But you should also tell your browser that you don't want cookies. Your browser probably only gives you the option to refuse each cookie at the time it is pushed at you: you have to keep saying no every time.
Your browser may be different: it may not support cookies, or it may not allow you to stop them. Even if it does, you may have to click on cancel each time a web site wants to push a cookie on you. (Some set several per page.) A different method that may work is to make the cookies file read-only. We have had reports that Netscape behaves gracefully in this situation, but not all others take it so well. However, any browser could cache cookies even when it can't write them to a file. If you remove the file your browser will probably just quietly make a new one. 1.1.6 Other things you can do to protect your privacy on the Web The Internet isn't an easy place to keep your privacy, but a few Web sites help.
Our services follow the principle that information about people should be made visible to those people and be approved by them. And we don't push cookies. 2. Internet JUNKBUSTER Frequently Asked Questions 2.1 The Top Ten Questions For a list of the questions on this page (without the answers), see our Table of Contents. It also contains detailed pointers into our pages on busting junk e-mail, junk mail and telemarketing calls. 2.1.1 What is the Internet Junkbuster and what does it do for me? The Internet Junkbuster Proxy (TM) blocks requests for URLs (typically banner ads) that match its blockfile. It also deletes cookies and other unwanted identifying header information that is exchanged between web servers and browsers. These headers are not normally accessible to users (even though they may contain information that's important to your privacy), but with the Internet Junkbuster you can see almost anything you want and control everything you're likely to need. You decide what's junk. (SM) 2.1.2 Is there a license fee / warranty / registration form / expiration? No, none of these. It's completely free of charge. JUNKBUSTERS offers you the software to copy, use, modify and distribute as you wish, forever, at no charge under the GNU General Public License. It comes with no warranty of any kind. You don't have to register, in fact we don't even provide a way to do so: the practice of registering software is almost always just an excuse to send you solicitations and sell your name and information about your behavior. You are welcome to obtain and use our software as anonymously you wish. (Your IP address will naturally be disclosed when you download it, so if you work for a web ad company you might want to use a service such as the Anonymizer when you get it. We never want to be given any information that you consider private or confidential.) We are often asked why we give away a product that many would happily pay for. The answer is that we are determined to carry out our mission: to free the world from junk communications. 2.1.3 Does it run on Windows? On a Mac? On the AOL browser? For the latest information on availability, see the Distribution Information page. But you don't need to have it running on your computer if you get your ISP or Systems Administrator at work to run it. 2.1.4 How can I get my ISP to run the Internet Junkbuster? First check whether they already are. Most ISPs would announce this on their "News" page or their pages for new subscribers. If they state that they are considering whether to install it, allow them time to do it. If they say they will not provide it, you might want to consider switching to an ISP that does. If they appear to be unaware of it, you might send them email including the follow URL, asking them to provide the Internet Junkbuster for their customers. http://www.junkbusters.com/ht/en/ijbfaq.html#isps 2.1.5 Who chooses the options that control what is blocked? Whoever starts the Internet Junkbuster chooses the options and the blockfile. If your ISP runs it for you, they have to make these decision (though they may give you a choice of proxies, and a way to suggest new URLs to block). If you run it on your computer, You decide what's junk. (SM) 2.1.6 How, do I run the code on my computer? If you are using UNIX you download it, compile it, start it running, and then configure your browser. If you are using any other operating system you would need to port the code. You are welcome to do this, and if you would like us to consider publishing your ported version, please tell us. 2.1.7 How can I tell which blockfile and options are being used? Your ISP should have a page specifying the options they chose, but you can check by going to http://internet.junkbuster.com/cgi-bin/show-proxy-args or to any UR. ending in show-proxy-args (even if it doesn't exist). It needn't exist because the Internet Junkbuster 1.4 intercepts the request, blocks it, and returns in its place information about itself. This is also useful for checking that your browser really is going through an Internet Junkbuster. If you wish to check the header information your proxy is actually sending, a visit to http://internet.junkbuster.com/cgi-bin/show-http-headers will give you the more relevant ones first. 2.1.8 My browser started giving me "server not responding" messages Once your browser is told to use a proxy such as the Internet Junkbuster, it thinks of it as its server for everything, so this message means it can't talk to the proxy. The Internet Junkbuster may not be running, or you may have specified its proxy address incorrectly. Check that the details you entered are correct. If you have telnet you can try connecting to the appropriate port to see if the Internet Junkbuster is running. If your ISP is running the Internet Junkbuster, you may want to check with them. If you are running it yourself under UNIX, try looking at a ps ax to see if it is running. The port specified in its options should be the same one as your browser has configured. 2.1.9 I've got this great idea for a new feature. Who do I tell? We'd be very interested to hear it, but please bear a few things in mind.
