Watchdog "Not Ready" To Probe Cookie Complaints 166
nk497 writes "The UK data watchdog has admitted it doesn't have any staff investigating cookie consent complaints, more than a year after the law came in via an EU directive. The regulation requires websites to ask before dropping cookies and other tracking devices onto users' computers, and came into law in May 2011. The Information Commissioner's Office gave websites a year's grace period to update their websites, but failed to use that time to get its team together, meaning the 320 reports of sites not in compliance it's already received haven't been investigated at all."
Like anyone is going to follow this (Score:4, Interesting)
I have to wonder if the people who wrote this law even considered the complaints they likely received at the time to the effect that it would make the internet practically unusable. Yes, it's a good sentiment to not want to "track" people, but with the increasing use of cookies for actual technical purposes - not to mention logins and the like - this would quickly become unfeasible and irritating. Anyway, what of serverside tracking - you know, like Facebook almost certainly does using its extensive "Like this" and Facebook integration APIs? I am more worried about that than cookies.
No other country's developers are going to give a crap what the EU/British government says. All this will do is hamper European businesses' internet presence and probably cause a few notable companies (Google, etc) to sever ties with the specific countries actually enforcing it. There are certainly plenty of other reasons to do so these days.
It's kind of sad when the US is one of the less technically inept governments in the world, and it only is because of general failure to do anything.
--BKY1701
Re: (Score:3, Insightful)
What actual technical purposes for cookies are there?
I wish you apologists for the privacy-violators had a better grasp of the technology; the whole point of cookies is to track the user, that's what they were invented for.
Now, some kind of tracking, like session tracking, may be necessary for the functionality of your site, but if you'd done your homework, you know that the makers of the directive considered that, and gave a specific exemption.
In other words: shut up, you fucking shill for the tracking ind
Re:Like anyone is going to follow this (Score:5, Informative)
What actual technical purposes for cookies are there?
Some obvious ones are:
1. Maintaining an authenticated user session (logging in and out securely)
2. Storing the current state of the user's session (shopping carts and the like)
3. Remembering user preferences from one visit to the next
4. Analytics within your own site
I wish you apologists for the privacy-violators had a better grasp of the technology; the whole point of cookies is to track the user, that's what they were invented for.
That simply isn't true. There are plenty of valid concerns regarding using cookies, particularly third party ones, but if they were only meant for tracking then why bother inventing things like session cookies?
Now, some kind of tracking, like session tracking, may be necessary for the functionality of your site, but if you'd done your homework, you know that the makers of the directive considered that, and gave a specific exemption.
And that specific exemption is so tightly worded that it doesn't even cover all of the examples above, which is why we then wound up with the formal opinion of the EU data protection authorities a couple of months ago covering things like first party analytics cookies.
I'm a strong advocate of privacy, but I don't see any serious privacy problem with any of the usages mentioned above, there are obvious potential benefits to the user in each case. Regardless, how are all these "This web site uses cookies, and we know that no-one is enforcing the rules so we've put this token irritating box up even though we're relying on implied consent and we already set them all anyway" boxes doing anything useful whatsoever?
Re:Like anyone is going to follow this (Score:5, Interesting)
All four of your examples are examples of user tracking.
Face it, cookies are a workaround for the stateless nature of HTTP. Cookies are meant for tracking by definition
And you know what? Numbers 1 and 2 are covered. Number 3 is covered once you asked for permission, which you can do using number 1. That leaves 'analytics', which is usually PR-speak for 'tracking user browsing and selling it to the highest bidder'.
So of your three examples, 2 of them are covered, one of them is covered by extension, and one of them can be done without. I'd say, no great loss.
You want to track me? You need my permission, and you don't get it by default.
Re:Like anyone is going to follow this (Score:5, Insightful)
Number 3 is covered once you asked for permission, which you can do using number 1.
Only if you force users to create an account just to keep your site's media player size the same or some other trivial but convenient detail.
