Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Sweden May Mandate Opt-in For Cookie Transfer

timothy posted more than 3 years ago | from the cookie-monster-swedish-chef dept.

Government 115

Vitdom writes "The present government in Sweden has published a proposition regarding 'Better rules for electronic communication.' Amongst other proposed amendments, it suggests that websites must inform the user of the 'purpose' regarding each individual cookie transferred to the user's browser upon connection. Secondly, it is suggested that the user must give his consent before the transfer of the cookie in question. The proposition is to be voted by the Swedish parliament on the 18 May this year. If accepted, the law will be in effect in June."

Sorry! There are no comments related to the filter you selected.

Yay (1)

Anonymous Coward | more than 3 years ago | (#35989018)

Yay for another obscure, legalese clause in the Terms and Conditions section of pretty much every web page that pretty much nobody ever reads.

It goes beyond that. (0)

Anonymous Coward | more than 3 years ago | (#35989034)

A nice pop-up when you visit almost any Swedish website explaining the cookie is necessary to remember your preferences from page to page and asking you if you want to proceed.

Re:It goes beyond that. (3, Informative)

kthreadd (1558445) | more than 3 years ago | (#35989114)

From what I understand this proposition only covers tracking cookies, not the use of cookies in general.

Re:It goes beyond that. (2)

Carewolf (581105) | more than 3 years ago | (#35989692)

But cookies in general does track users. This by far the most common use these days. Even they they are used to carry preferences it is often implemented with a tracking cookie that can then map user-id to preferences server-side.

Re:It goes beyond that. (4, Informative)

maxwell demon (590494) | more than 3 years ago | (#35989842)

But cookies in general does track users.

AFAIU "tracking cookie" means a cookie set from a third-party site in order to track you across several sites. The cookies Slashdot uses to keep track of you when logged in are not tracking cookies, because they are only set or read if you are going to Slashdot (at least I hope so). The cookies advertisers set are tracking cookies, because you get them and send them back whenever you go to a page where the advertiser advertises. You can get a cookie at Slashdot, and send it back when visiting the New York Times, or vice versa.

A simple (but not completely accurate) rule of thumb is: If the cookie comes from a server other than that found in the URL of the site and contains identifying information, then it's a tracking cookie.

Re:It goes beyond that. (4, Interesting)

Calydor (739835) | more than 3 years ago | (#35989674)

And if you say no you won't get a cookie remembering that you've said no, so on the next page you get a pop-up asking if you want the cookie, right up until people give up and just accept the cookie.

Re:It goes beyond that. (2)

houghi (78078) | more than 3 years ago | (#35989940)

It is not about declining the cookie. There are many other ways to do that. It is about sites explaining what they use the cookies for. So if the site is using doubleclick, it will need to explain that some cookie is used to offer specialized advertisement, while another might be used for color preferences.

That way people are informed at what goes on.

Re:It goes beyond that. (2, Interesting)

Anonymous Coward | more than 3 years ago | (#35990092)

I use nginx and drupal in the USA.
my nginx has it turned off cause I didn't add the module ngx_http_userid_module.
drupal does use a PHPSESSION cookie though.
In an effort to be nice to Sweden (where my favorite death metal music comes from) and to help fellow nginx+drupalers in Sweden
I am wondering...

What exactly do I say to satisfy Sweden's new law?
I am thinking right now it would be, this site uses cookies, I think because of drupal, but I don't really know the fuck why. It certainly isn't for profit, or tracking, or fucking with you, as you can see my site has no products, or advertisements. If you don't like that, the get on down the road bitch.

What language do I say it in? Is English okay?

Where do I say it? I don't want java, javascript, and extra flash or an ugly link on my artistic website
Is there a standard location like robots.txt where a website can put this shizzle without fucking up the operation of teh websites?

Please don't mark this down into troll-ville. I am being serious.

Re:Yay (3, Informative)

Weezul (52464) | more than 3 years ago | (#35989052)

I'll be happy if Sweden just fines Apple a few tens of millions because Safari's cookie management feature simply don't work. "Accept cookies : Only form sites I visit" has basically never worked. And cookies you delete using "Show Cookies" aren't actually deleted either.

Re:Yay (-1, Troll)

Anonymous Coward | more than 3 years ago | (#35989078)

you know what else doesn't work? Niggers.

Re:Yay (1)

malchus842 (741252) | more than 3 years ago | (#35990262)

Get the SafariCookies plug-in. Manages flash cookies as well. Works a treat!

Re:Yay (1)

jonbryce (703250) | more than 3 years ago | (#35989978)

That is no use if it deposits a cookie on your computer before you get a chance to read the T&C.

Re:Yay (1)

Noitatsidem (1701520) | more than 3 years ago | (#35992096)

And it totally enforceable! Go Sweden!

A lunch (-1, Troll)

asshole2423 (2095256) | more than 3 years ago | (#35989022)

Shit covered with cum, and glass of urine. Tasty?

C is for cookie, (1)

M8e (1008767) | more than 3 years ago | (#35989026)

That's good enough for me.

