Slashdot Mirror
EU May Outlaw Cookies
Millennium writes: "According to Yahoo News, The European Commission is considering a privacy directive which, among other things, completely bans the use of cookies. Forgive me for saying so, but considering all the legitimate uses of cookies, isn't banning them outright going just a bit too far?" Update: 10/31 19:21 GMT by M : The submitter's write-up is wrong. Read the story. Keep in mind, as usual, that a "news" story whose sole source is an executive with an agenda to push is unlikely to portray the situation accurately.
at least some places are taking a serious interest in privacy.
Well then that would break my Yahell Mail sign in, Slashdot signin, hotmail sign in. What would work without session cookies?
Sure, block illegitimate use of cookies. What other mechanisms do we have? Passport?Does passport use cookies too?
----- Whats wrong with this picture? http://www.revoh.org:1234/whatswrong
Since just about every major browser allows you to accept/deny/view/modify/delete coolies... what's the big deal? Banning X10 ads... now that's something worth considering.
--
Don't sweat the petty things, and don't pet the sweaty things.
But I like cookies... especially the chocolate chip ones! :-)
Seriously though, if you really don't like cookies, you can disable them through almost any (if not every) browser. The only problem is that some sites require them in order to use the site. Can you log in to Slashdot without cookies? I haven't tried, but I'm pretty sure you can't. And if you could, you would have to log in again every time you start your browser.
Banning cookies would be lame. Instead, they should make websites now with two methods of data tracking. Something like cookies, and something else. Now-a-days, if you don't have cookies turned on, you can't do many things. This is just wrong. Its like telling people if they don't allow a camera crew to follow them around, they can't shop/use cars/live normally.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
How about revisiting the issue of cookies and listing the various ways they can be properly used as well as abused? I'm personally not really up on cookies; I know that's ignorant, but it's true. I can't be the only cookie dummy on slashdot.
C//
nay, tasty though they may be, the side effects of tooth decay and obesity far outweigh any legitimate use they may have...
Either give it away or get top dollar, but never sell yourself cheap.
All modern browsers allow users to turn off cookies completely.
People all ready have the choice.
You can't legislate stupidity out of life...
nuclear iraq bioweapon encryption cocaine korea terrorist
nice to see them at least considering user's privacy (it that is their intent.)
I like the EU legislating content and practices on the Internet no more than I like the US doing the same. That which I tell you three times is true:
Education is the key, not legislation.
*Education* is the key, *not* legislation.
EDUCATION IS THE KEY, NOT LEGISLATION!
Thank you, and goodnight.
Cookie monster will be SO disapointed!!!
.. .
And I hate to disapoint a monster. It's dangerous
You tell him .
In Soviet Russia you dant have to put up with these crappy jokes
The EU appears headed toward a classic error - they haven't defined the problem correctly. Instead of asking "how can we protect the privacy of our citizens" they asked "how can we prevent organizations from using this specific technology to invade our citizens privacy."
Whoever proposed this absolute ban on cookies clearly has never done any kind of web development. Sheesh.
** The opinions expressed here are my own, and do not reflect those of my employers - past, present, or future**
Cookies and donuts.
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
They don't really call them cookies, I think the call them biscuits :)
JET Program: see Japan, meet intere
I can see regulating them, but I can't see outlawing them entirely. On-line banking, for example, is an example of cookies that I can understand need to be in place.
Wether or not the "Interactive Advertising Bureau" is going to lose some money from that is something I could care less about.
The problem with HTTP, being connectionless and stateless, cookies are a hack that was added to get around the failings in the protocol. People have (ab)used it to track site visitors in a slightly more obnoxious way though, and *that* is probably why the EU is looking at this at all.
I can see banning long-duration cookies, but e commerse would collapse without the session cookie, or something functionally eqivelant. A better rule would be to require browser makers to provide better granularity in cookie preferences, and to make the settings more conspicuous.
I don't know half of you half as well as I should like, and I like less than half of you half as well as you deserve. BB
While I realize their security concerns, in my opinion the problem isn't with the cookies. The bigger security concern, is really with web bugs. The rest of the stuff that the EU seems to be concerned about really is data that could be generated by analyzing web server logs. The problem is with sites that monitor people across multiple domains.
But the sticky point about cookies is that they often store data without a users' explicit approval. The Commission has been debating whether individuals should have the last word (lawmakers call this the ``opt in'' method) on what bits of personal information are collected on them while online.
Jeez. We already have that. Almost every browser in the world offers the ability to decline all cookies. It may make using any dynamic website an impossible task, but the Commission's inability to realize that this option is already there speaks to their poor understanding of the technology.
SO YOU'RE GOING TO DIE: The Comic for Dealing with Death
I mean, I could write some personal infomation
on that paper and slip it under your mousepad.
Then, later, I could update that piece of paper
with new information.
What's good about this:
- Someone, somewhere is taking privacy
seriously.
What's bad about this:
- It demonstrates a fundamental lack of
understanding about the modern world.
Overall, I say it's good. They are *thinking*
about privacy, which is more than the US
Government is doing (aside from thinking about
how to get rid of privacy).
-nate
European officials to do their best to protect their population from all evil..... whatever....
... and, while we're at it, ban the cakes, too. And the spanish cocas. And all kinds of biscuits. And pretzels, too, just in case. It's easier to forbid the food that's Bad For You than to pass a directive requiring all european citizens to go on a diet.
I just can't help buy wonder what will Cookie Monster say about this: "When cookies are outlawed, only outlaws will have delicious meals", or something like that.
Oh, you mean software cookies? Oh...
"Trust me - I know what I'm doing."
- Sledge Hammer
What will we do when cookie monster is removed from the cast of Sesamee Street?
1q2w3e4r5t6y7u8i9o0pqawsedrftgthyjukilo;p'azsxdcf
(yes, it was a joke)
-paul
What is really needed is a reasonable use policy or such that limits cookies in how they are used.
The initial/original idea of using cookies was pretty much for productive things. But the use of cookies in ways it was not intended have evoloved.
Perhaps this news item can be a good place to argure what is acceptable and what is not. And that these responces may then be forwarded to the EU.
I run WestHartford.net which is basicly a gaming site quite similar to slashdot. I have something called message forums. These "message forums" use cookies to keep a user "logged on." Does that mean I'm going to get sued? Is keeping a user "logged on" a violation of privacy? Also, what can they do about it since I'm in an other country?
Please check the time/date of this post before marking as redundant
Liquid Gaming - Your daily dose of gaming news
The Accept/Deny/Only this time cookie management idea that is turned on by default in Konquor is great (and an option in Mozilla). Once you have got through the first couple of weeks accepting cookies from the sites you trust/like and rejecting all the doubleclick and other ad site cookies you only have to accept/deny cookies every few days (depending on your surfing habits).
