Cookie Bill Would Protect Privacy

JSK writes "Sen. Robert Torricelli, D-N.J., has introduced a bill into Congress which, if passed, would control networks' use of cookies. DoubleClick says they'll oppose it."

Is this what we want?

[Zaffle]

a New Jersey senator introduced legislation Thursday that would forbid Web sites from gathering personally identifiable information from Web surfers without getting their permission first. (Emphasis added)

The phrase personally identifiable information concerns me, what exactly is it. From what I can tell, its any information that may be able to be used to identify a person. So, obviously, your slashdot userid. Thats ok, since slashdot basically asks your permission anyway. (you need to sign up first).

But what about Apaches mod_usertrack, which issues cookies automagically to the browser so the admin can follow the user around their website. (This is a good thing, since it allows webmasters to see where things could be improved). Would this be disallowed, you see, from these cookies, I can identify you when you return to the website.

The sane definition of personnaly identifable information would be information that relates to you. (eg name, address, phone, email, age, sex, etc). However, doesn't that mean that bannerad companies can still track you, so long as they don't make any attempt to identify you?.

In my opinion, this is a good thing. I don't mind seeing only techo ads, because I visit lots of tech sites, and seeing techo ads even when I visit search engines. However, lets say the Company Evil Intentions Inc., with your permission, got your name and email. Then went to doubleclick, and said, right, this user here, whats his browsing habits like? Doubleclick won't have done anything wrong, since the information they collected can't be used to identify you, but now Evil Intentions Inc now know all about those "other" sites you went to.

And of course, if we say that bannerad companies can't track you, then that should, in all fairness, go for website admins using mod_usertrack.

What about if Doubleclick picks up shop and moves to a country where it CAN gather personally identifiable information?. We are back to square one.

In my opinion, the legislation is a good one, and I'd like to see it go through. However, there is a simplier way to deal with this. Stop bannerad companies tracking you. Easy enough, disable cookies in images. That will stop doubletrack mostly, the only other way I can think is if they use layers. I haven't done html development in awhile, so I'm not sure if you can have "remote" layers, where the layer is retrieved seperate from the page. But again, just disable cookies in that.

That will stop most bannerads tracking you. I'd like to see this change in Mozilla. (Don't tell me to code it myself, I will, but only after Mozilla is stable).

So in the end, yes this legislation is good, but it won't solve the problem.

---