Slashdot Mirror

← Back to Stories (view on slashdot.org)

Changes Are Coming To the EU's Cookie Directive, But It's Not Going Away (softpedia.com)

Posted by BeauHD on from the who-stole-the-cookie-from-the-cookie-jar dept.

An anonymous reader writes: The European Commission is listening to suggestions regarding EU laws on privacy and electronic communications (e-Privacy), among which is also the EU Cookie Directive that has made the lives of EU Internet users a living hell. The EU Commission has started an open consultation on this topic and is inviting users and businesses to provide their opinion. From the consultation's text, which is nothing more than a survey, one could argue that the EU isn't intent on removing the directive at all, but only making small adjustments. In its current implementation, most companies ask users if they're OK with storing cookies on their PCs and then collecting their data. One of the questions the Commission asked and is currently looking for an answer is whether companies should be allowed to deny users access to a website if they don't want to accept using cookies. The EU wants Internet companies to build alternative (usable) websites for people that don't want to use cookies at all, and so respect their decision for privacy.

120 comments

  1. How about a choice... by Anonymous Coward · · Score: 0

    Rather than say "We use cookies, whether you like it or not, now kick yes" why not give the choice to accept cookies or not ( I don't like popups that force a yes, if been trained to say no over time and think a forced choices equates to untrustworthy actors). While we're at it if you could choose to not get search results back that forward via cloudflare that would also improve my life.

    1. Re:How about a choice... by JcMorin · · Score: 2

      Choice is obviously the right thing but can or should the law FORCE website to behave like that? What if you don't have the resource to make it working without cookie? What if you need them really? I think the cookie blocking feature is already implemented in the "privacy mode" from all browsers. If you don't want them to track you... use the privacy mode!

    2. Re:How about a choice... by AmiMoJo · · Score: 1

      The EU wants privacy to be the default. So when you visit a random web site it initially respects your privacy instead of setting over 9000 random cookies, evercookies, advertising ping-backs, web bugs, browser profiling scripts and other nasties, with a little "btw we just shoved a cactus up your arse, click here to read our anti-privacy policy" notice at the top.

      While clearly a lot of sites won't work fully without cookies, as many people who block them will tell you a lot of functionality doesn't need them. I'm okay with logging in or adding stuff to a shopping basket including the cookie notice. The main thing is that I actively opt-in, not get bombarded and then later opt-out by leaving the site and clearing cookies.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    3. Re:How about a choice... by Anonymous Coward · · Score: 1

      Users already had and have that choice, regardless of whatever laws EU enacts. They were working from a premise where the user is already 100% control of the situation. And that's why the laws look so hilarious (and pointless) to everyone who knows how the web works. Browsers store (or don't store) cookies at user direction, but I guess some lawmakers wanted to look like they exist for a reason, so they made up silly laws.

    4. Re:How about a choice... by janoc · · Score: 1

      The problem is that this directive does not achieve that. The only thing you get (also here on Slashdot if you are in EU) is an interstitial asking you to accept the privacy policy/TOS/cookies. And then it is business as usual, with those 9000 random cookies, evercookies, adverts and pingbacks.

      This law is addressing the symptom (cookies) and not the cause - companies wanting to hoard, mine and sell their visitors' data.

    5. Re:How about a choice... by TheRaven64 · · Score: 2

      The problem is that the legislators did not really understand the problem that they were trying to solve. The law was intended to require consent if you are tracking the user for longer than the current session. That's an entirely reasonable thing to do. The implementation was a complete disaster because it conflated a mechanism that's used for tracking (and more benign uses) with the act of tracking. To give a car analogy, it's like noticing that a lot of the people who drive dangerously drive red cars and then insisting that all red cars warn you of possible danger of accidents whenever they drive near you.

      --
      I am TheRaven on Soylent News
    6. Re:How about a choice... by hattig · · Score: 1

      Well currently the sites give the choice to accept or reject third party cookies in an annoying popup (this has already been forced by law), and if you say no, then as third party advertising is how they make money, the site will typically have to either present a limited experience, or no experience.

      Now they want to force the sites to give an experience even if you reject the cookies. Maybe that would change the relationship between advertisers and sites (who would click yes in that situation!) so it is viable, or the sites will just not get any money and go out of business.

      Sometimes I think that I should be able to pay a sub for "the techy website package" and have ad-free access to a range of techy websites, which share the income. Some sites do this themselves (e.g., Phoronix, Ars) already, but that's a PITA.

      Oh, AdBlock.

    7. Re:How about a choice... by AmiMoJo · · Score: 1

      Actually lawmakers seem to understand the technical issues extremely well. Take a look at the EU site on the subject.

      They clearly differentiate between different types of cookie (session/persistent, first/third party) and list exemptions for things where cookies are necessary and don't interfere too much with privacy.

      The real issue here is that sites haven't bothered to read the rules and just stuck a blanket "we use cookies" banner on everything, even if they don't need one. Reading the rules carefully, most sites could easily be implemented within the exemptions, as the EU is requesting. That includes advertising, as long as the ads don't use cookies.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    8. Re:How about a choice... by KiloByte · · Score: 1

      There's a simple solution: exempt session cookies, make the law harsher on persistent cookies.

      All legitimate navigation needs are served well enough by session cookies. Legitimate uses of persistent cookies, such as "remember me" login or saving preferences require an explicit action of the user, and that can have a short cookie warning included.

      By "make the law harsher", I propose requiring disclosing the actual purpose of gathering data, rather than saying just "to enhance your browsing experience".

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
    9. Re:How about a choice... by AmiMoJo · · Score: 1

      I've seen that interstitial when connecting from France, but not from the UK. I think maybe it's down to individual state's implementations.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    10. Re:How about a choice... by Anonymous Coward · · Score: 0

      You have that choice. Just tell your browser to accept cookies, or not to accept them, or not for third parties, or only for the session. Set the Do Not Track flag to true or false. Not enough choice for you?

    11. Re:How about a choice... by Anonymous Coward · · Score: 0

      Session cookies are exempt. Very clearly. And you can even do session + a few minutes.

