Jump to content

Due to the shift to social media and the use of the forums dropping dramatically, we have made the decision to close the forums.

The forums are now in READ ONLY mode

The gallery will be migrated to flickr

 

epic.Management

Sign in to follow this  
Zorg

EU Cookie Law

Recommended Posts

From May 25 European law, due to the e-Privacy directive, will force change in the UK meaning consent must be granted from websites before they store cookies on a users computer. The only exception to this rule will be cookies that are used on stores and for shopping baskets.

http://www.neowin.net/news/new-eu-laws-change-cookie-permissions-protects-users

As a web-developer, what the hell? :/

Share this post


Link to post
Share on other sites
Guest Zenith

It means that you ask a user before dropping a cookie. Pretty easy to understand.

I've got FF set to ask what to do with cookies (mostly deny, some session allowed, even fewer allowed).

The most pernicious ones are the ones that have an expiry WAY in the future. If web-devs used the expiry in cookies properly, maybe there'd be less hue and cry about persistence.

Share this post


Link to post
Share on other sites

So generic session cookies need explicit permission, that just feels like it'll add an element of clunkiness to websites now.

Share this post


Link to post
Share on other sites

Cookies are used badly by a minority of domains / services - the (now obsolete) name Doubleclick jumps to mind.

Unfortunately trying to regulate that sort of thing just leads to the decent web sites being unduly restricted and because none of the law makers really understand any of this they just bow to lobby group pressures. Of course listening to lobby groups which try to legislate technology almost always goes wrong - remember the RIP bill? - as the legislation ends up out of date and out of touch before it's enacted. Thankfully when it comes to enforcement things look a little more promising with the enforcers tending to understand a little better and using some common sense ... but, yeah it's still a silly mess. Nice utopian idea, totally unrealistic in my opinion though.

Share this post


Link to post
Share on other sites

This will be enforced/reported/punished how? Just sounds like the UAC of the Internet (and that shit gets disabled as soon as I install Windows).

Share this post


Link to post
Share on other sites

As a web developer, I have to agree with Zorg and Saboo on this one - what the hell?

Almost every site you visit will set a session cookie of some kind, as well as any 'remember me' functionality that requires cookies. Are the EU seriously expecting every website to offer a choice of cookies?

From a logistical standpoint - assuming the user selects 'no cookies', how the hell do we store that preference?

Share this post


Link to post
Share on other sites

From a logistical standpoint - assuming the user selects 'no cookies', how the hell do we store that preference?

Infinite loop ALERT!!! :)

Share this post


Link to post
Share on other sites

It'll just have to be on every page - have they got a cookie that says they allow cookies? If not, they need to be asked if they want to allow cookies.

Popup box on every page?

I'll need to follow the regulation on the epic.LAN site, so as soon as I've done the implementation you'll all be able to see how it would work. It's not going to be nice.

Share this post


Link to post
Share on other sites

Also - How does this affect cookies already on your computers? If you've chosen to remember your login on the epiclan site, you'll have a cookie set - do I have to expire all those cookies and remove them if you choose not to use them, or can I leave them there?

Answers on a postcard...

Share this post


Link to post
Share on other sites

OK, so what I've currently determined is that permission is not required for cookies that are required for technical reasons for a service explicitly requested by the user.

So essentially, I can add text to login and signup to state we're going to set a cookie and what a cookie is. Once you're logged in, that's taken as approval so there's no problems. However, for logged out users, Google Analytics is not exempt and permission would be required for those cookies.

We also have the problem that when you visit the site, we start a PHP session for you that helps us identify who you are and store some information as you browse around the site (things like form data, messages from each page, ie. the notices like 'You must be logged in to access this page'. These definitely count as technically required, but is browsing the site an explicitly requested service? Arguably you have requested a page from a web service (tenuous but technically accurate).

There's currently no guidance on this from the ICO, so I'd like your thoughts on it.

Share this post


Link to post
Share on other sites

It'd be so much easier if they just got the browser developers to install a "about to use a cookie, kk?" prompt, thus avoiding the need for millions of websites to make big changes.

