Slashdot Mirror

← Back to Stories (view on slashdot.org)

Feds Seek Input On Cookie Policy For Government Web Sites

Posted by Soulskill on from the om-nom-nom dept.

suraj.sun sends along this quote from Information Week: "The government wants to use cookies to offer more personalized web sites to citizens and better analytics to Webmasters. ... The federal government has drafted changes to its outdated restrictions on HTTP cookies, and wants the public's input. Under the plan, detailed in a blog post by federal CIO Vivek Kundra and... Michael Fitzpatrick, federal agencies would be able to use cookies as long as their use is lawful, citizens can opt out of being tracked, notice of the use of cookies is posted on the Web site, and Web sites don't limit access to information for those who opt out. ... The Office of Management and Budget is considering three separate tiers of cookie usage that will likely have different restrictions for each, based on privacy risks. The first tier of sites would use single-session technologies, the second multi-session technologies for use in analytics only, and the third for multi-session cookies that are used to remember data or settings 'beyond what is needed for web analytics.'"

17 of 74 comments (clear)

  1. Oreos by oldhack · · Score: 3, Funny

    For variety of reasons. :-)

    --
    Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
    1. Re:Oreos by basementman · · Score: 2, Funny

      Oreos are a symbol of black power and the racist ideals Obama is trying to indoctrinate our wonderful nation with. The pure Aryan nation is represented by clean white filling of the Oreo, with the other less pure races as the hard cookie, squeezing on both sides ever last bit of culture the white man has left. We must rise against and elect Vanilla Wafers as or government cookie. White power! /s

      --
      A Magic the Gathering Article and Forum Aggregator
  2. How about no? by DoktorSeven · · Score: 5, Insightful

    Just don't use cookies. Or at the very least, allow people to opt *in* rather than out.

    What a concept, right?

    --
    This is a sig. Deal with it.
    1. Re:How about no? by jonbryce · · Score: 2, Informative

      I don't see any problem with a "remember these settings" check box on a web page which sends a cookie if ticked.

    2. Re:How about no? by sakdoctor · · Score: 2, Interesting

      Cookies expire at end of session according to my preference.
      That's fine for session management, but when sites start storing preferences, I get reset to the bone-headed defaults every time.
      Then I leave and never return.

    3. Re:How about no? by kdemetter · · Score: 2, Insightful

      Cookies expire at end of session according to my preference. That's fine for session management, but when sites start storing preferences, I get reset to the bone-headed defaults every time. Then I leave and never return.

      How else do you expect a site to store your preferences, then? I'd rather have a cookie on my computer than have the site force me to make an account (e-mail address and all) with them and store it on their server. (Of course, "bone-headed defaults" are another story...)

      on a database , like it should ? And then retrieve the preferences after logging in. I don't see the problem.

      --
      Slipping shoelaces ?
  3. Yeah OK by sonicmerlin · · Score: 2, Insightful

    I know I'll be modded down for this, but if government was stocked more with intelligent engineers and scientists instead of lawyers we would never have these issues.

    1. Re:Yeah OK by FrostDust · · Score: 4, Insightful

      This is a legal issue, not a technical one. Replacing lawyers with engineers wouldn't do anything here.

      The government isn't trying to engineer a new "cookie" paradigm or anything, they're investigating the legalities of a federally-owned website tracking users.
      Cookies have been used by websites forever, but there may be a difference between your browsing history and preferences being recorded by bestbuy.com versus whitehouse.gov, at least in the eyes of the law. That is what the article is talking about.

  4. Content-transfer-encoding by FooAtWFU · · Score: 3, Funny

    Content-transfer-encoding: chocolate-chunked

    --
    The World Wide Web is dying. Soon, we shall have only the Internet.
  5. I think this is great by Anonymous Coward · · Score: 2, Insightful

    The NSA perfoms illegal wiretaps and then the government consults the public over web cookies? What next, rapists asking their victims if they'd object to being given a hicky?

    Go, go "team freedom"!

    1. Re:I think this is great by oldhack · · Score: 2, Insightful

      What the AC wrote. This absurd universe we live in.