    12. Re: How about a choice... by tigersha · · Score: 1

      Thanks, that link was really useful

      --
      The dangers of excessive individualism are nothing compared to the oppressiveness of excessive collectivism
    13. Re:How about a choice... by Anonymous Coward · · Score: 0

      I've seen that interstitial when connecting from France, but not from the UK. I think maybe it's down to individual state's implementations.

      We are not states. We are COUNTRIES.

  2. This right here... by Richard_at_work · · Score: 0

    is the sole reason why I'm voting for the UK to leave the EU!

    (Just joking, probably...)

    One of the questions the Commission asked and is currently looking for an answer is whether companies should be allowed to deny users access to a website if they don't want to accept using cookies. The EU wants Internet companies to build alternative (usable) websites for people that don't want to use cookies at all, and so respect their decision for privacy.

    So the EU want to force companies to serve customers regardless? Fuck that. Fuck that big time. If a customer doesn't want to meet the criteria for using the website, then the website should be perfectly within its rights to refuse service.

    If the EU do move in this direction, then I will be voting to leave. Fuck that.

    1. Re:This right here... by MitchDev · · Score: 1

      No kidding, they do realize that building, maintaining, hosting, and running a website is NOT free?

    2. Re:This right here... by N1AK · · Score: 1

      So the EU want to force companies to serve customers regardless? Fuck that. Fuck that big time. If a customer doesn't want to meet the criteria for using the website, then the website should be perfectly within its rights to refuse service.

      Governments already require a number of things of companies that wish to operate in their jurisdiction. I'm inclined to think this is a bad idea, but it really isn't any more restrictive than any number of other restrictions; to make such a comparatively minor point a deciding factor in a referendum about broad ranging economic and political union seems like a complete inability to keep a sense of perspective when making decisions.

    3. Re:This right here... by MartinG · · Score: 1

      If the UK leaves the EU, that doesn't automatically mean the UK won't have to comply. Various non EU countries already have to abide by all kinds of EU rules as part of trade agreements with them.

      The major difference in leaving would be that the UK no longer has any power in influencing these kinds of rules.

      --
      -- MartinG To mail me: echo kewyjlcxyzvjfxbqwh | tr bcefhjklqvwxyz .@adgimnoprstu
    4. Re:This right here... by AmiMoJo · · Score: 5, Insightful

      There is a really easy, simple way developers can handle this. Don't use cookies by default. When the user logs in or adds something to their basket have the "you accept we use cookies, here's the privacy policy" text, but when the user simply visits the site don't set any cookies.

      That would eliminate 90% of the annoyance and not place an undue burden on developers. It might annoy site operators who were hoping to create profiles of visitors, but fuck those guys.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    5. Re:This right here... by DNS-and-BIND · · Score: 1, Insightful

      They already have little or no power to influence these decisions. The EU does whatever it wants without considering if the people will like it or not. And frankly, who can blame them? They are the smartest, best educated people in Europe and they are best-suited to lead. People aren't educated and can't lead themselves out of a paper bag.

      I can't even imagine why the EU is soliciting advice on this cookie issue, what can the Great Unwashed tell them that their experts don't know already? My guess is, they're scared and fear their own power decreasing. So, they're going to make a few attempts at showing that they will change their stripes if only people will vote in the EU's interest instead of their own interests. Then they can dispense with these silly polls and referenda and get down to the business of ruling.

      --
      Shutting down free speech with violence isn't fighting fascism. It IS fascism!
    6. Re:This right here... by Anonymous Coward · · Score: 0

      So the EU want to force companies to serve customers regardless? Fuck that. Fuck that big time. If a customer doesn't want to meet the criteria for using the website, then the website should be perfectly within its rights to refuse service.

      I demand to browse your website using only this rusty spoon!

    7. Re:This right here... by Zocalo · · Score: 1

      I'm not sure that this is even a problem in practice (I've seen sites attempt to deny service when AdBlockers are used, but never when cookies are blocked), but since the EU would do a lot better to just fix the broken wording of the cookie directive to allow more flexibility in achieving compliance this might actually just be a flawed attempt to fix the problems the directive created in the first place. The only reason this is even an issue is because of the cookie directive's requirement that a site asks EU users for permission over cookies and tracking but then has to figure out how to remember that preference without using cookies or tracking URLs when a user declines to be tracked and has cookies disabled. Quite possibly they have to do that without using any JavaScript either, since there's almost certainly a significant overlap between those that disable cookies and those that run tools like NoScript. Given the number of sites that prompt for tracking permission on every page opened in that scenario this is apparently a problem that few website designers have been able to solve - although that's almost certainly a mix of poor coding ability, lack of imagination, limitations of the CMS, and deliberate attempts to frustrate site users into just accepting the cookies.

      --
      UNIX? They're not even circumcised! Savages!
    8. Re:This right here... by Anonymous Coward · · Score: 1

      If your business model depends on user agents accepting cookies, you are already screwed.

    9. Re:This right here... by pr0nbot · · Score: 1

      Now they want me to put seatbelts in my car?? Fuck that. Fuck that big time. If a customer doesn't like it, they can fuck off and buy some other car.

      The cookie directive is about making users aware of surveillance. The EU (that is, the representatives of the member nations of the EU, collectively) have decided that surveillance by websites is potentially not in the consumer's interest, and the consumer should at least be aware of it.

      As I understand it, now they're going a step further and saying, if you want to sell to EU customers, you must make your website work to some extent if the user opts out of the surveillance, rather than just telling them to fuck off. Just as, in other contexts (but also websites) you have to comply with regulations about disabled access, you can't just tell disabled people to go fuck themselves.

      I understand that cookies are also used for legitimate reasons (session tracking by the website itself), but it's not impossible to write a website that doesn't break without cookies. (You should probably be making sure this is the case anyway, if you build websites.)

      It mystifies me why anyone would object to regulation that benefits consumers. Aren't we all consumers? Isn't the power imbalance between us and business such that we should have someone regulating like this? And isn't it a good thing that it's done EU-wide rather than have a nightmarish piecemeal regulartory patchwork?