[Please type your sig here.]
Dont they have enough on their minds with the Euro coming out in 2 months?
It sounds like all they want is a method to have the user explicitely agree to accept a cookie whenever one's proposed. Many (most?) browsers already support that functionality. Maybe browsers just need to ship with that defaulted to "on" for EU countries. I don't really understand why they're making such a fuss.
To be honest, I think they're going about this thing entirely the wrong way. Don't attack a technology because it has the *ability* to do something you don't like. Attack those that are abusing the technology. In this case, full and proper support for the W3C's P3P initiative looks like it addresses all of the privacy concerns that go with cookies. Maybe they should be looking at this instead.
One thing Microsoft has done right recently is P3P support in IE6, and setting the browser to default itself to what I would consider a reasonable setting out of the box, which automatically blocks a significant number of 3rd-party cookies. I love seeing this in action.
How would the EU block them? at the ISP level?
----- Whats wrong with this picture? http://www.revoh.org:1234/whatswrong
On Tuesday the EC voted to make the value of Pi equal to 3.
This will simplify the design of capstans for cash registers in Belgian butter stores, while causing a tolerable 400% increase in the paperwork required to calculate the orbits of communications satellites when requesting permission to use public-owned gravity generated by EC member states.
I don't understand the motivations..
If you have something to hide, the problem is not with people fiding out, it is with the reason you desire to hide it.
Privacy solves nothing, it just allows people to ignore problems.
Besides, technology will eventually make all of this moot. Dust sized video camera stuck to everything, only way to avoid that is a really trustworthy police state, and that sounds just *so* much better..
The only thing I can recall from earlier threads is that they're evil. I can't for the life of me tell you why they are evil--maybe because Doubleclick placed a cookie, and Doubleclick is the Internet Hitler, at least, or maybe a terrorist group trying to track me. But I've been blocking them fanactically ever since! Except for Slashdot's cookie, of course.
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
its quite amazing how poor a rap that cookies have gotten, there are tons of usefull ways to uses them, we use them all the time to store variables that can be passed from page to page, we also use them to allow access to certain areas as determined by data contained within.
my only real gripe with them is they just seem to take up room after a while...
Thanks to file sharing, I purchase more CDs
Thanks to the RIAA, I buy them used...
But don't I, as a website administrator, have a right to know the usage patterns of my users? If I set up a lemonade stand on the side of the street, I know exactly who comes to my store, how many times they come back, and if I'm smart enough, I can use this information to my advantage to sell more lemonade (e.g., I know that Tom buys lemonade on his lunch break at 12:15 everyday, so I better be open then). Why should online business be put at a huge disadvantage? Cookies are a great tool for maintaining a state over a stateless protocol, and differentiating one users "session" from another.
And also, a great deal of code to keep people "logged in" to web sites uses cookies to maintain state. Without cookies, web sites are forced to use the IP address as the unique identifier to distinguish between two users. What about proxy servers and firewalls? DHCP and dynamic IPs? Maintaining state over HTTP would be a nightmare without cookies.
The only problem comes up when cookies are used across different sites, or one company sells your browsing habits to another without your consent. But by browsing a site, you are implicitly giving that site the permission to see what you are doing.
Like many political institutions, it takes EU some good technicians to explain them the ins and outs of every question. Fact is the said technicians didn't do they're homework with the copyrights and "intellectual property" stuff, so they surely try to overdo said homework with privacy.
And once again, critical questions, with possible direct implications with expression freedom...
Yes, t'was a rant(tm)!
they should just ban them on images.
When cookies are outlawed, only outlaws will use cookies.
Shop smart, Shop S-Mart.
The idea of completely banning cookies is absurd. Let's look at a deeper solution.
IE comes with cookies automatically on and accepted, perhaps this is where the plan of attack should be. Many people have no idea what cookies are, or the fact that there is information being stored about you when you visit a site.
In all fairness to current legitimate use of cookies, people should be warned that cookies are being sent in the first place, and then the person should decide what to do, to accept or not, or to automattically accept all, or automatically accept and reject based on predetermined user settings.
Lets put down the unfair practice of cookies to store information without the user's behalf. They EU should require all browser default to ask the user about cookies after installation of the browser, bundled or downloaded-however it comes. Then after the user has made his choices, then you cannot say that they cookies were illegal, or taken without user permission.
Did you know everytime you dunk an Oreo into a glass of milk, it sends information back to Nabisco via an embedded 802.11 interface? Here's just some of the private details being sent without your knowledge:
* Type of milk (skim, 1%, 2%, etc.)
* Brand of milk
* Length of dunk
* Whether you double-dunk or not
* When you dunk (watching TV, in bed, etc.)
* Any health problems it finds as it works its way down your body
I praise the EU for finally doing something about this.
"People that quote themselves in their signatures bother me" - athakur999
Not exacly the first time that policy and technology
collide. What needed is legislators who are more knowledgable about technology or at lest take advice
until then heres just another impractical and unworkable law on the way to add to the current collection.
Realstically are there any alternatives to Cookies, how else can session based systems worked or any website that needs unique ID's isn't don't most E-commerce systems employ cokkies for customers "Shopping Carts".
All thats needed is more education and more selective cookie managment tools in browsers ( which is already mainly implemented in mozilla IE etc but still could be improved)
The Data Protection directive (which is law in all EU states, AFAIAA) already makes it illegal to store any identifying information about any citizen of a country of the EU outside the EU's borders, as well as requiring all companies to surrender all information they hold, with catagorisation, proper sourcing, and defense of ownership, about a person within a short time period for minimal charge; see The Register's coverage here and here for more info.
As an aside, unlike the US, the rest of the world has a-political civil servants; the European Commision is the civil service of the EU, as it were, and they form laws, not pass them (that is done by the proportional-representation-wise-elected European Parliment).
HTH.
James F.
It's like banning alcohol, drugs, or guns, really. :)
Seriously, this is a tough issue. How do you specify "acceptable" use of cookies?
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
Yes
I am the Alpha and the Omega-3
If I set up a lemonade stand on the side of the street, I
know exactly who comes to my store, how many times they come back, and if I'm smart enough, I can use this information to my advantage to sell
more lemonade (e.g., I know that Tom buys lemonade on his lunch break at 12:15 everyday, so I better be open then).
Under EU law, you need to have Tom's permission to keep that information in a database.
Cookies are a great tool for maintaining a state over a stateless protocol, and differentiating one users "session"
from another.
It still will be possible to do this. Just make sure that no information that can be used to identify these people is used in a way that they have not expressly approved of.
