FCC Meets To Investigate Cookie Abuse

PreacherTom writes to tell us BusinessWeek is reporting that the FCC and the Center for Digital Democracy plan to meet in order to discuss abuses with regard to cookies. From the article: "Online advertisers have a sweet tooth for cookies. Not the kind you bake, but the digital kind — those tiny files that embed themselves on a PC and keep tabs on what Web sites are visited on which machines. But cookies could have a bad aftertaste for consumers. Privacy advocates say the files are being force fed in large quantities to computer users, and they're demanding that the government put some advertisers on a diet."

Alright, I'll Cut Back!

[by Anonymous Coward]

FCC Meets to Investigate Cookie Abuse

Jeez, lay off me, ok? My doctor's been bustin' my balls about it, the last thing I need is the government on my back.

I'm sorry, I'm sorry! But when you leave a box of those girl scout confections next to me, what do you think I'm going to do? They're gone after a few lines of coding and I don't even remember eating them!

*breaks down sobbing

I'm a sick man! I need help! Someone just check me into the Betty Crocker clinic already!

Suggested tag: thinkofthecookies

FCC Meets to Investigate Cookie Abuse

[GillBates0 (664202)]

Thousands of children arrested for crumbling cookies and drowning them in milk.

When contacted for comment on this...

[spiritraveller (641174)]

Cookie Monster replied, "Me not guilty. Cookie goooooooooooood!"

Re:When contacted for comment on this...

[scottschiller (1020773)]

Another cookie article, and yet more cooking/baking analogies. Someone should write a cookie monster Greasemonkey script which brings up that particular character ("And now, me eat cookie! Owmwowmowmwowmowmwmowm...."), before setting document.cookie to null.

Many sites stuff advertising and tracking-related data in there alongside your login/auth information in cookies, so it seems you can't win if you need to browse with credentials etc. Blocking 3rd-party cookies is probably the safest bet against ads and so on at this point though, without disrupting cookies required just to browse/authenticate.

As the (censored) big blue guy says...

[PreacherTom (1000306)]

Remember, kids, cookies are a sometimes food.

Are you kidding?

[spencerogden (49254)]

Is this really an area we need more laws about? The dangers of cookies have been overblown for a long time. Not to mention that fact that all browsers give the user more than adequate control over their cookies.

If this is the best thing the FCC can find to waste their time on, then they have become worthless.

Re:Are you kidding?

[neoform (551705)]

Headline should have read:

"FCC Meets to Over-Assert Itself Once Again"

Re:

[the_humeister (922869)]

If this is the best thing the FCC can find to waste their time on, then they have become worthless.

I think that happened quite a few years ago. Some symptoms include only catering to a small minority (eg wardrobe malfunction?) among other things.

Re:

[bentcd (690786)]

There are those who feel that the FCC becoming merely worthless would be a desirable development :-)

Re:

[Shawn is an Asshole (845769)]

Agreed. The cookie "threat" is overblown by the media. If you're really concerned about it, every modern browser has built in protections.

In Firefox's preferences (2.0) click on the "Privacy" tab and change "Keep until" to "I close Firefox". Then whenever you close the browser, all the cookies are gone. For sites you want to be able to persist (bank, slashdot, etc), put them in the exceptions. I've been doing it this way for years. You can also set it to block cookies for certain sites (I block google,

The summary is an understatement.

[jZnat (793348)]

Try browsing with cookies on an "ask me every time" sort of basis. Even the most unlikely websites will demand a cookie. What ever happened to sane usage of cookies where they'd only be set if you did something on the site that initiated a cookie transfer (e.g. logging in, starting a shopping cart, storing your preferences)?

Re:

[RingDev (879105)]

I've seen some that are limits on advertising. They track when the last time you had an add on the page so that you only see adds every few minutes, instead of constantly.

Cookies are a tool. They can be used for cool things, or crappy things.