A breakfest (-1, Troll)

asshole2424 (2095260) | more than 3 years ago | (#35989030)

A hamburger with shit and crap inside and some peper

Re:A breakfest (0, Insightful)

Anonymous Coward | more than 3 years ago | (#35989068)

Man, Break Fest 2011 is gonna be a total bummer.




You must wait a little bit before using this resource; please try again later.

A new soft drink (-1, Troll)

asshole2425 (2095266) | more than 3 years ago | (#35989042)

10% urine 5% cum and 85% sewage.

Re:A new soft drink (0, Troll)

larry bagina (561269) | more than 3 years ago | (#35989092)

Eric Raymond [trollaxor.com] is way ahead of you.

Great move, Sweden. (2, Insightful)

tetromino (807969) | more than 3 years ago | (#35989046)

Let's make it harder for websites to use cookies for legitimate purposes such as persistent logins, habituate Swedish computer users to clicking on the "yes, allow" button, and make foreign companies face trial in Swedish courts for using standard web technologies, while doing nothing about advertisers' ability to track users without permission [eff.org] !

Re:Great move, Sweden. (0, Troll)

asshole2430 (2095288) | more than 3 years ago | (#35989072)

Trust me, that slashdotter is gay, I know him

Re:Great move, Sweden. (-1)

Anonymous Coward | more than 3 years ago | (#35989128)

Agreed

EU directive (3, Informative)

Anonymous Coward | more than 3 years ago | (#35989200)

This is of coursed based on an EU directive [europa.eu] . Not sure why Sweden was singled out.

Doesn't make it less stipid, but you know... maybe tone down the hyperbole a bit.

Re:EU directive (4, Insightful)

jgrahn (181062) | more than 3 years ago | (#35989386)

This is of coursed based on an EU directive [europa.eu] . Not sure why Sweden was singled out.

Because we plan to kidnap Julian Assange and lose him on a small island in the Baltic sea where the only female inhabitants are sheep?

Seriously, it might be because we have decent media coverage of these things. This is just one in a series of daft technological decisions coming from the EU, and journalists in .se are used to covering them. (And Slashdot readers in .se are used to submitting the results here.)

Re:EU directive (0)

Anonymous Coward | more than 3 years ago | (#35989444)

Seriously, it might be because we have decent media coverage of these things.
This is just one in a series of daft technological decisions coming from the EU, and journalists in .se
are used to covering them. (And Slashdot readers in .se are used to submitting the results here.)

What? .se coverage of EU matters is horrendous. Sure, once the laws decided there start showing up in country, coverage may start happening, but covering the EU parliament and the doings of the commission? Perish the though!

Re:EU directive (1)

jgrahn (181062) | more than 3 years ago | (#35990866)

Seriously, it might be because we have decent media coverage of these things. This is just one in a series of daft technological decisions coming from the EU, and journalists in .se are used to covering them. (And Slashdot readers in .se are used to submitting the results here.)

What? .se coverage of EU matters is horrendous. Sure, once the laws decided there start showing up in country, coverage may start happening, but covering the EU parliament and the doings of the commission? Perish the though!

If you say so -- I can't pretend that I'm following it closely. Although my argument still holds if coverage is even worse in other countries.

Re:Great move, Sweden. (0)

Anonymous Coward | more than 3 years ago | (#35989246)

Don't blame Sweden. It's an EU directive.

Re:Great move, Sweden. (1)

drinkypoo (153816) | more than 3 years ago | (#35989994)

Let's make it harder for websites to use cookies for legitimate purposes such as persistent logins,

You only need one cookie for all features if your site is competently designed: the one for tracking the user's session. Everything else should be stored on the server side anyway because you should never trust the client, didn't you learn anything from Sony? Trust in the client is the only reason you would ever need multiple cookies. And all you need is one nice little notice saying "we will use this cookie to manage your login" and BOOM you're done.

And while we're on the subject, it takes only fractionally longer for most users to make a POST request than to just do an HTTP GET, so unless your site is stupid and slow or your users are then you don't need ANY cookies. A quality CMS will degrade. If yours doesn't then it isn't.

Re:Great move, Sweden. (4, Insightful)

indeterminator (1829904) | more than 3 years ago | (#35990526)

You only need one cookie for all features if your site is competently designed: the one for tracking the user's session. Everything else should be stored on the server side anyway because you should never trust the client

There are perfectly valid reasons (not involving cross-site tracking) to use more than one cookie. If a session identifying cookie is used to identify an user account and grant privileges, it's usually a good idea to make that cookie disappear when the user closes his browser (i.e. a 'session' cookie). However, the user may have additional preferences on the site which are not personally identifiable, but for which it makes sense to store and use the setting even when the user is not logged in, for example, language selection on multilingual sites. Trusting the client is also a non-issue for things that are mapped to a single item from a set of possible choices (as long as the code implementing the parsing is reasonably sane).

(And for the Accept-Language header, try explaining to a client how they can change it. Or how to install a browser where they actually can change it.)

And while we're on the subject, it takes only fractionally longer for most users to make a POST request than to just do an HTTP GET, so unless your site is stupid and slow or your users are then you don't need ANY cookies. A quality CMS will degrade. If yours doesn't then it isn't.

Clicking on a link in a browser will cause a HTTP GET. Maintaining a session with URL parameters makes the URLs much less user friendly, and opens up a possibility for trivial social engineering exploits (e.g. lol paste your url here I'll have a look!).