Its not a total banning of cookies. The article is misleading in that respect. Just a ban on the use of cookies to track people
However, we note that some HUGE corepirate megasloths attempt to use same to 'track' your browsing habits, with the eventual intent(s), of marketing to you, & finding out which sites draw the most eyeballs, advertising with them, & effectively squeeshing the 'little guise', off the wwmap. We don't think that's such a good plan.
There is also a notion that if your pc can be 'snooped' by the nefarians, that your passwords, etc.. could be pilfered. A double edged mixed blessing the little morsels are indeed, but banishing them completely would be like discarding your car, because your neighbor uses his to rob banks.
Have you seen these face scans, etc...., of the REAL .commIEs? I thought so.
Ok, so Netscape and IE both allow you to disable cookies. Woohoo. How usefull is that? Your other choice is confirming each cookie. Ever tried surfing with that option on?
I'm sure there are some third-party software products that allow users to assess each cookie once and allow/deny it forever (ie. yahoo cookie allow, doubleclick cookie deny). Why is that so hard to include with the browser?!?
That would make this whole issue go away.
"The market alone cannot provide sufficient constraints on corporation's penchant to cause harm." -- Joel Bakan
What will the Queen Mum take with her tea?
The parallels with the EU are obvious. We have a new government established, supposedly bent on establishing standards and protecting the citizen. Instead, we have the government limiting consumer choice. I think it's only a matter of time before the next Napoleon steps up to the plate and uses the infrastructure currently being put in place by the power-hungry EU.
Today, they take away the right to use cookies on your website. What tomorrow, gun rights?
Slashdot: Open Source, Closed Minds.
Next thing you know the British government is going to ban dental work. Ooops, "The Big Book of British Smiles" provides evidence they already have...
Am I the only one getting hungry off of the today's topics?
First there are donuts.. mmmmm donuts..
and now cookies.. mmmmm cookies...
then you have ghost stories topic thread and I'm sure the Shhh! Constructing a Truly Quiet Gaming PC was posted so that anyone who built it would be scared if someone yelled 'Boo!' at them.
Just My Little Conspiracy Theory.
never take me seriously..
In this era of government being swamped by technology, and the people in charge being so untechnical, it doens't seem surprizing that any government would "outright ban" anything. As to them it is better to get a law on the books quickly in order to make it relevant to the times as opposed to having the law make sense but be enacted "too late" to do anything!
Web sites can synch up usage logs, cookie, log-ins and customer profiles to create a sophisticated analysis of individual users' behavior and tastes online.
Or, a simple cookie can be used without all that to note whether a user has seen a specific page before. That's useful for webmasters who want to serve up certain types of dynamic content.
Neither did the article mention that without cookies, many European users will not be able to "customize" web sites, because the web server will not be able to track an individual user's session. You'd have to log in on every page to see your customized version, or pass the user's login through the URL--hardly a good idea for security's sake.
We're going to have an increasingly hard time making a good case for responsible pro-privacy legislation if the press can't figure out the basics of the technology being discussed. The public's never going to know they're being screwed if the press can't figure it out enough to tell them.
Why is it called COMMON sense when so few people have it?
Wouldn't it make more sense for them to require companies/sites to ask permission before writing or accessing a cookie? I mean, anything can be used the wrong way, and abused.
It may be in the best interest of the Internet though, because many sites require cookies. Maybe that would force said sites to have a cookieless solution, or miss out on all the possible readership. Itll be interesting to see what happens in the future.
Cookies, when used in a responsible way, can increase privacy. Of course, that is not true with those practically eternal cookies which expire some day in the year 2037 or so. On the other hand, there are other tracing methods such as exclusively dynamic URIs or even cache timing attacks (yet another interesting Felten paper, BTW).
In my opinion, you should not outlaw the tool, but the intention to gather data. Recently, we've seen so many attempts at restricting tools which have some negative potential, competely neglecting the positive possibilities such tools present. Shall we make the same mistake again?
n/t
Cookies are probably used on 95% of all sites today, bth Internet and Intranet. Banning cookies would break, what? 75% percent of all websites that rely on them? That's absolutely ridiculous. They might as well outlaw HTML.
Considering that anyone in their right mind can completely reject cookies (even in IE) this seems like a bad decision. If I want to turn cookies off I'll turn them off. Maybe I want cookies turned on. Get off my back big brother...
Just because I AM paranoid doesn't mean they're NOT out to get me.
Perhaps something being overlooked here is that users already have the means to disbale cookies! Each to their own... overbroad legislation is going to create more problems than it will solve.
----------
while (alive) { Work(); PayTaxes(); Eat(); Sleep(); }
Bool
They should allow opt-in cookies, but I'd still like every site to be required to state what data it keeps in its cookies and what it does with it as part of its privacy policy.
I'd like to see browsers with more refined cookie control. I should be able to set the cookie policy for each domain.
... something's wrong...
The existence of such a technology, the amendment states, ''may seriously intrude on the privacy of these users. The use of such devices should therefore be prohibited unless the explicit, well-informed and freely given consent of the users concerned has been obtained.''
Now, aside from porno sites, when is the last time you've ever been asked for your "explicit, well-informed and freely given consent?" Explicit... ok, yes or no, pretty simple. Well-informed... ha! right! Not if it might contain proprietary information. Definitely no well-informing going on if we're talking about Microsoft. Freely given... another ha! right! "Either you agree, or you can't use any of our service." That seems to be the uniform quote. When's the last time you had a third option on a license agreement. Heck, with MSN, you don't even have a choice, if you don't have the right browser, they won't even let you attempt to view the site.
~ now you know
From what I read, they aren't banning cookies per se. What they're banning is any collection of personal information without explicit informed consent. So you can use cookies all you want, as long as you tell the user what personal information you're storing in them and let them say whether they want to allow it or not. And if you use cookies for things like shopping carts, where there's no personal information in them, then there's no restrictions on them. All perfectly sensible to me.
A cookie is just a way for the web server to save information client side. Banning Cookies would be like Banning programs that left Registry Entries on your computer. It's just information that needs to be saved.
It's these Paranoid people who have no Trust for Web Companies and their small web sites, but will more than willingly install Microsoft Products which inspect and pick apart every part of your system.
Arthur: You know all this explains a lot of things. All through my life I had this strange, unaccountable feeling that something was going on in the world and no one would tell me what it was.
Slartibartfast: No, thats just perfectly normal paranoia. Everyone in the universe has that.
It's typical, EU allways stick its nose where it shouldn't be, like withe the cucombers they are trying to ban the ugly ones, apples when they are to small was to be banned as well. Considering that the EU was formed to make european trading more easy, I just don't get it, ok the cucombers and apples - we need standards but this is like the european curency, police and army ideas... they just don't make sense. actualy they do if we want something like the states, and speaking not only for my self - and with all respect for the states - we don't, I'm proud of the Danish flag, the language, the curency and the culture, of course without becoming a racist, actualy i welcome foreigners to Denmark as long they behave, if they have danish citizenship they are to be treated just like any other criminal with danish citizen ship.
