FCC Meets To Investigate Cookie Abuse

PreacherTom writes to tell us BusinessWeek is reporting that the FCC and the Center for Digital Democracy plan to meet in order to discuss abuses with regard to cookies. From the article: "Online advertisers have a sweet tooth for cookies. Not the kind you bake, but the digital kind — those tiny files that embed themselves on a PC and keep tabs on what Web sites are visited on which machines. But cookies could have a bad aftertaste for consumers. Privacy advocates say the files are being force fed in large quantities to computer users, and they're demanding that the government put some advertisers on a diet."

Alright, I'll Cut Back!

FCC Meets to Investigate Cookie Abuse

Jeez, lay off me, ok? My doctor's been bustin' my balls about it, the last thing I need is the government on my back.

I'm sorry, I'm sorry! But when you leave a box of those girl scout confections next to me, what do you think I'm going to do? They're gone after a few lines of coding and I don't even remember eating them!

*breaks down sobbing

I'm a sick man! I need help! Someone just check me into the Betty Crocker clinic already!

Suggested tag: thinkofthecookies

FCC Meets to Investigate Cookie Abuse

Thousands of children arrested for crumbling cookies and drowning them in milk.

When contacted for comment on this...

Cookie Monster replied, "Me not guilty. Cookie goooooooooooood!"

Re:When contacted for comment on this...

Another cookie article, and yet more cooking/baking analogies. Someone should write a cookie monster Greasemonkey script which brings up that particular character ("And now, me eat cookie! Owmwowmowmwowmowmwmowm...."), before setting document.cookie to null.

Many sites stuff advertising and tracking-related data in there alongside your login/auth information in cookies, so it seems you can't win if you need to browse with credentials etc. Blocking 3rd-party cookies is probably the safest bet against ads and so on at this point though, without disrupting cookies required just to browse/authenticate.

As the (censored) big blue guy says...

Remember, kids, cookies are a sometimes food.

Are you kidding?

Is this really an area we need more laws about? The dangers of cookies have been overblown for a long time. Not to mention that fact that all browsers give the user more than adequate control over their cookies.

If this is the best thing the FCC can find to waste their time on, then they have become worthless.

Re:Are you kidding?

Headline should have read:

"FCC Meets to Over-Assert Itself Once Again"

The summary is an understatement.

Try browsing with cookies on an "ask me every time" sort of basis. Even the most unlikely websites will demand a cookie. What ever happened to sane usage of cookies where they'd only be set if you did something on the site that initiated a cookie transfer (e.g. logging in, starting a shopping cart, storing your preferences)?

Re:The summary is an understatement.

What ever happened to sane usage of cookies where they'd only be set if you did something on the site that initiated a cookie transfer (e.g. logging in, starting a shopping cart, storing your preferences)?

Oh man, remember those good old days? Before every site was covered in AdSense. When MySpace was the glimmer in some nerds eye. Before every moron lip-synced horrible songs on YouTube. When email was used for communication. When people actually used correct English. When Pluto was still a planet.

I remember!!! Flobble-de-flee!

Oh criminy

Just disable cookies in the browser by default. Or make them session cookies, that's a good enough second best.

What's the government supposed to do next, make it illegal for anyone to download a virus?

Honestly, some people won't be satisfied until the government publishes a 500 page manual on how to wipe your ass and makes it illegal to do it in any other way.

Re:Oh criminy

No, you're hyperbolizing. Some people (myself included) won't be happy until the government sets limits on how personal information can be used by corporations. I don't like the fact, for example, that my mother's phone company shares personal information with her Internet provider who then buys information derived from cookies to develop a package that allows telemarketers to target her based on what Web sites she uses. This is not what the Internet is there for, and I personally want a stop put to it. Limiting abuse of cookies (especially cross-site hand-offs that are used specifically to track broad activity across disconnected sites) would be a good first step, and one that should have happened years ago when certain companies which NDAs prevent me from naming (not related to my current company, thankfully) started the practice.

Re:Oh criminy

Honestly, some people won't be satisfied until the government publishes a 500 page manual on how to wipe your ass and makes it illegal to do it in any other way.

I wouldn't mind if the government gave me a 500 page manual for wiping my ass. As long as the pages were soft - that is.

More laws != good laws

Laws don't always correct things. This isn't something you can legislate. The sheer number of exceptions would make this law more complicated than anyone could follow or enforce.

Don't like cookies? Don't visit the sites that use them.

