Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Watchdog "Not Ready" To Probe Cookie Complaints

Unknown Lamer posted about 2 years ago | from the cookie-monster's-reign-of-terror-continues dept.

Privacy 166

nk497 writes "The UK data watchdog has admitted it doesn't have any staff investigating cookie consent complaints, more than a year after the law came in via an EU directive. The regulation requires websites to ask before dropping cookies and other tracking devices onto users' computers, and came into law in May 2011. The Information Commissioner's Office gave websites a year's grace period to update their websites, but failed to use that time to get its team together, meaning the 320 reports of sites not in compliance it's already received haven't been investigated at all."

cancel ×

166 comments

Like anyone is going to follow this (4, Interesting)

Anonymous Coward | about 2 years ago | (#40981065)

I have to wonder if the people who wrote this law even considered the complaints they likely received at the time to the effect that it would make the internet practically unusable. Yes, it's a good sentiment to not want to "track" people, but with the increasing use of cookies for actual technical purposes - not to mention logins and the like - this would quickly become unfeasible and irritating. Anyway, what of serverside tracking - you know, like Facebook almost certainly does using its extensive "Like this" and Facebook integration APIs? I am more worried about that than cookies.

No other country's developers are going to give a crap what the EU/British government says. All this will do is hamper European businesses' internet presence and probably cause a few notable companies (Google, etc) to sever ties with the specific countries actually enforcing it. There are certainly plenty of other reasons to do so these days.

It's kind of sad when the US is one of the less technically inept governments in the world, and it only is because of general failure to do anything.

--BKY1701

Re:Like anyone is going to follow this (3, Insightful)

mvdwege (243851) | about 2 years ago | (#40981487)

What actual technical purposes for cookies are there?

I wish you apologists for the privacy-violators had a better grasp of the technology; the whole point of cookies is to track the user, that's what they were invented for.

Now, some kind of tracking, like session tracking, may be necessary for the functionality of your site, but if you'd done your homework, you know that the makers of the directive considered that, and gave a specific exemption.

In other words: shut up, you fucking shill for the tracking industry.

Mart

Re:Like anyone is going to follow this (4, Informative)

Anonymous Brave Guy (457657) | about 2 years ago | (#40981695)

What actual technical purposes for cookies are there?

Some obvious ones are:

1. Maintaining an authenticated user session (logging in and out securely)

2. Storing the current state of the user's session (shopping carts and the like)

3. Remembering user preferences from one visit to the next

4. Analytics within your own site

I wish you apologists for the privacy-violators had a better grasp of the technology; the whole point of cookies is to track the user, that's what they were invented for.

That simply isn't true. There are plenty of valid concerns regarding using cookies, particularly third party ones, but if they were only meant for tracking then why bother inventing things like session cookies?

Now, some kind of tracking, like session tracking, may be necessary for the functionality of your site, but if you'd done your homework, you know that the makers of the directive considered that, and gave a specific exemption.

And that specific exemption is so tightly worded that it doesn't even cover all of the examples above, which is why we then wound up with the formal opinion of the EU data protection authorities a couple of months ago covering things like first party analytics cookies.

I'm a strong advocate of privacy, but I don't see any serious privacy problem with any of the usages mentioned above, there are obvious potential benefits to the user in each case. Regardless, how are all these "This web site uses cookies, and we know that no-one is enforcing the rules so we've put this token irritating box up even though we're relying on implied consent and we already set them all anyway" boxes doing anything useful whatsoever?

Re:Like anyone is going to follow this (4, Interesting)

mvdwege (243851) | about 2 years ago | (#40981845)

All four of your examples are examples of user tracking.

Face it, cookies are a workaround for the stateless nature of HTTP. Cookies are meant for tracking by definition

And you know what? Numbers 1 and 2 are covered. Number 3 is covered once you asked for permission, which you can do using number 1. That leaves 'analytics', which is usually PR-speak for 'tracking user browsing and selling it to the highest bidder'.

So of your three examples, 2 of them are covered, one of them is covered by extension, and one of them can be done without. I'd say, no great loss.

You want to track me? You need my permission, and you don't get it by default.

Re:Like anyone is going to follow this (0, Insightful)

Anonymous Coward | about 2 years ago | (#40981919)

"All four of your examples are examples of user tracking."

No, they are examples of storing information. A shopping cart is as much tracking as the CRC handbook is a vast spy network focusing on chemists.

"And you know what? Numbers 1 and 2 are covered."

Do you mean technically? Or legally? Or magically? It's hard to tell with you, because facts do not seem to be required for you to yell something.

"You want to track me? You need my permission, and you don't get it by default."

You know, if you feel so strongly about this, why not take a trip to your fucking browser settings, you dumbshit. You can never be "tracked" again just by disabling them completely. Hell, most browsers either have the built in or plugin-supported functionality to ask you every time a site tries to save a password.

I guess that would be too hard for you. The world has to adapt to you and what you consider to be good and bad. You're not sure how they will, but they'll have to, because the great mvdwege decrees it.

--BKY1701

Re:Like anyone is going to follow this (0)

mvdwege (243851) | about 2 years ago | (#40982227)

Yes, the world has to adapt to me, indeed. When it comes to my personal info, it's the same as regards my personal property: if you want it, you have to justify yourself.

That you are incapable of nothing but invective when asked to do so shows just what you are: one of those who thinks they are above common decency and even the law when it comes to making a buck, a huckster of dreaming becoming part of the 1% one day.

In other words, a fucking sociopath the world could do without. Kill yourself. This is not a joke, seriously, kill yourself.

Re:Like anyone is going to follow this (1)

bky1701 (979071) | about 2 years ago | (#40982401)

Well, hello there.

I'm not going to bother pointing out which posts made here under my name were not really me. I think only one was. It's probably pretty obvious anyway.

That said, I suspected you were a troll, and now you proved it. I will be quoting your fine post here in my signature to inform others of your nature.

Have a nice day.

Re:Like anyone is going to follow this (4, Insightful)

Anonymous Brave Guy (457657) | about 2 years ago | (#40982197)

Number 3 is covered once you asked for permission, which you can do using number 1.

Only if you force users to create an account just to keep your site's media player size the same or some other trivial but convenient detail.

That leaves 'analytics', which is usually PR-speak for 'tracking user browsing and selling it to the highest bidder'.

Nonsense. Every business I've worked with in recent years has used analytics to see how visitors are using their own site and ultimately provide a better experience for those visitors. Every single one. And for the record, exactly none of them sold any of that analytics data to anyone.

