This post is an answer to those who have criticized my unabashed advocation of cloaking as an ethical practice. I maintain that cloaking, in quite a few cases, is necessary, and far from unethical or black hat. Here is just one example of the many I will cite over the coming weeks:
Cloaking to Avoid a Spider Trap:
A long, long time ago people used to be very fearful of cookies. I'm not sure what it was. Maybe Al Gore, the inventor of the internet, or some other influential but mindless individual spoke out about their "security risks." I don't know. But people everywhere became Cookiephobic at some point, and they turned off cookie support in their browsers. It's less of an issue now, but I still know a few people who turn off cookie support.
At the end of the day, though, cookies cannot really do anything that the URL cannot. Programmers never caught Cookiephobia, and they knew this -- this affliction only struck the mentally challenged :) And while cookiephobia was spreading, many implemented the same thing by propogating the information via the URL.
Note: Incidentally, propogating parameters like this via the URL is a security risk; but that's a tangent for another day.
As a result, today, we have another problem. All this URL propogation stuff totally confuses search engines. Search engines do not accept the cookies, so the application sends them the cookie parameters via the URL instead. Typically, one of them is a unique ID. This, in turn, creates an infinite amount of URLs for the same content, and the spiders choke. In the worst case, the spider just gives up. On some very important sites, the spiders attempt to remove such parameters, but I would not count on functionality like that.
So there are two solutions. One is to ignore the users who have Cookiephobia. That works. But what if you still want to worry about Cookiephobic users? It's simple:
You cloak! You have to turn on the URL-session handling for human users only; turn it off for the spiders.
Here's an example of a site doing this.
Explain to me how that is unethical, or how you could do it without cloaking. Try me.
July 19th, 2006 at 5:10 am
Simple: Only create the session IDs in the URL when either one already exists, or when the user does something to prompt it (and make sure robots don't do this). For example, if you're making an ecommerce site, don't make the session for the shopping cart when the user enters the site; create it when they add their first item to their basket.
This might cause some problems with multiple tabs; but it can be worked around by using Javascript to force a session creation. Also, this reduces the ability of your site to track users' path through the site; but you can always create cookies unconditionally and simply write off any cookie-shunning users as untrackable (until they add their first item, and if JS is off ...)
October 18th, 2006 at 9:32 pm
Don't be hating on Al Gore. Whether you like his politics or not, he did a lot for the Internet:
"...he sponsored the 1988 National High-Performance Computer Act (which established a national computing plan and helped link universities and libraries via a shared network) and cosponsored the Information Infrastructure and Technology Act of 1992 (which opened the Internet to commercial traffic)."
http://www.snopes.com/quotes/internet.asp
A lot of us are making a lot of money thanks in part to old Al. Hell, Vint Cerf even presented him a Webby Lifetime Achievement Award:
http://www.webbyawards.com/webbys/specialwin.php