Wedge

Nao · « Reply #**165**, on June 12th, 2012, 12:01 AM »

Meh. :(

markham · « Reply #**166**, on June 12th, 2012, 09:36 AM »

Quote from Arantor on June 11th, 2012, 11:04 PM

Well, that's maddeningly unhelpful, because they're not covering as to whether our cookies are or are not intrusive. They're all first-party cookies, however, so that's something to be thankful for!

1. We can't realistically mandate users accepting cookies before entering the site (because it excludes search engines entirely), so we will need to investigate the ECL type mod that Emanuele and feline worked on, simply because it's something we will need to look at doing.

2. Accepting cookies via registration allows for the extended cookie, however we should probably be explaining to users a bit more.

3. I'm thinking a general privacy policy (perhaps even user-editable) should be available in the forum. I'd argue for that regardless, actually.

4. The person writing the reply doesn't really understand what I'm talking about anyway.

5. It's not clear about the whole who's online issue, but that it would be covered by the privacy policy generally to log that.

I still think dropping sessions for guests would save a lot of hassle all around, even though it makes who's online only useful for registered members and up.

I have just completed an implementation of ECL for a British-owned Forum for expats and visitors to the Philippines. Although the site is currently hosted in the US, its owner intends moving it to an ISP in the UK shortly. You are very welcome to visit the site, Live in the Philippines Forum, and see how I've implemented the regulations and take away and use any ideas.

My implementation goes a bit further than Emanuele's mod:

I require the visitor to positively accept cookies. Implied consent by virtue of registration is, I believe, a tad dangerous[1], the Registration Agreement is probably far too long (out of necessity) and few bother to read it in any case.[2]
I do specifically check the user-agent and known spiders such as Google's, Microsoft's and Baidu's are given a "free pass" and not subjected to accepting cookies (how would they?!!)
LiPF's main menu normally appears as a fixed "box" at the top of the window and does not scroll out of sight. This was implemented for usability reasons but it is hidden[3] unless and until cookies are accepted.
Almost all actions are blocked until cookies are accepted. The forum can be browsed but that's about it.
There's a dynamic block towards the bottom of the right-hand column labelled "You and Cookies" which informs the user which cookies have been set and also provides the means of deleting all the site's (including third-party) cookies as an option.
The site respects "Do Not Track" and will not permit the setting of any tracking cookies (eg Google Analytics' which the site uses) if this option is detected. This means we have a two-layered approach to cookie handling.
There is an option to use geoLocation to determine if the visitor is from within the EU but has been disabled upon taking your advice on this matter. (There's also the problem of IPv6 which the geoLocation mod has no knowledge.)

It's not the prettiest of implementations but it is effective; Javascript and CSS are "black arts" as far as I am concerned! It would be far better if the initial cookie acceptance dialog was coded in Javascript in a similar fashion to the "confirm()" dialog, but alas, that's beyond my limited capabilities.

Mark

1.	and was announced after I had completed the implementation in any case
2.	The current Registration Agreement is also available post-registration under the "About Us" menu option
3.	It would have been cleaner and likely more satisfactory to use the menu item's "show" property but this would only work for menu items that are coded in Subs.php and not for those that are added by integration.

emanuele · « Reply #**167**, on June 14th, 2012, 01:51 PM »

* emanuele 's knowledge of English is far from perfect and legal matters make his head hurt...

BTW, regarding the part about privacy, if I'm not too wrong the email addresses are usually considered a personal information. In that respect SMF (don't know Wedge) should show something to guests when they are allowed to post I think...

* emanuele takes a note

Arantor · « Reply #**168**, on June 14th, 2012, 03:28 PM »

As far as the DPA goes, they're not considered personal information. But I agree that something should be shown to guests when posting.

Norodo · « Reply #**169**, on June 14th, 2012, 05:23 PM »

Seriously, fuck this. This can be a plugin. Most of us don't really give a shit about UKs rampant idiotic laws. Sorry for the harsh language, but stupid legislation annoys me to no end. At least make this "feature" toggleable. I don't like cluttering stuff just to please buerocratic imperialistic dimwits.

Cheers.

PS: I mean no disrespect to the English people, you're all grand.

Arantor · « Reply #**170**, on June 14th, 2012, 05:49 PM »

Yes, that's right, ignore the crap out of it until the rest of Europe implements it. Is it then something to ignore? What about when the US inevitably introduces something similar?

Will you be so brave about ignoring it then?

The other thing is that the plugin architecture is not as flexible as SMF, mods cannot modify any line of code they choose, so making this a plugin is at least as difficult as it is in SMF, and possibly more so.

nend · « Reply #**171**, on June 14th, 2012, 06:19 PM »

Setting cookies are no different then RFID's, how is it they are trying to frown on one and not the other. IMHO this law is BS and I still believe if any consent should be done it should be done on the client end and not the server.