You want to track me? You need my permission, and you don't get it by default.

Then turn off cookies in your browser. It's not hard, and if you don't know how, a quick Google search will surely tell you.

However, I'm afraid I'm not going to compromise on the experience I can offer the other 99.997% of visitors to my sites because you want to make a fuss. No-one's forcing you to visit those sites, our policies are clearly stated and always have been, we're not doing anything even remotely shady in the eyes of just about everyone (except you, apparently) and just about everyone including us and many other visitors benefits if we pay attention to our analytics reports.

You might like to consider that if you really feel strongly about Internet privacy, you aren't doing anyone any favours either by scaremongering or by attempting to redefine commonly understood terms like "tracking" to mean something convenient for your argument but different to what everyone else means by them. When those of us who want to improve the privacy situation without throwing the baby out with the bathwater come to write to our politicians or send money to privacy groups, all it takes to counteract our reasoned arguments is one PR guy for a commercial ad network and someone hysterical like you, and the politicians who aren't experts are convinced that the advertisers are the only ones being calm and sensible, and therefore nothing needs to be done at all.

Re:Like anyone is going to follow this (1)

mvdwege (243851) | about 2 years ago | (#40982213)

I'm not the one scare-mongering. You are acting as if the WWW will collapse if you have to ask users for consent to track them.

Why are you so dead set on just being able to track me without asking me first? Have you no decency, or are you trying to hide what you want to do with my info?

Re:Like anyone is going to follow this (3, Informative)

Anonymous Brave Guy (457657) | about 2 years ago | (#40982267)

You are acting as if the WWW will collapse if you have to ask users for consent to track them.

You're still using that word "track" in a way that no-one else in the world does. You aren't going to win any debating points like that.

Also, the WWW wouldn't collapse, but it would become significantly harder for those running web sites -- which you apparently value enough to visit them if any of this is a problem for you in the first place. It would be more difficult to optimise sites according to what users were actually looking for and how they were really using them. That would inevitably mean site operators couldn't convert as many visitors either, which in turn would inevitably mean that some good sites that were only borderline financially viable in the early days would fail unnecessarily, leaving no site to benefit anyone.

Have you no decency, or are you trying to hide what you want to do with my info?

What info do you think I am magically getting? It's not as if these things are giving up your name, DoB and home phone number. Your average analytics cookie is just a random number, and is completely anonymous. And even if I did collect personal information from you, which for example you might volunteer when signing up for an account, I would be constrained by exactly the same data protection laws as anyone else handling any other kind of personal data in my country, including filing (at my own cost) details of what I'm collecting and how it is used with my government's data protection officials, who will then make it available to the public so that anyone, including you, can read it.

Re:Like anyone is going to follow this (1)

maroberts (15852) | about 2 years ago | (#40982393)

You want to track me? You need my permission, and you don't get it by default.

You virtually get it by default. Some of the messages simply say - we use cookies for all sorts of purposes, if you don't like it f**k off and use someone else's site.

Put simply it is pointless form filling.

Re:Like anyone is going to follow this (2, Insightful)

crutchy (1949900) | about 2 years ago | (#40981927)

1. Maintaining an authenticated user session (logging in and out securely)

cookies aren't required for that. they do offer the user the ability to automatically login (using a cookie) next time they visit, but you can do that without cookies too by either including a session identifier as a url get parameter (not recommended) or have a timeout set when you login that allows you to revisit without logging in again for a set period of time, authenticated by combination of IP address and username; IP address can be spoofed, so you might add a get parameter with a session ID as an additional requirement.
if the user is more interested in convenience than security that they would prefer a cookie, then a URL session ID probably isn't out of the question. at the end of the day, nothing is 100% secure, as cookies can be hijacked

2. Storing the current state of the user's session (shopping carts and the like)

mysql

3. Remembering user preferences from one visit to the next

mysql

4. Analytics within your own site

mysql

even notwithstanding all this, if you're not decent enough to seek the user's permission before dropping a cookie, then you're not dropping cookies for anything other than secretly tracking them. if you need to drop a cookie for any legit reason, then the user is more likely to grant permission to retain functionality than deny for the sake of some misguided privacy paranoia. in any case, for my sites i offer the option of using a cookie or (by default) keeping track of a session using a hidden post parameter for the session ID in each form. they don't need to know the details, just that if they want to be able to revisit without logging on then a cookie is recommended, and even when they elect to use the cookie, there is a button to delete the cookie and revert to the post parameter

Re:Like anyone is going to follow this (3, Insightful)

Anonymous Coward | about 2 years ago | (#40981959)

"cookies aren't required for that. they do offer the user the ability to automatically login (using a cookie) next time they visit, but you can do that without cookies too by either including a session identifier as a url get parameter (not recommended) or have a timeout set when you login that allows you to revisit without logging in again for a set period of time, authenticated by combination of IP address and username; IP address can be spoofed, so you might add a get parameter with a session ID as an additional requirement.
if the user is more interested in convenience than security that they would prefer a cookie, then a URL session ID probably isn't out of the question. at the end of the day, nothing is 100% secure, as cookies can be hijacked"

So opening a second browser window to the same site fails to be logged in (because it lacks the session). Or someone on your network is logged in as you, because lo and behold, they have the same IP.

More interested in convenience than security? For fuck's sake, get a clue about website design and security. Cookies, possibly with the ADDITION of the other two systems, are the industry standard for security. Cookies effectively allow re-authentication for every page view by sending a hash of identifying information to the server which can then be checked against the stored hash. IDs have usability issues enough to make them unsuited to general use, which is why they have not been used since the 90s. IPs alone are so insecure they are effectively not authentication. Cookies are the answer decided upon. Indeed, they are the onyl practical answer. I am sorry if you dislike that. Do not use the internet.

"3. Remembering user preferences from one visit to the next" - "'mysql'"

Sure... but what if you do not have user accounts? Are you going to store settings by IP? Yeah, we'll see how that goes. Obviously not by GET variable. So what, exactly, is your answer? Right. You have none. You're just a ranting idiot like the other one.

--BKY1701

Re:Like anyone is going to follow this (1)

crutchy (1949900) | about 2 years ago | (#40982125)

So opening a second browser window to the same site fails to be logged in (because it lacks the session)

not if i keep the same session id between page transitions (using a hidden post field), which is no less secure than using a cookie

Cookies, possibly with the ADDITION of the other two systems, are the industry standard for security

no they're not... they're the industry standard for efficiency (quick, cheap and easy)

Cookies effectively allow re-authentication for every page view by sending a hash of identifying information to the server which can then be checked against the stored hash

why do you presume that cookies are required for that?