    10. Re:This right here... by TheGratefulNet · · Score: 1, Insightful

      I hate 'webmasters' and how they think their job is to pull a fast one over the users.

      ever look at yahoo's javascript, for example? its done on purpose to stop you from making meaningful global filters for adblock, etc.

      the term 'webmaster' has devolved into something not worthy of respect (not sure it ever was, but now that web means 'content management engines' and not just content) and tricky ways to fuck you, the visitor, over, I am all for anything that makes THEIR lives harder and more painful.

      see, they have become as slimey as salespeople and marketers. all people that are worthy of scorn and distrust.

      they want to cry to me that they 'cant write web code' unless they force cookies and other stateful info on you?

      fire them all and start all over again. 'nuke them from orbit' so to speak. the whole web thing is broken at this point and needs a complete redo anyway.

      --

      --
      "It is now safe to switch off your computer."
    11. Re:This right here... by LWATCDR · · Score: 3, Informative

      I used cookies to keep track of the last message that users read and what files for download had been updated. It was a long time ago but you can use cookies for things other than tracking users for ads.
      Frankly I thought I was respecting the user's privacy by storing that info on their system vs keeping it in a database.

      --
      See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
    12. Re:This right here... by Anonymous Coward · · Score: 0

      Like it or not the EU has a right to privacy and enforces it. If you go into a shop it does not give the shop owner the right to feel you up and attach tracking gadgets to your body. A shop owner trying to do so would also find himself on the wrong side of a prison wall no matter what his terms of use state. Doing so on the internet is not any different.

    13. Re:This right here... by ultranova · · Score: 1

      If a customer doesn't want to meet the criteria for using the website, then the website should be perfectly within its rights to refuse service.

      If a company doesn't want to meet the criteria for doing business in the EU, then the EU should be perfectly within its rights to stop it from operating within the EU. Companies, business and economy exist to serve human needs, not the other way around.

      If the EU do move in this direction, then I will be voting to leave.

      Enjoy your corporate overlords, then.

      --

      Forget magic. Any technology distinguishable from divine power is insufficiently advanced.

    14. Re:This right here... by Anonymous Coward · · Score: 2, Funny

      If your business model depends on user agents accepting cookies, you are already screwed.

      The girl scouts will be horrified to hear that...

    15. Re:This right here... by ultranova · · Score: 1

      They already have little or no power to influence these decisions. The EU does whatever it wants without considering if the people will like it or not.

      Voters in the EU member countries elect both their national governments and European Parliament directly. So I have to ask: who wields the power of the tyrant within the EU, and how do they bypass democratic control?

      --

      Forget magic. Any technology distinguishable from divine power is insufficiently advanced.

    16. Re:This right here... by dave420 · · Score: 1

      Your ignorance never ceases to amaze me. Thank you once again for a wonderful insight into what it must be like living in your head. Truly terrifying.

    17. Re:This right here... by AmiMoJo · · Score: 3, Interesting

      You are respecting the user's privacy, and the EU specifically exempts the kind of cookies you are using: http://ec.europa.eu/ipg/basics...

      So you don't need a statement on your site, your use is exempt from the rules.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    18. Re:This right here... by AmiMoJo · · Score: 1

      Nonsense. The EU parliament is elected directly, and the other two bodies (the Commission and the Council) are appointed by elected officials of each member state. If the electorates of Europe don't old them to account that's their own fault.

      The EU tends to act in the interests of its citizens far more than the governments of many member states. To an extent that's because they are somewhat above national politics. For example, employment laws that favour workers, or ratings on vacuum cleaners so consumers can make an informed choice and not get ripped off by ever bigger motors that do little to improve cleaning ability.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    19. Re:This right here... by jandersen · · Score: 1

      If a customer doesn't want to meet the criteria for using the website, then the website should be perfectly within its rights to refuse service.
      N/quote>

      It is perfectly reasonable to tell visitors that they are about to be spied on, if they enter a site, just like the law requires CCTV cameras to be accompanied by a warning message on a sign. It is part of being open, transparent and honest - something that is good for consumers and others; in fact, it is one of the many arguments in favour of remaining in EU. And anyway, using a thing like Privacy Badger in Firefox, you can selectively block cookies on any site very easily.

    20. Re:This right here... by LWATCDR · · Score: 1

      That system has been replaced by Drupal long ago but it didn't matter to me what the EU said. It was a US company and the website was hosted in the US. We respected our users privacy for the simple reason that they were our customers. They bought things from us and the website had 4 functions that justified it's cost.
      1. Advertising our product.
      2. Customer support and communications.
      3. Updates.
      4. An online store for customers to buy our products.
      Most sales came from our sales force back then so the store was more for accessories and such.
      We had no need to sell any advertising but our own.

      --
      See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
    21. Re:This right here... by Anonymous Coward · · Score: 0

      I'd sooner the EU mandate browser makers offer users a way to just disable cookies.

    22. Re:This right here... by Anonymous Coward · · Score: 0

      If your business model depends on user agents accepting cookies, you are already screwed.

      I'll let every website with a login screen know that.

      You fucking retard.

    23. Re: This right here... by Anonymous Coward · · Score: 0

      Note to self: add all eu countries to my country blacklist for the website.

      Seriously, do i have to comply when i operate in the u.s?

    24. Re:This right here... by Anonymous Coward · · Score: 1

      I run a pretty good sized European news website an we manage to maintain a staff of about 100 without tracking our Users at all. Not Sure what you're doing wrong.

    25. Re:This right here... by Anonymous Coward · · Score: 1

      I run a pretty good sized European news website an we manage to maintain a staff of about 100 without tracking our Users at all. Not Sure what you're doing wrong.

      You are running a good sized website without any analytics, or any login-functionality, or any Google ads or even the most basic ad targeting/frequency control that most ad buyers require today? It would be very interesting to know which site this is.

    26. Re:This right here... by DNS-and-BIND · · Score: 0

      If Brexit happens, which there is a good chance of, the entire European Union is in peril. And a lot of the reason that is is because people just like you look down on others who disagree with their political opinions, and consider them beyond stupid.

      Many of us are insulted by the ruling class's dismissal of opposition as mere "anger and frustration" -- an imputation of stupidity -- while other of us just scoff at the claim that the ruling class's bureaucratic language demonstrates superior intelligence. A few of us ask the fundamental question: Since when and by what right does intelligence trump human equality? Moreover, if the politicians are so smart, why have they made life worse?