Share this post


Link to post
Share on other sites

That would indeed be a much better law... your browser must prompt :P

However they probably don't have any jurisdiction over the browser makers - because this is an EU law only. (And a stupid one at that)

Share this post


Link to post
Share on other sites

Allowing the browser's configuration be used for this was considered by the EU, but only Google Chrome was deemed to make clear and simple enough to meet the legislation's requirements.

Share this post


Link to post
Share on other sites

To be honest web developers have brought this upon themselves (not yourselves specifically). The whole concept of tracking through pages/cross site (in some circumstances) have left the general public (your man in the pub) clueless about what information is being stored on them

As someone pointed out above, the abuse of the expiry cookie is just asking for trouble with privacy advocate groups

As to how you police it , I doubt any formal sanctions will be taken unless your a FTSE listed company or high profile in some other way , and of course public sector.

Share this post


Link to post
Share on other sites

The EU have forced software in particular jurisdictions to act differently, like how they had MS to modify the default bundles with Windows Vista (I think it was Vista) for IE / Media Player.

Share this post


Link to post
Share on other sites
Guest Zenith

i've just spent some time going through my cookies paying attention to the persistent ones.

It's very cathartic to clear out a swathe of cookies that don't seem to be doing anything but tracking me (lots of _utma to _utmz Google Analytics trackers).

There seem to be a lot of ColdFusion (CF) ones as well.

I'm not touching my exception list. It's scarily long and a huge amount of them are blocks. :)

Share this post


Link to post
Share on other sites

Ok...

1. Zenith I'm well aware what the Law means, thanks for explaining it to me anyway. My point was that the law is badly thought out as Murray explained.

2. Oh hi, would you like us to use Cookies? No... ok let me just save that preference to your session.... oh wait, I can't. -_-

Share this post


Link to post
Share on other sites
Guest Zenith

I didn't tell you about the cookie NASA set to expire in 2512.

Yes, you read that right... 501 years! :)

[edit] Minor mistake, it was 2511.

Domain: nasa.gov

Cookie: bn_u

Expires: 11 March 2511 13:14:19

It's obviously set for 500 years.

Share this post


Link to post
Share on other sites

In a few hundred years time, people will assume NASA knew something about 2512.. perhaps as a cataclysmic event deemed by the end of their cookies.

#2512isthenew2012

Share this post


Link to post
Share on other sites

Personally (not talking about web development at work) but my own website, i only use sessions...yes that uses cookies however the information i store is to make myself better. The sessions always expire in 15 mins.

I use the information to simply know what tracks people are listening to on my site, this means that i know what the more popular ones are and then from that take different bits from my music and produce different ones.

I agree that cookies have been abused in the past....but we don't go over to germany and lock them all away because in the past Hitler was an evil tw@. People have moved on and learnt. The majority of us don't abuse cookies in anyway. This just sounds like the EU waving their sabre because they haven't really done much for a while.

Share this post


Link to post
Share on other sites

About time they did this. Working in network security having rouge cookies on the network/computers was a pain and a massive security hole.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Amazon

  • Recent Status Updates

    • bakewell

      Me and a mate are attending the Cardiff CS:GO qualifiers. Looking to join a team that needs 2 x mercs.
       
      We've been playing since 1.6 on and off, are part of an online team, and are usually rank LE+
       
      Get in touch if you have availability. Steam name: myalternativeaccount or just message on here.
      · 0 replies
    • Solarr

      epic24 seems so long ago and I haven't been back since. Having taken the 3v3 Rocket League tournament, I'm hungry for more.
       
      And so...
       
      I have plans to return to epic27 with a new team behind me! I am incredibly excited as epic24 was my first taste of a LAN and I loved every minute of it. It's completely worth the 700 miles round trip and I'm ready to do it all over again!


      · 1 reply
    • BackByDemand  »  Digsy

      Are you still looking for a team? Our 3rd went AWOL
      · 0 replies
  • Twitch Streams

    • No Streams Available
    • No Streams Available
  • New Topics

  • epic.LAN Twitter




×