IPs alone are so insecure they are effectively not authentication

neither are cookies on their own. security in depth is the only security, and as i said nothing is 100% secure. whatever your point, it was pretty pointless

Indeed, they are the onyl practical answer

since you apparently aren't familiar with any other methods, then for you i guess they are... ifyou want to use cookies i won't even try to stop you :)

Sure... but what if you do not have user accounts? Are you going to store settings by IP? Yeah, we'll see how that goes. Obviously not by GET variable. So what, exactly, is your answer? Right. You have none. You're just a ranting idiot like the other one.

if you don't have user accounts then cookies are an alternative, but then security and logging in would be out of the question too. without cookies i could use a combination of IP and a miriad of parameters derived using javascript (check out https://panopticlick.eff.org/ [eff.org] ), but i could also use hidden post fields

you're just an insecure moron who loves cookies

Re:Like anyone is going to follow this (2)

Anonymous Brave Guy (457657) | about 2 years ago | (#40982229)

So just to be clear, your proposed alternatives to cookies are:

1. sending exactly the same kind of state information (session ID etc.) but in places like hidden POST fields instead of cookies

2. using covert browser fingerprinting on the server side.

Exactly how is either of those approaches not at least as capable of covert tracking of your visitors? Not to mention being more than a little creepy, particularly in the latter case since even a user who has explicitly chosen to disable cookies and send Do Not Track is still probably going to wind up in your system. And of course being far more work to implement and test, because instead of using the tool designed for the job you insist on trying to force another tool designed for a different job to do the work instead.

Re:Like anyone is going to follow this (1)

crutchy (1949900) | about 2 years ago | (#40982319)

the problem with third party cookies is the ability to track a user across multiple domains due to their persistence (they can be stored on the client computer indefinitely until the user proactively deletes them). cookie hijacking is also a problem.

http://en.wikipedia.org/wiki/HTTP_cookie#Privacy_and_third-party_cookies [wikipedia.org]

...but you're right that database-enabled pages are capable of coverty tracking visitors too, by serving a page with some javascript in a hidden iframe that talks to the parent window... i'm not saying that doing this is a good thing (it's not), but it doesn't exonerate third party tracking cookies either

Re:Like anyone is going to follow this (1)

stridebird (594984) | about 2 years ago | (#40982359)

So just to be clear, your proposed alternatives to cookies are:

1. sending exactly the same kind of state information (session ID etc.) but in places like hidden POST fields instead of cookies

Which of course requires every link on the page to fire up the hidden FORM submit too. Didn't the wise guys at microsoft ASP try this for a while? Wrap every page in a FORM?

Re:Like anyone is going to follow this (1)

crutchy (1949900) | about 2 years ago | (#40982379)

what's wrong with hidden post fields in forms? they work. if you don't like them, use cookies

Re:Like anyone is going to follow this (1)

bky1701 (979071) | about 2 years ago | (#40982431)

Didn't you just finish ranting to us about how we SHOULDN'T use cookies, and SHOULD use your kludge, which results in the aforementioned massive forms?

It is obvious to anyone with a clue that abusing GET/POST that was was not intended, which is ironic, since you were in your other post going on about what HTTP/HTML was somehow intended to be. Every "bad" kind of tracking is just as easily possible on the server side, if not more so. Cookies are enforced per-domain. Access-based tracking is effectively cross-domain. Embed an image linked from Facebook in your website? There is a VERY good chance Facebook is recording the views, IPs, and domains from which they come, and comparing that against login data. All serverside: Facebook knows which porns sites you go to, with no cookie involved.

If you had sense, you would be worried about THAT, not bitching about cookies and spewing nonsense about what you think would be somehow better, despite numerous actual programmers pointing out the problems your ideas would cause.

Re:Like anyone is going to follow this (0)

Anonymous Coward | about 2 years ago | (#40981715)

What actual technical purposes for cookies are there?

Start here, follow the citations and read the RFC's. It might prevent you from making an utter fool of yourself again in the future.
http://en.wikipedia.org/wiki/HTTP_cookie

Re:Like anyone is going to follow this (1)

crutchy (1949900) | about 2 years ago | (#40981971)

apparently you're not familiar with a database, or hidden post fields, which in combination with server fields like remoteaddress and get params, can pretty much achieve anything that a cookie can (even clandestine third party tracking through single pixel iframes, which is what the law in question is meant to address, can be done with hidden post fields and a bit of javascript)

http://en.wikipedia.org/wiki/HTTP_cookie#Alternatives_to_cookies [wikipedia.org]

perhaps you should read all of the page before making an utter fool of yourself again in the future

Re:Like anyone is going to follow this (0)

Anonymous Coward | about 2 years ago | (#40981987)

The question of course then becomes: can that all not be used for "tracking" as well? Like, you know... the original post I made points out is occurring now?

The whole cookie thing is a tempest in a teapot largely propagated by people who have not felt the need to learn anything about computers since the late 90s. It is really telling when they think cookies are uniquely problematic, easily gotten rid of, or even, indeed, the worst threat to privacy.

Ineptness, and lack of critical thinking.

--BKY1701

Re:Like anyone is going to follow this (1)

crutchy (1949900) | about 2 years ago | (#40982131)

mysql can be used for tracking

it can even be used for tracking third party website usage

but online marketing use third party cookies mainly because of their persistence... but surely you knew that

Re:Like anyone is going to follow this (1)

Anonymous Brave Guy (457657) | about 2 years ago | (#40982283)

but online marketing use third party cookies mainly because of their persistence...

[Emphasis added]

You're moving the goalposts.

Re:Like anyone is going to follow this (2)

crutchy (1949900) | about 2 years ago | (#40982327)

i didn't realise there were goalposts

Re:Like anyone is going to follow this (2)

Anonymous Brave Guy (457657) | about 2 years ago | (#40982421)

You've just attempted to quietly redirect the entire discussion from cookies in general (which have many valid uses) onto third party cookies (which have rather fewer valid uses and some obviously sinister ones).

