Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK Cookie Consent Banners Draw Complaints

Posted by timothy on from the well-that's-a-surprise dept.

nk497 writes "Earlier this year, the UK's data watchdog the ICO started enforcing an EU rule that means websites must ask visitors before dropping cookies onto their computers. However, it was willing to accept 'implied consent' — telling visitors that cookies are used on the site, and assuming they were fine with that if they keep using the site. That led to banners popping up on every major website, including the ICO's site, warning users about cookies. Now, the ICO has revealed that many of the cookie-related complaints it's received in the past six months are actually about those banners — and the law itself. The ICO said people 'are unhappy with implied consent mechanisms, especially where cookies are placed immediately on entry to the site,' adding 'a significant number of people also raised concerns about the new rules themselves and the effect of usability of websites.'"

108 comments

  1. The article itself has one by tepples · · Score: 0, Redundant

    From the featured article:
    "We use cookies to ensure that we give you the best experience on our website, including improving
    the relevance of advertising from other organisations, as set out in our cookie policy.
    By using this website you agree we may place these cookies on your device."

  2. Baffled by Anonymous Coward · · Score: 3, Insightful

    Why do I need a law about cookies when I can very easily manage who I allow to put cookies on my machine? Why would I trust a third-party site to respect my wishes on cookies? This whole thing seems like government overreach to me.

    1. Re:Baffled by Trepidity · · Score: 2

      very easily manage

      I think you will find this is not true for the vast majority of people.

      However, this regulation doesn't seem to really improve matters, either.

      --
      10 PRINT CHR$(205.5+RND(1)); : GOTO 10
    2. Re:Baffled by Anonymous Coward · · Score: 0

      I think you will find this is not true for the vast majority of people.

      Why? Even the default browser of the masses has these controls nowadays.

    3. Re:Baffled by GuldKalle · · Score: 2

      If they really wanted, they could have forced the browser makers to ask about cookies by default. More secure (no chances of sites deploying cookies behind your back) and more user friendly (user can change settings once and for all).

      --
      What?
    4. Re:Baffled by Lumpy · · Score: 1

      Why do I need a law about privacy when I can very easily manage who I allow to see me or look at me through the windows in my home? Why would I trust a third-party site to respect my wishes on privacy? This whole thing seems like government overreach to me.

      I'll be over with a camera to take photos of you in your home later.

      --
      Do not look at laser with remaining good eye.
    5. Re:Baffled by sunderland56 · · Score: 1

      Why do I need a law about cookies when I can very easily manage who I allow to put cookies on my machine?

      Pray tell, how do you "easily manage" this?

      The problem is, most web sites these days need cookies just to function. Web browers generally have a "allow cookies, but erase them all on exit" setting, which allows you to browse the web, but not get tracked(*). However, I see no easy way of setting things up to allow some sites to place permanent cookies, and all others to have them erased on exit.

      (*) - of course, cookies are only one of the ways web sites can track you....

    6. Re:Baffled by innocent_white_lamb · · Score: 1

      Firefox Android doesn't. You can "clear all private data" but you have no control other than that. You can't refuse them while browsing, and you can't keep cookies that you might actually want if you "clear all", either.

      See?

      --
      If you're a zombie and you know it, bite your friend!
    7. Re:Baffled by innocent_white_lamb · · Score: 1

      Firefox (non-Antroid version) does this quite simply. You just set the default to accept no cookies, then temporarily allow cookies and create exceptions ("Allow" or "Allow for session") as needed.

      It's kind of like setting up Noscript to manage javascript and flash -- a few days of pain and anguish is required to get everything set up to work with what you need, and then after that it just works.

      I wish Firefox Android allowed this too, but it doesn't.

      --
      If you're a zombie and you know it, bite your friend!
    8. Re:Baffled by Stan92057 · · Score: 0

      No the question is would they do it without government intervention. The answer is no,no they wouldn't. It took a law to be made to stop telemarketers and it going to take a law to stop them spying on us. Just because they can collect the data doesn't make it legal or right.

      --
      Jack of all trades,master of none
    9. Re:Baffled by Anonymous Coward · · Score: 0

      Seriously? This is the best you can do? I can easily prevent you from looking through my window with blinds. There IS no law saying that someone cannot look through my window, simply that they cannot come on my property. If I choose to dance nude in my picture window, there is no law preventing people across the street to watch me. It is up to me to prevent folks from looking in my window not the government.

    10. Re:Baffled by Anonymous Coward · · Score: 0

      So you are arguing for a law that each window must come with a huge and obvious banner attached to it that says "persons on the other side of this device may be able to see through it"?

      Because you're too fucking stupid to know that, and society must protect you?

    11. Re:Baffled by troll+-1 · · Score: 0

      Mod parent up. Making laws against cookies is nothing more than government self-promotional propaganda. Governments do this all the time to justify their power. One of the biggest cons ever is the government convincing you that you need them to protect you because you're not smart enough to look after yourself. And without the government protecting you people will do bad things to you -- with cookies. What the government does all the time is look for the slightest issue, create a law for it, and then try to take credit for preventing a problem that would never have happened anyway. The CANSPAM Act was an example of this. The reason you don't get spam in your inbox is because of filters, not because of government laws. Yet the politicians who pushed CANSPAM through the US Congress are convinced they have solved a problem. Folks, you don't need the government to make cookie laws, it's ridiculous.