That leaves 'analytics', which is usually PR-speak for 'tracking user browsing and selling it to the highest bidder'.
Nonsense. Every business I've worked with in recent years has used analytics to see how visitors are using their own site and ultimately provide a better experience for those visitors. Every single one. And for the record, exactly none of them sold any of that analytics data to anyone.
You want to track me? You need my permission, and you don't get it by default.
Then turn off cookies in your browser. It's not hard, and if you don't know how, a quick Google search will surely tell you.
However, I'm afraid I'm not going to compromise on the experience I can offer the other 99.997% of visitors to my sites because you want to make a fuss. No-one's forcing you to visit those sites, our policies are clearly stated and always have been, we're not doing anything even remotely shady in the eyes of just about everyone (except you, apparently) and just about everyone including us and many other visitors benefits if we pay attention to our analytics reports.
You might like to consider that if you really feel strongly about Internet privacy, you aren't doing anyone any favours either by scaremongering or by attempting to redefine commonly understood terms like "tracking" to mean something convenient for your argument but different to what everyone else means by them. When those of us who want to improve the privacy situation without throwing the baby out with the bathwater come to write to our politicians or send money to privacy groups, all it takes to counteract our reasoned arguments is one PR guy for a commercial ad network and someone hysterical like you, and the politicians who aren't experts are convinced that the advertisers are the only ones being calm and sensible, and therefore nothing needs to be done at all.
Re: (Score:2)
I'm not the one scare-mongering. You are acting as if the WWW will collapse if you have to ask users for consent to track them.
Why are you so dead set on just being able to track me without asking me first? Have you no decency, or are you trying to hide what you want to do with my info?
Re:Like anyone is going to follow this (Score:4, Informative)
You are acting as if the WWW will collapse if you have to ask users for consent to track them.
You're still using that word "track" in a way that no-one else in the world does. You aren't going to win any debating points like that.
Also, the WWW wouldn't collapse, but it would become significantly harder for those running web sites -- which you apparently value enough to visit them if any of this is a problem for you in the first place. It would be more difficult to optimise sites according to what users were actually looking for and how they were really using them. That would inevitably mean site operators couldn't convert as many visitors either, which in turn would inevitably mean that some good sites that were only borderline financially viable in the early days would fail unnecessarily, leaving no site to benefit anyone.
Have you no decency, or are you trying to hide what you want to do with my info?
What info do you think I am magically getting? It's not as if these things are giving up your name, DoB and home phone number. Your average analytics cookie is just a random number, and is completely anonymous. And even if I did collect personal information from you, which for example you might volunteer when signing up for an account, I would be constrained by exactly the same data protection laws as anyone else handling any other kind of personal data in my country, including filing (at my own cost) details of what I'm collecting and how it is used with my government's data protection officials, who will then make it available to the public so that anyone, including you, can read it.
Re: (Score:2)
'analytics' also covers collecting data which allows you to see what your users are actually using on your page and even what form elements are the wrong shape or size (are users are missing them when going to click on them)
Unless you think a map like bellow isn't useful to web developers:
http://csscreme.com/images/heatmaps/detail/ishrs.jpg [csscreme.com]
Re: (Score:2)
You want to track me? You need my permission, and you don't get it by default.
That is the single stupidest thing I've ever read.
Your browser stores cookie information and sends it to web servers because YOU CONFIGURED IT TO DO THAT.
If you don't want to send or store cookies, don't.
Re: (Score:2)
I'm not going to bother pointing out which posts made here under my name were not really me. I think only one was. It's probably pretty obvious anyway.
That said, I suspected you were a troll, and now you proved it. I will be quoting your fine post here in my signature to inform others of your nature.
Have a nice day.
Re: (Score:2)
Oh yeah, Hacker X did those posts full of invective, but now that you've thoroughly shown yourself up as an idiot, you're going to whine about a Bill Hicks quote.
Fuck off.
Re: (Score:2)
You seem to have some unresolved issues.