-Rick

Re:

[creimer (824291)]

I think because most how-to books show how to create a cookie as a neat trick that can be done instead of how cookies should be used sparingly for legitimate uses.

Re:The summary is an understatement.

[TodMinuit (1026042)]

What ever happened to sane usage of cookies where they'd only be set if you did something on the site that initiated a cookie transfer (e.g. logging in, starting a shopping cart, storing your preferences)?

Oh man, remember those good old days? Before every site was covered in AdSense. When MySpace was the glimmer in some nerds eye. Before every moron lip-synced horrible songs on YouTube. When email was used for communication. When people actually used correct English. When Pluto was still a planet.

I remember!!! Flobble-de-flee!

Oh criminy

[A nonymous Coward (7548)]

Just disable cookies in the browser by default. Or make them session cookies, that's a good enough second best.

What's the government supposed to do next, make it illegal for anyone to download a virus?

Honestly, some people won't be satisfied until the government publishes a 500 page manual on how to wipe your ass and makes it illegal to do it in any other way.

Re:

[peragrin (659227)]

Um In NY there is a law on what positions you can have sex in.

I don't think it's ever been enforced though.

They might of finally removed it though. they were cleaning up the books on some stupid laws like that.

Re:Oh criminy

[ajs (35943)]

No, you're hyperbolizing. Some people (myself included) won't be happy until the government sets limits on how personal information can be used by corporations. I don't like the fact, for example, that my mother's phone company shares personal information with her Internet provider who then buys information derived from cookies to develop a package that allows telemarketers to target her based on what Web sites she uses. This is not what the Internet is there for, and I personally want a stop put to it. Limiting abuse of cookies (especially cross-site hand-offs that are used specifically to track broad activity across disconnected sites) would be a good first step, and one that should have happened years ago when certain companies which NDAs prevent me from naming (not related to my current company, thankfully) started the practice.

Re:

[kwerle (39371)]

No, you're hyperbolizing. Some people (myself included) won't be happy until the government sets limits on how personal information can be used by corporations. I don't like the fact, for example, that my mother's phone company shares personal information with her Internet provider who then buys information derived from cookies to develop a package that allows telemarketers to target her based on what Web sites she uses.

I had to look it up, just to be sure:
hyperbolize: overstate: to enlarge beyond bounds o

Re:

[ajs (35943)]

None of these are "personal information." At no point was your mother's hair color revealed.

It was if she was shopping for hair dye. It was if she was a frequent poster to the "blondes have more fun after 50" message boards.

But that's not interesting. What's interesting is that she usually follows links that talk about hair, or that she spends over $50 only on sites that have distinctly senior-citizen pitch. This requires examination of her behavior in a larger context.

That information, when tied to a telep

Re:

[non (130182)]

and most businesses will do whatever they can get away with in the pursuit of profit, whether its legal, moral, ethical, or not. futhermore, most are also in favor of more legislation regarding criminal offenses, while at the same time vigorously resisting any attempt at control over themselves.

its only to be expected, surely, but the level of hypocrisy is about to go off the scale. if it takes government legislation to control their behavior because they can't, or won't, control it themselves, then thats w

Re:Oh criminy

[kenj0418 (230916)]

Honestly, some people won't be satisfied until the government publishes a 500 page manual on how to wipe your ass and makes it illegal to do it in any other way.

I wouldn't mind if the government gave me a 500 page manual for wiping my ass. As long as the pages were soft - that is.

Re:

[SeaFox (739806)]

Honestly, some people won't be satisfied until the government publishes a 500 page manual on how to wipe your ass and makes it illegal to do it in any other way.

Dear FCC, I just wanted to write and congratulate you on a job well done with your recent endeavor. Sir, I am seated in the smallest room of my house. I have your manual in front of me. Soon it will be behind me. Thank you.