    12. Re:Baffled by Johann+Lau · · Score: 1

      Why do I need a law about cookies when I can very easily manage who I allow to put cookies on my machine?

      Exactly! And why do we need laws against rape, since I am clearly able to defend myself?!?

      Why would I trust a third-party site to respect my wishes on cookies?

      Why would you assume they need your cooperation? There are plenty ways to track you without setting cookies, including etags and fingerprinting. Technically there is fuck all you can do about those; legally, they fall under the same umbrella.

      Of course, such laws don't prevent people from breaking them and collecting whatever they want in secret. But it means they can get into trouble when they are found out. It means you can't actually make it corporate policy and brag about it, which kinda helps. Right now, people are just shameless and going all out, and so called nerds (show me some brain activity, then?) like you actually justify the masses being used because *they* themselves can get around it -- even when they actually can't, lol.

      Thank fuck people actually involved in and working towards consumer protection pay more attention.

    13. Re:Baffled by Johann+Lau · · Score: 1

      Seriously? This is the best you can do?

      Are you projecting? You are not responding to the post at all, but a strawman.

      There IS no law saying that someone cannot look through my window, simply that they cannot come on my property

      They said "take photographs". And there are laws against that. There are also laws against harrassment, so if you stood right in front of somebody's window, 24/7, just staring, no judge in the world would say "but the plaintiff can just close the blinds and live in darkness". We're not talking about a look in passing; you just turned it into that because that's the only way you have anything to respond.

      It is up to me to prevent folks from looking in my window not the government.

      Exactly. Just like you also need to build and maintain the roads you use. And for that reason you, or rather people somewhat smarter than you, organized themselves into government, to pool the resources for doing that. It's not an external entity, it's you.

    14. Re:Baffled by Synerg1y · · Score: 1

      Consider the other internet laws they're trying to pass in the UK in regards to social networks & ISP monitoring, etc... this law is relatively minor in comparison to the absurdity of it's neighbors.

    15. Re:Baffled by jonbryce · · Score: 1

      It is only "tracking cookies" that require permission in the EU. Cookies that for example record the items you have placed in your online shopping cart so the site can remember to sell you all of them when you go to the checkout do not require permission.

    16. Re:Baffled by TheRaven64 · · Score: 1

      As far as I can tell, no Android browser has the kind of fine-grained control over cookies that has been standard on desktop browsers for 5-10 years. I sort-of understand if the WebKit installed on Android doesn't have this kind of control that third-party WebKit browsers might not add them (although Chrome uses a different - slower - version of WebKit, so doesn't have this excuse), but why do Opera and FireFox not support sensible cookie management?

      --
      I am TheRaven on Soylent News
    17. Re:Baffled by LingNoi · · Score: 1

      because politicians and privacy groups upset about cookie tracking went way overboard and fucked the web for everyone.

    18. Re:Baffled by KingBenny · · Score: 1

      yah, demonstration of insight by the lawmen and makers i suppose, if they need to do this then they need to enforce your standard browser automatically ask or warn at every cookie unless you explicitly deny it because it gets in the way of about everything ?
      advice costs souls, beware

      --
      Free speech was meant to be free for all... how can anyone grow up in a nanny state ?
    19. Re:Baffled by beefsack · · Score: 1

      What confuses me is why isn't this implemented as a browser mechanism? Simple cookies aren't useful if they aren't returned on subsequent requests, if it's blocked by an action on the client side, then there's no issue.

      Blocking things like Flash cookies are another story though.

  3. Irony by Rik+Sweeney · · Score: 5, Interesting

    These banners annoy the living crap out of me. Every time I go to a website, they pop up, obstructing the screen.

    Of course, there is a way to make them go away, by accepting the cookies on the website.

    Whereas before I could just discard cookies upon exit, I now have to permanently accept them just to stop these banners appearing.

    Oh, the irony!

    --
    Summation 2
    1. Re:Irony by Anonymous Coward · · Score: 2, Informative

      Use an adblocker to block the <div> they're related to. Job done!

    2. Re:Irony by Anonymous Coward · · Score: 0

      motorola.co.uk is the only company I have seen who actually follows the spirit of what was intended.

      Scratch that they have changed it :

      Used to ask :

      Specifically for site essential ones

      Analytics's / Advertising

      Must be the Google influence getting them to remove that :/

      Anyone know of another site that does it properly (i.e Lets you opt out of Analytics / Advertising ones but keep site essential ones).

    3. Re:Irony by wangi · · Score: 2

      Kwikfit: http://www.kwik-fit.com/
      (but in doing so, and giving four levels of cookie control it's way too complicated)

    4. Re:Irony by Anonymous Coward · · Score: 0

      Well then, just remove them permanently ;)

    5. Re:Irony by antdude · · Score: 1

      So, use an ad blocker. :P

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
    6. Re:Irony by Anonymous Coward · · Score: 0

      Well I refuse to give explicit consent to being tracked just to read a web page. What I do is delete the overlay in Firebug. For the recurrent nag popups/slideins (Wikipedia) there's Adblock.

    7. Re:Irony by Anonymous Coward · · Score: 0

      This is one of the main problems, the belief that each cookie serves just one purpose. In fact, all the companies need is one way to identify you (not necessarily a cookie) and they can do all the tracking they need. This law has not solved anything, websites can use a single cookie for everything, call it essential for the site's functionality and not have to declare anything. Add to this the many ways you can be tracked without cookies and it's obvious the law was written by people who simply did not have a clue.

