Jeff Hoffman, Time Lever Resources
11/3/98
__________________________________________________________
What is it?
ScapeGoat is an application that allows you to easily
delete the MagicCookie and/or Global History (Netscape
History) files created by NetScape in the Preferences
Folder on your startup disk. Why would you want to
do this? Read on... (if you just want to know how to
use ScapeGoat, jump on down to ScapeGoat to the Rescue!)
__________________________________________________________
Background
Cookies are a general mechanism which server side connections (such as CGI scripts) can use to both store and retrieve information on the client side of the connection. The addition of a simple, persistent, client-side state significantly extends the capabilities of Web-based client/server applications.
A server, when returning an HTTP object to a client, may also send a piece of state information which the client will store. Included in that state object is a description of the range of URLs for which that state is valid. Any future HTTP requests made by the client which fall in that range will include a transmittal of the current value of the state object from the client back to the server. The state object is called a cookie, for no compelling reason.
This simple mechanism provides a powerful tool which enables new types of applications to be written for web-based environments. Shopping applications can store information about the currently selected items, for-fee services can send back registration information and free the client from retyping a user-id on next connection, sites can store user preferences on the client, and have the client supply those preferences every time that a connection is made to the site.
The Global History file (renamed Netscape History with
Netscape Communicator 4.5) keeps track of URLs you've
surfed, web pages/files you've downloaded, every image
you've seen, IDs/passwords you've sent, searches you've
done, etc. (Ever wonder how NetScape knows what links
to display as red vs. blue? This is how it knows).
This file constantly grows as you use NetScape (mine
is currently at 1.3 MB).
__________________________________________________________
Why Would I Want Cookies?
Cookies can be used for a number of good things. Here's are some examples:
Online ordering systems. Cookies can be used to track information from one web page to another. This becomes useful in such applications as shopping cart catalogs, where a customer might choose items on one web page and then advance to another page in the catalog to buy additional items. The cookie can keep track of the items as the customer shops, then tally up the order at the end of the shopping spree. Since information is usually lost as one web page is replaced by another, the cookie is a powerful tool for tying together an application which must use multiple pages. The NetScape General Store uses cookies in this way.
Site personalization. Let's say a person comes to your site but doesn't want to see any banner advertisements. You could allow them to select this as an option, and from then on (until the cookie expires) they wouldn't see them.
Web site tracking. Many people think it is an invasion
of privacy if a web site wants to track what interests
them. Site tracking can show you "Dead End Paths",
places in your web site that people go to and then
wander off because they don't have any more interesting
links to hit. It can also give you more accurate counts
of how many people have been to which pages on your
site. A tough problem with tracking "people hits"
as opposed to "hits" is that many internet
service providers have 100 or so IP addresses that
they share among thousands of users. So if a certain
IP address hits your site 50 times, you can't tell
if it is one person hitting the reload button or 50
people seeing your site for the first time.
__________________________________________________________
Security Concerns...
The MagicCookie file on a Macintosh (inside NetScape f in the Preferences Folder inside the System Folder) contains information that the web site wants to write to your hard drive. Information about how to write and retrieve cookies is available at the NetScape site, but you have to go looking for it to find it. It's not something an end-user would normally know about.
Only version 3.0 and later of NetScape gives you the option of preventing anyone from writing to this file. If you don't want servers to set cookies, you must select the "Show An Alert Before Accepting a Cookie" option in the Protocols section of the Network prefs. This gives you the option of accepting or rejecting items written to this file on your hard drive.
If you have a special account or password or access that is stored in a cookie, it may be possible for someone else to copy your MagicCookie file and use that information to their advantage and your detriment.
There are at present no legal protections to prevent anyone from using cookies to write information to your hard drive or to compile information about you without your permission. There is no law governing the sale of personal information given in confidence to a web site.
I don't know if it's possible for a web site using JavaScript
or any other means, to read your Global History file.
I do know that with a utility like DiskTop or File
Buddy, you can change the file type to TEXT and open
it with any text editing application. If you've got
a snoopy boss or curious friend/spouse/co-worker, it's
easy for them to find out what you've been up to on
the WWW.
__________________________________________________________
ScapeGoat to the Rescue!
You set the ScapeGoat prefs by holding down the Command key when ScapeGoat is launched. You should do this the first time you run ScapeGoat, unless the default settings are acceptable to you. The first time you run ScapeGoat, it will create a default Prefs file. The default settings are:
* Delete Magic Cookie file
* Do NOT Delete Global History File
* Beep upon completion
Holding down the Command key during ScapeGoat launch brings up the following dialog:
Simply check the options you want ScapeGoat to do and click OK. The Prefs will be saved and ScapeGoat will do whatever actions are selected. The next time you run ScapeGoat, your newly selected prefs will be in effect. Clicking Cancel closes ScapeGoat without changing the settings or doing any deletes (it will beep if the Beep When Done switch is on).
Simply double-clicking on the ScapeGoat icon causes
ScapeGoat to do its magic without any further interaction
on your part. ScapeGoat can be used to automatically
delete your MagicCookie and/or Global History files
by putting it, or an alias to it, into the Startup
Items Folder inside your System Folder. Whenever your
Mac is restarted, ScapeGoat will do its thing, according
to the prefs you set.
__________________________________________________________
Copyright, Disclaimer and Usual Administrivia
ScapeGoat is Copyright 1996-98 Time Lever Resources. ScapeGoat is freeware and may be freely distributed on on-line systems, BBSs and Mac User Group disks and CDs. If you are an individual, I'd appreciate email or a postcard, letting me know what you think about ScapeGoat and/or cookies. If you put ScapeGoat on a MUG disk or CD, I'd appreciate receiving a free copy of the disk/CD at the address shown below.
My lawyer makes me say this:
To the maximum extent permitted by applicable law, Time Lever Resources EXPRESSLY DISCLAIMS ANY WARRANTY FOR ScapeGoat. ScapeGoat and accompanying written materials are provided "AS IS", without warranty of any kind, EITHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE. The entire risk arising out of the use or performance of ScapeGoat and any accompanying written materials remains with you.
NO LIABILITY FOR CONSEQUENTIAL DAMAGES: To the maximum
extent permitted by applicable law: IN NO EVENT SHALL
TIME LEVER RESOURCES BE LIABLE FOR ANY DAMAGES WHATSOEVER
(INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF
BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS
INFORMATION, OR ANY OTHER PECUNIARY LOSS) ARISING OUT
OF THE USE OF OR INABILITY TO USE SCAPEGOAT, EVEN IF
TIME LEVER RESOURCES HAS BEEN ADVISED OF THE POSSIBILITY
OF SUCH DAMAGES. Because some states/jurisdictions
do not allow the exclusion or limitation of liability
for consequential or incidental damages, the above
limitation may not apply to you.
__________________________________________________________
You can reach the author at the following email address:
scapegoat@timelever.com
or send a postcard to:
Jeff Hoffman
Time Lever Resources
101 South Winnetka Ave
Dallas, TX 75208-5103
This page was created using TextToHTML. TextToHTML is a free software for Macintosh and is (c) 1995,1996 by Kris Coppieters