Re:Like anyone is going to follow this (1)

bky1701 (979071) | about 2 years ago | (#40982443)

I'm not personally worried about online marketing. I'm worried about massive online databases of the sites I access. Cookies are not the primary method by which those are constructed, nor is getting rid of cookies a feasible goal, nor is it sensible when so many other, bigger problems exist. The EU directive is nonsense written by idiots, and people like you are eating it up because it makes you feel all warm and fuzzy to be "protected" from Google.

Re:Like anyone is going to follow this (1, Informative)

Anonymous Coward | about 2 years ago | (#40981775)

"I wish you apologists for the privacy-violators had a better grasp of the technology; the whole point of cookies is to track the user, that's what they were invented for."

I am a C++ programmer, who has programmed numerous websites (several languages), currently in the third year of a Chemical Engineering degree, who uses (Arch) Linux as his main OS, and generally can handle just about any technical matter required of me. Why do I suspect you have never so much as executed a batch file? Oh, right. Because you're an idiot ranting about something you obviously do not understand.

"What actual technical purposes for cookies are there?"

If you actually knew what you were talking about - or maybe read the fucking post you replied to - you would be able to answer this question, rather than only pose it rhetorically as a vague insult.

"Now, some kind of tracking, like session tracking, may be necessary for the functionality of your site, but if you'd done your homework, you know that the makers of the directive considered that, and gave a specific exemption."

Considering how little this will realistically accomplish (again, had you read my post, you would have been educated on a real privacy threat this does nothing to address), please do not expect me to have faith in their ability to make proper exclusions. According to others, they have not - it is not worth my time to read the actual directive in order to address a fool like yourself.

"In other words: shut up, you fucking shill for the tracking industry."

It is amazing the kind of dumbshits that come out on Slashdot sometimes. Let's see: 1. Ignore all facts, especially those stated in the post you are replying to, 2. Act as if no one knows the facts you just ignored, 3. Make unfounded claims, 4. Close with an ad hominem accusing someone of being a shill (because 'the tracking industry' would spend their PR money on making semi-anonymous posts on Slashdot. Pull your head out of your ass). What's more amazing is that it seems you were modded up once. Guess I need to go to metamod more. Standards are slacking.

I suppose I am partly to blame, as had I posted this under my account, you wouldn't have had the balls to post that nonsense. Unfortunately, I do not log in from insecure locations.

--BKY1701

Re:Like anyone is going to follow this (2)

crutchy (1949900) | about 2 years ago | (#40981997)

currently in the third year of a Chemical Engineering degree... and generally can handle just about any technical matter required of me

i'm qualified in aerospace engineering, experienced in aeronautical engineering, and now developing structural engineering compliance software, with over ten years of programming experience in a few languages (delphi, php, c, js), but it doesn't mean i know what i'm talking about all the time. even if a matter is within your field of expertise, its very doubtful that you know every aspect of that field inside and out.

from one engineer to another... your qualification will never be proof that you have any idea what you're talking about, and when you do know what you're talking about you won't need your qualification as proof

Re:Like anyone is going to follow this (0)

Anonymous Coward | about 2 years ago | (#40982039)

And yet I'm still one of the only two people in this conversation to actually bring any facts... and the other one was supporting what I said in the first place.

My statement, as you might notice by the position directly below a quotation, was to address the "wish" that "privacy-violators had a better grasp of the technology."

I also find it pretty hilarious you felt the need to show up my "qualifications" right before saying they're not proof of having any idea what you're talking about. Finally you said something I can agree with!

--BKY1701

Re:Like anyone is going to follow this (1)

crutchy (1949900) | about 2 years ago | (#40982153)

the "wish" that "privacy-violators had a better grasp of the technology

its funny that you assume your jibberish to be remotely factual

privacy violators are experts in the techology that you're referring to... and that's how they take full advantage of it. its also why the problem has arisen in the first place and why laws have been enacted in an effort to reduce it

I also find it pretty hilarious you felt the need to show up my "qualifications" right before saying they're not proof of having any idea what you're talking about. Finally you said something I can agree with!

right. whatever that means. i wasn't trying to "show up" anything, but merely show that just because i have a qualification doesn't mean i know any more than you do (quoting myself: "but it doesn't mean i know what i'm talking about all the time")... remember you're the one that keeps assuming that (throughout every comment you've made in this article thread). being an aeronautical engineer doesn't mean i know any more about aircraft than someone that isn't an aeronautical engineer, but i would never be so naiive to assume that, whereas you seem to think you know everything technical (quoting you: "can handle just about any technical matter required of me"). having said all that, just because i don't claim to know more than you doesn't mean i can't debate things

Re:Like anyone is going to follow this (1)

bky1701 (979071) | about 2 years ago | (#40982473)

Again, my entire purpose for citing anything of my experience was to counter the statement that I must know nothing because I disagreed with the second-to-original retard poster. I am sorry it makes you feel inferior somehow that I do so. What you said is pretty obviously self-contradictory, and summarizing the exchange as I see it:

Me: "Well, I'm going to be an engineer."
You: "I am an engineer! A better one!"
You: "But qualifications don't matter!"

It's kind of self-contradictory and I am not sure what you hoped to gain. I was countering an ad homenin. Why you felt the need to make the discussion a dick sizing contest I am not sure. Perhaps because I am indeed the one quoting actual facts and you are just ranting about things?

Re:Like anyone is going to follow this (0)

Anonymous Coward | about 2 years ago | (#40982047)

Disregard that, I suck cocks.

--BKY1701

Re:Like anyone is going to follow this (0)

Anonymous Coward | about 2 years ago | (#40982101)

Oh boy, the idiots invade. I guess I am going to need to make a listing of which posts are really mine when I get back on my other computer.

Re:Like anyone is going to follow this (1)

mvdwege (243851) | about 2 years ago | (#40982245)

No, you're an anonymous coward on Slashdot, and I am the Pope.

Seriously, do you think you impress anyone waving your imaginary dick around? Especially since we'd need a microscope to see it?

I don't need to brag to have the facts on my site. Cookies were invented to bypass HTTP's inability to track state across requests. Any use of cookies is to persist state across HTTP requests; since requests come from users, cookies ipso facto track users.

If you are disputing even that basic fact, then no list of imaginary credentials is capable of hiding who is the idiot here.

Mart

Cookies suck (2, Interesting)

symbolset (646467) | about 2 years ago | (#40981071)

The WWW is supposed to be stateless for a reason. I'm going to come right out and say that the cookie is the dumbest invention since Token Ring.