Please seek counseling or other professional help or take the pills they gave you if you've already consulted medical professionals.
And just to be clear before you decide to murder me in my sleep: I don't run any web services of any kind.
Re: (Score:2)
an extremely dedicated sock puppet.
Yes! It's all a conspiracy. a conspiracy against you mvdwege. we've been watching, waiting, for years!
finally. finally all the sock puppets we've been working so hard to make look like seperate people can swoop in and make you look mentally unbalanced.
Finally! the conspiracy pays off!
How did you see through our dasterdly plans?!?!
Re: (Score:2)
In other words, a fucking sociopath the world could do without. Kill yourself. This is not a joke, seriously, kill yourself.
You should be careful, encouraging someone to kill themselves is a crime in the UK. Considering the idiot police will arrest people for making clearly joking remarks on Twitter it probably isn't safe to state your opinion in public.
There is no free speech in the UK.
Re: (Score:2, Insightful)
1. Maintaining an authenticated user session (logging in and out securely)
cookies aren't required for that. they do offer the user the ability to automatically login (using a cookie) next time they visit, but you can do that without cookies too by either including a session identifier as a url get parameter (not recommended) or have a timeout set when you login that allows you to revisit without logging in again for a set period of time, authenticated by combination of IP address and username; IP address can be spoofed, so you might add a get parameter with a session ID as an ad
Re: (Score:3, Insightful)
"cookies aren't required for that. they do offer the user the ability to automatically login (using a cookie) next time they visit, but you can do that without cookies too by either including a session identifier as a url get parameter (not recommended) or have a timeout set when you login that allows you to revisit without logging in again for a set period of time, authenticated by combination of IP address and username; IP address can be spoofed, so you might add a get parameter with a session ID as an ad
Re: (Score:3)
So just to be clear, your proposed alternatives to cookies are:
1. sending exactly the same kind of state information (session ID etc.) but in places like hidden POST fields instead of cookies
2. using covert browser fingerprinting on the server side.
Exactly how is either of those approaches not at least as capable of covert tracking of your visitors? Not to mention being more than a little creepy, particularly in the latter case since even a user who has explicitly chosen to disable cookies and send Do Not T
Re: (Score:2)
It is obvious to anyone with a clue that abusing GET/POST that was was not intended, which is ironic, since you were in your other post going on about what HTTP/HTML was somehow intended to be. Every "bad" kind of tracking is just as easily possible on the server side, if not more so. Cookies are enforced per-domain. Access-based tracking is effectively cr
Re: (Score:2)
You link an image from Facebook, such as a "like" button. Every time someone views your page, that button is accessed, and your domain is the referrer. Facebook then sees the IP of the person viewing that image, and that referrer, and can potentially correlate that easily with the known IPs of Facebook users. Volla, Facebook knows every site you have been to.
This is not some kind of mythical concept. This was actually used to cause a brief hack scare on a site I used to adm
Re: (Score:2)
currently in the third year of a Chemical Engineering degree... and generally can handle just about any technical matter required of me
i'm qualified in aerospace engineering, experienced in aeronautical engineering, and now developing structural engineering compliance software, with over ten years of programming experience in a few languages (delphi, php, c, js), but it doesn't mean i know what i'm talking about all the time. even if a matter is within your field of expertise, its very doubtful that you know every aspect of that field inside and out.
from one engineer to another... your qualification will never be proof that you have an
Re: (Score:2)
Me: "Well, I'm going to be an engineer."
You: "I am an engineer! A better one!"
You: "But qualifications don't matter!"
It's kind of self-contradictory and I am not sure what
Re: (Score:2)
No, you're an anonymous coward on Slashdot, and I am the Pope.
Seriously, do you think you impress anyone waving your imaginary dick around? Especially since we'd need a microscope to see it?
I don't need to brag to have the facts on my site. Cookies were invented to bypass HTTP's inability to track state across requests. Any use of cookies is to persist state across HTTP requests; since requests come from users, cookies ipso facto track users.
