The Cookie Law (in the UK at least)

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: The Cookie Law (in the UK at least)
« Reply #240, on June 22nd, 2012, 02:03 PM »
Quote
But I can't see that working if I were to download that avatar from wedge.org and then upload it elsewhere and include it in a message.
It's not on Wedge.org, that's sort of the point. It's still hosted on sicomm.us, and any request to that domain is going to return with a cookie.

If you download it then repost it after, you're not hosting it on sicomm.us and thus no cookie.


There is not really a good way to do that, there are ways but I'm not sure how reliable they are. And they have consequences, too.
When we unite against a common enemy that attacks our ethos, it nurtures group solidarity. Trolls are sensational, yes, but we keep everyone honest. | Game Memorial

nend

  • When is a theme, no longer what it was when installed?
  • Posts: 165
Re: The Cookie Law (in the UK at least)
« Reply #241, on June 22nd, 2012, 07:12 PM »
The easiest thing maybe is to block all user embedded content via BBC until consent is made. However you may want to check what user has embedded the content, say like a admin may be able to bypass this rule. There are allot of files though you can set a cookie with, so it isn't limited to images only. SMF however as far as I know only supports images and flash embedded via BBC and the rest are attachments, you shouldn't have to worry about attachments though.

In order for SMF to accommodate this the permission system will have to get more advance and BBC added into it. So you can deny image and flash BBC to guest unless posted by a allowed member group.

So I shouldn't have to worry about the news ticker, that's good. I was basically stumped how to add a consent page with it. The only thing that I could do is probably add something on the redirect but by that time the cookie has been set.

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: The Cookie Law (in the UK at least)
« Reply #242, on June 22nd, 2012, 07:17 PM »
Well, flash is disabled by default (though I'm not sure about Aeva type embedding, as to whether YouTube etc. put cookies in place), but with images, it strikes me that there is a method for dealing with it - there's already a request made for over-sized images, and it would not be difficult to check the response headers on that request as well and see if a cookie header was returned - and then perhaps warn the poster or even disallow it, but either way we can take some action.

Or perhaps like Facebook, taking a small version of the image as a local thumbnail (which is cookie-free) and linking to the external images with a warning about cookies.

Nao

  • Dadman with a boy
  • Posts: 16,078
Re: The Cookie Law (in the UK at least)
« Reply #243, on June 26th, 2012, 07:00 AM »
FB hosts the whole image doesn't it...?

And AeMe offers to host images remotely, too, thus ensuring this could happen.
OTOH, preventing this could be annoying, i.e. signatures with a banner that shows up details that depend on a cookie being set... That could annoy some people if it got messed up.

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: The Cookie Law (in the UK at least)
« Reply #244, on June 26th, 2012, 02:56 PM »
I don't know whether FB holds the large image as well, but I know it does host at least a thumbnail image itself - or certainly did last I checked.

nolsilang

  • Lurking <i class=
  • Posts: 106

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: The Cookie Law (in the UK at least)
« Reply #246, on February 1st, 2013, 02:18 AM »
Oh, that's hilarious.

That does pretty much mean the implied consent notice is sufficient. I think we'd actually be OK with implementing that in the core - since I *still* haven't seen any enforcement out of the ICO for *any* site.

Nao, what say you?

Nao

  • Dadman with a boy
  • Posts: 16,078
Re: The Cookie Law (in the UK at least)
« Reply #247, on February 1st, 2013, 10:11 AM »
What say I?

- It's hilarious indeed.
- So, they've single-handedly educated all of us about cookies. If you ask me, it's a polite way of saying "we couldn't do it". I've started watching one of your shows called "Yes, Minister", and it's all about that: navigating in a political world where you may have the best intentions in the world, sometimes you just have to admit you're screwed. (But you won't.)

Considering that precisely they're not taking any action against anyone and are even stepping back, I don't see any reason to add anything to the core...
We could, however, do it core but disabled by default. Something like $settings['tastyEuropeanCookiesArentFatFree']...

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: The Cookie Law (in the UK at least)
« Reply #248, on February 1st, 2013, 03:15 PM »
Of course it is. (Yes, Prime Minister is also a good show but only the original incarnation. The remake is shite.)

I'd be fine with a core notice disabled by default - I just think we should include it for those who need it. I could even make it a plugin really... As long as it's available, easily, for those who feel they need it.