Re:Great move, Sweden. (0)

Anonymous Coward | more than 3 years ago | (#35992050)

(And for the Accept-Language header, try explaining to a client how they can change it. Or how to install a browser where they actually can change it.)

OK, I just checked your assumption that this is a deeply hidden feature.

In Firefox: Options > Content > [Languages] Choose...
In Chrome: Options > Under the hood > Web content > Languages and spell checker settings...
In Safari (on Windows): apparently impossible
In Opera: Tools > Preferences > General > Language
In MSIE: Internet Options > Appearance > Language

So the only browser that doesn't make this easily configurable is Safari. I don't see how the interface in the other browsers could be much simpler. Keep in mind that this isn't a setting you would want to change all the time (except if you're a polyglot nerd), so it wouldn't be good to expose it on the top UI level. For most people, the language they want to use on the Web will be the same language their system and browser UI is in, and it needs to be set up only once (when installing the browser), and browsers can just default to the system language when you install them (not sure if they all do, but they should). If the computer's system language is not the client's first language, they have a misconfigured computer and that is their own problem and not some website's.

Re:Great move, Sweden. (1)

boldie (1016145) | more than 3 years ago | (#35991088)

I've read the bill and it is supposed to be enough to set the browser to allow cookies. The bill actually does not mention cookies at all. It is more generic to be technology independent.

If you read Swedish you can read the bill here http://www.riksdagen.se/webbnav/?nid=37&dok_id=GY03115 [riksdagen.se]

Cookie you say? (-1, Troll)

asshole2428 (2095274) | more than 3 years ago | (#35989062)

How about putting a mixture of shit cum and butter on top of the cookie?

Re:Cookie you say? (-1)

Anonymous Coward | more than 3 years ago | (#35989446)

If you add some sugar, and whip it up real well, you'll like it.

Slashdotters (yes you): (0, Troll)

asshole2429 (2095284) | more than 3 years ago | (#35989066)

You all suck goatse asshole, just don't admit that.

Spyware vs cookies (4, Informative)

Adayse (1983650) | more than 3 years ago | (#35989138)

I just read the proposal [google.com] and it's purpose, as far as cookies go, is to make spyware illegal to comply with an EU directive. The discussion centers around how to do this without requiring an opt-in for every cookie because cookies are also used to spy on you.

Third party cookies should be illegal but I very much doubt that this proposal wants to go there.

Re:Spyware vs cookies (4, Informative)

Morth (322218) | more than 3 years ago | (#35989406)

Here's the change we are discussing (google translate).

Old text:

Electronic communications may be used to store or access information that is stored in a subscriber or user-dares terminal equipment only if the subscriber or user of the controller is informed about the purpose of treatment and opportunity to prevent such treatment. This does not prevent such storage or access needed to perform or facilitate the transfer of electronic messages via an electronic communications network or which is necessary to provide a service that the subscriber or user has requested.

will be changed to:

Data may be stored in or retrieved from a subscriber or user equipment only if the subscriber or user will have access to information about the purpose of treatment and agree to it. This does not prevent such storage or access needed to transmit an electronic message via an electronic communications network or which is necessary to provide a service the subscriber or user has explicitly requested.

Not sure I've ever seen such an ambiguous law text.

Re:Spyware vs cookies (0)

Anonymous Coward | more than 3 years ago | (#35991270)

It isn't ambiguous, at least by swedish standard.

The first sentence says that the 'provider' can store a cookie on the subscriber/users hardware or retrieve the data to the 'providers' server if the 'provider' inform and ask the subscriber/user and the subscriber/user says yes.

The the next sentence says that the first sentence doesn't apply for data the subscriber/user has explicitly requested* or data thats needs to be stored/retrieve for technical reasons.

*For example putting something in a shopping cart or marking a video as a favorite.

Somebody is trying to break the Internet (1)

trifish (826353) | more than 3 years ago | (#35989158)

Seriously.

Re:Somebody is trying to break the Internet (1)

AHuxley (892839) | more than 3 years ago | (#35990272)

Just the free ad supported version. The paywall and social networking sites will be fine.

Re:Somebody is trying to break the Internet (0)

Anonymous Coward | more than 3 years ago | (#35991056)

You're assuming that cookies are not required for paywalls or any other sites that need to use sessions, persistent user prefs, etc.? Can you imagine the face of your grandma in Sweden being asked by every fucking site for permission to save a cookie?

Re:Somebody is trying to break the Internet (1)

AHuxley (892839) | more than 3 years ago | (#35991334)

A click on the websites register "waiver" page would offer a long legal document to clear all that up. Then the site could offer big tent "permission"/'cover' for all its ads and 3rd party tracking.
Only local low end sites without legal experts would have to use "permission to save a cookie" pop ups.

Technology issues (1)

Anonymous Coward | more than 3 years ago | (#35989226)

Assuming this is even real, it is absurd.

Cookies are only transfered and saved on the user's computer because the web browser allows them to be. Every web browser I have seen has the ability to both black list and white list cookie requests. In other words, the final decision if cookies are saved on the user's computer is determined by the browser, not the web site.