2.1.10 My question isn't listed here. Who do I ask for support? The answer to detailed technical questions may be answered in manual page, or in the source code. Also double-check this page for an answer: using the "find" feature on your browser for likely keywords may help. If your ISP is providing the Internet Junkbuster for you, and your question is about how to use it, check their web page before asking them. Even though we don't offer the kind of support you might expect if you paid a lot of money for a software product, you can still ask us. But before you do, please consider whether you could ask, someone closer to you. And please be patient if we're slow to reply: we never charge consumers for our services, so we have to subsidize consumers with revenue from companies, and our resources are limited. If your company might be interested in paying for a maintenance contract with phone and email support, please tell us. 2.2 Configuring your browser to talk to the Internet Junkbuster 2.2.1 What is the proxy address of the Internet Junkbuster? If your ISP or company is running the Internet Junkbuster for you, they will tell you the address to use. It will be the name of the computer it's running on (or possibly its numeric IP address), plus a port number. Port 8000 is the default, so assume this number if it is not unspecified. Sometimes a colon is used to glue them together, as in junkbuster.pro-privacy-isp.net: 8000 but with most browsers you do not type the colon, you enter the address and port number separately. If you are running the Internet Junkbuster on your computer, the machine will probably be local-host and the port will be 8000 unless you have told the Internet Junkbuster to run on a different port with the -h option. 2.2.2 How do I tell the browser where to find the Internet Junkbuster? All current browsers have a place where they are told which proxy to use. You enter the same information under two lines: one for HTTP, and one for the Secure Protocol if your browser supports SSL. If you find some information already entered for your proxy, see the next question. Here are the menus you go through to get to the one to configure your proxy. (We also recommend that you disable Java, which is a separate operation.)
If your browser is not listed here, or if you notice an error, please tell us the correct procedure. 2.2.3 What should I do if I find another proxy is already configured? This is the case if you already find values set where you would enter the proxy details, or if anything is entered under Automatic Proxy Configuration (in the case of Netscape and MS-IE 3.0.) It's probably a firewall proxy between your company and the outside world, or a caching proxy if you're using an ISP. What needs to be done in this case is to use the -f option to tell the Internet Junkbuster the address of the other proxy. Specify a different (unused) port number with the -h option, and configure your browser to use that port. If you haven't done this kind of thing before, it's probably best to consult your systems administrator or ISP about it check their web page first. 2.2.4 What if I want to stop using the Internet Junkbuster? Just go through the same procedure you used to start your browser using the Internet Junkbuster, but remove the details you put in (or if there was something there before, restore it). You may need to use Save Options to make this change permanent. 2.3 Setting up the Internet Junkbuster on your local computer The Internet Junkbuster 1.4 currently runs only on UNIX. 2.3.1 How do I install the code? If you are running Redhat Linux you may prefer to use the rpm instead of the following procedure.
2.3.2 How do I get my Internet Junkbuster to talk to another proxy? You may want to do this if you are using a caching proxy from your ISP or a firewall proxy between your company and the outside world. If you're running the Internet Junkbuster on your local computer, use the -f option to tell it where to find the next proxy, which might be something like -f cache.your-isp.net:8080 depending on your ISP. You tell your browser to use the Internet Junkbuster for HTTP and Security Proxies as before, but you probably want to keep the caching proxy for FTP and other protocols. If your ISP is running the Internet Junkbuster for you, they have probably already decided whether to chain with a caching proxy. They may even give you a choice of options. 2.3.3 How does the Internet Junkbuster work with SOCKS gateways? Version 1.4 offers support for some gateways. The gateway protocol is specified on the command line with options such as -g socks4:yourgw.yourcompany.com:1-080 (see the manual for details.) Note that the browser's proxy configuration must not specify a SOCKS host: it should specify the proxy as described above. 2.4 Information for companies 2.4.1 Should we provide the Internet Junkbuster for our employees? That depends. Try this quick three-point test.