Re:Cookies suck (3, Insightful)

Anonymous Coward | about 2 years ago | (#40981087)

Says the guy logged into /. via cookies

Re:Cookies suck (0)

symbolset (646467) | about 2 years ago | (#40981119)

I am not responsible for the design of /. If I were I'd take a flamethrower to this place.

Re:Cookies suck (1)

cheater512 (783349) | about 2 years ago | (#40981179)

No, but you are responsible for creating an acocunt and being logged in.

What would you prefer? HTTP Auth?

Re:Cookies suck (2)

mark_elf (2009518) | about 2 years ago | (#40981203)

Prefers flamethrower (ibid.).

Re:Cookies suck (1, Interesting)

symbolset (646467) | about 2 years ago | (#40981215)

All the essential data can be passed in the URI. You need one short session signifier that can be added to the extant argument list. This is fine in https - which all websites should use for logged-in users, though it's a problem in http.

Re:Cookies suck (1)

symbolset (646467) | about 2 years ago | (#40981233)

Obviously adding this session signifier to all the links on the page requires an output filter.

Re:Cookies suck (1)

cheater512 (783349) | about 2 years ago | (#40981259)

Not to mention an awful lot of code for more than a simple site. E.g. ajax, forms, etc...

How do you handle bookmarks? 'Remember me logged in on this site'? Session expiry? Links from a friend/email (would you get logged in as them)?

Re:Cookies suck (1)

symbolset (646467) | about 2 years ago | (#40981485)

None of these things require cookies. I had a proof laying hereabouts, but I've lost it. If you think about how to do each thing though, the solution is obvious.

Re:Cookies suck (1)

cheater512 (783349) | about 2 years ago | (#40981669)

A forum?

If you has a session id in the url alone, bookmarking/linking to a page would log you out.
If you gave a link to a friend, it would log them out and depending on how secure it is, log them in to your account.
It would be impossible to remember your login for the site.
Search engines would get tripped up by them while crawling.

Session IDs should really be kept out of reach from humans. They make everything really messy.

Re:Cookies suck (1)

crutchy (1949900) | about 2 years ago | (#40982037)

hidden post fields and mysql

Re:Cookies suck (1)

stridebird (594984) | about 2 years ago | (#40982373)

you keep saying "mysql" as a solution to this. Hey crutchy boy I've read enough of your shit already, but do tell how "mysql" is the solution to anything here?

Re:Cookies suck (1)

crutchy (1949900) | about 2 years ago | (#40982429)

Hey crutchy boy I've read enough of your shit already

get over yourself, twat

how "mysql" is the solution to anything here

its not a solution to anything here, its just an alternative to cookies that twat bitches like you are so enamoured of

using a php/asp/perl script you can read get or post fields (you can even read cookies omg!) and store the data in a mysql database, so that the data is retained between page transitions. its not rocket science you stupid twink. wtf is so special about cookies anyway?

Re:Cookies suck (3, Interesting)

Blakey Rat (99501) | about 2 years ago | (#40981501)

And God-forbid someone copies their URL and pastes it to a buddy on IM or Twitter.

Oh wait, let me guess, you combine your URL session with an IP address, right?

In which case: God-forbid someone switch wifi networks expecting their session to still be valid. Ride mass-transit? Do they provide wifi with a constantly shifting IP as the train moves? Good luck getting on to my super-awesome no-cookies site! Cellphone? Idiot! Cellphones can no longer browse the web!

Re:Cookies suck (1)

symbolset (646467) | about 2 years ago | (#40981529)

This cannot be done in an https session.

Re:Cookies suck (0)

Anonymous Coward | about 2 years ago | (#40981813)

Sure it can. Http only defines that you have ssl running below http. Everything above SSL/tls is fair game for the server and client. The common practices for https able browsers is just some common ideals. Don't cache stuff, keep cookies to sessions, etc. I can make lynx ignore those and keep cookies in a plain text cookie jar with http cached.

Re:Cookies suck (1)

crutchy (1949900) | about 2 years ago | (#40982031)

pass the session id in a hidden post field, and for hyperlink submits use javascript (slashdot is plagued by js anyway)

passing a session id in every submit adds to the size of the page, but have you seen all the garbage that pads web pages lately? maybe if developers focused on problems like div soup and an excess of eye-candy css and js, slashdot would be much more efficient even without cookies

Re:Cookies suck (0)

Anonymous Coward | about 2 years ago | (#40981645)

HTTPS sucks for a well protected dialup account. When you are restricted to 48Kb, any overhead to protect the sheep makes our connection even more unusable.
In the 1990's, I was able to stream two low band audio feeds while browsing. Now I can't even stream one audio connection.

Re:Cookies suck (1)

Johann Lau (1040920) | about 2 years ago | (#40981957)

All the essential data can be passed in the URI.

What? If you pass it in the URL, use HTTP Auth, or use cookies, it doesn't matter.

GET /url_of_resource/session_id/ HTTP/1.1
Host: example.com
Cookie: BLAH=session_id_or_whatever
Authorization: Basic blah_blah_blah

And you're seriously saying shuffling it around from one line to the other makes a difference? That's just silly.

More importantly, you're still simulating state. Just in an ass-backward way, for example making copying & pasting links a pain, for no fucking reason. And of course, if you store it in the cookie, you store it once. If you append it to all internal links, you're just bloating every single page. And you send it either way, wether as cookie, HTTP auth, in the URL or whatever. It IS part of the request.

You said "the WWW is supposed to be stateless for a reason", and I say citation needed. You're confusing HTTP, which is stateless indeed, with the servers and clients using it.

Also, state is useful for more than logging in. Think a forum which allows anonymous users to set how many threads / posts per page they want to see, etc. There's plenty of good reasons for it, while you haven't offered anything but unfounded assertions so far.

Guys, if you've never seen a fucking HTTP header in your life, refrain from modding such stuff in the future. That would help.

Re:Cookies suck (3)

mwvdlee (775178) | about 2 years ago | (#40981331)

The WWW is supposed to be stateless

According to who?

Re:Cookies suck (4, Interesting)

symbolset (646467) | about 2 years ago | (#40981497)

Tim Berners-Lee [wikipedia.org] . The guy who invented the thing.

Re:Cookies suck (1)

Anonymous Brave Guy (457657) | about 2 years ago | (#40981747)

The IETF disagrees [ietf.org] . They know a thing or two about running the Internet, too, I hear.

Learn proper grammar! (0, Funny)

Anonymous Coward | about 2 years ago | (#40981531)

According to who?