I was initially caught up in the scare about cookies, especially when I discovered some clueless webmasters were storing my site password in cleartext in them. But over time, I realized that the alternatives for creating a stateful session might be far worse. Can you say Java / ActiveX?
BTW, does Microsoft Passport use cookies, or some other method? If they use cookies, I can just imagine the wheels turning in Microsoft's heads right now at reading this story!
"you can already turn off cookies... blah blah blah"
This isn't about slashdotters, it's about end-users, the vast majority of which have no idea what the heck a cookie is, much less where they can be found and what they can do. The average web user only knows that if he "turns off all cookies" much of the stuff he wants to do on the net doesn't work anymore. If he elects to review each and every cookie, he ends up spending more time clicking "Accept" than actually using the web. Actually, let me correct that. The average web user doesn't even know there's a menu with "cookies" mentioned.
I think requiring web sites to expliciting notify and obtain permission to track and store personal information via cookies is not necessarily a bad thing. Not all cookies are about tracking where users go, nor about keeping personal information.
Does anybody have a link to the actual legislation? Rather than assuming what we think is going to be in it and screaming at the top of our lungs, does anybody actually know what they're proposing exactly?
"No, no, no. Don't tug on that. You never know what it might be attached to."
i've been running ie6 for a few weeks now, and apart from it completely fscking up a number of things (what do you expect), it does have one kief feature which pre-parses your cookies and informs you if a cookie looks suspect.
one such example is if an HTML layer-type banner (you know the one's that aren't just images, but are actual HTML pages placed inside a layer within a DIV) tries to drop you a cookie it will warn you and block it if you choose.
i'm sure my mother would have no idea how to turn off cookies by herself - but this at least goes a step further to inform a luser of the possible intrusion.
i assume it checks the URL in window.location object and if it doesn't match the URL of the cookie it warns you.
i know its not exactly giving you 100% privacy protection - but its a start, and i've found it very handy.
I can still write a tracking site using a session ID that is not a cookie. The problem doesnt go away, just changes to a less controled method. I can enable or disable cookies, IE has a persite way, cookie pal does the same for netscape on a windows box. Most cookies can be disabled and the web site works fine. I block all until I hit a point that require cookes then only unblock those cookies required.
As long as cookies are allowed if consented to I dont see any problem at all. What it will force is the browser vendors adding a specific 'allow cookies from this site' or 'dump all cookies from this site into /dev/null' option.
Some cookies are useful and should be allowed, but personally I dont give a rats ass if DoubleClicks buisness model requires them to be able to track people all over the web. It should be up to the user to allow or deny any corporate entity the right to gather data on their habits. The current method of allow/deny could be improved a lot to allow more finely grained control.
The article is very bad; I don't know who wrote it, but it looks like someone oversimplified the issue to make it look unacceptable. Commonly used fallacy. The overemphasis on "lost jobs" and shit like that is giving it out. Besides, I haven't heard of that stuff anywhere else. Kinda doubtful. And if it's just a proposal from a single member of parliament, there's really nothing to bitch and whine about; it's their job, after all, to come up with issues and propositions, and it's also their jobs, as members of parliament, to weed it out and come up with sensible laws.
Ban cookies? I doubt it. I could, however, see the european authorities requiring companies to inform users when they're collecting such information; which is, all considered, not a Bad Thing.
It's a two sided coin remember. Keeping cookies has its advantages for forgetful users, advertisers and website designers, but its a bad thing for total privacy.
Perhaps the EU, in reality, is doing the best thing for users of confidential buisness. Very few people who don't work in the IT industry know about "cookies" and information they keep.
But then again, in real life you could look at it this way: You close your windows so people don't look in, but it's not illegal for people to try and look through them.
I doubt the law will pass through, as many similar US laws have been thrown out in the past, and I would hope that the EU is this compatent.
There is nothing inherently evil in cookies.
;-)
The evil is in intentional misuse or ignorance of proper use.
Storing personal data (unencrypted password, email) in a cookie is stupid evil.
Forcing users to accept cookies for a non-originating domain (like excite, so you login to one of their other domains) is questionably stupid or intentional. Since this then makes the problem of double-click type privacy issues more extreme.
NOTE: Non-originating server cookies are not required to get into hairy tracking issues,
all they have to do is fetch a document (usually
image) from another server that will include a cookie in the headers. This is a prime reason next generation browsers allow you to deny
images from non-originating servers (that and
as a minimal means of preventing ads) not to
prevent sucking bandwidth from servers because
newbies are using images etc. off of someone elses server
Were that I say, pancakes?
Keep in mind, as usual, that a "news" story whose sole source is an executive with an agenda to push is unlikely to portray the situation accurately.
$sarcastic_slashdot_comment
-Waldo Jaquith
This may be taking a little news blurb too far, but I take this as just another example on how governments are so behind in understanding technology that in many cases they are functionally irrelevent. If they do end up passing a privacy bill I imagine it would either contain measures like this and be patently absurd, or the more likely case of being a watered down legalistic reaffirmation of the way business is currently done.
Far too often when the legislators foray into the online technological world, it becomes a spectacle of trying to keep logically unsound metaphors from being grounds for stupid legislation. Absurdities abound such as Al Gore comparing the government's role in the interstate highway system to the fiber optic Internet backbone. (He said something along the lines of wanting the backbone government run until some AT&T, Worldcom etc... folks sat him down and explained how it actually works to him). We get the standard key escrow legislation attempts every few years that are technologically unworkable in addition to just being plain stupid.
Sometimes they get it right (Internet sales tax ban), and I could see some legislation along the lines of requiring companies to actually FOLLOW their posted privacy policies, but I'm just generally suspicious when people who generally don't know much at all about technology are writing the rules.
Conspiracy theorists, reeling from the news of an attempted ban on cookies, blame the secretive Adeno-Triphosphate-Lateral Commission for attempting to strange the world's supply of nutritious sugars. Danish and croissant manufacturer's associations, as well as independent bakeries throughout western Europe, have barraged Brussels with calls to reconsider what they see as unwarranted government intrusion in the pastry sector. Echoing these calls is French PM Mitterand, who stated yesterday, "The right to freely make pastries of whatever type a French citizen chooses is integral to our society. Liberty, equality and delicious treats, that is our national motto."
In a typical move, late night comedians on the Continent mocked innocent Ukraine, which is attempting to join the EU. "Hello my name is Zyrgz Yakobinksky and I am our President, of the Ukraine. What are these cukeis of which you speak? We of the Ukraine only eat rocks, raw fish, and discarded Communist literature. If you ban the cukeis in the West we would be happy to take them." A nutritional scientist with some university pointed out that neither rocks nor the works of Engels and Marx are considered edible in virtually all cultures, excepting tribesmen on the far reaches of the Indonesian archipelago.