Next there are issues with its implementations. Lets assume the user rejects you sending a cookie. How do you know on the next page they rejected cookies? You can't, because cookies are used to carry this type of data from one page to another. Meaning that if a site wishes to use cookies for whatever reason, and you reject it, that it will have to prompt you each and every page you go to, with no way of determining if you have rejected cookies in the past.

Cookie management is not a job for websites, but web browsers... And I am sure some web browser already has a addon that prompts about every cookie.

Re:Technology issues (1)

amn108 (1231606) | more than 3 years ago | (#35989526)

You are talking about a lever that only few know about. The majority of users happily continue to use their browsers which in fact come preset with a very liberal (for the issuing end) policy of not only accepting cookies from pretty much ANYWHERE but also store them on disk as part of their browsing cache. In short, 9 out of 10 users are fed so much cookie, their teeth should grind to the roots. That's the reality. It's not about you and me who know how to fire up Preferences and set up our own policies.

Re:Technology issues (1)

Splab (574204) | more than 3 years ago | (#35989700)

Thats not an issue.

You embed a javascript that checks the local storage on the browser if cookie question has been answered and use that javascript to do the cookie management.

Users with js disabled will of course have to be presented with a page saying for legal reasons they can't browse the website.

Re:Technology issues (1)

BlueScreenO'Life (1813666) | more than 3 years ago | (#35990082)

I was going to reply something along these lines.

And feasibility aside, the EU directive is indeed mind-bogglingly stupid. How do you even enforce that? It's not meant only for EU websites, but also, and primarily, for any user browsing from the EU. How do you check that? Ridiculously inaccurate IP geolocation? What about Tor, proxies, etc?

Re:Technology issues (0)

Anonymous Coward | more than 3 years ago | (#35989962)

Come on dude, EVERYTHING that happens in a browser is because the browser allows it, including saving cookies, ajax requests, rendering page elements, launching plugins, etc etc

Re:Technology issues (1)

hedwards (940851) | more than 3 years ago | (#35990176)

I'm not aware of a setting to prevent the cookies from being read by other domains, but the settings to blacklist and whitelist cookies are typically not very good. I was doing that for a while with Firefox, and it was a huge pain. For some reason they decided to make it so that you end up having to either block everything or end up responding to hundreds of requests. And they won't let you edit a setting, no that would be too easy, if you change your mind about a setting you have to remove it then go back to that site, then make the correct decision. Which does little good if you just want to block every cookie from a domain except for the particular one that you need to use the site.

From my experience it tends to be that way for all the browsers, although it's been a while since I used any of the other ones and may have changed.

Re:Technology issues (1)

Anonymous Coward | more than 3 years ago | (#35990422)

Konqueror has an "always ask" option for cookies. And when Konqueror asks, you can allow or block the cookie, either :
-for the single cookie
-for every cookie from the same domain
-for all cookies

Nice sentiment (2)

sirlark (1676276) | more than 3 years ago | (#35989232)

Not sure how enforceable or practical it would be. Considering how central cookies are to today's web usage, I think it would be simply annoying to have to confirm each and every cookie before you get it. I like the the way Cookie Monster [mozilla.org] for firefox does it myself. Although, if the Swedish government wants to pay someone to write plugins/extensions for all the other browsers that work the same way, I'd be smiling.

Re:Nice sentiment (1)

mvdwege (243851) | more than 3 years ago | (#35989464)

Have you even RTFS? It's right in there, and otherwise it's in RTFA, according to the EU directive that this law is based on, you don not have to confirm each and every cookie.

Mart

Re:Nice sentiment (2)

Nursie (632944) | more than 3 years ago | (#35989630)

"Not sure how enforceable or practical it would be. Considering how central cookies are to today's web usage"

You know what, I've had cookies turned off for several months now, except for a few sites that I actually want the functionality they provide. My internet experience hasn't changed much on the whole, a few sites don't work so well. Most are just fine.

This tells me that the vast majority of the thousands of cookies that reside in the average browser are (at best) totally unnecessary, and are mostly unwanted tracking cookies for advertisers.

Cookies are a horribly overused tech that has people contribute to their own tracking for commercial purposes, mostly without their knowledge.

Implementation issues (3, Funny)

mwvdlee (775178) | more than 3 years ago | (#35989266)

How is a website supposed to remember whether a visitor opted out of cookies?

Re:Implementation issues (0)

Anonymous Coward | more than 3 years ago | (#35989278)

By user account?

Re:Implementation issues (3)

Cigaes (714444) | more than 3 years ago | (#35989294)

It can't. But it can remember people who opted in for cookies with a cookie.

In fact, they really thought it trough.

Re:Implementation issues (1)

jonbryce (703250) | more than 3 years ago | (#35989992)

Firefox Menu | Options | Advanced | General | Browsing | [x] Tell websites I do not want to be tracked

Re:Implementation issues (0)

Anonymous Coward | more than 3 years ago | (#35990428)

The same way it remembers other information about a user, by placing a cookie on their computer! Oh wait....

Browsers do this already... (1)

Lorens (597774) | more than 3 years ago | (#35989282)

How does this compare to an option in my browser that says "confirm by popup every cookie requested"?

