Hello Frankie, Sunday, June 8, 2003, 9:52:39 PM, you wrote:
F> Hi Rikona, F> I worked for a payment gateway.. and was costantly having to adjust our apps F> to handle blocking firewalls and stuff that end users have.... (and we did F> NO tracking of our clients customers at all other then what was necessary F> for security) F> The problem is that we need to ensure that the user that started a F> transaction is the same user that paid for it, and ended it and the F> one that got the receipt. Aha - I understand a bit better what you are trying to say. I do agree with what you are trying to do, and see the need for it. As I said, I have fewer problems with actual purchases. A number of the payment gateways have a different business model and don't need to snoop as much. F> By trying different stores with all your "privacy" info blank, and finding F> one that worked, you are most likely picking the one that will end up F> getting your card details posted on the net somewhere. (meaning the one with F> the least security in place) I was talking about a different issue. It is true that my stored 'privacy info' is either blank or wrong, but the info I submit is correct. I also selectively accept SESSION cookies to store this info for the transaction. I DON'T accept it if this personal info is coded to stay in my computer until 2025. :-) Wouldn't an encrypted SESSION cookie take care of your concerns, assuming you could get enough user trust to accept it? F> but for any sort of shopping, you are hurting youself more then F> anyone else by blocking any means to make sure you are who you say F> you are. Agreed. The problem is that many sites use these same techniques to do rather obnoxious things, such as send your actual personal info to advertisers via a script. The key problem: As a user, it is hard to know who to trust, isn't it? Works both ways, doesn't it? Surfer, beware. Any ideas for fixing this? Side note - M$ is heavily advertising, and the message is 'we're a nice company'. They realize M$ is not trusted, and they may have a PR campaign to get people to trust them. This is key if they are to take over the net, as they apparently would like to do, or snoop quite heavily into people's lives. F> Thats a very basic example, but you can see how being able to get F> your IP, referer and whatnot can make it much much harder for F> someone else to pretend to be you. Its still possibly to spoof all F> that, but it is much more complicated. Agreed. We were addressing somewhat different issues, with the overlap that comes with really intrusive sites doing what you are doing, but for different ends. For example, better security techniques to solve your problem are coming. However, they might also be used to install things that the user may not be able to change or remove, or to get access to even more of MY computer for whatever the site wants to do, and even force us to read ads. The M$ EULA for XP already has you agree that M$ can do this, and more. It has great potential for misuse, and since there is a great deal of money to be made by misusing it, guess what will happen. :-((( -- Thank you, rikona mailto:[EMAIL PROTECTED]
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com