The word is whom, asshat.

Duh.

Re:Cookies suck (3, Informative)

dmomo (256005) | about 2 years ago | (#40981599)

No. HTTP is supposed to be stateless. WWW just makes liberal use of HTTP. Every HTTP request should be made in isolation. WWW can still be stateful while sticking to this convention.

Punctuation... FTW (1)

c0lo (1497653) | about 2 years ago | (#40981117)

Let's have some fun, otherwise this is a so "Not news" item it should be posted on Idle (the lest redundundundant title should have been: Watchdog "Not Ready"). So...

Watchdog "Not Ready" to probe cookie! Complaints.

Watchdog "Not Ready" to probe! Cookie complaints.

Watchdog "Not Ready" to?! Probe cookie complaints!

Re:Punctuation... FTW (1)

Jade_Wayfarer (1741180) | about 2 years ago | (#40982201)

Even better, space opera version:
Watchdog "Not Ready"! To probe! Cookie, complaints!

I can even picture some space marines storming important height, when their commander hears on the radio that other team codenamed "Watchdog" is not ready, so they have to retreat to some probe. "Cookie" is current team's engineer, who is commanded to deploy some "complaints" - proximity mines, maybe?

Hm, actually, I think I'd watch that movie...

Dumb laws are dumb. (5, Informative)

VortexCortex (1117377) | about 2 years ago | (#40981173)

When you go to a web site that "stores cookies" in your browser, what happens is that a HTTP "Set-Cookie" header is sent to your browser. YOU HAVE THE POWER TO DISABLE COOKIES in your browser. It's not like the remote site can make your browser save the cookie.

The user already has every capability to prevent the remote sites from storing any cookies. Simply DISABLE ALL COOKIES. Then, if you run across a site that has a feature requiring cookies (stateful sessions, like logging in), then and ONLY THEN DO YOU ENABLE COOKIES for that site alone. White list it. Oh your browser doesn't have a white list? YES IT DOES. IE does. FF has the Cookie Monster plugin among other ways, Chrome has -- Fuck Chrome! Chromium Exists. Chrome is closed source and has Google's secret advertising sauce added if you don't like cookies why would you use Chrome?! Google Sells Ads.

Now, being a primordial deep one from time immemorial, I remember an age before cookies existed. I used caller ID, bitrate and handshake timings to log and verify my visitors' identity in the BBS era. Then came the Internet. I used a hash of the user agent, IP address, and other header strings along with URL munging (crazy crap you see after the ? in your address bar) to identify and verify users. Cookies allowed us to stop crapping up every URL on the page, and causing massive link rot... So, you want to make laws about cookies, eh? Well there are levels of tracking we are willing to accept, and we don't even need the damn cookies to do so. Enjoy server side storage of your IP address, browser signatures, and Query Strings cocking up your bullshit European URLs....

Get bent morons. Cookies are good for you, at least YOU can control them. You can't very well control whether or not servers use URL munging....

Re:Dumb laws are dumb. (1)

purpledinoz (573045) | about 2 years ago | (#40981533)

The problem is that most people have no idea about anything. I agree though, making laws to ask sites to comply to some regulation is stupid. Browsers should have better and easier to use cookie whitelisting by default. This way, if a website detects its not on the whitelist, it will have to ask the user to add them to the whitelist.

Also, people use Chrome because it's faster. It's just way faster than Firefox, at least on Windows on my slow PC.

Re:Dumb laws are dumb. (4, Insightful)

epp_b (944299) | about 2 years ago | (#40981579)

I've been wanting to say exactly this every time I see another retarded story about cookies. Thanks for giving me a hand.

Just in case it was missed: COOKIES ARE HELPFUL TO YOU, YOU MORONS.

Want online shopping? Cookies.
Automatic login to 9000 different sites? Cookies.
Remembered configurations and searches? Cookies.
Convenient URLs that you can remember? Cookies.

As the parent explained, YOU hold the control in deciding what, how and when sites can store cookies on your machine. If you can't be arsed to spend a half hour learning to protect your privacy, you don't deserve it.

Dim-witted, pandering, posturing politicians passing some idiotic "cookie legislation" is going to cause you to have *less* privacy, security and convenience.

Re:Dumb laws are dumb. (1)

Smauler (915644) | about 2 years ago | (#40981659)

As much as I am in favour of the intent of this law (restricting access to people you don't to access your browsing habits), it's not working in the slightest, and it was _never_ going to work.

Firstly, people don't want it (popups asking if they want cookies enabled are annoying and counterproductive)

Secondly, no one is actually complying with the law, including governmental bodies.

Thirdly, the internet is global now (wait, when did that happen?)

All that, and like parent said, cookies are a good thing in lots of cases.

Re:Dumb laws are dumb. (0)

Anonymous Coward | about 2 years ago | (#40981729)

Lots of sites are complying the the law. Uk based ones that is. I have had to make my companies web site compliant - with implied consent (ie you don't have to click a button to be considered to agree) as we are using 3rd party cookies.

It is still a pain in the arse and I am purposely ignoring the various requests from many sites because the law is stupid. Well intentioned, but stupid.

Re:Dumb laws are dumb. (1)

crutchy (1949900) | about 2 years ago | (#40982079)

and you're probably one of those morons who would complain about receiving too much spam

if you don't want to drive away users with useless prompts, don't use cookies

if you provide a cookie mechanism for user convenience, don't enable it by default and let the user click a link/button to proactively enable/disable it

having said that, most browsers have an option to disable third party cookies, and any site that requires them to work isn't worth visiting

Re:Dumb laws are dumb. (1)

MrL0G1C (867445) | about 2 years ago | (#40982129)

Want online shopping? Cookies.

Agreed and it should be read as implied when you visit such a site that you would want the shopping cart to work.

Automatic login to 9000 different sites? Cookies.

Ugh, no thanks, trackers wet-dream this one. Firefox and password-safe remember my passwords and that's the way I like it.

Remembered configurations and searches? Cookies.

With cookies this is for tracking, the browser can do this without cookies. If you like a site enough then fine, but 99% of sites I visit don't need 'configuring'.

Convenient URLs that you can remember? Cookies.

Eh, I don't even get this one, I don't need to remember any more than slashdot.org etc, and I use bookmarks, how does cookies even enter the equation?