Mandating that websites continue to function properly when the browser refuses to register cookies would at least be slightly smarter.

Consent is Implied: Dumbasses (3, Interesting)

VortexCortex (1117377) | more than 3 years ago | (#35989284)

Consent is implied by each individual user's web browser. Cookie Censorship need not apply, we already have the tools to manage our own cookie states (visitor discretion is not just advised, it's mandatory).

Much like the way no one can force you to visit their website, websites can not force your browser to accept a cookie -- And, last time I checked both IE & Firefox by default alerted me that a website was requesting to set a cookie, and the default action was to "[x] remember my decision" -- I opted to not have to answer yes each time, and instead opted to set my cookies to be cleared on each exit...

I am in no way prevented from disallowing all cookies... I remember writing web login systems before cookies were widespread -- URL MUNGING -- UHG! Hell, we even used the HTTP-REFERER (sic) header to transfer logins across domains (it contains your last visited URL -- the one before the current page request).

While I do like to know what the little opaque tokens are being used for, there is no reason to mandate their purposes be posted somewhere. Cookies are DESIGNED to track some user specific state information. Cookies track users. End Of Discussion. We know what they are for! Guess what else tracks users? Their IP ADDRESS; This, combined with URL munging == cookies. Netscape just wanted a formalized and more flexible way to do things...

I can imagine requiring a user to click yet another security dialog each time I add a bit of info or change the way a cookie operates -- To get around this one or both of the following WILL occur:

1. URL Munging, CSS style color hacks, and other tricks (like decoding a cached .PNG with client side JS) will be used instead of cookies for more user state preservation purposes.

2. The users will be given a "[x] Remember my decision" option, and we're right back to where we are now!

Ignorant fools -- When will we mandate that you must pass a technology test before voting for or against said technology related laws? EG: Score a 100% on the "Web Cookie" tech test, and you're fully qualified to vote -- score a 25% and your vote would be worth 25% of a vote since you don't know shit about what you're voting for or against....

Until then we'll keep having people who don't know shit pass ignorant laws based on "feelings" instead of "facts".

Consent cannot be implied (1)

Anonymous Coward | more than 3 years ago | (#35989968)

The problem is that most people don't know that they can disable cookies, let alone selectively. Furthermore, they don't understand what it's all about, and since it's a complicated technical topic (if you disagree you need to meet some users) they probably cannot be made to understand. The only thing they know is "if I disable cookies some websites don't work". That they could allow these specific cookies wouldn't occur to them, and neither that they could delete them later. And even if the browser asked what cookies to allow (which it generally won't because most browsers just accept all of them out of the box, as discussed before) the user would see a list of meaningless codes - and just accept them all, for ever.
This law is meant to address this. When you cross a bridge, you don't have to be an bridge engineer and figure out yourself if the bridge is safe - you know there are laws and standards in place so you, a layman, can cross any bridge without having to do a safety inspection on each one. Similarly, when you use the internet, you shouldn't have to be a computer engineer to figure out what gets stored on your computer and why - you should be able to trust that there are laws in place protecting you from abuse.
Now, perhaps this could have been more elegantly handled in the browser (just demand meaningful cookie names and remove the option to allow all cookies) - but thanks to technical people like you and me, who decided to a) include this option and b) to default it to on, this war is lost. It is, given Swedish law, nigh impossible to mandate how a browser should function in this regard, and any law to that effect won't affect the existing installed user base. Furthermore, it might very well be politically impossible to force things upon users for their own protection. In all other walks of life the burden and possible penalties are put on the miscreants, so such a law would be very hard to explain to citizens. So the law just forces service providers to do what they should have done anyway: inform the user what they store.

Re:Consent is Implied: Dumbasses (1)

hedwards (940851) | more than 3 years ago | (#35990198)

I disagree, until the cookie management settings are fixed and made to be functional there really is no basis for consent being implied. What I mean is that yes, you do have settings that work, but they're cumbersome, lacking in granularity and typically don't really give you much control. Plus, they're complicated and unless you're a power user, you don't necessarily know what you're doing, or even what cookies ought to be allowed.

Same goes for random javascript, sites rarely if ever tell you what javascript is supposed to run on the site and what is mandatory to keep the site going. If you look at the list of a huge number of sites these days, facebook shows up there. There's a reason why facebook is pretty much the first thing I put on any black lists I'm creating.

Re:Consent is Implied: Dumbasses (1)

starfishsystems (834319) | more than 3 years ago | (#35991020)

"Much like the way no one can force you to visit their website"

Every hyperlink in HTML can potentially force you to a different website than the one serving the current page.

Re:Consent is Implied: Dumbasses (0)

Anonymous Coward | more than 3 years ago | (#35992202)

And your mouse automatically clicks every single link like that, right? Fucking retard.

Links to the EU directive and the Swedish proposal (2, Informative)

Anonymous Coward | more than 3 years ago | (#35989290)

Always get your information straight from the horse's mouth. The IDG article is pretty clear for people that know the context and understand Swedish, but seem to totally confuse less informed slashdot readers and the really bad slashdot summary make the confusion even worse.