If the answer to all three questions is yes, then you probably don't have any need for this kind of product. 2.4.2 I run an ISP. What issues should I consider before offering it? Here's a checklist we've developed from working with a few ISPs. You may think of more, and we'd be interested if you're willing to share them with us.
2.4.3 What s a Proxy Server Server and how can I make money as one? Other organizations with web presence and some bandwidth to spare can set up as Proxy Server Servers (PS2s). The idea here is to allow users to choose their proxy configuration, and provide it to them on a semipermanent basis. Users would fill in a form specifying what options they want in their proxy, possibly even at a very high level, such as "no ads" or "no nudity." This information is sent to a CGI script that configures a proxy, starts it running, and returns its address and port number (possibly along with configuration instructions for the browser-that the user specified.) Users could be charged a subscription fee, or the service could be thrown in free in the hope of improving customer retention for some existing business (which is what ISPs are doing). It might be possible to make money by inserting new ads in the holes left where others were blocked, but the original owners might object. PS2s could differentiate themselves by providing frequently updated and comprehensive blocking of ads, or of offensive material based on their own grading system. Some content providers might do it for the chance to be the only company that the consumer permits to set cookies. (Identification could even be done via cookies, but this might not be popular with the kind of user who wants a proxy.) PS2s might sell specific or aggregate information about their users' browsing habits, so the agreement with users on whether they are permitted to do this would be important to both sides. If your organization establishes a Proxy Server Service you would like publicized, please notify us. 2.5 Blocking 2.5.1 If I see an ad I wish I hadn't, how do I stop it? If your ISP is running the Internet Junkbuster, they should have a policy on whether they accept suggestions from their customers on what to block. Consult their web page. If you are running the Internet Junkbuster yourself, you have complete control over what gets through. Just add a pattern to cover the offending UR. to your blockfile. Version 1.3 and later automatically rereads the blockfile when it changes, but if you're running an earlier version you'll need to kill it and restart the junkbuster. If you don't know the process number to give to kill, try this: ps ax | grep junkbuster To choose a pattern you'll first need to find the URL of the ad you want cover. Some people use the -d 1 option to display each UR. in a window as the request is sent to the server. It's then usually an easy task to pick the offending URL from the list of recent candidates. Alternatively, you can use View Document Info (or View Document Source if your browser doesn't have that). The Info feature has the advantage of showing you the full URL including the host name, which may not be specified in the source: there you might see something like SRC="/ads/click_here_or_die.gif" indicating only the path. (The host name is assumed to be the same as the one the page came from.) But ads often come from a different site, in which case you might see something like SRC="grabem.n.trackem.com/Ad/Infinitum/SpaceID=1666" or longer. If the company looks like a pure ad warehouse (as in the last case), you may want to place just its domain name in the blockfile, which blocks all URLs from that site. If the ad comes from a server that you really want some content from, you can include enough of the path to avoid zapping stuff you might want. In the first example above, /ads/ would seem to be enough. If you don't include the domain name, the pattern applies to all sites, so you don't want such patterns to be too general: for example /ad would block /admin/salaries/ on your company's internal site. To speed the blocking of images, some UNIX users create a shell script called Image: containing a line such as echo $ 1 | sed s /http: ...// >> $HOME/lib/blockfile that adds its argument to the user's blockfile. Once an offending image has been be found using View Document Info it's easy to cut-and-paste the line (or part of it) into a shell window. The same script can be linked to a file called Frame: to dealing with framed documents, and junkbuster: to accept the output of the -d option. When compiled using the default options, the Internet Junkbuster uses only very simple (and fast) matching methods. The pattern/banners will not stop/images/ banners/huge.gif getting through: you would have to include the pattern /images/banners or something that matches in full from the left. To allow you to get what you want here, Version 1.1 and later gives you the option at compile time to include Posix regular expressions, so you can use / * . * / banners to block and any URL containing /banners (even in the middle of the path). Regular expressions give you many more features than this, but if you're not already familiar with them you probably won't need to know anything beyond the / * . * / idiom. If you do, a man grep is probably a good starting point). Don't forget the / (slash) at the beginning of the path. If you leave it out the line will be interpreted as a domain name, so ad would block all sites from Andorra (since . ad is the two-letter country code for that principality). For a detailed technical description of how pattern matching is done, see the manual. 