Slashdot Mirror

← Back to Stories (view on slashdot.org)

Feds Seek Input On Cookie Policy For Government Web Sites

Posted by Soulskill on from the om-nom-nom dept.

suraj.sun sends along this quote from Information Week: "The government wants to use cookies to offer more personalized web sites to citizens and better analytics to Webmasters. ... The federal government has drafted changes to its outdated restrictions on HTTP cookies, and wants the public's input. Under the plan, detailed in a blog post by federal CIO Vivek Kundra and... Michael Fitzpatrick, federal agencies would be able to use cookies as long as their use is lawful, citizens can opt out of being tracked, notice of the use of cookies is posted on the Web site, and Web sites don't limit access to information for those who opt out. ... The Office of Management and Budget is considering three separate tiers of cookie usage that will likely have different restrictions for each, based on privacy risks. The first tier of sites would use single-session technologies, the second multi-session technologies for use in analytics only, and the third for multi-session cookies that are used to remember data or settings 'beyond what is needed for web analytics.'"

6 of 74 comments (clear)

  1. Oreos by oldhack · · Score: 3, Funny

    For variety of reasons. :-)

    --
    Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
  2. How about no? by DoktorSeven · · Score: 5, Insightful

    Just don't use cookies. Or at the very least, allow people to opt *in* rather than out.

    What a concept, right?

    --
    This is a sig. Deal with it.
  3. Content-transfer-encoding by FooAtWFU · · Score: 3, Funny

    Content-transfer-encoding: chocolate-chunked

    --
    The World Wide Web is dying. Soon, we shall have only the Internet.
  4. This should be the universal Cookie Policy by OverZealous.com · · Score: 5, Insightful

    This is my general policy:

    1. Don't ever store a cookie by default on websites that don't have a login.
    2. Don't ever, ever, ever store cookies on a different domain than the one in the address bar.
    3. If you want to store something in a cookie, make it opt-in (as mentioned above).
    4. If you want to store something in a cookie, but I block it, make sure the website still works correctly.
    5. If you "need" to store a cookie, but I block it, make it obvious what has happened, and on what domain. Make sure I can see that domain in the address bar, and decide whether to unlock it.
    6. Be aware that forcing a cookie on me has about a 75% guarantee that I'll leave and never return.

    If you are incapable of developing to these standards, say, because you don't understand how session cookies should work, then please find another line of work.

    Cookies are bad for the health of your website, news site, or blog. Cookies are good for the health of your web application.

  5. Re:Yeah OK by FrostDust · · Score: 4, Insightful

    This is a legal issue, not a technical one. Replacing lawyers with engineers wouldn't do anything here.

    The government isn't trying to engineer a new "cookie" paradigm or anything, they're investigating the legalities of a federally-owned website tracking users.
    Cookies have been used by websites forever, but there may be a difference between your browsing history and preferences being recorded by bestbuy.com versus whitehouse.gov, at least in the eyes of the law. That is what the article is talking about.

  6. Cookie Paranoia by QuoteMstr · · Score: 4, Insightful

    You know, it's fucking ridiculous that people harp about cookies, which are entirely under the user's control, but ignore the CSS browser-history hack that allows any site to probe whether you've visited another completely unrelated site.

    Wake up people! If you want security, worry about the issues that are actually dangerous, not the ones that just sound the scariest.