--SeaFox

More laws != good laws

[daeg (828071)]

Laws don't always correct things. This isn't something you can legislate. The sheer number of exceptions would make this law more complicated than anyone could follow or enforce.

Don't like cookies? Don't visit the sites that use them.

Re:More laws != good laws

[KokorHekkus (986906)]

Sweden has had a law mandating full disclosure of how cookies are used since 2003. In practice this means there's a small notification to a static page on how they use cookies. So it's not exactly an undue burden for a website. Having a lot of exceptions would make this complicated? Then don't have any... we don't in Sweden. Nothing has crumbled and died here yet.

Re:

[$1uck (710826)]

And what exactly does this law enforce? Sites only hosted in Sweden? Sites being viewed by swedish people? What good is such a law? How does Sweden enforce it? What if a company lies on their notification? who is going to catch it?

I fail to see how such a law is very useful.

Re:

[Peter Trepan (572016)]

Laws don't always correct things

Sure, they do. They correct the perception that congressmen don't do anything to deserve their paychecks.

Re:

[TheRealFixer (552803)]

Don't like cookies? Don't visit the sites that use them.


Ah yes, the sites that use them. Otherwise known as, the Internet.

Re:

[daeg (828071)]

Almost every site (other than ones you need to log into) can be viewed just fine without cookies. All browsers give you options to block cookies.

It'd be a different story if browser developers were in league with advertisers to force browsers to accept all cookies and to easily share them between websites. If that were the case, I could see Congress taking issue with it, as well as the courts.

Re:

[Dunbal (464142)]

Yes, it would be another useless law.

      (raises pitchfork in an up and down motion)

      Yarr, I agree. What we need is a law against useless laws!

      (more pitchfork waving)

Get some new material

[jfengel (409917)]

Is there any thing we can do about cookie pun abuse?

Thanks, Business Week. I've never heard any of those before. Perhaps you can stick in a few "roadkill on the information superhighway" gags while you're at it.

Re:

[Dunbal (464142)]

Is there any thing we can do about cookie pun abuse?

      Keeping those cookie puns hot and fresh in the oven, instead of cutting them out, ensures that lazy journalists can keep rolling in the dough.

International

[toetagger1 (795806)]

So this, like many other toppics like this, raises the question:
The FCC only has so much juresdiction. Would this apply to webpages that are hosted in the US? How about webpages that are being viewed in the US? Or what if they are hosted and vewed outside the US, but go through some wire in the US (or even worse, some satelite above the US...)
Of course, you could always regulate businesses and the way they do business in the US, but that shouldn't really be the FCCs responsibility. Not to mention that a business on the Net isn't just in the "US", especially if it sells ideas, information, or services, which are non-physical things that don't always cross borders and such.
It'll be interesting how this will play out in the next couple of years.

Re:

[EvilMoose (176457)]

The website says FTC. The slashdot post says FCC.
Harhar, I just nullified your +4 Insightful comment. I wonder, will this give me a +troll?

2 questions

[Lord Dreamshaper (696630)]

I set my browser to "Ask me everytime" On rare occasions, I need to allow cookies that I'd previously blocked. Problem is that my block list is hundreds deep and the names aren't always obvious. How do I find the one cookie permission I need to reset, short of erasing all permissions and starting over again? Along those lines, when I do allow cookies to keep me logged into a website, for example, how do I tell which cookies from that website are needed to keep me logged in and which ones are unnecessary (t

Re:

[Lord Dreamshaper (696630)]

But if you're going to buy from Amazon (for instance), you're going to have to suck it up and accept their cookies to use the shopping cart.

Exactly. I agree to use their cookies to enable the shopping cart. I'll even accept that the cookies then allow Amazon to make better suggestions for the next book I purchase. That does not mean I agree to allow someone else to profile me because Amazon sold the information, in specific or in aggregate.

Don't patronise the website? Well damn, I'd have to stop using t

Cookie Invasion!

[thewiz (24994)]

I, for one, welcome our new cookie overlords!
All hail Cookie Monster!