The proposal is based on an EU directive. Countries that are part of EU must implement all EU directives, or leave EU. Sweden don't have much choice in the matter. (Many other country parliaments implement undesired EU directives the same way as the Devil reads the Bible, Swedes would never do that, that would be dishonest and something a Swede would rather die then do (Swedes are often called the Japanese of Europe, because of cultural similarities), but that is another story.)

The EU directive in question (sorry about the PDF):
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2009:337:0011:0036:En:PDF

The Swedish proposal (Google Translate mangles the translation into meaning something entirely different, so I don't give you a Google Translate link, hope you can read Swedish):
http://www.riksdagen.se/webbnav/index.aspx?nid=37&dok_id=GY03115

Re:Links to the EU directive and the Swedish propo (1)

lordholm (649770) | more than 3 years ago | (#35989710)

Hmm... I've heard both Brits and Dutch complaining that they implement all the directives but everyone else ignores them. So apparently at least three states implement all the directives and everyone else (including the other two states that implement them), refuse to implement directives.

Logical? Hardly... but neither is any other myth about the Union.

Of-course, directives should be implemented! The main problem now is the lack of reporting of Union centric news, it would be good if normal newspapers would have a couple of pages of Union centric news since the general population is unlikely to read the EU Observer or similar publication.

Re:Links to the EU directive and the Swedish propo (0)

Anonymous Coward | more than 3 years ago | (#35990114)

The proposal is based on an EU directive. Countries that are part of EU must implement all EU directives, or leave EU.

This is AFAIK not true. Failing to implement directives will get a country fined (or threatened to be fined, or nothing may happen, depending on whether anybody cares). Any country can choose to ignore these threats and fines, at which point there may be sanctions and other repercussions. But at no point will a country be required to leave the EU - again AFAIK, there's no formal way of leaving the EU.

Age of consent (4, Interesting)

Alain Williams (2972) | more than 3 years ago | (#35989304)

Next comes the meme:

  1. Agreeing to accept a cookie is a legal agreement
  2. You can't enter a legal agreement until you are 18
  3. Ergo: you can't surf the web until you are 18

Hmmmm ....

Re:Age of consent (1)

kthreadd (1558445) | more than 3 years ago | (#35989342)

Not really. For it to be seen as that it's required that the agreement is returned to the issuer so that it also knows that it has entered the agreement. It would be kind of scary if two parties could enter an agreement that only one part knew they had entered.

I don't know what the age of consent has to do with that, it's 15 and has an exception for even younger if the age difference is small. It has nothing to do with legal agreements or surfing the web, well, maybe about surfing the web if you need to find a mate.

Re:Age of consent (1)

malchus842 (741252) | more than 3 years ago | (#35990314)

Pretty sure he means age of majority - the age at which you can legally enter into contracts, join the armed forces and generally control your own legal, financial, living and life arrangements. In the US, this is generally 18, though there are exceptions (e.g alcohol age is 21). Nothing to do with age of consent, which is about sexual relations (and tis age varies widely from US state to US state).

Re:Age of consent (0)

Anonymous Coward | more than 3 years ago | (#35989638)

> Agreeing to accept a cookie is a legal agreement
> You can't enter a legal agreement until you are 18

Makes sense. Don't track kids on the Internet, so websites should work without cookies....... even for adults. I am using Firefox and have cookies disabled per default, sites that require cookies I am either white-listing or not visiting. Why don't websites offer basic functionality non-intrusive?

Re:Age of consent (0)

Anonymous Coward | more than 3 years ago | (#35990096)

Funny, but...

Agreeing to accept a cookie is a legal agreement
You can't enter a legal agreement until you are 18

...neither of these statements are true.

Re:Age of consent (0)

Anonymous Coward | more than 3 years ago | (#35990386)

You currently have to be 13 to sign up for things like email accounts, so why would cookies be any different?.

Can cookies be used to cache/accelerate torrents? (2, Interesting)

Anonymous Coward | more than 3 years ago | (#35989356)

A few minutes ago I was wondering if it would be possible to chop a file into lots of tiny snippets and distribute them across millions of PCs as browser cookies ... ? I think it would be a great way to make the web rethink the cookie policy.

You already gave permission (1)

Anonymous Coward | more than 3 years ago | (#35989364)

Here in the Netherlands we have the same kind of law, but after protests from the technical crowd it appears the simply enabling cookies in your browser is a valid opt-in for placing cookies. Nothing to worry about, the law is just finally adapted to what already happens technologically...

Re:You already gave permission (1)

maxwell demon (590494) | more than 3 years ago | (#35989858)

Of course it's only an opt-in if the browser is default-configured to not accept cookies without asking.

Re:You already gave permission (1)

Sloppy (14984) | more than 3 years ago | (#35991120)

It's also opt-in if the user decided to install a browser which opts to both store and send back cookies. It's also opt-in if such a browser is already installed and the user decides to run it.

The reason this proposal (and others like it in the news lately) is so bad, is that it's based on a fundamental confusion. Someone seems to think cookies have something to do with web sites when really they're a web browser thing. The users' problem is that they are running software which isn't necessarily working for them; their problem has very little to do with who they are talking to.