If you are disputing even that basic fact, then no list of imagina
Re: (Score:2)
I am not disputing anything further with you. You're either a raw troll, or an abject fanatic with zero ability to see how stupid they appear to others. In either case, there is really not much point in actually discussing your talking points further. I alre
Re: (Score:2)
And if you had had the reading level of a twelve year old, you'd have seen that I didn't use 'anonymous coward' as a proper name, so I wasn't referring to the Slashdot usage, but simply to the inability to verify your imaginary expertise.
Which, apparently, is totally dependent on "Dick and Jane build a website".
Re: (Score:2)
Just because you *can* wedge the word "track" in there doesn't mean it's correct usage. They are there to *maintain* state.
To those who are suggesting use of GET and POST instead, that these were less-than-optimal is the whole reason cookies were invented in the first place. I worked with those methods and they were a PITA. And storing that kind of state in a GET is just plain-arsed retarded about any way you slice it.
With that said, that's somewhat orthogonal to the issue of tracking (and third party cooki
Re: (Score:2)
but online marketing use third party cookies mainly because of their persistence...
[Emphasis added]
You're moving the goalposts.
Re: (Score:2)
Re: (Score:3)
You've just attempted to quietly redirect the entire discussion from cookies in general (which have many valid uses) onto third party cookies (which have rather fewer valid uses and some obviously sinister ones).
Re: (Score:2)
Thanks for the link, but some of us have been watching this one for literally years now and have actually spoken to real lawyers about it in the course of doing business. These rules do affect all cookies, and any other similar technologies as well, by default. There just happens to be a special case for those cookies that are strictly necessary, in a very tightly worded sense.
Re: (Score:2)
Re: (Score:2)
If breaking the vast majority of technology on the market to accomplish absolutely nothing is a "step in the right direction," then please, let us slide far in the wrong direction.
I will again say: it's about feel-good-fuzzy-warm-cuddlies, as you just proved. Not technology. This does zilch to protect your privacy, and if you were c
Re: (Score:2)
It will break it as it stands. That qualifies as "breaking" it in my book. The fact it can be fixed is irrelevant to the act of breaking it.
Also, broken window fallacy. Creating jobs is not an excuse to break things that work fine now.
"you're not too bright are ya... there are also laws that prohibit murder, but it doesn't prevent people from being mur
Re: (Score:2)
Well, I can see the supporters of this measure are as mature as they come.
Cookies suck (Score:3, Interesting)
Re: (Score:3, Insightful)
Says the guy logged into /. via cookies
Re: (Score:2)
No, but you are responsible for creating an acocunt and being logged in.
What would you prefer? HTTP Auth?
Re: (Score:3)
Re: (Score:2, Interesting)
Re: (Score:2)
Re: (Score:2)
Not to mention an awful lot of code for more than a simple site. E.g. ajax, forms, etc...
How do you handle bookmarks? 'Remember me logged in on this site'? Session expiry? Links from a friend/email (would you get logged in as them)?
Re: (Score:2)
Re: (Score:2)
A forum?
If you has a session id in the url alone, bookmarking/linking to a page would log you out.
If you gave a link to a friend, it would log them out and depending on how secure it is, log them in to your account.
It would be impossible to remember your login for the site.
Search engines would get tripped up by them while crawling.
Session IDs should really be kept out of reach from humans. They make everything really messy.
Re: (Score:2)
How exactly does MySQL solve the problem?
Re: (Score:2)
That's well and good for a single session, but it doesn't deal with one that persists once the browser's closed and reopened.
Re: (Score:2)
The MySQL data isn't stored on the browser, it's stored at the server end.
The content of pages may not be stored between browser sessions, but that's exactly where a hidden POST field lives. (In fact, if you've been following a site that uses hidden post fields, that would suggest that every page is generated as a result of something the browser POST'ed. RFC2616 effectively bans caching the result of such things, so there's no "may" about it. The content of such pages cannot be cached; the hidden POST field
Re: (Score:2)
I think it's hilarious that you think the solution to browsing the web without cookies is basically ASP.net WebForms.