      --
      Shutting down free speech with violence isn't fighting fascism. It IS fascism!
    27. Re:This right here... by Anonymous Coward · · Score: 0

      If Brexit happens, which there is a good chance of, the entire European Union is in peril. And a lot of the reason that is is because people just like you look down on others who disagree with their political opinions, and consider them beyond stupid.

      Many of us are insulted by the ruling class's dismissal of opposition as mere "anger and frustration" -- an imputation of stupidity -- while other of us just scoff at the claim that the ruling class's bureaucratic language demonstrates superior intelligence. A few of us ask the fundamental question: Since when and by what right does intelligence trump human equality? Moreover, if the politicians are so smart, why have they made life worse?

      Since homo sapiens lived and homo neanderthalensis died out. The more intelligent species survived.

    28. Re:This right here... by Anonymous Coward · · Score: 0

      What percentage of cookies are used for actual logins? Probably mere statistical noise.

    29. Re:This right here... by Darinbob · · Score: 1

      But browsers make this difficult. Either you accept ALL cookies (even the 99% that are evil) or you accept almost none. To accept cookies from just your own site most browsers do not give you an easy way to do this. Sometimes "don't accept third party cookies" will work but sometimes it won't because the cookie is coming from something that appears to be a third party site ("bringyourownbeer.com" uses cookies from "xyz.byob.com"). And the cookies have bizarre names with even odder contents, so if you're browsing through the cookies you can't tell if they're actually useful or if they're ad trackers.

      I generally accept only first party cookies, but I discard them when the browser closes. With a few exceptions. And with those sites where I did add exceptions they still sometimes fail to remember what I've read; and it's too much of a hassle to track down the problem, and far too dangerous to allow third party cookies, so I don't bother and track it all up to yet another broken web site.

    30. Re:This right here... by dave420 · · Score: 2

      'Webmaster'? Really? Is it 1996 again? You seem woefully out of touch with reality, ascribing all sorts of nefarious motives to people you've never met, without any evidence to support your rash judgements.

    31. Re:This right here... by Anonymous Coward · · Score: 0

      If you don't like our work why are you on internet go play outside.

    32. Re:This right here... by Gonoff · · Score: 1

      is the sole reason why I'm voting for the UK to leave the EU!

      (Just joking, probably...)

      And its another reason why I'm voting to stay....
      A governmental organisation that it not, by default, automatically on the side of the seller instead of the consumer? Great! This, of course is why the most right wing, big money, parasites are keen to get us out so that we can head downhill to what people in the US have to put up with.

      --
      I'll see your Constitution and raise you a Queen.
    33. Re: This right here... by Gonoff · · Score: 1

      Seriously, do i have to comply when i operate in the u.s?

      Only if you want our money. If you have enough traffic, you are at liberty to geofence to your hearts content.

      --
      I'll see your Constitution and raise you a Queen.
    34. Re: This right here... by Gonoff · · Score: 1

      Enjoy your surveillance state and complete lack of privacy in the UK.

      I take it you have disbanded the NSA, FBI abd every other criminal TLA in your country?

      People in most of the EU, even in the US/corporate friendly UK, have more privacy than you. They all would appear to have better internet privacy than you.

      There is a difference between whining and boasting...

      --
      I'll see your Constitution and raise you a Queen.
  3. "Tax" on developers. by headkase · · Score: 2

    Waiting for my cheque to implement an entire alternate back-end in 3.. 2.. 1..

    --
    Shh.
    1. Re:"Tax" on developers. by AmiMoJo · · Score: 1

      The summary is misleading. You can use certain cookies for things like sessions or user input, but not for tracking or advertising IDs etc. So you could just design your primary back-end not to need the evil cookies, and then selectively enable them for tracking if the user agrees.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  4. What? by MitchDev · · Score: 1, Informative

    No, if you don't want to accept the terms of using the website (cookies in this case) you DON'T GET TO USE IT.

    WTF is wrong with these people?

    1. Re:What? by Anonymous Coward · · Score: 0

      Well what stops me to delete cookies. Besides most eulas are unenforceable in EU at large anyway.

    2. Re: What? by Anonymous Coward · · Score: 0

      Users will visit sites that _do_ offer more flexible terms of service. Everything non-invasive a cookie can do can also be done with session-based backend storage anyway.

    3. Re:What? by jouassou · · Score: 2

      Well, that's why I love the Firefox plugin self-destructing cookies. Most websites work fine because they get to store all the cookies they want; but ten seconds after closing the last tab of that page, all it's cookies are wiped out. (Just remember to also block 3rd-party cookies to prevent e.g. Facebook and Google from obtaining persistent cookies by being omnipresent on the web.)

    4. Re:What? by Anonymous Coward · · Score: 0

      It's more a technical thing. If I use cookies to store session data (like almost everyone does) and you reject cookies or delete them immediately (as opposed to on broswer close), how in the fuck am I going to know who I am talking to? The web site won't work without cookies any more than your desktop would work without RAM. Yeah, there are alternatives, but no one wants to implement them if they already have a working system, because changing your system and/or maintaining two systems is a PITA.

      Don't want cookies? Then don't expect it to work.

    5. Re:What? by Anonymous Coward · · Score: 0

      WRONG!!!!, I don't want to use it, if you using cookies for more than tracking my ssl / login sessions, I won't need nor desire to use your site. Young punks can't make decent pages, Now get off my lawn.

    6. Re:What? by entropy01 · · Score: 1

      No, if you don't want to accept the terms of using the website (cookies in this case) you DON'T GET TO USE IT.

      Are you sure? My Self-Destructing Cookies add-on doesn't believe you.

    7. Re:What? by MitchDev · · Score: 1

      At least you admit to being a thief...

    8. Re:What? by Anonymous Coward · · Score: 0

      What has been stolen exactly here? Am I stealing too because I have my cookies wiped when I close the browser?

      Get off your high horse. Your visitors don't owe you anything.

    9. Re:What? by Anonymous Coward · · Score: 0

      http sites are supposed to be stateless, if you need to know who you're talking to your probably either:
      A) doing it wrong, or
      B) responsible for a webapp instead of a website

    10. Re:What? by Anonymous Coward · · Score: 0

      WTF is wrong with these people?