--hongpong.com
Sometimes I think slashdot does away with cookies since I get randomly logged out and can't even login again. YAY!
Reading the Yahoo story, its pretty clear the author took the Internet Advertising Board's press release and printed it almost verbatim.
The proposed legislation has nothing to do with browser cookies, it focuses on regulating what kinds of private information marketing scum can gather and share without permission. The bill aims to prevent marketing firms from using any data obtained through illicit or decietful means to be correlated with personal identities. It would also prevent marketing from using personal information to gather other info through other means.
Web sites could still set cookies on your browser, and even track sessions from one logon to the next. But the web sites would not be allowed to match that information with individual identities. They could still gather statistics, monitor actions, and anything else cookies are useful for, but not for targetting individuals.
This legislation was proposed before, but was stalled after the IAB and a few other telemarketing firms pooled their money to fight it. It has been delayed for a while, but is back for another round.
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
BOOBIES
The rhetoric from this article seems a bit reactionary and overstates the importance of Cookies.
.NET, e-mail macros) there are trade offs between security and ease of use. I think it is a good idea that these issues are being scrutinized by the general public.
The legislation has triggered concern in Europe's Internet advertising community. The Interactive Advertising Bureau UK (IAB) said British companies could lose 187 million pounds ($272.1 million) if the directive is ratified.
Meadows-Klue admitted the name sounds a bit childish, but said the ramifications of the EU's directive were serious. It could result in the loss of more jobs and more businesses failing in the already-beleaguered Internet sector, he said.
I don't get it. Without cookies, all of those sites that use them legitimately will have to rewrite their code to use a different method of transaction tracking. This would seem to provide more jobs for out of work programmers not less.
Cookies provide a tool for tracking a user's activity within and across sessions. While this is very useful to someone designing a site it is also a potential security and privacy risk.
Much like any tool (Java,
Personally I am happy with Cookies as they have been implemented: An option in most browsers which can be turned off. I suspect that this European Commission will come to the same conclusion.
If electricity is produced by electrons is morality produced by morons?
What will this do to .net as passport needs cookies?
Those hockey pucks my english mother-in-law makes should be outlawed!
A strange game. The only winning move is not to play. How about a nice game of chess? - Joshua (Wargames)
Does this mean every site I visit will have two pop ups? One asking if it can put cookies on my computer and the other describing what a cookie is?
Pretty soon there will be two sorts of people in the world: those who use the internet, and those who live in EU countries :)
Nevrar
Considering all the legitimate uses for guns,
isn't banning them outright going a little too
far?
On this dudes homepage (in dutch...) his official statement does not say he wants to ban cookies at all. He's only proposing legislation in order to abridge tracking users' browsing habits and then using these to send them advertisements based on their habits without the users knowledge. This is not a bad thing in my opinion; our normal use of cookies (e.g. no need to login to /. and tracking sessions on usefull web-applications) will not be affected at all. Wim van Velzen's official statement can be found here (dutch).
He doesn't sound like he totally understands cookies, though; he says things like "it's still unclear wether cookies can be used to gather information about other sites the user has visited" and he proposes a "maximum validity date for cookies" which has been there since t=0.
So either I misunderstood all of this, Yahoo got this wrong, or Wim van Velzen's statement is incorrect, but I guess he wrote it himself so that's ok. Nothing to see here people ...move along.
0x or or snor perron?!
So how does the EU figure that a site can maintain session data without the use of cookies? Most people come from behind proxies or firewalls, making it necessary to store data on their own computers in order to maintain state. There's really no other way to do it.
I guess they don't want people actually doing useful things like online banking and such with the web, huh? You really can't do any type of semi-complex form-driven web database without using cookies.
The Cookie Monster is gonna be pissed!
The submitter's write-up is wrong. Read the story. Keep in mind, as usual, that a "news" story whose sole source is an executive with an agenda to push is unlikely to portray the situation accurately.
So why the hell do you publish stuff like this? Maybe I'm missing something, I thought the job of an "editor" is to filter crap like this out?
DrLunch.com The site that tells you what's for lunch!
It is pretty obvious that cookies are used for 2 main purposes: session tracking and navigation tracking. While the first is a legitimate use, the second is one of the worst violations of privacy EVER.
The real problem is that the most popular browsers only allow you to block/unblock cookies globally, therefore if you want privacy, the sites that rely on cookies won't work. Even scarier is the fact that, the more popular a site, the greater the chance that it requires cookies (personal observation). When given a choice (one might argue that it's not really a choice, since cookies are enabled by default) between lack of functionality and lack of privacy, most of the users prefer lack of privacy.
The Raven
The Raven
Did a Slashdot editor just tell ME (and you and you and you) to read the article? That's some trick, for sure!
It's about time laws for elctronic communications caught up with laws for other insecure communications like mail and phone. It takes zero ability to tap a phone or violate the post. These activities were made illegal for the common good. It would be impossible to persue business or live with dignity without such protections. We need to think of our personal computers as the replacement for the post and phone that they are. People who violate communications from personal computers are just as repulsive as common mail theives. Take that, John Ashcroft. Great shame should fall on makers (M$) of software (all M$ OS) that allows and encourages such gross invasion of privacy.
Tighten up! Encryption now for everyone! I want it at home, where my wife surfs. I want it on my desk at work, so pesky admins don't filter what I have to say to my wife. Yes, I want it for slashdot too. The internet is a public resource not a corporate possesion.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
Next thing you know, an American Citizen will be arrested and jailed for giving a speech on shopping cart systems at a Web-Con Europe.
Yes, this is a troll. But it's meant to be a funny one.
ok then your [sic] infringing on my copyright! Could you as [sic] me next time before STEALING my comments for your own?
The real discussion re the new EU law is that it would require opt-in instead of opt-out, and most of the industry's cookies are opt-out.
It's a simple matter of proper cookie creation and management.
Their objection is not truly about the cookies, it's that they want to do opt-out, and the wise EU wishes to maintain their citizen privacy rights by insisting on opt-in.
So, it is a red herring.
The sad thing is that the EU is about ten years ahead of where the US should be in regards to requiring opt-in instead of opt-out.
Opt-out sounds great until you see it in practice. I get about 20 spam a day that are opt-out - more than my standard message traffic. And on visiting a web site, I don't want to have opt-out sub me to lists for all their business partners, affinity lists, and everything that I never even knew they would start sending me spam on or tracking without my consent.
The amusing thing is that Europe is actually discussing an issue that is never discussed by US legislators. They assume that you should have privacy as a consumer; we in the US do not.