  4. Most users are not geeks by tepples · · Score: 5, Insightful

    Why do I need a law about cookies when I can very easily manage who I allow to put cookies on my machine?

    Because most users other than you have not been trained in how to "very easily manage who [they] allow to put cookies on [their] machine".

    1. Re:Most users are not geeks by IamTheRealMike · · Score: 4, Insightful

      You don't need to be trained. If you hear about this issue and care, you can just search on Google for "how to disable cookies" and get the main browsers help pages right at the top. This isn't exactly rocket science.

    2. Re:Most users are not geeks by Anonymous Coward · · Score: 1, Funny

      and yet this is a skill most users don't posses.

    3. Re:Most users are not geeks by Fallingcow · · Score: 4, Funny

      Is the Google in my Internet? I don't think I have the Google. My Internet is Comcast.

    4. Re:Most users are not geeks by dmacleod808 · · Score: 4, Funny

      you forget the subset of the population who does not fundamentally understand how to use google. Step 1. Go to google.com Step 2. Search for Yahoo. Step 3. Click on yahoo. Step 4. Search for gmail.

      --
      There Can Be Only One...
    5. Re:Most users are not geeks by h4rr4r · · Score: 1

      That is the real DO NOT TRACK, that is what should be made default in browsers.

    6. Re:Most users are not geeks by kelemvor4 · · Score: 1

      I recently saw a woman double clicking links on webpages. They're out there.

    7. Re:Most users are not geeks by pla · · Score: 1

      Because most users other than you have not been trained in how to "very easily manage who [they] allow to put cookies on [their] machine".

      "Daddy, why don't we steer the car, like I can on my bike?"
      "Well, son, it used to take way too long to train people how to handle such a complex task as steering. So, the government made a law to protect us!"
      "So why do I still need to do math in school? That takes too long, too!"
      [chuckles], "Don't worry, they'll get rid of that soon enough - No one needs math harder than making change nowadays, anyway!"
      [the car drives them off into the sunset]

      / Awfully glad I'm a beta!

    8. Re:Most users are not geeks by Anonymous Coward · · Score: 0

      ...yeah, but then Google gets to drop a cookie on all the naive users who don't know how to prevent Google from doing that. Maybe you're find with Google cookie everyone, but what if I said Yahoo or even... *gasp!* Bing??? Do you really want BING slapping cookies on users who are trying to avoid getting cookied? I mean, this is fucking Microsoft we're talking about now. Not Google.

      Ice cream, Mandrake? CHILDREN'S ice cream?

    9. Re:Most users are not geeks by Anonymous Coward · · Score: 1

      I actually forked a copy of Firefox, to require double clicking of links, because I prefer to browse the web that way, and it was unsupported behavior that I couldn't achieve without modifying source code.

    10. Re:Most users are not geeks by Anonymous Coward · · Score: 0

      Man, that's so funny. It reminds me of people who have google as their default site, search for www.abc.com, then click on the link to www.abc.com in order to visit www.abc.com.

      It's so painful to watch them go through their little ritual - I gave up a long time ago trying to explain to people that they're wasting keystrokes and their time.

    11. Re:Most users are not geeks by innocent_white_lamb · · Score: 1

      Making change?

      Nobody knows how to make change any more. I don't have electronic tills in my business and I have NEVER hired anyone to work here who knows how to make change. (Count up, don't subtract.) I have had to teach everyone how it's done.

      I guess I'm an old coot, because I remember being taught how to do this in school when I was in, maybe, grade three or thereabouts.

      --
      If you're a zombie and you know it, bite your friend!
    12. Re:Most users are not geeks by sudon't · · Score: 1

      Setting application preferences is hardly a "skill." All anyone really has to know is that: web sites use cookies, and what are the simplest, most basic ways that they are used by web sites. Then you use the cookie managing settings in your browser, or add an extension that does that. Do you really have to be a geek to get that far?
      Even so, do we really want all of our legislation aimed at the lowest common denominator? I think we've gone too far in dumbing-down things as it is. Rather than passing a law that, in saving the most ignorant from themselves, inconveniences everyone else, why not try to educate people a little, instead?

      --
      -- sudon't

      Air-ride Equipped

    13. Re:Most users are not geeks by davester666 · · Score: 1

      If only there were some kind of way for people to find out how to drive, say through widespread knowledge of a training and licensing program by the state.

      Of course, people should be expected to understand and manage not just regular cookies, but the Flash database [also used for cookies], your browser local-storage [also used for cookies], and probably other places, and know how multiple websites may store/use one or more of these locations to track what you are doing when you visit a single web page. Of course, each browser handles each of these things differently.

      --
      Sleep your way to a whiter smile...date a dentist!
    14. Re:Most users are not geeks by Obfuscant · · Score: 1

      I guess I'm an old coot, because I remember being taught how to do this in school when I was in, maybe, grade three or thereabouts.

      Dude. Teaching kids how to make change requires a reference (if not actual practice with) coins. Coins are a form of money, and it would be insensitive to refer to money when a student may not have any. Or may come from a culture where there are no coins. It could stigmatize that child, stunt their innate desire to learn, or traumatize them when they find out there are things they don't know about.