      The EU acknowledges a right to privacy and at first the EU just mandated an opt-in for cookies so people could make an informed choice based on this right. Now you can say no to Amazon, you can say no to eBay, etc. at the end the opt-in only showed that you still had no real choice, either opt-in or stop using the internet and live in the 90s. Since the choice is a right by law and exercising this right not feasible in the current privacy hostile and internet dependent age the EU does what it always does in such a situation - it requires the companies profiting from the current situation to make it feasible.

    11. Re:What? by Anonymous Coward · · Score: 1

      You stole a cookie and then you destroyed it!

    12. Re:What? by Darinbob · · Score: 1

      Then the web sites should stop being so creepy. "Hey, you bought Depends Adult Undergarments last time you were here, let me show you a lot of ads for incontinence while your co-workers look over your shoulders."

      Web sites can work wonderfully without the cookies. They just need to remember that they exist to provide information first and foremost and that they are not supposed to show advertisements. Webs are supposed to be stateless, so act more like an encyclopedia than the weekly advertising flyers showing up in the post.

    13. Re:What? by MitchDev · · Score: 1

      " They just need to remember that they exist to provide information first and foremost and that they are not supposed to show advertisements"

      BZZZTTTTT! WRONG!

      They exist, especially business owned sites, to MAKE MONEY.
      They don't owe you free information "first and foremost". That is just such backwards entitlement nonsense.

    14. Re:What? by MitchDev · · Score: 1

      The cookie from the website you are using is the "cost" of using that website...

    15. Re:What? by Darinbob · · Score: 1

      Then you are too young to remember the real internet.

  5. Hyperbole much? by Anonymous Coward · · Score: 0

    made the lives of EU Internet users a living hell

    If "living hell" is equivalent to "those things my peripheral vision filters out for me", then c'mon baby! give more of those seven capital sins!! fuck that, make the nine!!

  6. The problem is http is stateless by jfdavis668 · · Score: 2

    Without cookies being sent back to the server, the server doesn't know what you were doing a moment ago. The design does not maintain the state of the system between transactions. There are other ways of doing this, but this is how http was designed. Yes, cookies are being used to track things that are not involved in the state of the transaction. But, it is hard to eliminate something that is key to the way that http works.

    1. Re:The problem is http is stateless by jfdavis668 · · Score: 2

      Forgot to include the relevant xkcd reference: https://xkcd.com/869/

    2. Re:The problem is http is stateless by Anonymous Coward · · Score: 0

      EU guidelines don't require you to show the cookie warning if your cookies are used for essential functionality of the website (i.e. session cookie). You have to show it only when you use cookie to gather data that isn't vital to the functionality (like tracking)

    3. Re:The problem is http is stateless by Anonymous Coward · · Score: 0

      Er, no. People were persisting state on servers long before cookies existed. You just need to store data on the server and return a token representing it, then return the token in the URL. It's ugly, but cookies are not "key to the way HTTP work" in the slightest, they're not in the HTTP standard, and they didn't even exist when HTTP was designed. They're an invention of Netscape Navigator, and like many inventions of Netscape Navigator they were just a quick hack with no proper design or thought put towards potential misuses. Don't confuse how you do things now with how HTTP was designed or what is key to HTTP.

    4. Re:The problem is http is stateless by jfdavis668 · · Score: 1

      There are standards, then there are defacto standards. Http wasn't originally designed to preform functions beyond show me this, now show me that thing. It was never designed to allow you to order shoes from a web page and pay for them via paypal. Http added functionality Gopher wasn't able to provide. Gopher only showed you lists of links to pages or files. Http allow other objects and text to be displayed. Maintaining a state and workflow wasn't part of its original intent. Yes, Netscape added it, and it became a defacto standard.

    5. Re:The problem is http is stateless by mysidia · · Score: 1

      Everybody tracks though.... essentially.... every major company has reasons to; it's not a privacy issue; it's to the users' benefit, and should not be impeded by the government.

      Tracking users moving between pages on your own website is vital for administration of your website for various reasons; at the very least, all responsible webmasters want to know if you got a 504 or 503 error, which page it came from, and the stream of clicks you made within their website will provide debugging clues.

      Then your user design folks want to know some basic information, like which clusters of pages do different groups of users view, And this plays into future choices regarding what the page layouts should look like in later versions of the website.

    6. Re:The problem is http is stateless by Anonymous Coward · · Score: 0

      Er, no. People were persisting state on servers long before cookies existed. You just need to store data on the server and return a token representing it, then return the token in the URL. It's ugly, but cookies are not "key to the way HTTP work"

      And do you know what we called the bits of gibberish tacked on to the ends of such "munged URLs"?! (MAGIC) COOKIES! And! Do you know what protocol these "munged URL" cookies are being transmitted by? HTTP! That's right! Encoded right in the fucking GET header. So, fuck off. If they were not a key way that HTTP works (see also: E-TAG cache (in)validation HTTP header, also a cookie), arising out of the fact that HTTP was otherwise stateless, then we wouldn't have cookies in the first place.

      The old media ran a huge propaganda campaign against the Internet, attacking the monetization model by scaring the shit out of people over "cookies". We've always had the damn cookies, even before there was a cookie header. Formalizing on a cookie standard and adding that header to HTTP allowed us to VASTLY reduce server load because we didn't have to regenerate every link on every page just to keep you logged in, or remember what was in your shopping cart, or what background style preference you had set, etc.

      Don't be a moron. TV saw the Web as a competitor and ran a smear campaign. If they were serious about "tracking people's data" then they would be skewering Credit Cards, Bank Cards, Cashless Transactions, and Customer Loyalty Cards -- but they're not. In Fact, the EU is pushing an agenda for cashless society so they can track every purchase and freeze anyones funds at a whim.

      All that "HTTP Cookies" did was standardize a protocol for sending and receiving THE EXISTING magic cookies and enable us to move them from the GET HTTP header and into the COOKIE HTTP header.