--- Will in Seattle - What are you doing to fight the War?
so what about those sites that require cookies to function properly? not the ones that track, but the ones that place data there so it can remember bits about you, or sites that gather certain bits of information from querystrings so they can process properly?
Thanks to file sharing, I purchase more CDs
Thanks to the RIAA, I buy them used...
I can't think of many. Shopping cart type uses can be done through URLs, and saving login passwords can be done through HTTP-AUTH. I guess the only usefulness for cookies which can't be replicated would be storing preferences client-side and tracking people. As for storing preferences client-side, I can't think of a single major site which uses cookies for that purpose.
ok then your [sic] infringing on my copyright! Could you as [sic] me next time before STEALING my comments for your own?
I have something to hide from white supremicists: my girlfriend is black. I have something to hide from spammers: my email address is g_pelcakATyahooDOTcom. I have something to hide from foreign governments, the mafia, and Rush Limbaugh. People who smoke marijuana have something to hide from the US Government; do you really think that smoking dope is morally wrong? It might be stupid, and it might be irresponsible or bad for your health or whatever, but are you really hurting someone? The problem is *often* with the people you are hiding it from, not necessarily with you, the hider.
The theory that privacy will completely disappear as technology progresses is an interesting one. Personally, I doubt it will happen. There is always some way to stop from being seen or recorded or whatever. If you think your office is bugged you can bring jammers to work with you. If you think you are being videotaped it is more difficult, but not impossible to stop. Where technology provides a way to surveil it often provides a way to stop that surveillance.
"He's more machine now than man, twisted and evil."
Now they can finally place charges on the cookie crook. Now only if they could catch Lucky.
God spoke to me
the article is very confused, and the summary is not exact at all...
but i still have the fear that they don't really understand what a cookie is, what it allows, and the difference between a session cookie and a permanent cookie.
their fear is only that you store data about a user without warning him. that's ok, but we already have laws in Europe, enforced by special organizations (such as CNIL in France), to prevent this from happening, and that ensure the total control of a user over its data (well, theoretically for now, but those organizations will have more power very soon, according to an already voted law)
considering that, i have the feeling that this law can go only further, and prevent using cookies at all. it can be a good idea for permanent cookies to warn the user before he accepts it. but for session cookies it's simply stupid. we all know HTTP is a stateless protocol, and cookies are the only efficient technical way to implement session behaviour (there is even a RFC about that). warning the user before accepting a session cookie is stupid.. simply because the user doesn't know the difference between those two kinda cookies (nor those european deputies do, apparently)
We have websites that link multiple companies content and authorization into 1 site. So if you travel between them, the session cookie identifies you. Using the old 1 pixel image trick.
...' - Isaac Asimov (1920 - 1992)
We also use 64 bit hashed urls that include information in a non-readable format. Its pretty good if your not doing ecommerce, since the key doesnt change. We also use an xml auth service, so content procviders can authenticate users onto our service.
There are zillion ways to do session authentication, but the session cookie seems to be the easiest to implement.
Speaking of "User privacy" did you know that IE's "Userdata Persistence" isnt turned off if you disable cookies. You have to go into security and turn them off. Not sure if anyone is using this xml data (think cookies on steriods).
-
The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' (I found it!) but 'That's funny
What do you mean by an agenda? Oh, do you mean like those people that make sites and label them "news for x," where x represents an interest group? I'm sure you could come up with one. Do you mean agendas like the people who run those sites have? Like to maintain control over a domain name out of childish spite (Hi michael)? Like fueling idiotic operating system battles simply because the figurehead of the site has a vehement dislike for one or the other? Those kinds of agendas?
Kinda off topic, but the best solution I have found for cookies is to allow them all, but make the cookies file read only. This fools sites into thinking you allow cookies and still allows session cookies, but stops persistent ones. When you want to add a cookie, "unlock" the file, accept the cookie and then lock it again.
Warning: I have only tried this with Netscape and Mozilla on PCs and Macs, otherwise YMMV.
only outlaws will get cavities.
Silly Rabbit, sigs are for kids.
This, from Michael???!!! Has the world gone mad?
Anyway, here's an 'old' Nestscape Spec for on cookies, on why they think cookies are useful.
I'm all for this if it would help me lose just 20 pounds.
"news" for nerds, stuff that matters?
you're a fucking joke, you cockgobbler. Between the "iWalk/iPod" hoax, the "Celsium" hoax, the "President Bush orders DOJ to drop Microsoft case", "Microsoft bans derogatory sites in the Frontpage EULA", and now this, how can anyone doubt that Slashdot is nothing more than a piece of shit, two bit joke?
;)
Surely Neiman Marcus' cookie recipe lawyers have gotten across the Atlantic by now...
GTWreck
But the sticky point about cookies is that they often store data without a users' explicit approval. The Commission has been debating whether individuals should have the last word (lawmakers call this the ``opt in'' method) on what bits of personal information are collected on them while online.
What the hell do you call "BROWSER PREFERENCES?" Damn moronic politicians. Individuals ALREADY HAVE THE LAST WORD! Stop debating idiotic stuff and get to the more serious issues, like how much you're going to pay me to not kick your asses!
If you go to a site that mandates cookies, but don't want them what do you do? You turn off write permissions to your cookie directory.
Alls the site know is wheather or not you accept, not that they really got written.
Cookies are just a way for companies to off load data to there customers.
There is no reason why they can't store a user info on their machines.
The Kruger Dunning explains most post on
This is a rumour that seems to have popped up over the last couple of days which is total nonsense.
The truth is that there is an EU legislative proposal currently in drafting that includes some propositions on how to combat the threat to privacy which we are all starting to face from companies like Doubleclick.net and other advertising agencies which have systems in place which combine large scale website tracking with real world identification systems.
Basically allowing them to know who you are and which websites you are visiting, for how long, what you are doing there etc. all without you knowing.
The sort of stuff that we fear goverments may one day start doing which is already being implemented by various commercial organisations
Thankfully the EU have decided to do something about it. How this has been interpreted into a complete ban on cookies is beyond me.
The closest anything comes to being of the sort is a possible solution included among many that would stop 3rd party advertising cookies from tracking which websites people visit without the users consent.
This should be saved for posterity.
Face it, Slashdot: you've been hacked by the "Interactive Advertising Bureau".
It should be the businees responsibility to maintain the user info, not the customer.
house all the user info on the business db. when someone logs in, grab an unique ID, mac come to mind.
Why should I be forced to waste my money on data YOU want?
The Kruger Dunning explains most post on
Sure. How do you verify that?
The whole idea of usning visitor's computers to track them from one site to another without asking is outrageous. Just asking would be nice. Compulsory publication of just what and how cookies are used by a site would be better. No bullshit cryptic binary dropped on my machine, please. Put up a page that tells me exactly what the thing does and how, or shove off. Where else do you have to sign a blank check before services are rendered?
