Re: [How much do users hate cookies?]
by Zach Kenyon <zantispam(at)netscape.net>
|
Date: |
16 Oct 99 19:31:31 CDT |
To: |
Jordan Hiller <hiller(at)email.com>, hwg-theory(at)hwg.org |
|
todo: View
Thread,
Original
|
|
Jordan Hiller <hiller(at)email.com> wrote:
> But I'm reconsidering, because of all the bad rap cookies have among
> security/privacy-conscious users.
A way that I've found to help remove the concern is to have a cookie info=
page. Explain what a cookie is, why you use them, what kind of info you =
will
keep, and how long you will set the cookie for. This should be included =
in
you privacy page (every site needs one of these). The biggest reason why=
people don't like cookies is simple ignorance. As an example, try to get=
your
target audience to explain what a cookie is (I'd include this as well in =
your
privacy page). For more info, go here -
http://developer.netscape.com/docs/manuals/js/client/jsguide/advtopic.htm=
#1017773
=2E This is Netscape's page for cookies; use, limitations, and definitio=
n.
> Will many people:
> 1) :) :) Have cookies accepted automatically, so it'll be transparent t=
o
> them
IIRC, something like 50% of all cookies are accepted. No, I don't have p=
roof
for that. ;-)
> 2) :) Just click [ok] and not really mind it
Depends. If you make the cookie value obvious (name=3DJimBob;
Value=3DThese_are_JimBob's_preferences::PreferenceA=3Dfoo_PreferenceB=3DB=
ar; etc),
people will be more likely to accept, IMHO. Making an obfuscated cookie =
value
may be a bad idea...
> 3) :( :( Be annoyed (or scared of security risks) and leave the site,
> therefore I lose a customer
There will always be a percentage of people who are like this. The great=
thing about the Net is the Anonymity factor. Some people take this a bit=
far
(again, IMHO).
> 4) :| Not accept the cookie, but keep browsing the site (I don't really=
> mind if they do this because it is a very non-critical cookie)
Some. These people will probably accept a cookie when they purchase
[whatever] if they have to.
> Of course it depends on the target audience--in this case it's mostly
> semi-computer-literate teachers, university profs, and other educators,=
> and a few web designers I believe. A typical browser setup is NN or IE
> 4x, Win98, 800x600 res, with JavaScript and Java enabled more than 95%
> of the time. But of course I'm not sure about cookie stats.
If javascript is enabled, cookies are enabled. I'd break down the cookie=
accept rate something like this: 50% accept all the time, without checkin=
g.
40% look at every cookie and make decisions then. 10% do not ever accept=
cookies, give their name, talk to strangers, etc. YMMV. This is just my=
own
personal experience.
> What do you think people will do? Will a cookie every few pages give a
> negative image?
Probably not. Most big sites use cookies. Since HTTP is a stateless
protocol, you have to do *something* to be able to keep track of whose wh=
o.
> IMHO, I have cookies accepted automatically just because I'm too lazy t=
o
> click [ok] all the time. But when I was seeing cookies, the only times
> it really annoyed me when there was more than one or two cookies, every=
> single page. =
Since the max size of a cookie file is 4k, and since 4k translates to
(roughly) 4000 characters (including spaces), you should be able cram mos=
t of
your info into that with few problems. =
In conclusion, I say that until we have better methods of making HTTP a
non-stateless protocol, use cookies. Use them sparingly, use them where
needed only, make them small. Don't require them unless there is no
alternative. OTOH, cookies *are* pretty darn cool. I use them. I will
continue to do so. The way I see it, if people will not accept cookies, =
then
they probably won't give out their name or credit card number over the Ne=
t
either.
--Jedi Hacker(apprentice) and Code Poet
____________________________________________________________________
Get your own FREE, personal Netscape WebMail account today at http://webm=
ail.netscape.com.
HWG hwg-theory mailing list archives,
maintained by Webmasters @ IWA