    7. Re:The problem is http is stateless by TheGratefulNet · · Score: 0

      Everybody tracks though.... essentially.... every major company has reasons to; it's not a privacy issue; it's to the users' benefit, and should not be impeded by the government.

      here's some advice for you: DIE IN A FIRE, ASSHOLE

      can't tell if you are serious or trolling, or maybe even a paid shill.

      but to come here and support spying - get the fuck out! just leave. your bootlicking views are not wanted here.

      --

      --
      "It is now safe to switch off your computer."
    8. Re:The problem is http is stateless by AmiMoJo · · Score: 1

      It seems like they are differentiating between session cookies and permanent cookies. So you can have some basic state info for the site, but as soon as the user goes away it is lost and privacy is maintained.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    9. Re:The problem is http is stateless by tlhIngan · · Score: 1

      Without cookies being sent back to the server, the server doesn't know what you were doing a moment ago. The design does not maintain the state of the system between transactions. There are other ways of doing this, but this is how http was designed. Yes, cookies are being used to track things that are not involved in the state of the transaction. But, it is hard to eliminate something that is key to the way that http works.

      A large amount of activity over HTTP doesn't require the server to know what you were doing moments ago. I'm browsing /.. I'm reading articles and comments. None of which require the server to know more than the URL of the page I want to read.

      Now, to comment, I have to log in, and yes, you need cookies for that state. But browsing web pages and such (e.g., downloading files, reading support documents, getting product information)? No cookies required, no state required.

    10. Re:The problem is http is stateless by Anonymous Coward · · Score: 0

      it's to the users' benefit, and should not be impeded by the government.

      How come that I, as a user, have no say in what is and isn't for my benefit? Most websites I load in my browser to read something. For that plain old HTML is all that's needed, without cookies, without JavaScript. With CSS it's perfectly possible to make a page look pleasant. That companies have their reasons for wanting to place cookies and have my browser execute their scripts I understand, but that is usually because they want it, not because I want it. It's for their benefit, not for mine. That's fine, but please don't pretend that they do it for my benefit, they don't.

    11. Re:The problem is http is stateless by youngatheart · · Score: 1

      When I browse slashdot, I like it to remember what level I choose last. It isn't strictly necessary for the site to work but it works better with the cookie to retain that information.

    12. Re:The problem is http is stateless by Anonymous Coward · · Score: 0

      That comic's more about people writing shoddy redirects.

    13. Re:The problem is http is stateless by Anonymous Coward · · Score: 0

      Without cookies being sent back to the server, the server doesn't know what you were doing a moment ago.

      I guess you've never actually written any PHP. Two words: "Session variables". Look it up. HTTP might be stateless, PHP certainly isn't.

      Next to that, the fall-back for browsers that do not support cookies has always been to append some variables to the URL. You know, that stuff following the questionmark.

  7. Websites don't store cookies; web BROWSERS do that by Anonymous Coward · · Score: 2, Informative

    None of this is going to make sense as long as the laws continue to be so completely disconnected from the reality. If a user wants or doesn't want to use cookies, then they have already instructed their browser to take the appropriate action, and it will be perfect in a way that the laws cannot even begin to approach.

    Anything the governments do related to this, is irrelevant and wasted. The absolute best case that anyone can hope for, is that they'll do no harm. And that, realistically, will never be achieved.

  8. What "living hell"??? by gweihir · · Score: 1

    I have not noticed anything more than "mildly annoying". Hyperbole much?

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:What "living hell"??? by Anonymous Coward · · Score: 1

      Quite. The most annoying outcome of this is when it's necessary to click on the "No, it's okay, serve me cookies" button every time I visit a website, which only shows that their cookies aren't working.

    2. Re:What "living hell"??? by fintux · · Score: 1

      I agree that "living hell" is a far fetch. However, it is more than mildly annoying especially when viewing the desktop version on a mobile device. The banner takes a significant portion of screen real estate and sometimes also the dismiss button is difficult to hit. I think the savvy users already know cookies are used for tracking all over the internet and the less savvy ones probably will just ignore this. Essentially, after the first few times you see this, it is just additional noise on the web sites.

    3. Re:What "living hell"??? by Anonymous Coward · · Score: 0

      The banner takes a significant portion of screen real estate and sometimes also the dismiss button is difficult to hit.

      That is what Addblock is for. Remove the banner with Addblock and you are done.

    4. Re:What "living hell"??? by TangoMargarine · · Score: 1

      Shoot self directly in foot

      --
      Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
  9. A living hell? by Anonymous Coward · · Score: 0

    the EU Cookie Directive that has made the lives of EU Internet users a living hell

    Hyperbole much?

  10. not a living hell by Anonymous Coward · · Score: 0

    being put in a cattle truck for a days without food, packed so tight you can't lie down or even sit, to a place where you're worked literally to death - is a living hell.
    Not foolish cookie legislation.

  11. Control, Neo... apk by Anonymous Coward · · Score: 0

    See subject: It's all sociopaths understand with force when someone upsets their 1/2 truth based agendas & they can't validly overcome their arguments.

    * It's ALL a huge "put up job" on forums OR other social media for the purposes of shaping YOUR perceptions to "sell, sell, sell" YOU shit you DO NOT NEED so they get rich & you get poorer (as they have the best sitting in a patent safe selling you bs inferior carrots in the meantime draining you & keeping YOU, the stupid mules they think you are by herding you like animals using sociological/psychological marketing tactics (most dangerous sciences there are that work on the weak-minded seeking 'acceptance' since their lives are unfulfilling on their own merit to be "part of the 'winning' team" that's really, losing - badly)).

    Frame the discussion, CONTROL the narrative, shape reality (reality = perception) AND CONTROL PERCEPTION - so if you drink this beer, you will have ALL these women, cars, clothes etc. (when the truth it, it takes all of that from you, removing the possibility of YOU ever attaining it, slowly & PAINFULLY).

    Pessimistic? Maybe - Reality?? Oh, for sure.

    APK

    P.S.=> Once you understand that? You're FREE & have had your eyes opened (& it's really always been thus, but there have been exceptions (French, Russian, US revolutions for example))...

