[Foundation-l] Cookie based blocking and bug #3233. A quick hack implimented on commons.

Tim Starling tstarling at wikimedia.org
Tue Dec 12 17:10:56 UTC 2006

Jeffrey V. Merkey wrote:
> A better solution is to embed the MAC address of the workstation into 
> the cookie itself, so you can track someone no matter what account
> or IP they use.

It should be obvious that you can't obtain the MAC address using any
documented Java or JavaScript interface, that would be a privacy issue. I
once suggested a browser plugin, "click yes at the security dialog box to
allow editing from AOL", but for some reason the response from those
present was not positive... You might expect some anti-spyware advocates
to get annoyed, since in essence that's what it would be. Then there's the
issue of trusting data from the client: if you want to add anti-debugger
and anti-disassembly measures then it becomes a significant development
task, and no such measure is perfect anyway.

-- Tim Starling

More information about the foundation-l mailing list