[Cryptography] Follow up on my password replacement idea

Jonathan Thornburg jthorn at astro.indiana.edu
Wed Sep 23 16:36:13 EDT 2015

On Wed, Sep 23, 2015 at 01:04:05PM -0700, Ray Dillinger wrote:
> On 09/23/2015 06:29 AM, Bill Cox wrote:
> > Actually, I meant privacy issues similar to what we see today with
> > third-party cookies that enable advertisers to track your web browsing
> > behavior.  The initial "killer app" for the Mesh seems to be a password
> > manager, which should do a reasonable job of privacy protection, but as you
> > said above, eventually the goal would be stronger authentication using
> > PKI.  
> I don't see how a password manager would help with the problem of
> third-party cookies that enable advertisers to track web browsing
> behavior.  I mean, seriously - I hate to be picking on Google so
> much, but they're the best example. Go to almost any site and you'll
> get cookies from fonts.googleapis.com, from googletagmanager.com,
> from googlesyndication.com, etc....

Doesn't rejecting 3rd-party cookies (or more accurately, not sending
them back to anyone) solve that problem?  I had always thought that any
system or configuration with "privacy > 0" in the list-of-design-goals
would do that.  It seems more effective than the do-not-track header
(that I gather is widely ignored by people in the tracking (ad) business).

> How does it matter that you have a different password for each of
> those sites?  The servers in Redwood City know exactly where each
> of those cookies gets set and retrieved.  To stop that you'd have
> to ban cross domain  requests entirely, and the entire web
> infrastructure would then grind to a halt amid much screaming
> and gnashing of teeth.

-- "Jonathan Thornburg [remove -animal to reply]" <jthorn at astro.indiana-zebra.edu>
   Dept of Astronomy & IUCSS, Indiana University, Bloomington, Indiana, USA
   "There was of course no way of knowing whether you were being watched
    at any given moment.  How often, or on what system, the Thought Police
    plugged in on any individual wire was guesswork.  It was even conceivable
    that they watched everybody all the time."  -- George Orwell, "1984"

More information about the cryptography mailing list