    Your 'freedom' comes with a price - you're no longer ignorant & 'happy' (kept stupid watching the WWF etc. vs. educating yourself vs. that crap) so you live like shit as a wageslave making the rich criminal puppet masters playing you on more levels than online, richer & more powerful - creating a mindset you become literally 'hooked on' thinking "that's the way it must be, I'll go along to get along" & online? That's keeping you a slave in the chains of javascript, cookies, dns requestlogs, trackers etc. - et al)... apk

    1. Re:Control, Neo... apk by Anonymous Coward · · Score: 0

      Is there a reason why you feel obliged to prove over and over again that you couldn't post anything that's on topic if your life depended on it?

      That's a rhetorical question, BTW.

      IOW, please don't bother replying.

    2. Re:Control, Neo... apk by Anonymous Coward · · Score: 0

      Oh my god, you're still around? I was starting to wonder :)

      Never change, APK.

  12. Here's mine by Anonymous Coward · · Score: 2, Informative

    Your browser uses cookies. You have the power to disable cookies in your browser settings. This website may only request that a cookie be stored, it can not force your browser to store the cookie or return the cookie at a later time. This website can not stop your browser from sending it cookies. Only your web browser can disable or delete cookies. You are even sending this website global session cookies that you or some other website asked to be stored, and there is no possible way for the operators of this website to stop you from doing so. By sending cookies to this website you consent to sending cookies to this website.

    Only you can prevent cookies, and you have always had the power to do so. The EU legislators are morons, and it is impossible for this website to actually comply with their insane demands.

  13. Gov needs stop trying to decide technology choices by mysidia · · Score: 1

    Laws should request the result, not the method of getting there.

    Cookies have many important uses; most of them perfectly legitimate with no privacy ramifications. It is only abuse of cookies that pose a risk, and what might be regulated should be the potential result of motivations for abuse, not the means.

    They should repeal the cookie directive and replace it with a "Privacy Directive", regarding retaining and linking personally identifiable information to web history gathered from 3rd party websites And only linking, making record of an association, or inferring personal information gathered by the same website when the information is requested and submitted through an interactive form, and all information that will be linked when information was provided is conspiciously disclosed.

  14. It's the Web-browser's job! by evanh · · Score: 3, Insightful

    I've never understood the problem with cookies. Websites don't control cookies, the Web-browser does.

    The browser should only maintain cookies associated with the browsing window for as long as that window is open. There's no use in anything else. No timers of any sort, short or long, it gets ignored.

    Now scripting, that's another kettle of fish altogether.

    1. Re:It's the Web-browser's job! by Anonymous Coward · · Score: 0

      I do like the convenience of not having to log back in to Wikipedia every time I visit.

    2. Re:It's the Web-browser's job! by Darinbob · · Score: 1

      Add an exception for Wikipedia, and cross your fingers that they don't abuse it by shwoing you "it's been 451 days since you last donated to us" notices.

    3. Re:It's the Web-browser's job! by stub667 · · Score: 1

      Having used the excellent self-destructing cookies plugin for Firefox for a while now, yes, this should be the default way it works. With trivial white listing for the sites you do want to remember you, which in practice turns out to be quite rare.

  15. Disconnect by JBMcB · · Score: 1

    This is the central disconnect with most politicians. They simply don't realize that doing things in business costs money, and you can't just get more of it from somewhere.

    --
    My Other Computer Is A Data General Nova III.
  16. Cookies are an Implementation Detail by Luthair · · Score: 1

    I think the intent of the EU was to make users aware that their activities were being tracked, unfortunately they focused on an implementation detail of how that could occur. Really they should be telling users precisely how they are being tracked, data retention and why.

  17. Like Cookie Monster always said... by Anonymous Coward · · Score: 0

    Now what starts with the letter C?
    Cookie starts with C
    Let's think of other things
    That starts with C
    Oh, who cares about the other things?

    C is for cookie, that's good enough for me
    C is for cookie, that's good enough for me
    C is for cookie, that's good enough for me
    Oh, cookie, cookie, cookie starts with C!

  18. Just get rid of the darn things already by Anonymous Coward · · Score: 0

    Just get rid of the darn things already. Nobody checks if any of these websites conform with the directive anyway.

  19. I went to the consultation ... by hattig · · Score: 1

    It didn't inform me that the site uses cookies, but I checked, and there are 2.

    Standard JSESSIONID and one that stores the value of whether the user has JS or not.

    As an aside, the consultation is the least accessible piece of lawyer speak I have seen in a long time.

  20. Re:Gov needs stop trying to decide technology choi by Anonymous Coward · · Score: 1

    If you actually read the law, you would notice it's much more abstract as they do not even mention cookies. It is exactly as you described.

    Furthermore storing data for functional purposes is totally fine on the condition that it's removed at the end of the session. If you go for permanent storage or you want to track your user then you need to ask permission. It doesn't matter if you want to achieve that through cookies, images, flash, localstorage.

  21. It's a browser preference, dumbfucks by Anonymous Coward · · Score: 0

    What part of "Do not track" don't they understand? And for websites that don't honor that, there's always the preference to not accept cookies or to delete them when the session ends. Luckily filtering idiotic cookie warnings is also a browser preference: prebake

  22. Re:Gov needs stop trying to decide technology choi by TheGratefulNet · · Score: 1

    Cookies have many important uses; most of them perfectly legitimate with no privacy ramifications.

    care to offer any proof for this asertion?

    my experience - and likely that of EVERYONE ELSE - is that most cookes ARE there for tracking. did you ever look at them? ever see the 3rd party sites that store shit on your browser?

    webmasters are out of control. they essentially report to the marketing dept, these days (unofficially, but the marketing guys run the show, which is why the web is in the ruined state it is, now).

    pops, mouse-overs, model dialogs, all kinds of evil shit by these assholes and their minions. if I go to a popular website (which I rarely do) and see the adblock or noscript list of 'do you want to ok any of these?' the list is huge! more crap than content! this is what we now have. a web full of bullshit and junk for the 'regular people' and only the edge sites that are not mainstream can be viewed by those who have locked down their browsers and don't let them run rogue code from any old website.

    so often, I'll go to a site, see a blank page, know that I was just saved a whole shitload of crap being thrown at me, I control-w it and move on to something else. fuck them and their javascript and cookie crap.

    the web has, for the most part, turned as bad as television. both are sickening to view, when it comes to the mainstream sites.

    again, its all the marketing and advertising pukes that have ruined a good thing. its always the case with those assholes, too. they can't leave good things alone.

