This is why I like Arantor. You take your time out to reply, and educate + 1
I do try, and I do also try not to snap at people who ask for help (but when people who ask for help then throw it back at me because they didn't get the answer they wanted, that pisses me off no end)
I just viewed that website and man that looks so easy how they have done it.
Only thing is stopping these cookies from my site being stored for guests GRRRR.
But why do guests need to have cookies shoved at them, exactly?
Put in the registration agreement that they allow all cookies and *hope* SMF do something about guest cookies.
Also need a page that displays each cookie and what that cookie does. Well there is only 3 cookies I made myself.
Pretty much the official line from SMF is that it isn't their problem. I'll come back to that when replying to markham's post, though, because there's a lot more to it than that.
Which I can explain simply as they are only
Category 3: functionality cookies
For things like the Shoutbox remembering which chat channel you are in and the theme changer lol.
Still my problem with 3rd party cookies unless they sort that out them selves.
That would mean minimal work for me XDDDDDDDDDDDDD
Depending on implementation it may not be as simple as that, or it may be. Certainly if it is functionality related, you're far more covered but as I understand the wording, you'd have to ask before setting those cookies, because it's up for debate as to whether it's 'required' functionality. A shopping site would not work very well without a cart setup, and as such a cookie there is clearly for required functionality. But for remembering preferences, as I understand it, that's not necessarily defined as 'required'.
This is part of the problem, actually, the guidance from the ICO is very vague and open to interpretation. If in doubt, seek guidance either from the ICO itself or from a separate legal institution.
Last one is analytic's, meh. What's the point in having it on the forums when you can't allow guests lol.
I mean as if a guest is really gonna OPT IN.. I wouldn't lol.
Guess I will remove that. I don't even use it anyway to be honest.
Will probably improve the speed of the website as well XD.
Well, there's nothing that says you can't allow guests. You just have to be mindful of how you approach it.
But you're exactly right, my very first thought when this was announced is that analytics cookies would be the sort of thing people would not opt-in for. Which is why I was less than thrilled at the way the ICO itself handles Google Analytics, because you can't (easily) opt in to certain cookies and not others. But I figure it will encourage a migration off Google Analytics, which from my perspective is no bad thing.
I thank you guys for making me aware of this as I seriously would never of known.
I spoken to alot of friends UK also.. They had no idea either..
The whole escapade is pretty shocking if you go back and look over the history of it - like so many recent laws, it is implemented by people who do not really understand how the internet works and is going to be abused. I personally think it's going to be withdrawn but because I just can't take the risks attached, I don't see how I can do anything other than look at it properly, as it's not just my own stuff that I have to bear in mind.
Did you know, in fact, that at one point a branch of the German government was using SMF for discussions? I don't see any reason why Wedge won't be able to appeal to that level - but it does of course require that we comply as best we are able (on a generic level) with the legislature out there, and we can take case-by-case matters separately.
Oh he's earned more than +1 from me as he seems to be the only Forum software developer who has not only taken time to research this (and other legal implications) but has demonstrated a genuine willingness to implement a decent solution.
I'm certainly willing to implement a decent solution, even taking into account my personal reservations about the whole matter - provided that I can get some meaningful information from the ICO. The big problem - as we've seen from pretty much all the forum camps - is that people look at the wording, look at the guidance, and make what is really a prognostication about the way things should be interpreted.
I know pretty much everyone is taking the view that the session cookie is probably OK and that the main cookie issued to members is also probably OK in and of themselves, but I'm not yet satisfied that this view matches the guidance the ICO themselves issue, especially considering that they don't even allow *their* session cookie to be transmitted without this consent.
And if the ICO come back to me and tell me that they're satisfied with the breakdown I've given them of SMF and Wedge cookies, so be it. But I strongly doubt it, and in fact I realised there are more cookies issued by SMF and Wedge than that, but those we can work around or build into the existing systems.
You can hope and you can pray but whatever you do, don't hold your breath! Here's the solution that a (former?) SMF project person has suggested:
Actually, one of their developers has now issued a mod that should cover the fundamentals. I haven't tried it, but a quick glance at the code suggests two things: one, it'd probably work to prevent cookies being issued and two, it doesn't quite conform, because it doesn't indicate what the cookies in use are or what they do. (Nor can I see any way for mods to register such.)
However, there is another British Forum owner contributing to that same thread and he poses the following:
And, without being funny, this is why people who are neither technically nor legally qualified to make a judgement should avoid doing so.
His view is incorrect, because the wording of all the related legislature makes it very clear that any transfer of data that is 'strictly required' to function is permitted, and in any case when a user goes to a page themselves, they are the one initiating the transaction of data, and are implicitly giving permission for the bulk of the headers going anyway. (That said, there are privacy implications relating to things like the user-agent.)
The sad fact is that were things different to what they are today, there would have been an Arantor-authored modification for SMF available by now
It's probably true that were things different, I'd have gotten involved on an SMF modification. It's also probably true that working code would have been available sooner, though there is a work in progress available from the team at this point in time but even then it seems to be issued personally, not under the 'team' as it were.
I've noticed that some ISPs are placing tracking cookies for each web site visited. I wonder what ICO's views on that would be, since such cookies are outside the direct control of the web site owner.
You as a site owner cannot be held accountable for that since it is not a cookie you are issuing, and it is the ISP who is clearly at fault. If you can identify which ISP it is, take the matter to the ICO as a complaint.