2.5.2 How come this ad is still getting through anyway? If the ad had been displayed before you included its URL in the blockfile, it will probably be held in cache for some time, so it will be displayed without the need for any request to the server. Using the -d 1 option to show each URL as it is fetched is a good way to see exactly what is happening. If new items, seem to be getting through, check that you are really running the proxy with the right blockfile in the options. Check the block-file for exceptions. Some sites may have different ways of inserting ads, such as via Java. If you have ideas on how to block new kinds of junk not currently covered, please tell us. 2.5.3 How do I stop it blocking a URL that I actually want? You can change the patterns so they don't cover it, or use a simple feature in Version 1.1 and later: a line beginning with a character means that a URL blocked by previous patterns that matches the rest of the line is let through. For example, the pattern /ad would block /addasite.html but not if followed by /addasite in the blockfile. Or suppose you want to see everything that comes from a site you like, even if it looks like an ad: simply put aSiteYouLike.com at the end of the blockfile. (Order is important, because the last matching line wins.) 2.5.4 Can I block sites I don't want my children to see? Yes, but remember that children who are technically sophisticated enough to use the browsers' proxy configuration options could of course bypass any proxy. There are an awful lot of sites that parents may consider unsuitable. Several parental organizations already maintain "black lists," and some may supply them in a suitable format for the Internet Junkbuster, possibly posting them to Usenet. There's also a specialized search engine of material for children. A more reliable but restrictive method is to block everything except material known to be acceptable. If you compile with the regex option, you can place a * (asterisk) as the first line of the blockfile (which blocks everything), and then list exceptions after that. Be careful to make the exception sufficiently broad: for example, using www.uexpress.com/ups/comics/ch/ as the exception for Calvin and Hobbes would block some of the graphic elements on the page: you would probably want a wider exception such as www.uexpress.com/ups/ to permit them. Many filtering products actually scan for keywords in the text of pages they retrieve before presenting it, but the Internet Junkbuster does not do this. Building a perfectly reliable system is hard, because it's very difficult to state in advance exactly what is obscene or unsuitable. 2.5.5 Why not replace blocked banners with something else? Making any change to a document could risk claims of copyright infringement. We think that merely failing to allow an included graphic to be accessed would probably not be considered an infringement: after all this is what happens when a browser is configured not to automatically load images. However, we are not lawyers, so anyone in doubt should take appropriate advice. In a context where the copyright issue is resolved satisfactorily, a proxy could simply return a status 301 or 302 and specify a replacement URL in a Location and/or URI header. An alternative would be to use inline code to return a 1 x 1 transparent GIF. 2.5.6 Why not block banners based on the dimensions of the image? Many users have pointed out that most banner ads come in standard sizes, so why not block all GIFS of those sizes? Well, this would require getting the object in order to examine its dimensions before deciding whether to display it, which we don't like to do. A less immediate approach would be to write software that scans the browser's cache of objects periodically, adding offensive URLS to the blockfile automatically so they will never be fetched again. Technology might advance to the point where this could be done based on the content of the images, not just their size. If anyone implements this we would be interested to hear about it. 2.5.7 What about non-graphic advertising within the pages I want? The Internet Junkbuster deliberately does not provide a way of automatically editing the contents of a page, to remove textual advertising or to repair the holes left by blocked banners. Other packages such as WebFilter do. 2.5.8 Does it block ads on the new broadcasting push " systems? We don't know, because none of us has any of these gadgets yet. If you find you can to use the proxy with them, or have any other advice about it, please tell us. 2.6 Cookies 2.6.1 Might some cookies still get through? How can I stop them? Yes, you should expect the occasional cookie to make it through to your browser. We know of at least three ways this can happen please tell us if you find any others. One way is in secure documents, which are explained below. Cookies can be set using a line such as <META HTTP-EQUIV="Set-Cookie" CONTENT="flavor=chocolate"> in the HEAD section of an HTML document. Cookies can also be set and read in JavaScript. To see if this is happening in a document, view its source, look in the head for a section tagged script language= " JavaScript ". If it contains a reference to document.cookie, the page can manipulate your cookie file without sending any cookie headers. The Internet Junkbuster