EU May Outlaw Cookies 287
Millennium writes: "According to Yahoo News, The European Commission is considering a privacy directive which, among other things, completely bans the use of cookies. Forgive me for saying so, but considering all the legitimate uses of cookies, isn't banning them outright going just a bit too far?" Update: 10/31 19:21 GMT by M : The submitter's write-up is wrong. Read the story. Keep in mind, as usual, that a "news" story whose sole source is an executive with an agenda to push is unlikely to portray the situation accurately.
the wrong solution for the wrong problem (Score:4, Interesting)
Whoever proposed this absolute ban on cookies clearly has never done any kind of web development. Sheesh.
They should outlaw pencils and paper, too (Score:3, Interesting)
on that paper and slip it under your mousepad.
Then, later, I could update that piece of paper
with new information.
What's good about this:
- Someone, somewhere is taking privacy
seriously.
What's bad about this:
- It demonstrates a fundamental lack of
understanding about the modern world.
Overall, I say it's good. They are *thinking*
about privacy, which is more than the US
Government is doing (aside from thinking about
how to get rid of privacy).
-nate
Accept/Deny Cookies are good (Score:2, Interesting)
Why is privacy so desirable? (Score:2, Interesting)
If you have something to hide, the problem is not with people fiding out, it is with the reason you desire to hide it.
Privacy solves nothing, it just allows people to ignore problems.
Besides, technology will eventually make all of this moot. Dust sized video camera stuck to everything, only way to avoid that is a really trustworthy police state, and that sounds just *so* much better..
Re:not banned outright (Score:3, Interesting)
Then again binoculars and small video cameras 'may seriously intrude on the privacy...' of European people too. Are they going after things of that nature as well?
Why ban them? (Score:2, Interesting)
It may be in the best interest of the Internet though, because many sites require cookies. Maybe that would force said sites to have a cookieless solution, or miss out on all the possible readership. Itll be interesting to see what happens in the future.
Typical Shortsighted Slashdotters (Score:2, Interesting)
This isn't about slashdotters, it's about end-users, the vast majority of which have no idea what the heck a cookie is, much less where they can be found and what they can do. The average web user only knows that if he "turns off all cookies" much of the stuff he wants to do on the net doesn't work anymore. If he elects to review each and every cookie, he ends up spending more time clicking "Accept" than actually using the web. Actually, let me correct that. The average web user doesn't even know there's a menu with "cookies" mentioned.
I think requiring web sites to expliciting notify and obtain permission to track and store personal information via cookies is not necessarily a bad thing. Not all cookies are about tracking where users go, nor about keeping personal information.
Does anybody have a link to the actual legislation? Rather than assuming what we think is going to be in it and screaming at the top of our lungs, does anybody actually know what they're proposing exactly?
Re:Why! (Score:2, Interesting)
And if you turn them off, a lot of things just won't work.
Browsers and Cookies (Score:2, Interesting)
The real problem is that the most popular browsers only allow you to block/unblock cookies globally, therefore if you want privacy, the sites that rely on cookies won't work. Even scarier is the fact that, the more popular a site, the greater the chance that it requires cookies (personal observation). When given a choice (one might argue that it's not really a choice, since cookies are enabled by default) between lack of functionality and lack of privacy, most of the users prefer lack of privacy.
The Raven
Re:cookies (Score:2, Interesting)
Ugh. Please. URL rewriting is about as ugly a way to track sessions as I can imagine. Yes, it works. Yes, it works without cookies. But as soon as people start emailing links to other people, it all goes to hell. I've been there, I've done it, and I won't do it again.
How to have your cookies and eat them too (Score:1, Interesting)
Warning: I have only tried this with Netscape and Mozilla on PCs and Macs, otherwise YMMV.
Nonsense (Score:1, Interesting)
The truth is that there is an EU legislative proposal currently in drafting that includes some propositions on how to combat the threat to privacy which we are all starting to face from companies like Doubleclick.net and other advertising agencies which have systems in place which combine large scale website tracking with real world identification systems.
Basically allowing them to know who you are and which websites you are visiting, for how long, what you are doing there etc. all without you knowing.
The sort of stuff that we fear goverments may one day start doing which is already being implemented by various commercial organisations
Thankfully the EU have decided to do something about it. How this has been interpreted into a complete ban on cookies is beyond me.
The closest anything comes to being of the sort is a possible solution included among many that would stop 3rd party advertising cookies from tracking which websites people visit without the users consent.
Things will break (Score:3, Interesting)
Re:How do you deal with bookmarks (Score:2, Interesting)
Alternative to cookie: URL-rewriting and its flaws (Score:3, Interesting)
You can put it in the cookie, but that means people who disable cookies on general principles can't use your site. Sort of a nuisance.
You can put in on the URL, but if you do that, you have to be aware that people may send URLs containing session identifiers to their friends by e-mail, or they might post them to a newsgroup, or better yet, they might just put up their own web site with a link with that ID in it. I've seen all three in sites I've worked on that use URL-rewriting.
Because we wanted to avoid cookies, we started checking referrers on inbound requests. Yes, of course referrer can be spoofed; that's not the issue. We simply wanted to catch casual sharing of URLs containing session identifiers. Any referrer that doesn't match the site of the actual request, or where the session ID is different than the one in the request, is rejected; a new session is established at that point. If the request was for an interior page that requires logging in first, the user then gets booted back to the site entrance or a login page.
It really depends on whether you want to go ahead and use cookies or not. I prefer not. Cookies certainly are not the only way to manage sessions.