lynx-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV HotWired uses old lynxen as example of privacy violations

From: Hiram Lester, Jr.
Subject: Re: LYNX-DEV HotWired uses old lynxen as example of privacy violations
Date: Tue, 25 Feb 1997 23:09:14 -0600 (CST) 
On Tue, 25 Feb 1997, Larry W. Virden, x2487 wrote:

> See <URL:http://www.wired.com/news/technology/story/2196.html> where
> a new RFC designed to allow users browsing the web more control over cookies
> is described.  As I mention in the Subject, Lynx is the only browser mentioned
> as having bugs which allow sites to capture a user's email
> address.

Well, it's not really a bug, and it still happens in the current versions
of Lynx.  Check the lynx.cfg file:

# If NO_FROM_HEADER is TRUE, From headers never will be sent in transmissions
# to servers.  Lynx normally sends the personal_mail_address as a From header,
# if that address has been defined via the 'o'ptions menu.  If left FALSE
# here, it can be set TRUE at run time via the -nofrom switch.
#
#NO_FROM_HEADER:FALSE

There are other things in that section that deal with privacy
(NO_FILE_REFERRER, etc.)

This summer I stood up at a panel discussion at an internet conference and
gave a description of how cookies worked and that the only way for them to
get personal info from your end was by submitting forms and such. (people
had a total misconception and thought that cookies could pass info about
passwords, files on their system, etc.)  I was probably the only person
there who had read both the Netscape specs and the ietf draft concerning
cookies and knew exactly how they worked, and what they could and couldn't
do.  Imagine my embarassment when about a week later, Fote put up a test
URL for something else form-related, and when I tried it, it sent back my
e-mail address!  Oh well...  As I said previously, I'm not that paranoid. 
I use procmail and repeating junkmail is routed to /dev/null
automatically. :)  I've found that most spam seems to come from usenet,
and I never use it anymore...

   +------------------------------------+-------------------------------+
   | Hiram W. Lester, Jr.               | E-Mail: address@hidden    |
   | Computer Science                   | Home page:                    |
   | Middle Tennessee State University  |   http://pobox.com/~hwlester/ |
   +------------------------------------+-------------------------------+

;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;
reply via email to
[Prev in Thread] Current Thread [Next in Thread]