Don't really want Yahoo tracking links that I provide in forums with unique keys attached to them when I'm logged into My Yahoo home page. If you don't want to be tracked in that way, chop off the end of the article URL before posting. Hope I don't see more of this crap. The extra part at the end only appears after making the jump to the actual article. That's a nice way to link two identities. Link that article in a hacker forum and it provides a new way for someone to track down identities.
Edit: I just noticed this on a linked image as well:
Not to defend them, but typically the cookie/session id's are put in the URL to track who you are from page to page on their site... not to track your identity elsewhere or how many people you've sent the link to. They certainly could do such a thing, though. It's not just Yahoo, you will see this on many many sites.
I've had a Yahoo Home page since the 90's and this is the first time those unique extensions have been used on regular news articles and jpegs.
I don't know why they'd need to stick that extender ID on an embedded jpeg with no link attached to it except to track you if you hotlinked the jpeg it elsewhere. Same for the articles. This forum doesn't need them to keep track of you during a logged in session, nor does any other site I've been on.
They don't have to, but some sites do it to avoid using cookies. I've had some funny arguments regarding cookies/sessions and their implementations. You're right though and I admitted as such, they could use it to do some fancy tracking and cross site identification.
Fash wrote:They don't have to, but some sites do it to avoid using cookies. I've had some funny arguments regarding cookies/sessions and their implementations. You're right though and I admitted as such, they could use it to do some fancy tracking and cross site identification.
Well I just checked and have nine yahoo cookies so that must not be the reason.
I don't know which I like less... I really detest cookies tbh, I have firefox set to ask me every time a site wants to set a cookie to avoid any fuckery, and I very frequently find myself bitching out loud about how unnecessary it is for a site to need to set (and modify) 10 fucking cookies for me to use it... Then the sites that tell you flat out that you can't use them without cookies (I generally deny 90% of them) absolutely infuriate me..
I like cookies, but you shouldn't need more than 1 per site. You shouldn't store data in cookies, only an identifier to tie into data on the server side. Pretty much anything I develop that is interactive sets 1 cookie.
Anything that will ensure data persists across page loads has to leave evidence on the browsing computer. My favorite argument was with 2 now ex-coworkers who thought sessions were better than cookies because the client had no knowledge of its session id... little did they know, every implementation of sessions uses a cookie to store the session id. During the course of this argument in which they were dead wrong, I stuck to the topic, and they insulted me personally. Fun!
By default, I allow all first-party cookies... I don't pay any attention to them.