      You insensitive clod.

    15. Re:Most users are not geeks by Obfuscant · · Score: 4, Insightful
      It's a natural response to a computer system where you have to double click some things to get them to do something and single click others. Why waste time clicking once, waiting to find out that nothing happened, and then have to double click it again?

      Same computer, same mouse, same display, different actions.

      I find this to be an issue even in Linux. My desktop has a firefox icon on the desktop, and one in the taskbar at the top. On the desktop, click twice. In the taskbar, click once. I'm very used to seeing the warning from firefox that there is another instance running ...

    16. Re:Most users are not geeks by tepples · · Score: 2

      All anyone really has to know is that: web sites use cookies, and what are the simplest, most basic ways that they are used by web sites. Then you use the cookie managing settings in your browser

      That's not enough. Adobe Flash Player has its own cookie storage, for one, and HTML5 added localStorage.

      Do you really have to be a geek to get that far?

      Yes. As new web technologies add new techniques for saving the state between one offline session and the next, users will need to find new ways to manage these stores of state.

      Rather than passing a law that, in saving the most ignorant from themselves, inconveniences everyone else, why not try to educate people a little, instead?

      Because education doesn't get politicians reelected.

    17. Re:Most users are not geeks by tepples · · Score: 1

      So perhaps it might be a good idea to standardize what single and double click do. What's the better way to distinguish the "select" action from the "follow" action?

    18. Re:Most users are not geeks by frisket · · Score: 4, Insightful

      Setting application preferences is hardly a "skill."

      Oh yes it is. Most users have absolutely no idea you can even do this.

      Do you really have to be a geek to get that far?

      Unfortunately, yes.

    19. Re:Most users are not geeks by tlhIngan · · Score: 2

      If only there were some kind of way for people to find out how to drive, say through widespread knowledge of a training and licensing program by the state.

      Of course, people should be expected to understand and manage not just regular cookies, but the Flash database [also used for cookies], your browser local-storage [also used for cookies], and probably other places, and know how multiple websites may store/use one or more of these locations to track what you are doing when you visit a single web page. Of course, each browser handles each of these things differently.

      At which point do we decide that people "need to know this to use a computer" and "you don't need to know this"?

      After all, you need a license to drive, so they teach you the laws regarding the rules of the road and the courses tell you how to maneuver the car along the roads. But its not required to know, say, how to change your tire, how to check the oil, how to change the oil, etc. So there's some line that has to be drawn somewhere.

      Likewise, would scouring your hard drive for cookies be considered of "checking the oil" difficulty? Or a rule of the road? Hell, how many people even know about cookies?

      Or should we say everything that an iPad allows you to do should be required knowledge?

      Yes, users should know the basics, but what ARE the basics? Do we expect them to be techies?

      I mean, given the popularity of smartphones, tablets and other locked-down walled gardens, perhaps "basics" has gotten to the point where everyone who drives needs to know how give their car a tuneup, change the air filter, change the oil, etc. (And yes, you can go through car ownership without doing any of those things by bringing your car in for service and having the mechanic do it).

    20. Re:Most users are not geeks by Anonymous Coward · · Score: 0

      But this is a browser setting. You shouldn't expect web pages to have buttons for every setting in your browser. Nor would it be safe, nor would it be consistent or easy to use. If you don't care to find out how to disable/delete cookies in your browser, it should be safe to assume that you don't care about cookies.

    21. Re:Most users are not geeks by RajivSLK · · Score: 1

      Clearly the law is misdirected. The law, if needed at all, should require web browsers to explain cookies and how to manage them upon install and on their start-up pages.

      Perhaps, even require web browsers to make it easier to view cookies by domain or something. A standardized icon that you click which shows you all the locally stored information for a particular site.

      Or maybe something akin to the "lock" icon that shows up when a site drops a cookie and clicking on it gives you the option of viewing and deleting (rejecting) the cookie.

    22. Re:Most users are not geeks by DarwinSurvivor · · Score: 1

      I like what dolphin (in KDE) uses. Clicking a file opens it, but each file also has a green "+" in the corner to let you select it. When selected, the green "+" turns into a red "-" to let you de-select it (this also lets you select multile files easily). To deselect all, just click the whitespace between icons.

    23. Re:Most users are not geeks by TheRaven64 · · Score: 1

      Okay, how do I, on an Android device (I'll make this easy, and you can use your choice of browser):

      • Disable all cookies from third-party site (i.e. ones from domains other than the ones that I am browsing to)
      • Selectively delete cookies (i.e. keep the ones I want, but delete all of the rest) or
      • Ask it to prompt me to either allow-once, permanently allow, or permanently block a site from storing cookies, or
      • Give me the option to delete cookies from non-whitelisted when the browser exits, but persist others

      If it's as easy as typing a simple search query, I expect that your reply will be swift and detailed.

      --
      I am TheRaven on Soylent News
  5. android browser by Dark$ide · · Score: 1

    The fucking pointless cookie popups are a monster PITA on my phone. Especially when I clear them every time I close thr browser to save space.

    --

    Sigs. We don't need no steenking sigs.

    1. Re:android browser by Fallingcow · · Score: 1

      They should leave a long-lived cookie to let the page know that you've already seen and closed the banner.

    2. Re:android browser by h4rr4r · · Score: 1

      Golf clap.