I think politicians are loath to look at it in terms of who is really responsible, because once you accept the idea that people really do opt (with fully informed consent) to run potentially hostile software, combined with the idea that government must use force to prevent it, then that's the end of DRM, walled gardens, etc. So they're going to be lobbied to pass laws which deliberately misrepresent/misinterpret who is really responsible for what. All kinds of senseless nonsense will necessarily flow from that. Weird ideas about cookies are a symptom.

Re:You already gave permission (1)

maxwell demon (590494) | more than 3 years ago | (#35991692)

It's also opt-in if the user decided to install a browser which opts to both store and send back cookies. It's also opt-in if such a browser is already installed and the user decides to run it.

You have a very unusal interpretation of "opt-in". See below why it is utterly wrong.

The reason this proposal (and others like it in the news lately) is so bad, is that it's based on a fundamental confusion. Someone seems to think cookies have something to do with web sites when really they're a web browser thing.

I don't know a web browser which sets cookies without the web site requesting it. With your argument, I could as well say the web site isn't responsible for the site's content, because after all, it's the web browser which renders that content. The web server just sends a series of bits.

because once you accept the idea that people really do opt (with fully informed consent) to run potentially hostile software, combined with the idea that government must use force to prevent it

Here's your error: I bet that 90% of all people don't even know what cookies are (if they actually know that they exist). That's the point of opt-in: An opt-in solution makes sure that you have to explicitly(!) agree that it happens, which means you have to get informed about it if it happens (because if you are not informed, you cannot agree). For an informed user, opt-in and opt-out are equivalent. But for an uninformed user opt-in means that it won't happen without them at least knowing it (so they have at least the chance to inform themselves; if they don't use the chance and blindly click "yes", it's entirely their own fault, of course), while with opt-out they may not even be aware that it happens. That is why it is not opt-in if the default browser defaults to silently accept cookies. And it's also not opt-in if a non-default browser the user installs silently accepts cookies, unless that's a heavily advertised feature, so it can be assumed the user knows about it from the start.

so what is a cookie? (1)

boldie (1016145) | more than 3 years ago | (#35989490)

Is it just the traditional HTTP cookie? HTML-5 will let all kinds of data to be stored on clients and then you can use one of the techniques behind Evercookie [wikipedia.org] !
I've read the bill and it seems possible that the consent can be given by setting the browser to allow cookies. So this will do nothing. Do not track headers is much better!

And for websites that issue up to 20 cookies? (4, Insightful)

amn108 (1231606) | more than 3 years ago | (#35989510)

I pity the folks who, upon visiting a major website, have to wade through 10 dialogs where each more or less thoroughly tries to explain them the particular meaning of their "SC=" cookie and why they feel it is paramount for them to send it. It's suicide for both the user and the website.

Re:And for websites that issue up to 20 cookies? (0)

Anonymous Coward | more than 3 years ago | (#35991036)

I've read the bill and it is supposed to be enough to set the browser to allow cookies. The bill does not mention cookies at all. It is more generic to be technology independent.
 
  If you read Swedish you can read the bill here http://www.riksdagen.se/webbnav/?nid=37&dok_id=GY03115

Re:And for websites that issue up to 20 cookies? (1)

BlueParrot (965239) | more than 3 years ago | (#35991074)

The proposed law is ambiguous as hell and make explicit exceptions for cookies that are necessary to perform a service the user has requested. Thus session cookies should still be fine, as should the "remember me" checkbox you see on most web forums.

It works both ways, mate. (0)

Anonymous Coward | more than 3 years ago | (#35989584)

I suggest that the user must inform me of the purpose regarding every http header field posted to my server.

Great. (0, Insightful)

Anonymous Coward | more than 3 years ago | (#35989606)

So as a user, am i going to have to click a whole bunch of dialogs every time I want to log in to a website, just to say that I give them permission to give me a cookie which allows me to log in to the website?

Ugh - another misguided internet law.

UK Government Ahead Of The Game Then? (1)

Anonymous Coward | more than 3 years ago | (#35989716)

This EU directive must be implemented by May 25th but Sweden is a bit late to the party - it was covered by the UK government a few weeks ago:

http://techlogon.com/2011/04/17/new-european-website-law-is-a-gift-to-america/

Although the UK Government are committed to it they have said "We do not expect to take enforcement action in the short term against businesses and organisations as they work out how to address their use of cookies”. When a government advises its citizens that a law can be broken with impunity, it is a very bad law...

It'll make the Internet unusable (1)

EmagGeek (574360) | more than 3 years ago | (#35989724)

... especially on mobile phones...

Here's a little exercise. Go into your browser config and turn this feature on, and see how long you can tolerate using the web.

I imagine you won't last long.

Re:It'll make the Internet unusable (1)

maxwell demon (590494) | more than 3 years ago | (#35989864)

I don't know about mobile phones, but I know from experience that disabling cookies by default works quite well on desktop browsers. I of course enable cookies for services where I log in (it would be pointless to deny cookies when I give them even more identifying data anyway). There are very few web sites which require cookies that I consider worthwhile enough to allow them cookies (and then, I mostly allow them only as session cookies).

click (0)

Anonymous Coward | more than 3 years ago | (#35989758)

i will have to click and approve every damn cookie on websites

approve cookie number 372 ?

yes no

Re:click (1)

maxwell demon (590494) | more than 3 years ago | (#35989870)

Well, probably it would be a single sentence "this site needs cookies to work properly [link: site's cookie policy]. enable cookies for this site? [Yes] [No]"
Of course the cookie policy page should be readable without cookies enabled.