Re: (Score:2)
Hey, I'm a Windows user*. Can I use Access or Excel instead of MySQL?
*Just kidding.
Re: (Score:2)
WTF is so special about MySQL?
Re: (Score:2)
You can roll cookie IDs with every page transition too.
Re: (Score:2)
The IP address is actually a bigger issue too. I can use private browsing or clear my cookies if I'm paranoid enough with little effort. Masking IP address is a whole other issue. It doesn't expire at the end of the session, typically bears some kind of relation to geographic location, in some cases can be used to see if a person is home/online or not, can remain the same for years at a time and is identical across all websites and services accessed.
Re:Cookies suck (Score:4, Interesting)
And God-forbid someone copies their URL and pastes it to a buddy on IM or Twitter.
Oh wait, let me guess, you combine your URL session with an IP address, right?
In which case: God-forbid someone switch wifi networks expecting their session to still be valid. Ride mass-transit? Do they provide wifi with a constantly shifting IP as the train moves? Good luck getting on to my super-awesome no-cookies site! Cellphone? Idiot! Cellphones can no longer browse the web!
Re: (Score:2)
Re: (Score:2)
So your solution to the "Cookie" fiasco is to require all users to enable Javascripts? Your subtle sense of humor is sublime.
Re: (Score:2)
What? If you pass it in the URL, use HTTP Auth, or use cookies, it doesn't matter.
And you're seriously saying shuffling it around from one line to the other makes a difference? That's just silly.
More importantly, you're still simulating state. Just in an ass-backward way, for example making copying & pasting links a pain, for no f
Re: (Score:2)
+1
The stateless web was a design flaw based on assumptions about the content and the way things would be organized (the web is far different from what TBL envisioned). It was fixed (though maybe not in the best possible way). People need to get over it.
You're right about the header too. All this post gobblediegook basically translates to "server sends some stuff with a unique identifier, client sends back some stuff with same unique identifier, repeat until done". That's exactly what a cookie is but you don
Re:Cookies suck (Score:4)
The WWW is supposed to be stateless
According to who?
Re:Cookies suck (Score:5, Interesting)
Re: (Score:2)
The IETF disagrees [ietf.org]. They know a thing or two about running the Internet, too, I hear.
Re:Cookies suck (Score:4, Informative)
No. HTTP is supposed to be stateless. WWW just makes liberal use of HTTP. Every HTTP request should be made in isolation. WWW can still be stateful while sticking to this convention.
Re: (Score:2)
Punctuation... FTW (Score:2)
Let's have some fun, otherwise this is a so "Not news" item it should be posted on Idle (the lest redundundundant title should have been: Watchdog "Not Ready"). So...
Watchdog "Not Ready" to probe cookie! Complaints.
Watchdog "Not Ready" to probe! Cookie complaints.
Watchdog "Not Ready" to?! Probe cookie complaints!
Dumb laws are dumb. (Score:5, Informative)
When you go to a web site that "stores cookies" in your browser, what happens is that a HTTP "Set-Cookie" header is sent to your browser. YOU HAVE THE POWER TO DISABLE COOKIES in your browser. It's not like the remote site can make your browser save the cookie.
The user already has every capability to prevent the remote sites from storing any cookies. Simply DISABLE ALL COOKIES. Then, if you run across a site that has a feature requiring cookies (stateful sessions, like logging in), then and ONLY THEN DO YOU ENABLE COOKIES for that site alone. White list it. Oh your browser doesn't have a white list? YES IT DOES. IE does. FF has the Cookie Monster plugin among other ways, Chrome has -- Fuck Chrome! Chromium Exists. Chrome is closed source and has Google's secret advertising sauce added if you don't like cookies why would you use Chrome?! Google Sells Ads.