  6. Bad Law by TheNinjaroach · · Score: 1

    If I didn't want to have cookies on my PC, I'd disable them in the browser. This bad law annoys the crap out of me, and I don't even live in the country that implemented it.

    --
    I went to eat some animal crackers and the box said, "Do not eat if seal is broken." I opened the box and sure enough..
    1. Re:Bad Law by Anonymous Coward · · Score: 0

      Yes, and browsers should just implement some scheme where you could allow certain cookies for the sites you want in a non-obstructive way and a way which would still be fast and easy to use!

    2. Re:Bad Law by 91degrees · · Score: 1

      Not everyone has the technical knowledge to do that, or to really know what cookies are or quite how common they are.

    3. Re:Bad Law by TheNinjaroach · · Score: 1

      Incognito / Private Browsing hasn't accomplished that already?

      --
      I went to eat some animal crackers and the box said, "Do not eat if seal is broken." I opened the box and sure enough..
  7. Good 'ol EU by Anonymous Coward · · Score: 1

    an EU rule that means websites must ask visitors before dropping cookies onto their computers

    First I've heard of the rule.

    Hah. How ridiculous. Wonder how the people who decided this was a good idea felt when they discovered nearly every damn website on the internet uses cookies.

  8. Step 1... by fuzzyfuzzyfungus · · Score: 4, Insightful

    1. Law is passed in an attempt to curtail your behavior.

    2. You object to this law and wish to continue doing whatever the fuck you want.

    3. You implement the most annoying clickwrap contract-of-adhesion you can come up with to stay within the letter of the law, continue doing whatever the fuck you want, and imply to your customers that regulatory meany-heads are to blame for their experience sucking.

    4. Profit!

    1. Re:Step 1... by IamTheRealMike · · Score: 1

      The law requires exactly what is being done, so much so that the regulators themselves do this (thus setting an example for everyone else). How exactly is this some nefarious plot by website operators, again?

    2. Re:Step 1... by h4rr4r · · Score: 1

      Because an easier solution would be to not use cookies?

      There is no benefit for their use to me on 90% of the pages I visit. No targeted advertising is not a benefit, it is the opposite.

    3. Re:Step 1... by Anonymous Coward · · Score: 4, Informative

      By purposfully mis-interpreting the law, both in action as in "oh whoo me" bullsh*t messages going out to Joe public.

      For instance: websites do not need to ask for permission for cookies needed for the programs on the site itself needed to run it -- they are just not allowed to keep any identifiable info after the visitor leaves.

      As for a ruling most websites most often conveniently forget ? That they must provide information what they will do with the personal identifiable data once you accept that cookie.

      Oh yeah, and the minor point that its not actually about that cookie, but instead of them not being allowed to follow you (no matter the method, including stuf like 1x1 images on the webpage) as long as you do not agree to it.

      Yes, many of them they have interpreted the law either as not to effect them (for whatever reason), as a kind of EULA thing (You do not need to know what you are agreeing to, just click "OK" and all will be fine), or have created a popup hell for the user.

      Oh, by the way: Did you know that cookies without personal identifiable data in them are already exempt from that cookie law ? Meaning that something like a "FollowMe=No" cookie may be placed without even needing to ask the visitor ? I'm sure they do not (want to) know that either.

      Captcha: detach
      How fitting.

    4. Re:Step 1... by AmiMoJo · · Score: 1

      And then find no-one visits your irritating web site.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    5. Re:Step 1... by olau · · Score: 1

      Look, the whole purpose of cookies is to store a bit of information so you can track the visitor through what is otherwise a stateless protocol. The idea is that you store a small id (the cookie) which you then match up to something you've stored in your database, e.g. the user account, or shopping basket, or whatever. That's what they are intended for.

      Yes, there are other ways to track sessions, but they suck more.

      Your whole rant smells of someone who has little knowledge of how HTTP works. For instance, how do you determine that "a visitor has left"? You can't. You can do some approximate hacks, but in reality what your model describes is simply not the way browsers work. Browsers don't send you a nice HTTP GOODBYE.

      The directive is retarded because instead of targeting creepy misuse of personal information, the way it's written it's targeting a useful (for all parties) mechanism of the web. It's like nuking a whole town because you know there's a killer somewhere in it.

    6. Re:Step 1... by Anonymous Coward · · Score: 0

      the way it's written it's targeting a useful (for all parties) mechanism of the web.

      I think you too have not read that cookie-law too closely. Cookies ment to manage a session are exempt. The site is always allowed to use them. That includes your "shopping basket" example. Besides: how are the goods you put into a shopping-basket personal identifiable ?

      And i am pertinently not agreeing with your (sneaky) "for all parties" inclusion. There ought to be only two: the visitor and the website (s)he is visiting. No other parties need to have access or even knowledge of that visitor being on that website. Let alone that other parties should be allowed to store personal identifiable information about that visitor. Not even for a second. Especially not without consent.

      As for the "user account" you mentioned ? Bound to the session or stored in a cookie ?

      In the first case you could argue that its needed to have that website run, and could therefore fall under the previously mentioned exemption (as long as that personal identifiable info is removed after the session expires -- with a time-out measured in minutes.

      In the second case ? Yes, you would need the users consent to do that. But how many times would you need to set such a persistent cookie ? And would including a few lines of warning & explanation just above the "log me in" button be such a hard thing to do ?