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
I have a number of customers in Europe (particularily in Germany) who express a great deal of trepidation and fear about cookies. Particularily from folks who aren't tech savvy. I once wrote an entire web app that maintained state using GET paramaters and hidden input fields, all because they fear cookies. But since then, I've written many apps that wholeheartedly rely on cookies. If the EU were to ban cookies altogether (which apparently they may not) ... well my customers are going to have to shell some good ol' US dollars my way to make things work! I say bring it on!
You americans have done so many stupid things (CDA,DMCA,COPA,OUT-OUT), Now it is OUR turn! :o)
Seriously, it is good to see that someone is prioritising personal privacy instead of capitalism (Yes, i know that cookies have other uses). Perhaps this will be a wake upp call to those currupt NSA Puppets/assholes/morons you call politicians.
Geez, I guess the mods are all out of good stories to mod up and Natalie Portman grits to mod down...
nuclear iraq bioweapon encryption cocaine korea terrorist
Even though its nice to know that some governments care about our privacy im still against nations trying to enforce laws on the net. Since the internet is international this would only effect a small amount of sites (relativly speaking) on the net. Will this effect sites based in the us or asia, no so whats the point. What im afraid of in the future is that different contries laws concerning the net are going to conflict each other. Can't we go back to the controlled anachy the net was in only a few years back?
Carpe meam simiam!
You'd like to stick all the session information into plain-text logs and proxy server logs? (Proxy servers that many users on broadband connections can't even avoid, because they are forced to use them at the network level.)
Thanks. Good job protecting privacy of my 'sessions'. Anyone with access to those logs (a bigger group than those that can sniff my connection on that particular network, typically), can now hijack my session.
Cookie's don't get logged. That's a huge plus over your method.
Too many web sites are cookie-junkies (literally dozens of cookies per page) to use the "ask me to allow each cookie" feature of most browsers. Too many other sites complain if you reject the cookies. I simply set the browser to allow all cookies, then keep the cookies file (Netscape/Mozilla) or directory (IE) read-only. For those rare (so rare I cannot rememeber the last one) times that I want to really allow cookies, I can toggle the file/folder back to read/write, then clean up and toggle again when I'm done.
I have had no problem buying on-line, but that may be luck, in that I haven't tried a site that keeps all of my pending transaction data in cookies. I haven't had any other problems, either. On top of that, I don't have to worry about cookies eating away my disk space.
What if in my site there is content that the users may wish to bookmark? Do you use an url rewrite to strip out old session data and create a new one? Plus have you had any feedback from users that like may be turned off by the unappealing url appearance?
They're not cookies! they are crumpets and tea biscuits dagnabit!
http://cincyboys.blogspot.com/ Everything Cincinnati. Including the word 'Finnih'
Ultimately there are too many applications that run over the web that have to have session identifiers. Sometimes it's so that it can identify returning visitors, sometimes it's so it can just track some current information (like your shopping cart). Somewhere, it's going to have to stick that session identifier in there.
You can put it in the cookie, but that means people who disable cookies on general principles can't use your site. Sort of a nuisance.
You can put in on the URL, but if you do that, you have to be aware that people may send URLs containing session identifiers to their friends by e-mail, or they might post them to a newsgroup, or better yet, they might just put up their own web site with a link with that ID in it. I've seen all three in sites I've worked on that use URL-rewriting.
Because we wanted to avoid cookies, we started checking referrers on inbound requests. Yes, of course referrer can be spoofed; that's not the issue. We simply wanted to catch casual sharing of URLs containing session identifiers. Any referrer that doesn't match the site of the actual request, or where the session ID is different than the one in the request, is rejected; a new session is established at that point. If the request was for an interior page that requires logging in first, the user then gets booted back to the site entrance or a login page.
It really depends on whether you want to go ahead and use cookies or not. I prefer not. Cookies certainly are not the only way to manage sessions.
People are never as simple as their stereotypes. This applies equally to Christians, Muslims, and Emacs-lovers.
...sigh.
"Whoever proposed this absolute ban on cookies clearly has never done any kind of web development. Sheesh."
The question is have you ever done any kind of web development with cookies? The best thing that could ever happen to web developers is the abolishment of those pesky little cookies. No more cross-browser problems, no more fiddling with JavaScript because some browsers (you know who you are) don't support Cookie headers. DiE CooKieS DiE!
I suffer from attention surplus disorder.
Seriously!
sulli
RTFJ.
yes. It is going a bit too far. But the EU is very good at going a bit too far. Just be glad you don't live in Europe.
Kill cookies and you kill IIS/.NET/Passport hehehe
very unlikly to happen thru...
Ne delere orbum rigidium meum.
"Truely, my deprived, rigid self is obliterated by you"?
(With assistence from The Perseus Digital Library and a very rudimentary knowledge of Latin. This dictionary doesn't believe in the word "rigidium", but does believe in "rigidum".)
Quattuor res in hoc mundo sanctae sunt: libri, liberi, libertas et liberalitas.
I use Opera (http://www.opera.com) for most of my browsing. It allows configuring cookies by site; so Slashdot and the bank are allowed to store cookies, flycast and double-click are not.
And I can change this list on the fly, so if I want to <horror>visit a pay-porn site</horror>, then I can configure it as "per session".
-AD
Yeah and they're thinking of outlawing Christmas too.
Encryption is bad. Encryption allows people to transmit data without the [insert country's spook agency] finding out about it. People might be able to do things like conduct commerce across borders with something like this!
So make sure that all cookies are broadcast in PLAIN TEXT and that they can be read by [spook agency] after obtaining the proper court order, Papal Bull, etc.
oh, wait a minute...
-AD
So if I put "Tom lemonade 12:15pm" into a database, I am breaking the law, but if I write on a piece of paper, "Tom lemonade 12:15pm"...
....well, I'm still breaking the law, aren't I? And isn't my memory a database too? If Tom doesn't give me explicit permission to remember he buys lemonade at 12:15pm, am I supposed to dose myself with roofies? Get a lobotomy? Perhaps the EU needs Thought Police after all!
Well, you've got two questions there. The first is about bookmarks, the second is about unappealing URIs. So let's hit them one at a time.
bookmarks:
When you hit my webserver, an apache authentication handler module that I wrote gets tickled. That module extracts the session information from the URI and does an internal redirect to the same URI without the session info. But before the redirect, it queries the login daemon (that's my little session management daemon that I talked about before) to see if it's a valid session and comma-delimited string. If so, you pass right through. Otherwise it assigns a new session and redirects you to the front page of the website.
