Chris <nimbo@xxxxxxxxxxxxxx> writes: > Yes if you browse an effected web site, your browser can download a cookie, > unknown to you that can do all kind of things, including intercepting you > key strokes sending card numbers to a person, viewing you files, and reading > your software wallet. Minor technical nit -- cookies can't do any of those things. All a cookie is is a small chunk of data given you by a web site which you store, and return every time you visit that web site. This is used mostly for session management -- it's the way the site keeps *your* shopping cart distinct from everybody elses shopping cart, for example. It can be used by the web site owner to track exactly what sequence of pages you viewed on their site, which some people consider an intrusion on their privacy. And, when advertisements are served by a third-party to multiple sites (as doubleclick.net does for example), doubleclick can then track your session across pages with advertisements on *all* those sites. Even *more* people consider this an intrusion on their privacy, and most browsers now let you turn off handling of these "third-party" cookies. Those things given above can be done by *other* means often enough; I'm just quibbling about the technical definitions (especially since cookies are basically benign and are very useful to a web developer; they were invented to solve a serious problem, and if people take against them, that leaves us trying to go back and solve that serious problem with inadequate tools). -- David Dyer-Bennet, <mailto:dd-b@xxxxxxxx>, <http://www.dd-b.net/dd-b/> RKBA: <http://noguns-nomoney.com/> <http://www.dd-b.net/carry/> Pics: <http://dd-b.lighthunters.net/> <http://www.dd-b.net/dd-b/SnapshotAlbum/> Dragaera/Steven Brust: <http://dragaera.info/>