We are delivering content, we shouldn't be responsible for figuring out these stupid cookie laws. What we are going to do soon read a 1,000 page manual of all the laws of the internet just to set up a personal webpage. Talk about some real treats to freedom of speech.

What I really hope happen is this law goes down the drain.

So would I like to see it as a software solution? I have to be honest here if a software is built around this then IMHO it isn't worth installing. If a software has this as a portion of it it must be configurable and not interfere with the software if disabled. Mainly this is worthy of a plugin and not a core component.

markham · « Reply #**172**, on June 14th, 2012, 06:22 PM »

Quote from Norodo on June 14th, 2012, 05:23 PM

Seriously, fuck this. This can be a plugin. Most of us don't really give a shit about UKs rampant idiotic laws. Sorry for the harsh language, but stupid legislation annoys me to no end. At least make this "feature" toggleable. I don't like cluttering stuff just to please buerocratic imperialistic dimwits.

Cheers.

PS: I mean no disrespect to the English people, you're all grand.

Umm, it's not exactly a UK law but rather a Europe-wide one which has, in fact, been around for the last ten years[1] but has only recently been implemented by three member nations so far. The rest of the EU has a limited amount of time to introduce the required enabling legislation. As Arantor says, similar provisions will very likely be enacted in the US and other first world nations will follow. Even the Philippines, a third world country, is to introduce cookie legislation among a range of other computer and internet-related measures ordered by the President recently.

Having had to do an implementation, I agree that it really should not be in the form of a plug-in.

1.	If my memory serves!

nend · « Reply #**173**, on June 14th, 2012, 06:31 PM »

You know its little stuff like this that get these movement groups going. The governments only have themselves to blame and if the US does try to implement this law I hope these groups take my government down. I love my country but I hate how its being run into the ground when we have more important issues at hand then the internet.

It's not the entire government but quite a lot in there that don't know anything about the internet or computers. There the old ones that believe change can break things, when it only makes things better. They rather listen to their own uneducated opinions then listen to the ones that know.

You know I am tired of it, if a revolution ever did break out I will be one of the ones dismantling this countries sorry government.

Arantor · « Reply #**174**, on June 14th, 2012, 06:41 PM »

Quote

Setting cookies are no different then RFID's, how is it they are trying to frown on one and not the other. IMHO this law is BS and I still believe if any consent should be done it should be done on the client end and not the server.

Actually if you read the laws it's not exactly about using cookies. It's about using methods to track users, of which cookies is the most well known and most entrenched. localStorage is mentioned indirectly but because it's not sent automatically every request it's actually much less of a threat.

Quote

We are delivering content, we shouldn't be responsible for figuring out these stupid cookie laws.

Read the laws. You're responsible for the data you're sending. Is it wrong that you should be reasonably accountable for the data that you have control over? That's really what we're arguing about here: the right of site owners not to be held accountable for what data is collected about users. Why should you have that right?

Quote

What we are going to do soon read a 1,000 page manual of all the laws of the internet just to set up a personal webpage. Talk about some real treats to freedom of speech.

While I understand your sentiment, I'm not opposed to *some* regulation, handled sanely. The web is a wilderness as it is, and frankly it would do some good for some proper sane regulation, but no-one can be trusted to enforce it without the inevitable cries of censorship.

What is freedom of speech? Does the right of freedom of speech entitle you to publish content banned in some countries? Is freedom of speech a legitimate defence for 'child porn'? Before campaigning for freedom, you would do well to understand what the flipside of having those freedoms is.

Quote

So would I like to see it as a software solution? I have to be honest here if a software is built around this then IMHO it isn't worth installing. If a software has this as a portion of it it must be configurable and not interfere with the software if disabled. Mainly this is worthy of a plugin and not a core component.

Now you understand my dilemma. I AM IN THE UK, I HAVE TO CONTEND WITH THIS LAW. But not only do I have to contend with this law for my own stuff (which I haven't yet, I would add), Wedge has a responsibility to deal with it too.

But more importantly, as a site owner you have to be responsible about the data you're sending. Is that really such a big deal for you? What the hell happened to accountability and taking responsibility?

Why are so many people wanting to avoid having to take some responsibility for what they're doing? Why, also, are there so many revolutionaries that are all talk and no action? I hear an awful lot of people that want to stick it to The Man, but I don't see anyone much actually doing anything about it.

markham · « Reply #**175**, on June 14th, 2012, 06:41 PM »

Quote from nend on June 14th, 2012, 06:19 PM

Setting cookies are no different then RFID's, how is it they are trying to frown on one and not the other. IMHO this law is BS and I still believe if any consent should be done it should be done on the client end and not the server.

In the case of RFIDs embedded into machine-readable Passports, this was a requirement originally imposed by the US Department of Homeland Security which required machine-readable Passports to be used by all non-US citizens when entering the US. When you apply for a Passport, you are made aware that it will contain a chip encoded with all your personal details and your application is conditional on you accepting that.