Dim-witted, pandering, posturing politicians passing some idiotic "cookie legislation"

Yeah, pretty much, it's still a stupid law that hits at the wrong target, cookies are useful and I don't need the BBC asking me to use cookies every day, and how do they remember when I say no anyway? store a fucking cookie, doh.

Re:Dumb laws are dumb. (2)

Post-O-Matron (1273882) | about 2 years ago | (#40981823)

It's not as simple as that. You are missing the usual "but we are geeks" syndrome. For a /.er disabling all cookies and then inspecting incoming ones individually to decide which to enable might be something they can do and willing to invest the time in. For normal people doing that for every website they use isn't really a viable option.

Hence a law that forces website owners to breakdown cookies to roles and present Mr. Normal Person a simple explanation of what they do and allow them to enable them or not.

Think about it like Firebug's cookies tab for non-techies.

Re:Dumb laws are dumb. (1)

crutchy (1949900) | about 2 years ago | (#40982063)

Cookies allowed us to stop crapping up every URL on the page, and causing massive link rot

so do hidden post fields and mysql

cookies are for sneaky single pixel iframes. anyone who thinks they "need" them for anything else is doing it wrong

Re:Dumb laws are dumb. (1)

pe1chl (90186) | about 2 years ago | (#40982163)

Of course whitelisting cookies by site is useless. Many sites send different cookies, you want to block some of them but not all.
Blocking by name is difficult because there is no name convention.
When every session cookie would start with SESS and every tracking cookie with TRK, it would be easy.
Now that there is no such naming convention, and no tools in place to do anything with cookie names, it is probably best to add
another field to cookies, to convey cookie intent. Then users can allow or block cookies based on intent. They can allow
cookies used to keep a login session, and refuse cookies used to track users.

They could have been a positive thing (2, Insightful)

Grayhand (2610049) | about 2 years ago | (#40981239)

I still remember back in the late 90s when we all blocked cookies. Now if you do it cripples a lot of the internet sites. Sad how badly abused our privacy is these days. Cookies could have been handled in an non evil manner but is wouldn't have helped the corporations invade our privacy.

Re:They could have been a positive thing (3)

_Ludwig (86077) | about 2 years ago | (#40981301)

How do non-third-party cookies invade your privacy?

Re:They could have been a positive thing (2)

Tom (822) | about 2 years ago | (#40982363)

1st party cookies are exempt from this regulation in many cases.

Read, comprehend, think, comment - preferrably in that order.

Why is the burden on millions... (4, Insightful)

_Ludwig (86077) | about 2 years ago | (#40981263)

This is stupid. Why is the burden on millions of websites instead of a handful of browsers? Mandate that any web browser distributed in the U.K. default to "Ask me before allowing cookies." It should be the default anyway.

Re:Why is the burden on millions... (0)

Anonymous Coward | about 2 years ago | (#40981299)

and how do you mandate that to a company that isn't in the UK?

Re:Why is the burden on millions... (1)

mwvdlee (775178) | about 2 years ago | (#40981355)

You politely ask Mozilla, Google, Microsoft, Apple, Opera and a few others. They put a developer on it for a few hours. Problem solved.

Re:Why is the burden on millions... (1)

irwiss (1122399) | about 2 years ago | (#40981445)

No it should't be default.

You may want to deal with every single session cookie on every single site you visit, I don't.

If anything NoScript should be default browser functionality.

Re:Why is the burden on millions... (2)

SurfaceMount (749329) | about 2 years ago | (#40981537)

You may want to deal with every single session cookie on every single site you visit

Thats basically what the EU wants isnt it?
They want every website to give you a popup asking if they can set a cookie on your browser.
Of course if you say No the website cant store your choice in a cookie, so your going to have to say No every time you visit.
Sure browsers could be modified to always say Yes/No.....oh right thats exactly what they already do now.

Browser cookie blocking is superior, so why not just keep useing that instead of misguided server side permissions?

Re:Why is the burden on millions... (2)

pe1chl (90186) | about 2 years ago | (#40982167)

The way it is implemented here in the Netherlands is that cookies required for technical operation,
like login sessions, store baskets, user preferences are allowed but cookies used for other purposes,
like tracking site visits and controlling ad placement, are not. (unless allowed explicitly by the user)

What is required now is an extra field in the cookies that conveys cookie intent, and a setting screen
in the browser to allow/deny cookies with given intent (as a default).
So users can opt-out of tracking and still be able to login and shop without having to confirm their
cookie acceptance for every site.

Re:Why is the burden on millions... (2)

JDG1980 (2438906) | about 2 years ago | (#40981903)

If anything NoScript should be default browser functionality.

Running NoScript means essentially every web site is broken by default, and you have to whitelist whatever domains they use for scripting to make it work. Invariably, people will just choose "allow all" to get things going. What's the point?

Re:Why is the burden on millions... (0)

Anonymous Coward | about 2 years ago | (#40981541)

..."Ask me before allowing cookies." It should be the default anyway.

No, it shouldn't. I'd take seppuku to cookie prompts every time.

The default should be that cookies are manually downloaded by the user ("save my shopping cart", "log me in next time", etc.), and optionally inspected before being stored. Reading a cookie should consist of the user clicking a load button ("load my shopping cart", etc.) and selecting which (if any) cookie to send. They shouldn't be any different from an application-specific saved file, since that's what they are.

Re:Why is the burden on millions... (1)

mvdwege (243851) | about 2 years ago | (#40981893)

Because the burden is on the one infringing on my right to privacy to prove necessity, not on me.

Given the loud whines of Facebook-wannabe's and their shills, one wonders what they have to hide about why they collect all that browsing information?

Re:Why is the burden on millions... (1)

_Ludwig (86077) | about 2 years ago | (#40982103)

If a browser is allowing your privacy to be invaded via tracking cookies, that's a problem with the browser. Not that the shady sites are free of responsibility, but you the user don't have to prove anything in any case.

An absurdly exaggerated analogy: If an OS shipped with all ports open by default and replied to any request with the contents of your address book, would it make more sense to make the manufacturer fix the faulty OS, or to try to prosecute everyone everywhere who took advantage of it?

Re:Why is the burden on millions... (1)

mvdwege (243851) | about 2 years ago | (#40982255)

Fuck you and the false dichotomy you rode in on.

Why not do both?

And again, it's the websites that want my personal info (yes, my browsing habits are personal info), they should have to justify themselves, not me.

