Re: [How much do users hate cookies?]

Jordan Hiller <hiller(at)email.com> wrote:

> But I'm reconsidering, because of all the bad rap cookies have among
> security/privacy-conscious users.

A way that I've found to help remove the concern is to have a cookie info=

page.  Explain what a cookie is, why you use them, what kind of info you =
will
keep, and how long you will set the cookie for.  This should be included =
in
you privacy page (every site needs one of these).  The biggest reason why=

people don't like cookies is simple ignorance.  As an example, try to get=
 your
target audience to explain what a cookie is (I'd include this as well in =
your
privacy page).  For more info, go here -
http://developer.netscape.com/docs/manuals/js/client/jsguide/advtopic.htm=
#1017773
=2E  This is Netscape's page for cookies; use, limitations, and definitio=
n.

> Will many people:
> 1) :) :) Have cookies accepted automatically, so it'll be transparent t=
o
> them

IIRC, something like 50% of all cookies are accepted.  No, I don't have p=
roof
for that.  ;-)

> 2) :) Just click [ok] and not really mind it

Depends.  If you make the cookie value obvious (name=3DJimBob;
Value=3DThese_are_JimBob's_preferences::PreferenceA=3Dfoo_PreferenceB=3DB=
ar; etc),
people will be more likely to accept, IMHO.  Making an obfuscated cookie =
value
may be a bad idea...

> 3) :( :( Be annoyed (or scared of security risks) and leave the site,
> therefore I lose a customer

There will always be a percentage of people who are like this.  The great=

thing about the Net is the Anonymity factor.  Some people take this a bit=
 far
(again, IMHO).

> 4) :| Not accept the cookie, but keep browsing the site (I don't really=

> mind if they do this because it is a very non-critical cookie)

Some.  These people will probably accept a cookie when they purchase
[whatever] if they have to.

> Of course it depends on the target audience--in this case it's mostly
> semi-computer-literate teachers, university profs, and other educators,=

> and a few web designers I believe. A typical browser setup is NN or IE
> 4x, Win98, 800x600 res, with JavaScript and Java enabled more than 95%
> of the time. But of course I'm not sure about cookie stats.

If javascript is enabled, cookies are enabled.  I'd break down the cookie=

accept rate something like this: 50% accept all the time, without checkin=
g.
40% look at every cookie and make decisions then.  10% do not ever accept=

cookies, give their name, talk to strangers, etc.  YMMV.  This is just my=
 own
personal experience.

> What do you think people will do? Will a cookie every few pages give a
> negative image?

Probably not.  Most big sites use cookies.  Since HTTP is a stateless
protocol, you have to do *something* to be able to keep track of whose wh=
o.

> IMHO, I have cookies accepted automatically just because I'm too lazy t=
o
> click [ok] all the time. But when I was seeing cookies, the only times
> it really annoyed me when there was more than one or two cookies, every=

> single page. =


Since the max size of a cookie file is 4k, and since 4k translates to
(roughly) 4000 characters (including spaces), you should be able cram mos=
t of
your info into that with few problems.  =


In conclusion, I say that until we have better methods of making HTTP a
non-stateless protocol, use cookies.  Use them sparingly, use them where
needed only, make them small.  Don't require them unless there is no
alternative.  OTOH, cookies *are* pretty darn cool.  I use them.  I will
continue to do so.  The way I see it, if people will not accept cookies, =
then
they probably won't give out their name or credit card number over the Ne=
t
either.


--Jedi Hacker(apprentice) and Code Poet

____________________________________________________________________
Get your own FREE, personal Netscape WebMail account today at http://webm=
ail.netscape.com.

HWG hwg-theory mailing list archives, maintained by Webmasters @ IWA