Re:More laws != good laws

Sweden has had a law mandating full disclosure of how cookies are used since 2003. In practice this means there's a small notification to a static page on how they use cookies. So it's not exactly an undue burden for a website. Having a lot of exceptions would make this complicated? Then don't have any... we don't in Sweden. Nothing has crumbled and died here yet.

Get some new material

Is there any thing we can do about cookie pun abuse?

Thanks, Business Week. I've never heard any of those before. Perhaps you can stick in a few "roadkill on the information superhighway" gags while you're at it.

International

So this, like many other toppics like this, raises the question:
The FCC only has so much juresdiction. Would this apply to webpages that are hosted in the US? How about webpages that are being viewed in the US? Or what if they are hosted and vewed outside the US, but go through some wire in the US (or even worse, some satelite above the US...)
Of course, you could always regulate businesses and the way they do business in the US, but that shouldn't really be the FCCs responsibility. Not to mention that a business on the Net isn't just in the "US", especially if it sells ideas, information, or services, which are non-physical things that don't always cross borders and such.
It'll be interesting how this will play out in the next couple of years.

Oh ffs...

When will our government learn that you can't legislate intelligence.

Hell, our population already proved we can't elect it, now mod me up for taking a crack at the President.

2 questions

I set my browser to "Ask me everytime" On rare occasions, I need to allow cookies that I'd previously blocked. Problem is that my block list is hundreds deep and the names aren't always obvious. How do I find the one cookie permission I need to reset, short of erasing all permissions and starting over again? Along those lines, when I do allow cookies to keep me logged into a website, for example, how do I tell which cookies from that website are needed to keep me logged in and which ones are unnecessary (trial-and-error often creates the previous problem)?

Cookie Invasion!

I, for one, welcome our new cookie overlords!
All hail Cookie Monster!

FCC Mandate

The internet is beyond the congressionally approved reach of the FCC as it was created. Not to mention that people can (and do) selectively block and delete cookies. I know a number of average joes who know what cookies are and periodically go clear them out.

One accepts a cookie. It is not forced.

They have time for this on top of everything else?

I thought the FCC spent all its time breakign the 1st amendment. Guess they're getting enough money from unconstitutional fines that they can hire more people.

Firefox + Cookie Culler extension = easy fix

With Cookie Culler, you can choose the specific cookies to always keep and delete the rest every time you close your browser.

cookie problem

It's up to users to fight back. I have configured Firefox to ask me about cookies every time one is offered. If I see the dreaded __utma or RMID, I will block all cookies from that site. Others I will accept for the session only. I don't mind the odd PHPSESSID (even had one of them from a site pretending to be .asp once -- wonder if that was done for legacy compatibility reasons [keep the old filename even after upgrading to a better server platform] or by some smart IT bods getting paid to develop a site for a Microsoft server, then hosting it on a proper one and pocketing the money?)

If you're smart, you won't be tracked by cookies. But I've seen scary stackloads of cookies on machines running Microsoft crap. Come to think of it, even Firefox accepts all cookies by default.

Making browsers default to a safer cookie setting (disabled, or session-only) would be a step in the right direction, and so would simply outlawing data-mining (not that I expect anyone would take any notice of such a ban); but ultimately, it's still no substitute for users having some smarts.

Enough already

Enough with the eating puns!

FTA: "...sweet tooth for cookies...a bad aftertaste...force fed in large quantities...on a diet." I think I'm going to be sick.

Hypocritical?

Goverments *coughUKcough* just love keeping information far more sensitive then this about their citizens. Are they just upset about someone else cutting in on their game?

word plays

I can't stomach any more food related word plays.

D'oh!

Under the Radar

If you use the Flash Plugin make sure you set the
local storage settings to 0 KB.

(Right click a flash banner and select "Settings..")

You can set cookies in Flash and it doesn't get deactivated
when you turn off cookies in your browser.

Advertisers haven't really started fully utilizing Flash's
ability to store data in a local sandbox, but don't worry they will.
And it goes completely underneath the browser cookie control radar!
There is so much flash content these days (banners, video) it is
bound to be exploited sooner than later.

AAFC (Anonymous Aware Flash Coder)

The FCC won't let us be.

Either they're sticking their noses in things they have no business to nose in, or they're trying to come up with some unenforcable regulations. Could anyone tell me how this should be enforced?

Cookies are used for a lot of things. Keeping track of shopcarts, tracking client movement across pages so pages can be made more user friendly or guide you back where you come from, etc. Which of the thousands of applications of cookies are going to be deemed "good"?

