EU May Outlaw Cookies 287
Millennium writes: "According to Yahoo News, The European Commission is considering a privacy directive which, among other things, completely bans the use of cookies. Forgive me for saying so, but considering all the legitimate uses of cookies, isn't banning them outright going just a bit too far?" Update: 10/31 19:21 GMT by M : The submitter's write-up is wrong. Read the story. Keep in mind, as usual, that a "news" story whose sole source is an executive with an agenda to push is unlikely to portray the situation accurately.
Privacy Paranoia (Score:3, Insightful)
People all ready have the choice.
You can't legislate stupidity out of life...
Enforcement Nightmare!(tm) (Score:2, Insightful)
Education is the key, not legislation.
*Education* is the key, *not* legislation.
EDUCATION IS THE KEY, NOT LEGISLATION!
Thank you, and goodnight.
Even session cookies? (Score:4, Insightful)
Outlawing Cookies (Score:5, Insightful)
Let's no throw the baby out with the bathwater... (Score:3, Insightful)
But don't I, as a website administrator, have a right to know the usage patterns of my users? If I set up a lemonade stand on the side of the street, I know exactly who comes to my store, how many times they come back, and if I'm smart enough, I can use this information to my advantage to sell more lemonade (e.g., I know that Tom buys lemonade on his lunch break at 12:15 everyday, so I better be open then). Why should online business be put at a huge disadvantage? Cookies are a great tool for maintaining a state over a stateless protocol, and differentiating one users "session" from another.
And also, a great deal of code to keep people "logged in" to web sites uses cookies to maintain state. Without cookies, web sites are forced to use the IP address as the unique identifier to distinguish between two users. What about proxy servers and firewalls? DHCP and dynamic IPs? Maintaining state over HTTP would be a nightmare without cookies.
The only problem comes up when cookies are used across different sites, or one company sells your browsing habits to another without your consent. But by browsing a site, you are implicitly giving that site the permission to see what you are doing.
Opt-In (Score:3, Insightful)
I'd like to see browsers with more refined cookie control. I should be able to set the cookie policy for each domain.
They aren't going to ban them. (Score:5, Insightful)
From what I read, they aren't banning cookies per se. What they're banning is any collection of personal information without explicit informed consent. So you can use cookies all you want, as long as you tell the user what personal information you're storing in them and let them say whether they want to allow it or not. And if you use cookies for things like shopping carts, where there's no personal information in them, then there's no restrictions on them. All perfectly sensible to me.
Alternatives would be more invasive (Score:2, Insightful)
BTW, does Microsoft Passport use cookies, or some other method? If they use cookies, I can just imagine the wheels turning in Microsoft's heads right now at reading this story!
Re:they don't know the user can disable 'em? (Score:1, Insightful)
A "log out" button on your site will prevent this problem if people remember to use it. You should also have a session timeout, but that won't help much in a library (people can get to the computers before they time out). If you use hidden form values, those won't be saved in the history. Make sure to send a header (or use a meta tag) to disable the users cache, and use HTTPS for any sensitive information.
On UNIX systems with Netscape, you can disable persistent cookies by linking ~/.netscape/cookies to /dev/null. Per-session cookies will still be allowed. It's a bit better than rejecting all cookies, since most sites requiring cookies will still work.
Re:cookies (Score:1, Insightful)
Re:they don't know the user can disable 'em? (Score:1, Insightful)
Re:cookies (Score:2, Insightful)
Session information IS kept on the server. All that is placed in the cookie for a session is your session identifier, a random but unique string. If this string is placed at the end of a url, then everything goes all to hell, because if someone logs in, then sends that url to their friend, then that person is also logged in as the first person, and hence a much bigger problem than cookies.
I wish I could find the zealots who proclaim that cookies are so evil. I had to give a whole presentation on what cookies are and what they aren't to this university just to build a PHP app that used sessions!
I guess, we could really inconvienience our users by having them log in each and every time they want to do something....
Again, legislating or litigating away technological progress isn't going to help anything.