Lost the plot (1)

Grindalf (1089511) | more than 3 years ago | (#35989826)

I think they've lost the plot, it reads as if they've become paranoid obsessive! :0)

free lunch press corps failing us miserably (0)

Anonymous Coward | more than 3 years ago | (#35989918)

more like accomplices. sneaking looks out the windows? while off topic stand-up usually suffices, it looks like presenting images of water to extremely dehydrated folks, nowadays. stand-up like bush did? oprah? all that constant applause? same guys? free lunchers. sheesh.

the 'press' needs a good real replacement corps, as they now behave as the scriptdead free press corpse.

no one's fault? our own worst enemies? mother nature is not fooled/amused at all, but we are?

disarm. thanks again.

HTML5 (1)

malignant_minded (884324) | more than 3 years ago | (#35989938)

What about local storage? http://en.wikipedia.org/wiki/Web_Storage [wikipedia.org]

Re:HTML5 (0)

Anonymous Coward | more than 3 years ago | (#35990330)

They probably just ban the entire Internet when they sees that.

Re:HTML5 (1)

boldie (1016145) | more than 3 years ago | (#35991046)

The bill does not mention cookies at all. It is more generic to be technology independent.

If you read Swedish you can read the bill here http://www.riksdagen.se/webbnav/?nid=37&dok_id=GY03115 [riksdagen.se]

Re:HTML5 (1)

malignant_minded (884324) | more than 3 years ago | (#35991206)

Actually it does read your own links. Unfortunately I cannot read Swedish and the Google translation is a big fail but here is an excerpt:
9.4 Storage and retrieval of information, cookies etc. .... 133
9.4 Lagring och hämtning av information, cookies mm Regeringens förslag: Uppgifter får lagras i eller hämtas från en abonnents eller användares terminalutrustning endast om abonnenten eller användaren får tillgång till information om ändamålet med behandlingen och samtycker till den. Detta hindrar inte sådan lagring eller åtkomst som behövs för att överföra ett elektroniskt meddelande via ett elektroniskt kommunikationsnät eller som är nödvändig för att tillhandahålla en tjänst som användaren eller abonnenten uttryckligen begärt. Promemorians förslag: Överensstämmer i allt väsentligt med regeringens förslag.
It goes on. I would think a bill would be in the proper language so I don't understand why Google fails to translate.

Re:HTML5 (1)

malignant_minded (884324) | more than 3 years ago | (#35991464)

9.4 Storage and collection of information, cookies, etc., Government's proposal: Data may be stored in, or be derived from a subscriber or user's terminal equipment only if the subscriber or user should be access to information concerning the purpose of the processing and agrees to it. This does not prevent such storage or access for needed to transfer an electronic communication via an electronic communications network or which is necessary in order to provide a service which the user or expressly requested. (Proposal: broadly in line with the government's proposal. There: IAB Sweden (IAB), the Swedish Television AB (SVT) and Swedish tidningsutgivareföreningen (TU) recommend (proposal for the introduction of a consent for certain storage and collection of information provided that the provision is not intended to hamper the use of "cookies. TradeDoubler AB (publ) (Tradedoubler) considers that the proposal is acceptable but would prefer the more clearly showed that "legitimate techniques" includes so-called spårningscookies. The company believes that self-regulation is an effective way of getting to grips with any integritetsproblem concerning the use of cookies, not least because the technical progress is rapid. It is a positive development with a better regulation of privacy on the Internet. However, a more stringent requirements on consent should not lead to a few integritetsmässiga improvements for consumers. Such a change would lead to a user every time he will visit a site for the first time required a consent for example in a pop up-windows on the one hand for site function, on the one hand for annonsspårning. It is likely that it would quickly develop tools for automatic approval of cookies so that the user can provide a general consent at a time. A clear risk is then that the user undertaking, to provide a much more comprehensive agreement than is necessary and he would then risk ending up in a worse position than today. The Foundation for Internet infrastructure believe that Sweden should not legislate on the requirement of active consent to cookies etc. If for legal reasons it is nevertheless necessary to comply with the directive, believe the Foundation that in Sweden we should interpret legislation so that the user by means of amendments in its webbläsarinställning to automate assent. ...

Ridiculous (0)

cortana (588495) | more than 3 years ago | (#35989948)

Will they forbid the interpretation of TCP sequence numbers without explicit user permission too?

Couldn't the browser take care of this? (1)

bondiblueos9 (1599575) | more than 3 years ago | (#35990090)

What if browsers had an option to prompt the user for each cookie received, and what if the web standards allowed for a "purpose" field when setting a cookie?

It's a checkbox. (0)

Str1der (524776) | more than 3 years ago | (#35990154)

How about they just uncheck 'accept cookies' if they don't want them?

More stupid laws that are impossible to enforce (1)

countertrolling (1585477) | more than 3 years ago | (#35990540)

Unless there's a 'leak', you will never, ever know what is being gleamed from your computer.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?