Now, let's assume they come up with something. What does it change? Nada. A webpage that used cookies sensibly and responsibly will be "allowed" to continue doing this. Pages that offer shady deals and have dodgy ideas of the uses of cookies are most likely not in the US and thus way out of reach of the FCC.

So what is this stunt about? A statement along the lines of "Hey, look, we're still there and we do something but complaining about boobs!"?

What you give them...

Cookies should only be able to store data you give a company. A cookie is not going through your computer and associate your cookie with your name, email address, credit card number, sexual proclivity, and so on.

Now you can say that prevalent advertisers like doubleclick can make inferences based on what sites you go to that they serve ads for. This is one reason that I block anything to/from doubleclick. The fact that this also has the advantage of eliminating several ads as I browse the web? Outstanding. I fail to see how this should suddenly become illegal for doubleclick to do.

So then you can argue "Yeah, but if you sign up with the website, or make a purchase, they can associate a cookie with all the information they gave you!" Yes, and so can any brick-and-morter who wants to track purchases made with the same credit card. Or grocery stores that give you "Discount Cards" that require a name, address, and phone number. Use that discount card once with a credit card and they have even more information on you.

So I fail to see how data acquired through cookies is so bad we need laws "protecting" us. Any privacy nut is going to be willing to either block cookies from certain sites or just make them session-long. Anyone else is running with about the same loss of privacy that comes with using a credit card anyway.

If you do not want online companies to know who you are (and therefore track you), then do not give out information.

So we won't see any more of this

It was as if thousands of Oreos cried out in terror, and were suddenly silenced...

</obligatory cliche>

I'm appalled

The FCC shouldn't be wasting time on this. We have yet to find out who stole the cookie from the cookie jar. Who me? Couldn't be. Then who?

Metaphor Exhaustion

At what point is it too much to bear the oblique references (well, not that oblique) to cookies, diets, etc? I know kitchy metaphors are the stock in trade (there's another one) of the lazy newspaperman, but it's aggrivating that the online world bear so many more of them.

Information superhighway, chip on his shoulder, etc.

argh

FFS

oh please help us mommy government! save us from the mean nasty cookies!

Seriously people. You can clear out cookies yourself, or block them, or whatever you want to do. I have a setup where cookies I want to keep are permanently saved (e.g., Slashdot), all others are cleared out at the end of session, so websites that need cookies to work still do fine, but I don't get any long-term tracking cookies. It's YOUR computer, you can do whatever you want with the data on it, Microsoft/Sony/etc.'s DRM aside.

Cookies do not "embed themselves."

those tiny files that embed themselves on a PC and keep tabs on what Web sites are visited on which machines.

Cookies are passive content; they do not have the capapbility of doing anything. Web Browsers are what make the decision to download and store this purely optional advisory-only information.

If the cookie is not actively deleted or blocked by the Web surfer, it remains active on the computer for what could amount to years.

Again, you are describing a behavior of web browsers (and probably not all web browsers), not cookies.

I have always held that the software that I run, is my agent. If I run a web browser that essentially tells a web server what other pages I have visited, then by running that software, I have opted in. I guess the issue is that most computer users are not really aware of what they are running and what actions their agents are taking on their behalf, so they see the lack of making conscious decisions as "not opting out" rather than "opting in." I understand this and have some sympathy for this viewpoint, but it ultimately is technically incorrect, an illusion. I don't think you can't redefine the terms "opt out" and "opt in" to mean things they don't really mean, without having some undesirable consequences down the road.

The problem we face, is that we make unconscious or uninformed decisions, but that doesn't mean we aren't making those decisions; it merely means we're doing it poorly. I would much rather that users learn more about how their web browsers work and what the privacy risks are, than for new laws to be passed that micromanage what a web server admin is required to do, should their server be configured to send a certain header. It is ridiculous to have laws and regulations that get down to such detailed, technical levels, and I think that sort of thing is how we have managed to turn ourselves into a "lawyer society" where the law is so huge and complex that a layman is simply unable to know what the law is without expensive help from a specialist.

What Cookie Abuse?

Cookie abuse? What cookie abuse? Oh, you mean loads of websites setting loads of cookies in your browser, which worked last century, before browsers allowed users to set policies for cookies.

You know why they did it?

They did it all for the cookie
yeah
The cookie
yeah
The cookie

OKOKOK.. I'll stop.

Seriously, Organizations need to realize that pulling the US government into anything to get something regulated is almost always analogous to using nuclear weapons and lawyers. You only use them when you know both sides will lose, but you want to make sure your enemy is screwed just as badly.