I'm reskinning the website right now, and in the process I'm revamping this module so that it knows about "logged in" pages vs. "anonymous" pages. If you come in with an invalid session and are requesting an anonymous page, it'll give you a new session and redirect you to the actual page you requested. But if you're requesting a "logged in" page and have an invalid session, it'll assign you a new session, then redirect you to a login page. If you log in successfully, that'll redirect you to the page that you originally requested. That functionality isn't in place right now, but it will be soon.
I should point out that I truly despise methods that allow a person to log in without typing a password. Whether that's storing a password or password equivalent somewhere is equally heinous. So I'll never add support to allow a user to go straight to a "logged in" page: they'll always have to enter a password at least.
ugly URIs
No, we really haven't gotten any negative feedback about our abominable URIs. Ya, if someone had to actually type in one of these URIs, I could certainly see them being annoyed. But no one does. They come to our front door, click on the members login link, and go from there.
Now, there is actually a situation in which you would want to actually type one of our long session ids. That's the whole affiliate program. We allow people to sign up as affiliates to AdAce, and then put a link to us on their own web page. If someone follows that link and purchases an ad campaign, we give a 10% bounty to the affiliate. The way that works is with a set of special session ids. If you come into our website with a session id that has a particular numerical characteristic, then that's considered to be an affiliate code. A database lookup is performed to see if that matches an existing affiliate. Whether it does or not, you're assigned a new (regular) session id. But if it does match an existing affiliate, your session data is stamped with that affiliate's id, so that if you do make a purchase, we know which affiliate should get the 10% reward.
As you might have noticed, our session IDs are 32 hex digits long. That gives us 2^128 possible sessions simultaneously. Our actual max limit is much lower than that, but I specifically wanted our valid session space to be very sparse. This is complicated by the affiliate codes. There are 2^112 values in our session id space which possess the numerical characteristic that distinguish session ids from affiliate codes. And, yes, that's also a very sparse space. But in any case, 2^112 is a tiny portion of the whole 2^128 space, so it really doesn't impact us at all.
When an affiliate sets up their link to us, they might have to type in this ugly URI that contains their affiliate code. But we send them that URI in an email, so if their mail reader can handle it, they can just cut-and-paste the URI into their web page. No typing involved. If their software can't handle it -- well then, shucks.
But the whole point of this: no, no one has complained.
(incidentally, I've been wanting to redo our session ids so that instead of using just hex digits, we use 0-9, a-z, A-Z, -, and _. That'll make our session ids shorter (64 values per digit or 6 bits instead of 16 values or 4 bits), and much less obnoxious as a result.)
-- Nolite audere delere orbiculum rigidum meum.
just love cookies, but they are lame bullshit stop using them. My harddrive is not part of your data-storage solution. You see all the time websites where you can pull up all kinds of interesting info, by just using someones account. Goto 1800 contacts, via cookies, you can see the name and phone number of the person's eye doctor, netgrocer shows you their past purchases and shopping lists, and so on and so on, all without any authentication. Go die you lame web dorks, you are not developers.
The current Slashdot moderation system is made by gay communists!
Oh, and in case it wasn't obvious.
We, myself and AdAce, are not trying to protect the intellectual property of this method. If you want to use my posts on this subject to implement your own URI-mangled session tracking, then please do so. You won't have to worry about patent license fees, lawsuits, or any of that crud.
I would be tickled absolutely f*cking pink if no one on the net used cookies anymore.
Of course I'd be pleased if you credit us, but the idea of getting rid of cookies throughout the Internet is far more interesting to me than any frivolity of credit for the method.
-- Nolite audere delere orbiculum rigidum meum.
Isn't that the job of the editor too?
Legislation isn't needed here. What the EU could do instead is set up guidelines that it expects 'honest' web sites to follow re cookie use disclosure. Commercial web sites could then submit an application to an EU advisory board stating that they comply with the EU directives, at which point the site would be 'certified' as EU-privacy-approved.
At this point you could benefit the average joe in one of two ways:
- any 'certified' site would be able to put the words 'EU Certified' in the cookie pop-up, telling you that the EU thinks the site is generally honest;
- a more extensive approach would be to develop a plug-in which downloads a list of 'certified' sites and then warns the user whenever a site attempts to load a cookie onto the users machine that isn't EU-approved.
Either one would work without legislation while at the same time leaving the choice up to the individual as to whether or not they care about EU approval for sites. It also allows companies/web sites to decide for themselves the same thing. A completely voluntary system all-around.
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
Seems /. is getting hard up for newsworthy stuff to lure its kiddies back.
radsoft.net
Damn straight, time to legalize murder, then we all can just remember that murder is wrong, then we won't do bad things like murder. We wont have to spend all that money on detectives and police departments, because murder will stop. The government can never make something people want to do stop doing it, its a pathetic failing of goverments that their so-called democracy is in fact not approved of my the vast majority of the population, otherwise why would they need so many laws and cops?
The simple accept/deny facilities for cookies do not go far enough. From this the user cannot tell whether it is being used anonymously just to be able to count unique visitors, or whether it is being used to track visitors around/across sites and can also be cross-referenced against registration data they may have entered earlier.
Your implication that they are attacking a technology is wrong, there are merely pushing companies into responsible use. For many sites this will take the form of the registration page having an extra (by default unticked) box on their registration page which asks the user whether they can track their viewing habits ("to help us deliver more targetted content" of course), and the backend software tweaked to filter those that do not opt-in. Other than that cookie use is unrestricted by the legislation as long as you cannot tie the information directly to an individual.
Phillip.
Property for sale in Nice, France
If the people are going to come in and they don't want the lapel pin all they have to do is say no by turning off cookies in their browser.
Why don't they just outlaw people surfing on the Internet who don't know how to turn off cookies instead?
-------------------------------------
Technically, we are beyond survival.
Personally I don't give a hoot if any web site needs or uses cookies. They can use them all they want, just keep the g*d damn things off my computer.
There is absolutely NO need for a web site to put their deal on my computer. They can keep all info regarding my visit on "their" computer. When I come back for a visit they can do a "look-up" to see if I've ever been there and then continue doing their stick.
Now of course if they want to put some green in my palm for putting their sh*t on my computer...well now that's another story all together. PhilTR
They aren't banning the cookies (or web bugs, which are also covered). Read the proposed amendment: PDF (page 6) or text (converted from PDF).
--------- http://www.ahref.com: a community for web developers http://www.piou.org: yet another blog ---------
No, don't be stupid. The act is quite eexplicit about what a database is. a filing cabinet is. A brain isn't.
If you can get someone's MAC address from a tcp/ip transaction, more power to you. For those of us using the internet...that's impossible.
The point is not to store the users information on their computer, that's stupid and bad design. The point is being able to differentiate between two users...you need some way of knowing who's who in the stateless HTTP protocol.