      ... something you've stored in your database ...

      Exactly that is (if its personal identifiable data) what you need the users consent for. Even if it would be done on a fully stateles (meaning: no cookies) website.

      Yes, there are other ways to track sessions, but they suck more.

      Suck how ? All that would be needed is to instruct PHP to append the session-ID as an argument to the URLs. Granted, does not look that pretty, but neither do the other arguments.

      Your whole rant smells of someone who has little knowledge of how HTTP works.

      How am I doing so far ? :-)

      For instance, how do you determine that "a visitor has left"?

      That problem exists no matter if you use cookies or not (in other words: what has it got to do with the cookie-law discussion ?).

      Actually, cookies create a problem here: if someone else steps behind that computer, opens the webbrowser and navigates to that same website the stored cookies contents will be send, effectivily giving him access to someone elses session. A problem that should not occur if the sesion-ID would be passed as an argument appended to the URL itself. <whistle>

      Browsers don't send you a nice HTTP GOODBYE.

      And that is why sessions (normally) time-out after a while and why most sites with logins also have buttons with "logout" on every page.

      The directive is retarded because instead of targeting creepy misuse of personal information, the way it's written it's targeting a useful (for all parties) mechanism of the web.

      I suggest you re-read that cookie-law. You seem to think there are a lot more restrictions than there actually are.

      ... Or are you actually one of those very people I ranted about, "purposfully mis-interpreting the law, both in action as in 'oh whoo me' bullsh*t messages going out to Joe public." ...? :-\

  9. Of COURSE There Are Complaints! by Y-Crate · · Score: 4, Funny

    They're not Biscuit Consent Banners!

    1. Re:Of COURSE There Are Complaints! by Anonymous Coward · · Score: 0

      I only consent to biscuits with gravy.

    2. Re:Of COURSE There Are Complaints! by Anonymous Coward · · Score: 0

      They're not Biscuit Consent Banners!

      I only consent to biscuits with gravy.

      Mmm, sausage gravy. No wait, maple sausage gravy. Man oh man, buttermilk biscuits with maple sausage gravy.

  10. Yummy cookies by Anonymous Coward · · Score: 0

    When I read the headline I thought this article was about the advertising of baked dessert cookies in bakeries in the United Kingdom of Great Britain and Northern Ireland. I need to stop thinking about food. lol

  11. Typically devised by idiots by Anonymous Coward · · Score: 5, Insightful

    The cookies system of consent might be ok if they had been devised by three year olds, but having left it to overpaid politicians, they are not.

    Specifically:
    1. they popup for all sites
    2. they cost users money since its extra bandwidth; on mobiles with the crappy browsers, often clicking on ok, assuming you can actually hit the silly little X icon, result in a retransfer of the web page
    3. almost none of the web sites understand who you are, so you see them continuously
    4. they appear right in the middle of the (pitifully few words of) text which appear on most web sites
    5. they are difficult/impossible to block across the range of browsers a real user needs
    6. most people, myself included, have no clue what the point of this exercise is

    Sure, I dont want to be tracked - so just dont track me. Dont put pointless garbage on my screen which nobody cares about.

    Honestly, bring back the three year olds !

    1. Re:Typically devised by idiots by Anonymous Coward · · Score: 0

      Sure, I dont want to be tracked - so just dont track me. Dont put pointless garbage on my screen which nobody cares about.

      The popups are so they can continue to track you even they damn well know they shouldn't. They purposely to make the alternative to getting tracked so damn annoying that you'll take the stance that you just took.

      1. they popup for all sites

      Not all sites. Just the ones that can't keep their data hunger in check.

      We stopped setting cookies just for visiting and don't drop one until the user logs in.

      Simple enough, right?

    2. Re:Typically devised by idiots by Anonymous Coward · · Score: 0

      Christ, Slashdot has gone downhill.

  12. The letter of the law... by Anonymous Coward · · Score: 0

    Considering that governments use the letter of the law to punish whoever they deem to be miscreants, maybe the lesson here should be something along the lines of "The road to hell is paved with good intentions."

    Because picayune regulation like this never seems to solve any problem other than generating make-work for government bureaucrats.

  13. Not so much about usability by Anonymous Coward · · Score: 2, Interesting

    Joe Schmoe is just going to click away the banner.
    I.e. usability of all the sites remains pretty much the same. It's just that every site now shows an irritating pop-up which any Joe Schmoe will click away before continuing the way things were in the first place.

    Net positive effect: Zero.
    Net negative effect: Nothing accomplished, all the same privacy issues are still there but it takes a click more to use those sites.

    1. Re:Not so much about usability by Anonymous Coward · · Score: 0

      AND as another poster mentioned, one can no longer distinguish between wanted and unwanted cookies.

  14. Of course it is hard by mlwmohawk · · Score: 2

    The spirit of the law is to protect users. The people creating sites don't care, and are, in fact, hostile to any such consideration.

    In all reality, cookies enable some pretty good behavior on web sites, but more often than not, are designed to track user behavior against their own interests.

    1. Re:Of course it is hard by omnichad · · Score: 3, Funny

      cookies enable some pretty good behavior on web sites

      Right. If you don't block cookies using browser settings, the web site needs to store a cookie on your computer to remember that you don't want to store cookies!