Nao

  • Dadman with a boy
  • Posts: 16,078
Re: The Cookie Law (in the UK at least)
« Reply #249, on February 1st, 2013, 03:45 PM »
Quote from Arantor on February 1st, 2013, 03:15 PM
Of course it is. (Yes, Prime Minister is also a good show but only the original incarnation. The remake is shite.)
I saw there's a 2013 version when I went to get my subtitles for the original, lol. How is it so bad in comparison? And is the original Yes Prime Minister any good, too? (i.e. seasons 4-6 or something.)

I never watched YM in the first place because I don't have such excellent memories of The New Statesman, which was one of the first British sitcoms to be shown in English with subtitles in France, back in the early 90's. Heck, for a long time I thought they were the same shows... I'm only at 1x04 but I really like it. The characters are well played, they're all likeable and the gimmick is interesting (i.e. starting the episode with the Minister trying to do something better for the UK, and ending up having to compromise because of reality checks.)
Quote
I'd be fine with a core notice disabled by default - I just think we should include it for those who need it. I could even make it a plugin really... As long as it's available, easily, for those who feel they need it.
Well, as of now, it's much easier to implement into Wedge than it would have been if you'd had to disable cookies by default..! :^^;:

Might be a good opportunity to get rid of PHPSESSID though :P

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: The Cookie Law (in the UK at least)
« Reply #250, on February 1st, 2013, 04:06 PM »
Quote
How is it so bad in comparison?
They have completely the wrong actors for it. In the original, Paul Eddington has a certain naive innocence while Nigel Hawthorne has the political machinations and his delivery absolutely makes the show what it is. Yes, the writing is very clever, but without his delivery it just wouldn't work.

I have actually tried to watch it and it's just not as funny.
Quote
And is the original Yes Prime Minister any good, too? (i.e. seasons 4-6 or something.)
Yes, it is. Essentially what's happened is that Sir Humphrey has manuevered Jim Hacker MP to being the Prime Minister and still directing everything, only now he has more power to play with.
Quote
because I don't have such excellent memories of The New Statesman, which was one of the first British sitcoms to be shown in English with subtitles in France
Ah, yes, Alan B'Stard. Not Rik Mayall's finest hour, I thought. The Young Ones and Bottom were both funnier, though by the time I got around to seeing The New Statesman it was several years past its cultural relevance.
Quote
The characters are well played, they're all likeable and the gimmick is interesting (i.e. starting the episode with the Minister trying to do something better for the UK, and ending up having to compromise because of reality checks.)
It's actually a reasonable criticism of our country, where the undersecretaries and so on wheedle the MPs into not doing things even if the MP has the best of intentions.
Quote
Well, as of now, it's much easier to implement into Wedge than it would have been if you'd had to disable cookies by default..! :^^;:
There is that.
Quote
Might be a good opportunity to get rid of PHPSESSID though :P
Well, I've been looking into that. We have two choices, we can ditch the session rewriter part (and rename sessrewrite!!) and leave the underlying handling for guests, or we can entirely remove sessions for guests for a massive performance boost overall.

I'm tempted to go with the first one because of how upset people get when their meaningless statistics are threatened.

MultiformeIngegno

  • Posts: 1,337
Re: The Cookie Law (in the UK at least)
« Reply #251, on March 31st, 2013, 06:33 PM »Last edited on March 31st, 2013, 06:42 PM
Quote from Arantor on February 1st, 2013, 04:06 PM
Quote
Might be a good opportunity to get rid of PHPSESSID though :P
Well, I've been looking into that. We have two choices, we can ditch the session rewriter part (and rename sessrewrite!!) and leave the underlying handling for guests, or we can entirely remove sessions for guests for a massive performance boost overall.

I'm tempted to go with the first one because of how upset people get when their meaningless statistics are threatened.
I don't remember how this ended up.. is PHPSESSID now only used for guests?

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: The Cookie Law (in the UK at least)
« Reply #252, on March 31st, 2013, 06:39 PM »
We made no changes whatsoever.

PHPSESSID gets created by PHP. We have no control over that.

But the point of what I was suggesting was the complete opposite of what you're asking anyway.

MultiformeIngegno

  • Posts: 1,337

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: The Cookie Law (in the UK at least)
« Reply #254, on March 31st, 2013, 06:43 PM »
"is PHPSESSID now only used for guests"

When the point of the suggestion was to NOT use it at all for guests.