Quote

We are delivering content, we shouldn't be responsible for figuring out these stupid cookie laws. What we are going to do soon read a 1,000 page manual of all the laws of the internet just to set up a personal webpage. Talk about some real treats to freedom of speech.

I don't see the connect between the Cookie Law and threats to freedom of speech. The Cookie Law is all about protecting an individual's privacy.

Just to make you feel even hotter "under the collar", the European Commission is likely to issue a new Directive one day quite soon to strengthen the existing privacy and data protection laws. I have seen a draft of the new proposals which includes mention of the use of local storage and web beacons as well as conventional and flash cookies as means to track internet users.

Arantor · « Reply #**176**, on June 14th, 2012, 06:47 PM »

Quote

In the case of RFIDs embedded into machine-readable Passports, this was a requirement originally imposed by the US Department of Homeland Security which required machine-readable Passports to be used by all non-US citizens those entering the US.

Yes, I had a debate with the passport people about this. And yes, this is exactly why it was implemented, not for EU or rest-of-world benefit.

Quote

I don't see the connect between the Cookie Law and threats to freedom of speech. The Cookie Law is all about protecting an individual's privacy.

It's actually a strawman of sorts. The Cookie Law is being suggested as being the tip of an iceberg whereupon setting a site up will require permissions and increasing amounts of legislation. But right now most of the laws do not have any coverage of online behaviour, at least not thoroughly.

Quote

Just to make you feel even hotter "under the collar", the European Commission is likely to issue a new Directive one day quite soon to strengthen the existing privacy and data protection laws. I have seen a draft of the new proposals which includes mention of the use of local storage and web beacons as well as conventional and flash cookies as means to track internet users.

Actually, the wording of the current directive does reference - but only indirectly - local storage and flash cookies. The wording is sufficiently vague that it could be construed as covering those things, however do note that there are side benefits to their implementation that make them slightly 'better' than conventional cookies as they're not quite so heavily broadcast as regular cookies are.

Nao · « Reply #**177**, on June 14th, 2012, 06:52 PM »

I'll just say that once again -- cookie laws are done to give some juice to lawyers so they can attack bigger anti-privacy companies. They're not made to piss off people who have a forum, even those who think it's a smart idea to run Google Analytics (the agony!) on it.
So it's basically safe...
And if you ever receive an official notice about it -- then it'll be time to implement that in Wedge.

markham · « Reply #**178**, on June 14th, 2012, 06:54 PM »

Quote from nend on June 14th, 2012, 06:31 PM

You know its little stuff like this that get these movement groups going. The governments only have themselves to blame and if the US does try to implement this law I hope these groups take my government down. I love my country but I hate how its being run into the ground when we have more important issues at hand then the internet.

It's not the entire government but quite a lot in there that don't know anything about the internet or computers. There the old ones that believe change can break things, when it only makes things better. They rather listen to their own uneducated opinions then listen to the ones that know.

You know I am tired of it, if a revolution ever did break out I will be one of the ones dismantling this countries sorry government.

It is pressure from the privacy protection groups that brought about the "Do Not Track" proposal and that places the responsibility of preventing tracking cookies (and other tracking mechanisms) firmly on site owners. That proposal will very likely be enacted in the US - possibly with a variant of the EU Cookie legislation. It will effectively mean that when serving a page, you must actively prevent the serving of any tracking mechanism if that browser setting is enabled.

Arantor · « Reply #**179**, on June 14th, 2012, 06:59 PM »

Yup, DNT also requires site owners to take action, so even if that gets implemented [1] it *still* requires site owners to actually do something about it.

So, again, brushing aside such measures either indicates that either you actively don't care about (or want) users to have privacy (e.g. for better advertising!) or you actively do not want to take responsibility for what your site is doing. Neither is particularly good for site owners.

I would also note that I consider Google Analytics to be not just invasive but flat out unethical.

1.	Noting full well that the W3C has actively said yesterday it should be off by default even though IE10 turns it on by default.

Wedge

Home

Login

Register

Nao

Re: The Cookie Law (in the UK at least)

markham

Re: The Cookie Law (in the UK at least)

emanuele

Re: The Cookie Law (in the UK at least)

Arantor

Re: The Cookie Law (in the UK at least)

Norodo

Re: The Cookie Law (in the UK at least)

Arantor

Re: The Cookie Law (in the UK at least)

nend

Re: The Cookie Law (in the UK at least)

markham

Re: The Cookie Law (in the UK at least)

nend

Re: The Cookie Law (in the UK at least)

Arantor

Re: The Cookie Law (in the UK at least)

markham

Re: The Cookie Law (in the UK at least)

Arantor

Re: The Cookie Law (in the UK at least)

Nao

Re: The Cookie Law (in the UK at least)

markham

Re: The Cookie Law (in the UK at least)

Arantor

Re: The Cookie Law (in the UK at least)