    2. Re:Of course it is hard by Anonymous Coward · · Score: 1

      Sir, please shut down your computer and step away from it carefully. We will send a dispatch to relieve you of it.

      Or, more bluntly: You have not understood the first thing about the cookie law.

      A website may place as many cookies as it wants as long as they do not contain any personal identifiable data.

      Yes, they may place a cookie with contents like "FollowMe=No" on your computer without even having to ask you ! And they are fully within the law when they read that cookie back without having asked you for permission either.

    3. Re:Of course it is hard by Anonymous Coward · · Score: 0

      That is a huge exaggeration.

      Where are your statistics to prove that?

      Most sites don't use tracking at all, and if they do, it's an analytics tool. And they don't perform tracking for the site owner, but for the analytics ad side business. And that is not a fault of the site owners, but of the analytics / ad providers.

      So stop pestering the site owners and go after the money track!

    4. Re:Of course it is hard by olau · · Score: 1

      In all reality, cookies enable some pretty good behavior on web sites, but more often than not, are designed to track user behavior against their own interests.

      That's just plain bullshit. Cookies were introduced to solve a real problem. The fact that people hang out on crappy gossip sites that get their income from shady ads is just unfortunate. Do you really think this law will cause those sites to change their behaviour? No, they just need to trick people into saying yes - and that should be easy given all the legitimate sites now need to ask too.

      This directive is a big fail. I believe most European countries have privacy laws in place to crack down on those shady ad companies anyway, if the authorities really felt it was a big problem.

  15. Mod Parent +1 Insightful by JoshDM · · Score: 4, Funny

    Dear Mom, I would give you all my moderator points if I had them. Now please stop using the computer. -Josh

  16. Comment removed by account_deleted · · Score: 5, Insightful

    Comment removed based on user account deletion

  17. The law is garbage by Anonymous Coward · · Score: 0

    People want to be able to control 'cookies' and be protected from abusive use of the technology. A law that simply forces sites to tell people that they are using 'cookies' is utterly useless- and useless by design.

    In the UK, local councils sell the information they collect about residents to junk mail companies and worse. When the watchdog is worse than the criminal, what hope is there.

    What people want is a government that will take firm legal action against practises that ordinary people would identify as 'beyond the pale'.

    -websites should NOT be allowed to pass on private information to any other company.
    -websites that attempt to exploit ANY weakness in the browser to access private user information (including browser history) should suffer a mandatory death penalty, with imprisonment for those responsible for the website.
    -no form of 'ad' tracking should be allowed whatsoever. 'Ads', by law, should be only allowed to follow the model of ads on TV or in newspapers. In other words, online 'ads' should never be user-aware, only location aware.
    -laws should be in place explicitly criminalising 'loop-hole' research, by defining allowed online-ad behaviour to the nth-degree.
    -'active' ads only allowed in iron-clad sandboxes. Massive mandatory financial penalties must apply to ad server companies that ever allow malicious 'active' ads.

    No-one that uses the Internet objects to properly used cookies. What we object to are the 'sharks' that are always found in middle management, looking for an immoral 'edge' to boost their bonuses. Be warned, though- the 'real name' policy of Facebook is every bit as obscene and despicable as the 'scareware' served by ex-Soviet states. It is important to never forget what is RIGHT and what is WRONG on our Internet. Every bad move is the "thin edge of the wedge" that, if not reversed, will give encouragement to others planning online evil.

  18. A Better Concern by Shaltenn · · Score: 1

    Why are these websites loading cookies the moment you go to a page, before you can even login or present them with data that is worthwhile to have in a cookie? If nothing else you should take this as a warning as to what websites are tracking you across the internet, and to just flat out avoid them.

    --
    If you were offended by anything I said... No, I'm not sorry. Please lighten up.
    1. Re:A Better Concern by Miamicanes · · Score: 2

      Basically, programming convenience and bug-avoidance. This is a particularly big deal with languages like PHP that embed server-side code into HTML content -- by the time your code realizes that it needs to store something in session context, the header has already been committed (and probably sent). It's not *completely* impossible to work around, but it's a major pain. It's much easier to just set the cookie and establish the session so it'll be there and ready to use when and if you end up needing it.

      In any case, the tantrums some people throw about cookies and "storage space" border upon absurd. The most low-end and ghetto throwaway Android phone money can buy has more ram and storage space than a high-end workstation did ~10 years ago. In some cases, it takes more storage space to store the cookie's filename than it takes to store the cookie's payload. Getting mad about being wantonly-tracked everywhere is one thing, but getting mad because a site is consuming a block of hard drive space or a few cells of flash (whose marginal cost is probably a fraction of what it cost to climate-control the air you just inhaled a moment ago) is silly.

  19. Mobile Browsers by timmyf2371 · · Score: 2

    By now, I think we all get it - non-techies included; if we visit a website, we might get a cookie installed onto our computers. These intrusive banners have made that perfectly clear to the point where it is now extremely annoying.

    I especially hate it on my phone. Due to the nature of my interactions with apps like Twitter, I quite often end up visiting sites I've never visited before. And these floating banners with the X are incredibly difficult to close and get rid of - hampering my browsing experience.

    I understand that the people who came up with this idea probably had their heart in the right place, but seriously, it really needs to stop.