      --
      Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
  6. Privacy by nurb432 · · Score: 2, Funny

    Cookies are evil in the first place. Tho they do taste good.

    --
    ---- Booth was a patriot ----
  7. Suggestions by asdfndsagse · · Score: 2, Interesting

    1. Tracking MUST be in aggregate. Any categories of users SHOULD come only from self descriptions fcrom the user. (ie clicking "i run a small business")
    a
    2. Preferences MUST be stored client-side in cookies, not server-side. Sites MAY use hashing to prevent tampering where appropriate. Preferences SHOULD be stored as plain text so that they can be read and perhaps changed directly by the user.

    3. Users SHOULD NOT have unique ids tagged to them, and MUST not have unique id's tagged to them over more than one session without an opt-in.

    4. Analytics of users/preferences and locations/IP addresses MUST be done in a way as to minimize the ability to specificly track people who do not opt-in and are unaware of tracking.

  8. This should be the universal Cookie Policy by OverZealous.com · · Score: 5, Insightful

    This is my general policy:

    1. Don't ever store a cookie by default on websites that don't have a login.
    2. Don't ever, ever, ever store cookies on a different domain than the one in the address bar.
    3. If you want to store something in a cookie, make it opt-in (as mentioned above).
    4. If you want to store something in a cookie, but I block it, make sure the website still works correctly.
    5. If you "need" to store a cookie, but I block it, make it obvious what has happened, and on what domain. Make sure I can see that domain in the address bar, and decide whether to unlock it.
    6. Be aware that forcing a cookie on me has about a 75% guarantee that I'll leave and never return.

    If you are incapable of developing to these standards, say, because you don't understand how session cookies should work, then please find another line of work.

    Cookies are bad for the health of your website, news site, or blog. Cookies are good for the health of your web application.

  9. Don't share them by legirons · · Score: 2, Insightful

    Is there anything more to say than Don't share them between sites?

    If you login then of course you need a cookie. And using them for stats within one site is not much different to using IP addresses. But it's when you start including invisible images from a 3rd party site that shares the stats between multiple domains, that most people think crosses the line into creepy surveillance.

    Login cookies = fine. Telling one site that you visited another site = not ok.

    (or to phrase that another way: don't exploit loopholes in the security system)

  10. Fed only wants your 'input' as propaganda! by Anonymous Coward · · Score: 2, Interesting

    The feds are not really interested in realistic input from the public. If they were, they would not require that commenters 'log in'. The cookies are being sought in order to deny the public the option of logging in...or not, simply by placing persistent 'tracking cookies' and other types of malwaaare. I checked their website cited above in the submission and you will find that indeed it does require 'logging in'. As such, only the converted choir will comment, and all these comments will be 'filtered for content' before being displayed. Such 'filtering' will be such that only sycophantic comments will be given prominent display. Comments opposing the cookies will only be displayed if they are ignorantly worded, ungrammatically constructed, and otherwise show the writers in a bad light. In this way the site can be manipulated as such that other propagandists can claim 'popular support' for internal spying. That the whole website has a flavor of Joseph Goebbels's old 'debates' when Hitler was an agitator in Great Depression Germany is lost on a younger generation that not only has no memory of National Socialism, but also has no education of it either. Modern history courses in high schools leave that out and only teach history after world war two, concentrating on multiculturalism while ignoring the culture that built the nation and the schools in it that now teach only fluff, a whole other subject worthy of its own debates.
                        These cookies are easily removed now, so it seems silly that the guv would take great pains to foist them on you unless they know something that we do not. Is there something new and horrible in Windows 7? Something that will give us even LESS control of our machines that we paid for with our money and get less and less use, choice, and especially control of?

  11. Cookie Paranoia by QuoteMstr · · Score: 4, Insightful

    You know, it's fucking ridiculous that people harp about cookies, which are entirely under the user's control, but ignore the CSS browser-history hack that allows any site to probe whether you've visited another completely unrelated site.

    Wake up people! If you want security, worry about the issues that are actually dangerous, not the ones that just sound the scariest.