Re:

[Dunbal (464142)]

If "disco" means "I learn" in Latin, does "discothèque" mean "I learn technology"?

      Riiight. And "Alexander" is actually the guy who doesn't read - "A"= not, "Lex" = read, Ander from "andros" = man.

      Fun with greek and latin roots, part 2.

FCC Mandate

[paulthomas (685756)]

The internet is beyond the congressionally approved reach of the FCC as it was created. Not to mention that people can (and do) selectively block and delete cookies. I know a number of average joes who know what cookies are and periodically go clear them out.

One accepts a cookie. It is not forced.

They have time for this on top of everything else?

[Kenja (541830)]

I thought the FCC spent all its time breakign the 1st amendment. Guess they're getting enough money from unconstitutional fines that they can hire more people.

cookie problem

[ajs318 (655362)]

It's up to users to fight back. I have configured Firefox to ask me about cookies every time one is offered. If I see the dreaded __utma or RMID, I will block all cookies from that site. Others I will accept for the session only. I don't mind the odd PHPSESSID (even had one of them from a site pretending to be .asp once -- wonder if that was done for legacy compatibility reasons [keep the old filename even after upgrading to a better server platform] or by some smart IT bods getting paid to develop a site for a Microsoft server, then hosting it on a proper one and pocketing the money?)

If you're smart, you won't be tracked by cookies. But I've seen scary stackloads of cookies on machines running Microsoft crap. Come to think of it, even Firefox accepts all cookies by default.

Making browsers default to a safer cookie setting (disabled, or session-only) would be a step in the right direction, and so would simply outlawing data-mining (not that I expect anyone would take any notice of such a ban); but ultimately, it's still no substitute for users having some smarts.

Re:

[mcwop (31034)]

Agree. The user has control. No government regs required. Keep the government as far away from net regulations as possible.

The FCC won't let us be.

[Opportunist (166417)]

Either they're sticking their noses in things they have no business to nose in, or they're trying to come up with some unenforcable regulations. Could anyone tell me how this should be enforced?

Cookies are used for a lot of things. Keeping track of shopcarts, tracking client movement across pages so pages can be made more user friendly or guide you back where you come from, etc. Which of the thousands of applications of cookies are going to be deemed "good"?

Now, let's assume they come up with something. Wha

What you give them...

[singularity (2031)]

Cookies should only be able to store data you give a company. A cookie is not going through your computer and associate your cookie with your name, email address, credit card number, sexual proclivity, and so on.

Now you can say that prevalent advertisers like doubleclick can make inferences based on what sites you go to that they serve ads for. This is one reason that I block anything to/from doubleclick. The fact that this also has the advantage of eliminating several ads as I browse the web? Outstanding. I fail to see how this should suddenly become illegal for doubleclick to do.

So then you can argue "Yeah, but if you sign up with the website, or make a purchase, they can associate a cookie with all the information they gave you!" Yes, and so can any brick-and-morter who wants to track purchases made with the same credit card. Or grocery stores that give you "Discount Cards" that require a name, address, and phone number. Use that discount card once with a credit card and they have even more information on you.

So I fail to see how data acquired through cookies is so bad we need laws "protecting" us. Any privacy nut is going to be willing to either block cookies from certain sites or just make them session-long. Anyone else is running with about the same loss of privacy that comes with using a credit card anyway.

If you do not want online companies to know who you are (and therefore track you), then do not give out information.

I'm appalled

[not already in use (972294)]

The FCC shouldn't be wasting time on this. We have yet to find out who stole the cookie from the cookie jar. Who me? Couldn't be. Then who?

Cookies do not "embed themselves."

[Sloppy (14984)]

those tiny files that embed themselves on a PC and keep tabs on what Web sites are visited on which machines.

Cookies are passive content; they do not have the capapbility of doing anything. Web Browsers are what make the decision to download and store this purely optional advisory-only information.