Now, being a primordial deep one from time immemorial, I remember an age before cookies existed. I used caller ID, bitrate and handshake timings to log and verify my visitors' identity in the BBS era. Then came the Internet. I used a hash of the user agent, IP address, and other header strings along with URL munging (crazy crap you see after the ? in your address bar) to identify and verify users. Cookies allowed us to stop crapping up every URL on the page, and causing massive link rot... So, you want to make laws about cookies, eh? Well there are levels of tracking we are willing to accept, and we don't even need the damn cookies to do so. Enjoy server side storage of your IP address, browser signatures, and Query Strings cocking up your bullshit European URLs....
Get bent morons. Cookies are good for you, at least YOU can control them. You can't very well control whether or not servers use URL munging....
Re: (Score:2)
The problem is that most people have no idea about anything. I agree though, making laws to ask sites to comply to some regulation is stupid. Browsers should have better and easier to use cookie whitelisting by default. This way, if a website detects its not on the whitelist, it will have to ask the user to add them to the whitelist.
Also, people use Chrome because it's faster. It's just way faster than Firefox, at least on Windows on my slow PC.
Re:Dumb laws are dumb. (Score:5, Insightful)
I've been wanting to say exactly this every time I see another retarded story about cookies. Thanks for giving me a hand.
Just in case it was missed: COOKIES ARE HELPFUL TO YOU, YOU MORONS.
Want online shopping? Cookies.
Automatic login to 9000 different sites? Cookies.
Remembered configurations and searches? Cookies.
Convenient URLs that you can remember? Cookies.
As the parent explained, YOU hold the control in deciding what, how and when sites can store cookies on your machine. If you can't be arsed to spend a half hour learning to protect your privacy, you don't deserve it.
Dim-witted, pandering, posturing politicians passing some idiotic "cookie legislation" is going to cause you to have *less* privacy, security and convenience.
Re: (Score:2)
As much as I am in favour of the intent of this law (restricting access to people you don't to access your browsing habits), it's not working in the slightest, and it was _never_ going to work.
Firstly, people don't want it (popups asking if they want cookies enabled are annoying and counterproductive)
Secondly, no one is actually complying with the law, including governmental bodies.
Thirdly, the internet is global now (wait, when did that happen?)
All that, and like parent said, cookies are a good thing in lo
Re: (Score:2)
I stopped receiving spam completely. It's really simple, I'm surprised more people don't do it.
Just bring up one of those command line thingies and type
# apt-get install mysql
My Athlete's foot went away also.
Re: (Score:2)
Want online shopping? Cookies.
Agreed and it should be read as implied when you visit such a site that you would want the shopping cart to work.
Automatic login to 9000 different sites? Cookies.
Ugh, no thanks, trackers wet-dream this one. Firefox and password-safe remember my passwords and that's the way I like it.
Remembered configurations and searches? Cookies.
With cookies this is for tracking, the browser can do this without cookies. If you like a site enough then fine, but 99% of sites I visit don't need 'configuring'.
Convenient URLs that you can remember? Cookies.
Eh, I don't even get this one, I don't need to remember any more than slashdot.org etc, and I use bookmarks, how d
Re: (Score:3)
It's not as simple as that. You are missing the usual "but we are geeks" syndrome. For a /.er disabling all cookies and then inspecting incoming ones individually to decide which to enable might be something they can do and willing to invest the time in. For normal people doing that for every website they use isn't really a viable option.
Hence a law that forces website owners to breakdown cookies to roles and present Mr. Normal Person a simple explanation of what they do and allow them to enable them or not
Re: (Score:2)
Of course whitelisting cookies by site is useless. Many sites send different cookies, you want to block some of them but not all.
Blocking by name is difficult because there is no name convention.
When every session cookie would start with SESS and every tracking cookie with TRK, it would be easy.