does not tamper with these methods. Fortunately they are rarely used at the moment. To prevent cookies breaking through, always keep cookie alerts turned on in your browser. Making the files hard to write may also help. 2.6.2 Exactly how do cookies get created and stored anyway? When a web site's server sends you a page it also sends certain "header information" which your browser records but does not display. One of these is a Set-Cookie header, which specifies the cookie information that the server wants your browser to record. Similarly, when your browser requests a page it also sends headers, specifying information such as the graphics formats it understands. If a cookie has previously been set by a site that matches the URL it is about to request, your browser adds a Cookie header quoting the previous information. For more background information on how cookies can damage your privacy, see our page on cookies. For highly detailed technical information see the RFC. The Internet Junkbuster will show you all headers you use the -d 8 option. 2.6.3 If cookies can't get through, will some things stop Working for me? Possibly. Some personalized services including certain chat rooms require cookies. Newspapers that require registration or subscription will not automatically recognize you if you don't send them the cookie they assigned you. And there are a very small number of sites that do strange things with cookies; they don't work for anyone that blocks cookies by any means. If vou want such sites to be given your cookies, you can use the -c option provided you are running Version 1.2 or later yourself. Simply include the domain name of those sites in the cookiefile specified by this option. It's possible to let cookies out but not in, which is enough to keep some sites happy, but not all of them: one newspaper site seems to go into a endless frenzy if deprived of fresh cookies. A cookiefile containing a single line consisting of the two characters >* (greater-than and star) permits server bound cookies only. The * is a wildcard that matches all domains. If someone else is running the Internet Junkbuster for you and has a version that passes server-bound cookies through, you can try editing your browser's cookie file to contain just the ones you want, and restart your browser. To subscribe to a new service like this after you have started using the Internet Junkbuster, you can try the following: tell your browser to stop using the Internet Junkbuster, fill out and submit your subscription details (allowing that web site to set a cookie). then reconfigure your browser to use the Internet Junkbuster again (and sop more cookies being sent). This also requires the -c option, and its success depends on the Web site not wanting to change your cookies at every session. For this reason it does not work at some major newspaper sites, for example. But you may prefer to look at whether other sites provide the same or better services without demanding the opportunity to track your behavior. The web is a buyer's market where most prices are zero: very few people pay for content with money, so why should you pay with your privacy? 2.6.4 Can 1 control cookies on a per-site basis? Yes, since version 1.2 the Internet Junkbuster has included advanced cookie management facilities. Unless you specify otherwise, cookies are discarded ("crumbled") by the Internet Junkbuster whether the y came from the server or the browser. In Version 1.2 and later you can use the -c option followed by a cookiefile to specify when cookies are to be passed through intact. It uses the same syntax and matching algorithm as the blockfile.
allows cookies to and from org domains only, with the following exceptions:
If the junkbuster was compiled with the regular expressions option they may be used in paths. Any logging to a "cookie jar" is separate and not affected. It's important to give hosts you want to be able to set cookies sufficient breadth. For example, instead of www.wsj.com use wsj.com because the company uses many different hosts ending in that domain. 2.6.5 Can I make up my own fake cookies (wafers) to feed to sellers? Yes, using the -w option. We coined the term wafer to describe cookies chosen by a user, not the Web server. Servers may not find wafers as tasty as the cookies they make themselves. But users may enjoy controlling servers' diets for various reasons, such as the following.
Junkbusters provides a CGI script that lets you see your wafers as they appear to servers. Wafers confuse a few fragile servers. If this troubles you, don't use this option. Any wafers specified are sent to all sites regardless of the cookiefile. They are appended after genuine cookies, to maintain compliance with RFC 2109 in the event that a path was specified for a cookie. The RFC'S provisions regarding the $ character (such as the Version attribute) are transparent to the proxy; it simply quotes what was recited by the browser. If you want to send wafers only to specific sites, you could try putting them your browser's cookie file in a format conforming to the Netscape specification, and then specify in the proxy's cookiefile that cookies are to be sent to but not accepted from those sites, so they can't overwrite the file. This may work with Netscape but not all other browsers. 2.6.6 Why would anyone want to safe their cookies in a "cookie jar?" We provided this capability just in case anyone wants it. There are a few possible reasons.
|