Mart

Fool's endevour (1)

Anonymous Coward | about 2 years ago | (#40981275)

I can see this organisation getting slammed with complaints about sites that aren't even located in the UK. How do they expect to police that? (Yeah, I know we Yanks think we can police the world, but I thought you Brits would have more sense)

My complaint (1)

Anonymous Coward | about 2 years ago | (#40981289)

Oreos are really terrible. So dry and grainy, you have to dip them in milk just to swallow them.

Get on that, watchdogs.

SO what your saying is (4, Funny)

Nihn (1863500) | about 2 years ago | (#40981293)

They have been accepting money but not producing anything...politics as usual.

It's a damn stupid law (5, Interesting)

maroberts (15852) | about 2 years ago | (#40981377)

Am I the only one who thinks that these popups which state "we're using cookies" is highly annoying?

Almost everyone apart from your aged grannie knows that you are tracked on sites by use of cookies, so what is the point of this bureaucratic nonsense? It's almost like a secret plot; a small step to making the net unusable.

  If you really want to ban something, block sites from opening 3rd party poker/porn sessions in windows behind your current window, not that such things happen to me of course.....

[/rant]

Re:It's a damn stupid law (1)

gagol (583737) | about 2 years ago | (#40981643)

My solution: AdBlock+ let you flag any DIV as bad evil advertising... just point to the anniying part and you are off the hook!.

1984 was not about business (1)

Impy the Impiuos Imp (442658) | about 2 years ago | (#40981581)

Meme: Business evil, stop them from minor thing.

So sayeth an organzation that demands backdoors so they can easily spy on you, "Trust us."

I suppose this is a small improvement, but business per se is by far the lesser problem compared to overbearing government, or overbearing government at the behest of well-connected business.

A Solution ... (2)

epp_b (944299) | about 2 years ago | (#40981601)

Have a website? Disable and redirect EU visitors to a message explaining that they cannot use your website until they pester the morons in government who implemented this crap until it's reversed.

I'd love to see something like this gain traction. All it would take is a big player like Amazon to make this happen.

Re:A Solution ... (1)

OliWarner (1529079) | about 2 years ago | (#40981847)

That's certainly an idea but consider it from the website owner's point of view. They're already making their website less competitive (globally) with annoying pop-over nonsense. Some websites actually don't work until you've explicitly agreed to have cookies (a poor interpretation of the law, IMO).

What do you think a user is going to do if they have to sit through a five minute, hell, even a 30 second political complaint before they can even use the site? Well, if that site, like many sites, has a billion competitors - the user can go back and click the next site on the Google listings. That's what I do when a site isn't doing what I explicitly asked for, or doesn't load fast enough.

No, most websites in the EU are doing as little as possible to draw clients attention away from the product; inferring "implied consent" with a cookies link somewhere on the page is a common design metaphor, maybe a position:fixed link-image in a corner. Otherwise it's business as usual, thankyouverymuch.

What surprises me most about this story is that there are actually complaints in the first place for the ICO to investigate. Why don't people have better things to do with their time?

Re:A Solution ... (0)

Anonymous Coward | about 2 years ago | (#40981985)

UK is not Europe.

... just for 3rd party cookies (2)

martijnd (148684) | about 2 years ago | (#40981635)

The law in the Netherlands is that you have to inform users that you are going to put a cookie on their computer.

EXCEPT if the cookie is required for the core functionality of your website. So your shopping cart can put its 1st party cookie, and you are not in hot water.

Most websites use Google Analytics. That is where you have to start putting up the "Smoking Cookies Kills" banners that will likely hurt your websites traffic significantly. The best thing is to avoid the banner altogether and stay still within the law.

Sot its time to drop Google Analytics; its cool, its nice and now a drag on business.

I have already found one alternative that looks half decent and doesn't require me to put up any cookies at all: PiWik (http://piwik.org/ [piwik.org] )

Some can't see the forest for the trees. (3, Insightful)

el_flynn (1279) | about 2 years ago | (#40981653)

I think a lot of comments here are focused on the wrong thing.

TFA says "the ICO has yet to investigate a single website... because its investigative team isn't ready to start work - more than a year after the new laws came into force". So TFA is more about a culture of "shoot first ask questions later" that is prevalent in government agencies - NOT about the validity/ethics of having the rules in the first place. It's already in place, people - arguments about whether cookies are good or bad should have already taken place ages ago when vetting the rule.

So the real question is, why pass a law when there's no clear indication on the lawmaker's capability to enforce it?

Re:Some can't see the forest for the trees. (2, Informative)

Dark$ide (732508) | about 2 years ago | (#40981735)

So the real question is, why pass a law when there's no clear indication on the lawmaker's capability to enforce it?

The UK Gov't is only implementing what the stupid folks in the EU Gov't told them to. The real problem is that the EU Gov't allowed this crap to go through in the first place. We need to get some (members of parlaiment) MPs and (members of the European parliament) MEPs who have a clue about IT, who have a clue about how the Internet works. That's the underlying problem - we've got clueless career politicians with a supporting organisation made from clueless lawyers and MBAs.

You can't run without cookies (0)

Dark$ide (732508) | about 2 years ago | (#40981711)

If I choose the option to opt out of storing cookies, the website stores a cookie to remember that decision. This law was drafted by silly people who don't understand how a stateless protocol needs to store status information to work.

If you want your web browsing to be a useless and painful experience try running with cookies disabled. I hope you enjoy re-entering your password on every secure page.

The fact that the UK Gov't QUANGO can't afford, can't be bothered and doesn't have the time to enforce this crap law is a good thing, they can spend my taxes on doing something more useful.

Another meaningless law (1)

hcs_$reboot (1536101) | about 2 years ago | (#40981901)

So we gonna have at the same level an annoying warning from sites that just need a session cookie to ease our users lives, and on the other hand the same warning from Facebook-like sites that require a once warning/cookie to track you the hard way through tons of other unsuspected sites having the Facebook "Like" button. Ridiculous.

facts (4, Informative)

Tom (822) | about 2 years ago | (#40982025)

I hate to burst everyone's babble with facts, but here you are:

http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_guide/cookies.aspx [ico.gov.uk]

important key points:

  • Implicit consent is valid in many cases
  • some cookie uses are exempt, especially session ids, shopping carts, etc.

Sorry for brutally slaughtering half the comments posted so far.

As I read it, what this basically asks me to do is put an information that my site uses cookies somewhere with a link to a page that explains what I use the cookies for. If you're doing the usual stuff (session ids), you're probably done with two sentences.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...