Now that there is no such naming convention, and no tools in place to do anything with cookie names, it is probably best to add
another field to cookies, to convey cookie intent. Then users can allow or block cook
They could have been a positive thing (Score:3, Insightful)
Re:They could have been a positive thing (Score:4)
Re: (Score:3)
1st party cookies are exempt from this regulation in many cases.
Read, comprehend, think, comment - preferrably in that order.
Why is the burden on millions... (Score:5, Insightful)
Re: (Score:2)
Because the burden is on the one infringing on my right to privacy to prove necessity, not on me.
Given the loud whines of Facebook-wannabe's and their shills, one wonders what they have to hide about why they collect all that browsing information?
Re: (Score:2)
If a browser is allowing your privacy to be invaded via tracking cookies, that's a problem with the browser. Not that the shady sites are free of responsibility, but you the user don't have to prove anything in any case.
An absurdly exaggerated analogy: If an OS shipped with all ports open by default and replied to any request with the contents of your address book, would it make more sense to make the manufacturer fix the faulty OS, or to try to prosecute everyone everywhere who took advantage of it?
Re: (Score:2)
Fuck you and the false dichotomy you rode in on.
Why not do both?
And again, it's the websites that want my personal info (yes, my browsing habits are personal info), they should have to justify themselves, not me.
Mart
Re: (Score:2)
Again, who is asking you to justify yourself?
First-party cookies do not track your “browsing habits” anywhere but on the particular site that you are visiting, and they already know you’re there.
Re: (Score:2)
Or, you could, you know, block their cookies. Or disable cookies entirely. Or get the fuck off the internet if you are THAT worried about privacy, because, let me tell you, cookies are the absolute least of most people's privacy woes here.
Check the link in my signature. It's relevant.
Re: (Score:2)
Sure, and women could be safer by not walking down certain streets in too sexy clothing.
I reiterate, it's up to you to prove to me why I should give something of mine up to you. All other public transactions work that way, and yet you want a blanket reversal for the personal info merchants. It is you who owes the public an explanation.
And behaving like a spotty twerp with a bully complex is not helping your case.
Re: (Score:2)
You politely ask Mozilla, Google, Microsoft, Apple, Opera and a few others. They put a developer on it for a few hours. Problem solved.
Re: (Score:2)
How do you mandate what sites do if they aren't in the UK?
The answer in both cases is: you do not, and that is by design.
Re: (Score:2)
You may want to deal with every single session cookie on every single site you visit
Thats basically what the EU wants isnt it?
They want every website to give you a popup asking if they can set a cookie on your browser.
Of course if you say No the website cant store your choice in a cookie, so your going to have to say No every time you visit.
Sure browsers could be modified to always say Yes/No.....oh right thats exactly what they already do now.
Browser cookie blocking is superior, so why not just keep useing that instead of misguided server side permissions?
Re: (Score:3)
The way it is implemented here in the Netherlands is that cookies required for technical operation,
like login sessions, store baskets, user preferences are allowed but cookies used for other purposes,
like tracking site visits and controlling ad placement, are not. (unless allowed explicitly by the user)
What is required now is an extra field in the cookies that conveys cookie intent, and a setting screen
in the browser to allow/deny cookies with given intent (as a default).
So users can opt-out of tracking an
Re: (Score:2)
Although I have ridiculed the use of POST and GET to replace cookies above, the truth is that once you have the user logged in with a cookie, it is then trivial to use POST or GET for the actual tracking. Unless the legislation is crafted carefully (haha), it's trivial to get around.
Re: (Score:3)
If anything NoScript should be default browser functionality.
Running NoScript means essentially every web site is broken by default, and you have to whitelist whatever domains they use for scripting to make it work. Invariably, people will just choose "allow all" to get things going. What's the point?
SO what your saying is (Score:4, Funny)
It's a damn stupid law (Score:5, Interesting)
Am I the only one who thinks that these popups which state "we're using cookies" is highly annoying?
Almost everyone apart from your aged grannie knows that you are tracked on sites by use of cookies, so what is the point of this bureaucratic nonsense? It's almost like a secret plot; a small step to making the net unusable.
