Forgot your password?
typodupeerror
Government EU Privacy The Internet Your Rights Online

Sweden May Mandate Opt-in For Cookie Transfer 115

Posted by timothy
from the cookie-monster-swedish-chef dept.
Vitdom writes "The present government in Sweden has published a proposition regarding 'Better rules for electronic communication.' Amongst other proposed amendments, it suggests that websites must inform the user of the 'purpose' regarding each individual cookie transferred to the user's browser upon connection. Secondly, it is suggested that the user must give his consent before the transfer of the cookie in question. The proposition is to be voted by the Swedish parliament on the 18 May this year. If accepted, the law will be in effect in June."
This discussion has been archived. No new comments can be posted.

Sweden May Mandate Opt-in For Cookie Transfer

Comments Filter:
  • by tetromino (807969) on Sunday May 01, 2011 @01:48AM (#35989046)
    Let's make it harder for websites to use cookies for legitimate purposes such as persistent logins, habituate Swedish computer users to clicking on the "yes, allow" button, and make foreign companies face trial in Swedish courts for using standard web technologies, while doing nothing about advertisers' ability to track users without permission [eff.org]!
  • Re:A breakfest (Score:0, Insightful)

    by Anonymous Coward on Sunday May 01, 2011 @01:54AM (#35989068)

    Man, Break Fest 2011 is gonna be a total bummer.




    You must wait a little bit before using this resource; please try again later.

  • Re:EU directive (Score:5, Insightful)

    by jgrahn (181062) on Sunday May 01, 2011 @03:38AM (#35989386)

    This is of coursed based on an EU directive [europa.eu]. Not sure why Sweden was singled out.

    Because we plan to kidnap Julian Assange and lose him on a small island in the Baltic sea where the only female inhabitants are sheep?

    Seriously, it might be because we have decent media coverage of these things. This is just one in a series of daft technological decisions coming from the EU, and journalists in .se are used to covering them. (And Slashdot readers in .se are used to submitting the results here.)

  • by amn108 (1231606) on Sunday May 01, 2011 @04:35AM (#35989510)

    I pity the folks who, upon visiting a major website, have to wade through 10 dialogs where each more or less thoroughly tries to explain them the particular meaning of their "SC=" cookie and why they feel it is paramount for them to send it. It's suicide for both the user and the website.

  • Great. (Score:0, Insightful)

    by Anonymous Coward on Sunday May 01, 2011 @05:05AM (#35989606)

    So as a user, am i going to have to click a whole bunch of dialogs every time I want to log in to a website, just to say that I give them permission to give me a cookie which allows me to log in to the website?

    Ugh - another misguided internet law.

  • by indeterminator (1829904) on Sunday May 01, 2011 @09:32AM (#35990526)

    You only need one cookie for all features if your site is competently designed: the one for tracking the user's session. Everything else should be stored on the server side anyway because you should never trust the client

    There are perfectly valid reasons (not involving cross-site tracking) to use more than one cookie. If a session identifying cookie is used to identify an user account and grant privileges, it's usually a good idea to make that cookie disappear when the user closes his browser (i.e. a 'session' cookie). However, the user may have additional preferences on the site which are not personally identifiable, but for which it makes sense to store and use the setting even when the user is not logged in, for example, language selection on multilingual sites. Trusting the client is also a non-issue for things that are mapped to a single item from a set of possible choices (as long as the code implementing the parsing is reasonably sane).

    (And for the Accept-Language header, try explaining to a client how they can change it. Or how to install a browser where they actually can change it.)

    And while we're on the subject, it takes only fractionally longer for most users to make a POST request than to just do an HTTP GET, so unless your site is stupid and slow or your users are then you don't need ANY cookies. A quality CMS will degrade. If yours doesn't then it isn't.

    Clicking on a link in a browser will cause a HTTP GET. Maintaining a session with URL parameters makes the URLs much less user friendly, and opens up a possibility for trivial social engineering exploits (e.g. lol paste your url here I'll have a look!).

CCI Power 6/40: one board, a megabyte of cache, and an attitude...

Working...