7 years ago called

it wants its emerging privacy risk back.

I hate cookies

I've browsed the internet with my ever changing browser of choice set to ask me about any and all cookies for years now. The number of cookies per site has been very steadily and rapidly increasing since their conception.

I hate it.

Back when they first appeared, they were there to help us maintain our logins through the website, not lose our shipping carts etc. It wasn't bad, it made sense. I was willing to let websites store my username and password so that I didn't have to keep logging back in constantly.

Honestly, I don't even see why we have cookies anymore. There should be far better ways to maintain a persistant login by now. Ways which don't threaten our privacy, or provide a medium for the same bastards that invented pop-ups and pop-unders to destroy common decency.

The first time I visit any website I am bombarded by cookies. This isn't just one cookie, this is as many as seven from a single page. Why in the name of Linux Torvalds do these sites need seven cookies to function? Clicking the next page bombards me again, and will keep bombarding me until I get through all 255 or more ad3.adserve.cookies.net like services. Only then can I finally visit the website in peace, until next month when a new advertiser joins the loop.

So now my cookie accept/block list is the size of New York's phone book. Heaven forbid in that barrage of cookies there was actually an important one. With all the obscure names they're given it's impossible to tell until you can't maintain your login. Now I get to play the age old 'Find the needle in the haystack' game, new millenium version.

This is beyond sanity. I don't know if the FCC has the right or the ability to do something about this, but something should be done. I don't have any idea what. Boycotting pages with cookies means 99.9% of the internet is off limits.

How About Government Mandated Computer Education

Instead of laws on cookies, how about laws requiring basic education on how to run the computer and web browser? Or maybe simply strong-arming Microsoft into deleting cookies upon exit of the browser.

In the meantime, what could be simpler than using Firefox, telling it to accept all cookies and then setting the drop-down to "delete when I close Firefox"? Really. Works like a champ and I wish them luck in tracking me with my ever changing IP.

Are fingers pointing at...

...TV's leading expert, [wikipedia.org] who said in a recent interview "Me abuse cookies? No way! See? [pbskids.org] (Hey, you know where me can get some biscotti? C'mon, help a monster out. Just this once. Me can stop any time me wants.)"

Nice Commitment

Sweet tooth...aftertaste...force fed...diet

I think I'm going into metaphor overload.

An easy solution

Firefox + CookieSafe. Problem solved. And no need to wake up all the politicians in congress to do it

wtf

What jurisdiction does the FCC have over the internet?

If users are not tech savvy enough to use Firefox & Permit Cookies [mozilla.org], then they get exactly as much protection as they deserve. Cookies aren't the problem, stupid users are.

Here's where I go slightly off topic. Stop reading if you want.

I accept that advertisers are scum and will do whatever they can to make money off of me, so I fight back. I use Firefox [mozilla.com], Permit Cookies [mozilla.org], Flashblock [mozilla.org], Adblock Plus [mozilla.org], and Filterset.G Updater [mozilla.org].

I no longer have cable (tv) - the only things I watch are things I downloaded and then put on my XBox with XBMC [xboxmediacenter.de]. I'm happy to say that commercials are no longer a part of my life! After shutting off cable for a while I can't stand to watch the TV in the break room or a friend's house because there are so many commercials. You don't realize just how many there are until you stop seeing them for a while. Try it! I do not subscribe to any advertisement packets calling themselves magazines. I use Gmail almost exclusively for personal mail and it's spam filters are pretty good.

I recommend trying all of the above.

Solution: Default Deny to accepting cookies

Set FireFox to deny all cookies.

Uncloak when you need to, allow the necessary cookies, deny sec.liveperson.net etc. Once you have completed your work on said website, delete ALL the denied websites. Set FireFox back to deny all. You will still be able to use the website (occasionally you may have to re-allow cookies to access new features). This way, you only have to manage the allowed websites and not the denied websites.

Also, use no-script to prevent getting some of the cookie requests in the first place. googlesyndication does not track me!

Pot calling the Kettle ....

Anyone else browsing in "ask to set cookie mode"?

If you are then you noticed that bizweek tried to set 5 cookies ... 'black!'

I *DO* use opera in ask for cookies. I then accept domain wide cookies for my bank, credit card companies, mail servers, etc...

PLEASE, oh PLEASE do cut down on cookies. If I want to check out your latest reciepe for "Duck A L'Orange", I HARDLY need you to send me a cookie.

Note: the Duck a L'Orange and Cookie reciepe pun was just now noticed and not intentional :-D