Re: Zone Alarm 3.0 Some Bad News for web sites !
From: Term (news@codebest.com)Date: 03/24/02
- Next message: Berk S. Daemon: "Re: Linux Redhat 7.2: Does any1 achieved DCC Send through masquerading ?"
- Previous message: who me?: "Re: need information on firewall testing"
- In reply to: Fox: "Zone Alarm 3.0 Some Bad News for web sites !"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Term" <news@codebest.com> Date: Sat, 23 Mar 2002 22:48:38 -0700
Your not the only one worried about ZA 3.0's default settings. My partner
and I who create 100% legitimate websites with no spyware or cookie dropping
gif's anywhere to be found are affected by this.
HTTP Referer Headers have been used for a long time now for some basic
concepts even within a website. One of these would be simple things like
being able to return to a page you were just on from say a shopping cart.
JavaScript commands work for this, however they are not 100% all the time
on all browsers.
The bottom line is this. Some of the features of some of the websites I've
designed in the past will not work correctly with ZA 3.0's default settings.
Now some people would ask. Well why did you design it that way? The answer
is simple, like most people I do things that appear to be the shortest path
of resistance and also appear to work on almost everything. Up until ZA 3.0
I was right. Now I'm more then able to design a site that doesn't use the
Referring Header at all, however this just adds overhead to my design work.
I may not have a choice.
What I am forced to do at this time is write some code that will display an
alert to those who are blocking HTTP REFERER headers. The alert will simply
tell them that some functions of the website may not perform as expected
while blocking such headers.
For those misguided fools that think this Header blocking feature keeps your
IP from being revealed..think again. When you connect to a website using
TCP/IP you have a socket to socket connection to the server. The server
knows what IP your using, regardless is you have HTTP headers blocked or
not.
Cookies..they are another story. I rarely use them, and I never count on
them for websites. As far as I'm concerned all 3rd party cookies should
always be blocked by default. They suck.
Term
"Fox" <fox@connexions.net> wrote in message
news:7vak8.20$UC5.689@paloalto-snr1.gtei.net...
> I believe we all have a problem !
> Zone Alarm 3.0 shuts down browser header field "REFERER" by default.
> For those who do not know what this is, it is the bit of code sent to the
> website you are visiting, which tells that site which site you were on
when
> you clicked to go to their site. Touted as a privacy issue, it really is
not
> at all a privacy issue. It does not tell anyone who you are. But it does
> supply important info which makes the web world work as it does.
> This information is used in various ways, the two most common ways
> follow. First, this info can tell a website which is dependant on it, just
> which page or set of navigation menus to display for you. It can
> also tell a framed site whether to deliver the entire framed environment
> if you are coming from another site, or to just give you a single page
> within the frames if you are coming from already being on the site.
> This is one of the ways my client's sites uses this field. The second
> and most important need for this field, is that this tells a web site
> manager where the traffic comes from. The entire infrastructure regarding
> traffic flow and development is destroyed by the loss of this field.
> Businesses as well as educational as well as personal and even
> public service sites all depend on knwoing where their traffic comes
> from som they can manage their resources (time and/or money)
> in the best way to develop or improve their traffic. This also protect
> the web site owner from paying unscrupulous characters for traffic
> they do not deliver. All in all this should default to off rather than on.
> If you agree, please help stop what may quickly become a trend
> which will hurt web sites in a number of ways. Let me reiterate
> that this is a false issue which is and will be sold as a privacy issue
> when it really has no effect on privacy. It merely tells the next
> web site which web site you found their link on. If you type a
> link in manually, this field does not exist in that session since there
> is no referring site. It does not tell the last site you were at unless
> you clicked on the next site from there.
>
> If you agree with the need to stop the blocking of this field
> please email Zone Alarm and any others who may be inclined
> to follow this example. If no one is heard from, I would expect
> that Microsoft will probably end up defaulting to ON also. Please
> don't let yet another false concept interfere with the free development
> of the WEB.
>
> NOTE ALSO THAT WORK-A-ROUNDS such as queries, will not replace this loss
> other than in same site navigation, since search engines will not index
> pages with queries.
>
> I am a privacy advocate, so if anyone stands on a soapbox against this
> without some more knowledge than I have, you will quickly be known to be
> just a crank. So if I am wrong, please bring up some facts and not just
> flames. I will surely listen. I have people's best interest at heart here.
>
> If you have the upgrade installed and you go to a web site which starts
> showing frames within frames, and you want it to stop doing that, set your
> MSIE program privacy to OFF.
>
> Regards to all,
> Fox
>
>
- Next message: Berk S. Daemon: "Re: Linux Redhat 7.2: Does any1 achieved DCC Send through masquerading ?"
- Previous message: who me?: "Re: need information on firewall testing"
- In reply to: Fox: "Zone Alarm 3.0 Some Bad News for web sites !"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