    --

    Backup not found: (A)bort (R)etry (P)anic
  20. But I thought... by ab_iron · · Score: 1

    They were called Briskets in the UK.

    1. Re:But I thought... by ab_iron · · Score: 1

      Damn auto correct!

  21. Bad Law by Anonymous Coward · · Score: 0

    If the EU law mentioned Trackers instead of Cookies, none of this would have happened. There wouldn't even have to notify the user since nothing of value was lost from not tracking them.

  22. cookies are OK by bertomatic · · Score: 1

    I don't have any problem with a site wanting to use cookies, and putting them on my computer. What I do have a problem is when a site "reads" information (cookies/history/etc.) and sends that info up the chain. That is what should be banned. "They" have no right reading anything on my computer w/o my consent.

  23. Amazing by NoSalt · · Score: 0

    With all of the other ways companies and the government can get to your private data, and cookies have been at the top of people's "shit list" for so long now. I just find it humorous.

  24. Don't mess with what you don't understand by Hentes · · Score: 1

    Governments should keep their hands out of the internet.

  25. Greasemonkey to the rescue! by hack++slash · · Score: 1

    I discovered on at least one site that blocking cookies for them meant that the banner never goes away!

    Bloody annoying!

    So I hacked up a Greasemonkey script to remove the banners.

    --
    To do something right, you often have to roll up your sleeves and get busy.
  26. The problem is sharing not gathering by EmperorOfCanada · · Score: 1

    I don't care if any single company gathers information. They can gather away and store the information like squirrels in little burrows they dug in the hillside. What I do care about is when they share the data. This whole "trusted third parties" crap is well crap. I really really get upset when I hear about companies that gather up personal data and then sell it on to other companies that start vacuuming it all together to start building a profile as you move through the internet.

    So if these politicians had the slightest understanding of where the problem really lay they would ban the sharing of any data from one company to another. I don't want anyone but the electrical company to know anything about my account. The amount of information that your electrical system leaks is quite extraordinary. Minimally they can figure out what time you get home each day and sell that to telemarketers who will know exactly when to call you, If they can time the call perfectly to your arrival with your jacket still on you might run for the phone and not have enough time to check to see that it is a crap number.

    Your phone company can see you phoning car companies and then suddenly an insurance company will phone you to see if you want insurance for your soon to be new car. But then you get the insidious government prying. There might be a mugging at 6pm and they see you arrive at your house at 6:05 and now you are on their suspect list. Let's look at his surfing. Oh he bought a jacket last year that roughly matches the description given by the victim and he is behind on a few bills and maybe needs some money quick.

    So I don't care if a website gathers all kinds of data to figure out what seemed to have attracted me to their site and which page I left off on, as long as they don't share that with anyone... ever.

  27. Without a cookie, you cannot log in by tepples · · Score: 2

    There is no benefit for their use to me on 90% of the pages I visit.

    All that tells me is that you browse more web sites as a visitor than as a registered user. Without a cookie, you cannot post on Slashdot as h4rr4r; you can only post as Anonymous Coward. Without a cookie, you cannot read your webmail. Without a cookie, you cannot buy things from online stores that use a shopping cart (your cart ID is stored in a cookie) or 1-click shopping (which requires being logged in); instead, you have to copy and paste all the SKUs into the window with the payment form. Or would you prefer that all web sites switch from cookies to HTTP basic authentication and that online stores require users to create an account in order to shop (so that the user ID can be used as the cart ID)?

    1. Re:Without a cookie, you cannot log in by jonbryce · · Score: 1

      Taking your points in turn

      1. Put a short one paragraph explanation between the password box and the login button
      2. Put a short one paragraph explanation between the password box and the login button
      3. The EU regulations don't require you to ask permission for shopping cart id cookies

    2. Re:Without a cookie, you cannot log in by tepples · · Score: 1

      Is the short paragraph on this login page good enough?

    3. Re:Without a cookie, you cannot log in by h4rr4r · · Score: 1

      Sure so I need a cookie on Slashdot, Amazon and I don't often use webmail so that would be about it.

      The other 90% of webpages I don't login too, I do not need them tracking me or advertising things they saw me look at on amazon.

      I think that outside of shopping and sites I log into, I do not want cookies.

    4. Re:Without a cookie, you cannot log in by jonbryce · · Score: 1

      Yes, but if all the cookie does is distinguish my session from other people's sessions, then you don't need permission and you don't need to notify at all.

  28. BrE: biscuit by tepples · · Score: 1

    I thought the baked dessert was called a "biscuit" in Great Britain.

    1. Re:BrE: biscuit by jonbryce · · Score: 1

      In Britain, a cookie is a specific type of biscuit that looks like this https://www.privacyinternational.org/sites/privacyinternational.org/files/main-images/blog/cookies.jpg

  29. List of recently viewed pages by tepples · · Score: 1

    Why are these websites loading cookies the moment you go to a page, before you can even login or present them with data that is worthwhile to have in a cookie?

    Take Phil's Hobby Shop for example. When you display a product's page, it adds the product to a list of recently viewed product pages, which is displayed at the left side of the product page. And to separate your list from other users' lists, it needs to store an anonymous session identifier in a cookie called philshobbyshop_sessionid. These anonymous sessions end after 16 hours and do not identify a user unless the user clicks "Log in" to convert the session to a logged-in session. All this is explained on the site's privacy policy.