Hello Frankie, Sunday, June 8, 2003, 11:54:45 PM, you wrote:
F> I made a point of not using cookies on our gateway.. For the simple F> reason that you can't guarantee that the user will accept them or F> that the client is capable of accepting them.. Agreed. I block most cookies, but know to allow them for transactions. F> personally I deny any cookie that isn't set to expire within a day F> of being set. Good practice, from my view. Most cookies are not like that, however, the worst being from the trackers. Theirs usually are set to hang around for 20-30 years. :-) F> You are correct about often the same techniques being used for F> spying, its sad that that is the case, but that doesn't mean that F> ecommerce should stop using them. I understand your point of view. There is a problem on both sides. M$ is not in an advertising blitz to convince the masses that they are a nice company. They are addressing the issue of trust by mass advertising. F> Wait till paladium hits us.. then it will all be digitally signed F> and available to M$ and all its advertisers (agreed to via EULA) F> and the web will suck worse. Don't get me started on Palladium. A huge disaster in the making, IMHO, at least for users. Important as a key part of the M$ takeover, though. F> How do we validate that it was YOU that submitted that info if you F> show up as blank in all validation??? I agree that this a complicated issue, especially for a gateway. Do you like the personal certificate idea, assuming it can be turned on (for transactions) and off (for privacy while surfing) by the user? F> To make sure all the communication between the users browser, the F> cart, and the payment gatway is all legit is a difficult task. Agreed. F> so our gateway does a number of IP tests to ensure that should you F> be a nasty character, we at least have a starting point to come F> after you. Here's where we have the trouble. The same techniques that you would like, and need, are EXACTLY the tools that permit horrendous invasion of privacy. I'm not sure I see a good way around that except for strong legislation, and that is extremely unlikely. Why? Well, the government LOVES to spy and and would LOVE to control its population - they're not going to be for restricting snooping. Business Loves to spy also, and says it 'needs' it (yeah, right) - they're not going to be for restricting it either. When these two get together, watch out, we're in trouble. F> The web can be a nasty place for online stores.. don't punish the F> good guys (the ones that don't spam you silly or track you for F> advertising purposes). It might be nice to have a site that rates other sites from the privacy point of view, but I'm afraid the lawyers would attack it in less than 50 milliseconds. :-) F> (our security was not limited to the above, we also created hashkeys of all F> form data to be validated at both ends to ensure its not changed and a F> number of other tests as well.. but nothing is perfect, we just have to do F> the best we can.) It is nice to hear your side of this. Any ideas for a win - win solution, good for both sides? -- Thank you, rikona mailto:[EMAIL PROTECTED]
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com