If the cookie is not actively deleted or blocked by the Web surfer, it remains active on the computer for what could amount to years.

Again, you are describing a behavior of web browsers (and probably not all web browsers), not cookies.

I have always held that the software that I run, is my agent. If I run a web browser that essentially tells a web server what other pages I have visited, then by running that software, I have opted in. I guess the issue is that most computer users are not really aware of what they are running and what actions their agents are taking on their behalf, so they see the lack of making conscious decisions as "not opting out" rather than "opting in." I understand this and have some sympathy for this viewpoint, but it ultimately is technically incorrect, an illusion. I don't think you can't redefine the terms "opt out" and "opt in" to mean things they don't really mean, without having some undesirable consequences down the road.

The problem we face, is that we make unconscious or uninformed decisions, but that doesn't mean we aren't making those decisions; it merely means we're doing it poorly. I would much rather that users learn more about how their web browsers work and what the privacy risks are, than for new laws to be passed that micromanage what a web server admin is required to do, should their server be configured to send a certain header. It is ridiculous to have laws and regulations that get down to such detailed, technical levels, and I think that sort of thing is how we have managed to turn ourselves into a "lawyer society" where the law is so huge and complex that a layman is simply unable to know what the law is without expensive help from a specialist.

What Cookie Abuse?

[RAMMS+EIN (578166)]

Cookie abuse? What cookie abuse? Oh, you mean loads of websites setting loads of cookies in your browser, which worked last century, before browsers allowed users to set policies for cookies.

You know why they did it?

[Churla (936633)]

They did it all for the cookie
yeah
The cookie
yeah
The cookie

OKOKOK.. I'll stop.

Seriously, Organizations need to realize that pulling the US government into anything to get something regulated is almost always analogous to using nuclear weapons and lawyers. You only use them when you know both sides will lose, but you want to make sure your enemy is screwed just as badly.

I hate cookies

[MeanderingMind (884641)]

I've browsed the internet with my ever changing browser of choice set to ask me about any and all cookies for years now. The number of cookies per site has been very steadily and rapidly increasing since their conception.

I hate it.

Back when they first appeared, they were there to help us maintain our logins through the website, not lose our shipping carts etc. It wasn't bad, it made sense. I was willing to let websites store my username and password so that I didn't have to keep logging back in constantly.

Honestly, I don't even see why we have cookies anymore. There should be far better ways to maintain a persistant login by now. Ways which don't threaten our privacy, or provide a medium for the same bastards that invented pop-ups and pop-unders to destroy common decency.

The first time I visit any website I am bombarded by cookies. This isn't just one cookie, this is as many as seven from a single page. Why in the name of Linux Torvalds do these sites need seven cookies to function? Clicking the next page bombards me again, and will keep bombarding me until I get through all 255 or more ad3.adserve.cookies.net like services. Only then can I finally visit the website in peace, until next month when a new advertiser joins the loop.

So now my cookie accept/block list is the size of New York's phone book. Heaven forbid in that barrage of cookies there was actually an important one. With all the obscure names they're given it's impossible to tell until you can't maintain your login. Now I get to play the age old 'Find the needle in the haystack' game, new millenium version.

This is beyond sanity. I don't know if the FCC has the right or the ability to do something about this, but something should be done. I don't have any idea what. Boycotting pages with cookies means 99.9% of the internet is off limits.

Re:

[Opportunist (166417)]

When will our government learn that you can't legislate intelligence.

Hmm... maybe when some intelligence enters the government?

Re:

[Dunbal (464142)]

I can't stomach any more food related word plays.

      Heh, never become a pathologist. My adventures through Pathology at med school taught me that they are sick bastards - almost every disease has a food related description, from "nutmeg livers" to "bread and butter" hearts, etc. Incredible. At least with computers you're not holding Mrs. Jones' kidneys in your hands when you talk about food! :)