If you really want to ban something, block sites from opening 3rd party poker/porn sessions in windows behind your current window, not that such things happen to me of course.....
[/rant]
Re: (Score:2)
Re: (Score:2)
Europeans especially seem to be unusually prone to this. At least us Americans tend to bitch about everything before, during, and after; that's arguably why we're still freer in a
Re: (Score:3)
I actually agree with you - it's a futile law. However, what it has done is made website owners think about what they're doing. Granted, most just say "we use cookies, if you use our site you agree to get them from us", but some sites are dropping the 3rd party cookies they don't need because they don't want to have to argue the toss for something they don't use.
This hasn't revolutionised anything, it hasn't even made an incremental change, but it's started a conversation. In that sense it's good. In most o
A Solution ... (Score:3)
Have a website? Disable and redirect EU visitors to a message explaining that they cannot use your website until they pester the morons in government who implemented this crap until it's reversed.
I'd love to see something like this gain traction. All it would take is a big player like Amazon to make this happen.
Re: (Score:2)
That's certainly an idea but consider it from the website owner's point of view. They're already making their website less competitive (globally) with annoying pop-over nonsense. Some websites actually don't work until you've explicitly agreed to have cookies (a poor interpretation of the law, IMO).
What do you think a user is going to do if they have to sit through a five minute, hell, even a 30 second political complaint before they can even use the site? Well, if that site, like many sites, has a billion
Re: (Score:2)
... just for 3rd party cookies (Score:3)
The law in the Netherlands is that you have to inform users that you are going to put a cookie on their computer.
EXCEPT if the cookie is required for the core functionality of your website. So your shopping cart can put its 1st party cookie, and you are not in hot water.
Most websites use Google Analytics. That is where you have to start putting up the "Smoking Cookies Kills" banners that will likely hurt your websites traffic significantly. The best thing is to avoid the banner altogether and stay still within the law.
Sot its time to drop Google Analytics; its cool, its nice and now a drag on business.
I have already found one alternative that looks half decent and doesn't require me to put up any cookies at all: PiWik (http://piwik.org/ [piwik.org])
Re: (Score:2)
does this law make any comment about localstorage?
Some can't see the forest for the trees. (Score:4, Insightful)
I think a lot of comments here are focused on the wrong thing.
TFA says "the ICO has yet to investigate a single website... because its investigative team isn't ready to start work - more than a year after the new laws came into force". So TFA is more about a culture of "shoot first ask questions later" that is prevalent in government agencies - NOT about the validity/ethics of having the rules in the first place. It's already in place, people - arguments about whether cookies are good or bad should have already taken place ages ago when vetting the rule.
So the real question is, why pass a law when there's no clear indication on the lawmaker's capability to enforce it?
Re: (Score:3, Informative)
So the real question is, why pass a law when there's no clear indication on the lawmaker's capability to enforce it?
The UK Gov't is only implementing what the stupid folks in the EU Gov't told them to. The real problem is that the EU Gov't allowed this crap to go through in the first place. We need to get some (members of parlaiment) MPs and (members of the European parliament) MEPs who have a clue about IT, who have a clue about how the Internet works. That's the underlying problem - we've got clueless career politicians with a supporting organisation made from clueless lawyers and MBAs.
Re: (Score:2)
So the real question is, why pass a law when there's no clear indication on the lawmaker's capability to enforce it?
The real question is, why isn't there any recourse against an enforcement agency that refuses to enforce the law?
Another meaningless law (Score:2)
facts (Score:5, Informative)
I hate to burst everyone's babble with facts, but here you are:
http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_guide/cookies.aspx [ico.gov.uk]
important key points:
Sorry for brutally slaughtering half the comments posted so far.
As I read it, what this basically asks me to do is put an information that my site uses cookies somewhere with a link to a page that explains what I use the cookies for. If you're doing the usual stuff (session ids), you're probably done with two sentences.