    --

    --
    "It is now safe to switch off your computer."
  23. Meanwhile, the Muslim hordes by Anonymous Coward · · Score: 0

    Meanwhile, the Muslim hordes overrun your lands and defile your women. At least you don't have to worry about cookies tracking what you buy on the Internet.

    1. Re:Meanwhile, the Muslim hordes by Anonymous Coward · · Score: 0

      In the UK we have a far bigger problem of footballers and celebrities defiling our women, than Muslims.

  24. I used to laugh at this by thegarbz · · Score: 1

    I finally moved to the EU. I used to laugh at this back when it was first proposed but wholly crap is this annoying. There's almost no website I can visit which doesn't produce some boilerplate warning saying that for the site to work you need cookies. Worst part is it typically loads after the content, so if your computer if slow enough then you're already trying to click a hyperlink when the popup appears and the entire page moves and you click on the wrong link.

  25. They TRIED it on my ancestors & failed by Anonymous Coward · · Score: 0

    See subject: Poland is who you can thank if you're of European descent (which I am proud of) as "the defender of Christianity" (which in the end due to "absolute power corrupting absolutely" went a bad too like all groups do...)

    It is just another power structure in the end too, it has its good people but it also has a LOT of bad doing "indulgences" & washing out heroin money for the Italian mafia in Vatican city itself... & imo? The groups play us all by letting us play ourselves by using our sensibilities against us.

    Jesus, Buddha, even Barney the dinosaur ARE RIGHT, but the world intentionally keeps you from that keeping you down while 'certain 1% others' play us all like morons (which we are until we wake up).

    This goes for ANY organized religion OR fraternal organization of men... JFK God rest his soul & God Bless Him, along with Eisenhower, warned of another... look @ the results for the former (power of the elite class himself albeit @ the expense of a crook father to get there who tried helping those in need, who needed it most to elevate them to a better state to make them feel good about themselves to not have to practice crime, who turned on "the powers that be")

    Which is WHY I wouldn't join the masons, being offered to join 3x in my life but who @ least somewhat 'telegraph' their plays beforehand!

    However - others, in certain religious groups, DO NOT & say "if you see anyone telling our secrets KILL THEM, they're soulless animals anyway" pretty much, OR will either cut your head off if you don't accept them OR their relatives who think you're all fucking cattle to be made slaves of, animals (funniest part is they ALL believe their own bullshit like "they are the ONLY ones w/ the God given right to rule all - more like Satan given right via the "holy dollar" & gold, the root of all evils).

    * You overestimate them - they'll recruit the stupid or ignorant or disgruntled only to use them as expendable assets soldiery - & if/when FORCE by number fails as it did in my example of Poland above? Next they try for infiltration, the province of the weasel!

    (Their opponents also feed you a line of bullshit like "You be a good little fool + thou shalt not kill, steal, nor covet thy neighbor's wife" while THEY do it, every single day to maintain control via fear etc.)

    Fraternal organizations galore out there too, pyramidical structures that are doing the same shit no matter where you look - using us all like fools who dance to "his masters voice"... you (myself too in my time) submit voluntarily. If you're looking for someone to blame? Look in a mirror for buying into the 'powers that be' bullshit lousy bill of goods intended only (mostly) to better their lives @ the expense of yours in a world of limited resources. Rather than balance it, they use gang up tactics (see the film "Brotherhood of the Bell" to get my point).

    APK

    P.S.=> Man, they're ALL the same, just different faces - abres los ojos... & all I can say is, IF you're "so good @ being masters of the planet, why the hell are the results so F'd up for then?" - that's all they say to YOU, now don't they? "Your job performance is down lately & if you value your job, you do as I say fucker" etc./et al (even if it means robbing & stealing from your own people)... apk

  26. Ah, Troll "illogic-logic" (lol) by Anonymous Coward · · Score: 0

    See subject: Speak for yourself! "Troll hypocrisy" fails - you're off topic. I replied to a poster's question, you're trolling.

    APK

    P.S.=> ... & failing - it's just "what you do/how you roll" in unidentifiable no-balls worms like yourself (& you know it, I certainly do)... apk

  27. The EU solved the wrong problem by Anonymous Coward · · Score: 0

    Cookies are not the problem. There are many add-ons out there to gain control over the cookie jar, and using one of them is more or less the end of user tracking. Problem solved.

    The directive completely fails to address the intrusive and obnoxious OTHER methods to track users, sometimes even across devices (ultrasound from TV to mobile, anyone?). Flash cookies are probably covered by the directive, but inserting headers, identification by enumerating the installed add-ons and fonts and so forth are fair game. Doing something about these methods is much more difficult, and now behavioral identification is imminent.

    The EU should make a directive that limits the tracking as such, not a specific mechanism.

  28. Re:Gov needs stop trying to decide technology choi by mysidia · · Score: 1

    care to offer any proof for this asertion?

    For starters..... Cookies are why I can navigate to http://slashdot.org/ every evening and post a comment without having to go through the repetitive task of typing in Yet another username and password every day.

    Cookies are why I can go to Youtube and watch a video..... the first time I see one, there will be an Ad shown..... Then I can go back and visit Youtube.com a few minutes later, find a new video, and they will give me a break because i've just seen an Ad ---- they won't force me to sit through another 2 minute pre-roll Advert again for at least a while, because Cookies told them they already made me watch that crap on their website.

    Those are just two uses of cookies that benefit me greatly and aren't a privacy issue.

  29. Re:Websites don't store cookies; web BROWSERS do t by Anonymous Coward · · Score: 0

    This!

  30. Re:Websites don't store cookies; web BROWSERS do t by Gonoff · · Score: 1

    If a user wants or doesn't want to use cookies, then they have already instructed their browser to take the appropriate action

    That is true for people here but you should talk to some users sometimes...

    --
    I'll see your Constitution and raise you a Queen.
  31. Can accepting tracking be considered a payment? by misnohmer · · Score: 1

    So, rather than denying access for those who don't wish to be tracked, can a company simply make its content pay-walled by default, but rather than paying $2 per month or something allow the users to accept tracking instead?