Wedge

live627 · « Reply #**195**, on June 14th, 2012, 11:53 PM »

Rules get bent if enough people ignore them, or so they say...

Norodo · « Reply #**196**, on June 14th, 2012, 11:55 PM »

You have said a lot of things, however in reply to me you have only told me that this is a EU law (fair enough, this is not really something to think about, I'll save that for one of my anti-EU-rants), that the plugin architecture of Wedge will not allow this (fine, if there's no way around it there's nothing to discuss about this, unless you want me to comment on the plugin architecture, something I am not competent to do) and asked me if I will be so "brave" as to ignore this, something I will, for the reasons live627 state above, and because this kind of stuff gets me annoyed. As for the rest of your posts, I did not assume they were directed at me. I may however take a moment tomorrow if I have time to scour over them and reply, but for now I only read your one post.

Nao · « Reply #**197**, on June 14th, 2012, 11:59 PM »

Gotta admit this topic is ultra complicated to go through ;) even I pretty much gave up on it... That's the beauty of laws. They're too complicated and yet we are all supposed to understand them.

I'm interested in the fact that Ie10 generated backlash because people think that since it enables DNT by default, websites will decide to turn it down. However, what makes one think that they wouldn't turn it down either way? Spammers don't care about laws anyway...

Arantor · « Reply #**198**, on June 15th, 2012, 12:04 AM »

Let's see.

1. It is an EU law, yes. It is likely to be implemented in a similar fashion in the US.

2. The plugin architecture makes this awkward but not impossible to deal with.

3. There are a very large number of related matters. Even if this law does not affect you, it is still good practice to review the state of play and actually be at least partly compliant, in at least as much as reviewing what cookies the site uses and being able to justify those to users. Are you saying that you are not accountable for the software your site runs? Are you saying that you do not care about the privacy of your users?

While I dislike the way such implications can be thrown about, it is something that should be considered, whether you are required to comply by law or not. What cookies does your site issue? Do you need them? Are you actively, passively or secretly analysing your users? Are you allowing that data to be shared with third parties deliberately or accidentally?

These are things that reviewing the site and its software would bring. You as a site owner are responsible for what your site does, burying your head in the sand to these issues does not absolve you of that responsibility.

Just because you may not be subject to a law trying to protect privacy, does not mean you shouldn't try to protect their privacy!

Quote

I'm interested in the fact that Ie10 generated backlash because people think that since it enables DNT by default, websites will decide to turn it down. However, what makes one think that they wouldn't turn it down either way? Spammers don't care about laws anyway...

Who has a vested interest in DNT not being implemented? Who has a browser that does not support DNT as set out in the specification at this time? Who is also a member of the W3C? (The answer is one and the same, and it isn't Microsoft.)

Norodo · « Reply #**199**, on June 15th, 2012, 12:19 AM »

Quote from Arantor on June 15th, 2012, 12:04 AM

These are things that reviewing the site and its software would bring. You as a site owner are responsible for what your site does, burying your head in the sand to these issues does not absolve you of that responsibility.

Just because you may not be subject to a law trying to protect privacy, does not mean you shouldn't try to protect their privacy!

Makes sense, and I agree that I as a site owner have a responsibility to ensure people visiting my site don't get tracked any more than reasonably so. But not tracking people more than necessary is something I can do without having to plaster nasty banners above my sites asking people to agree with what little tracking I may have in place, and it is something I can do without government intervention. The law has a good intent, but in my opinion it misses the point entirely with implementation, and I will promptly ignore it and carry on as before.

I don't think making people plaster ugly banners on their sites protects privacy. Me actually not tracking my users protects privacy, and from my understanding of the code of the forum boards I use right now, I am not tracking people to any real extent apart from a. User info b. impersonal session info. This tracking is not being used in any way, and if I were a user and I knew this was how a website I visited operated, I would be very very fine with it, as would any sane person (I hope).

Are there sites out there that track more than they need to? Of course. Are they likely to comply with these rules any soon? Nah. Rules about what you can and can not track would be better suited, but then again that would take real courage on the legislators part, so that shit ain't happening.

Arantor · « Reply #**200**, on June 15th, 2012, 12:26 AM »

Oh, don't get me wrong, I'm well aware that the whole implementation of the cookie law is farcical. But it's making site developers go back and think about the cookies that are required and consider whether that feature is necessary. For me, that's a huge deal, because it's encouraging developers to take some responsibility - and it's making site owners do the same, which is a great thing, even if for the wrong reasons.

Quote

I don't think making people plaster ugly banners on their sites protects privacy.

It doesn't. But informing users of how their information is being used can do because it gives them the power to understand what their data is being used. I just wish it were more driven by site owners wanting to take that responsibility without having to be strong-armed into it in any fashion.

Quote

Rules about what you can and can not track would be better suited, but then again that would take real courage on the legislators part, so that shit ain't happening.

This is actually why I railed about people not reading the laws as written and relying on third party reporting on the subject. The laws are about making site owners review their software and making a judgement about things. It starts by asking 'do you need to track anything' rather than presuming that tracking is actually required.

Even a session cookie is not really required, except for analytical purposes. But would anyone think about that aspect without a review like this being put under peoples' noses?

ziycon · « Reply #**201**, on June 15th, 2012, 12:31 AM »

The way I see it is that all that's required is a line in the registration agreement to you're sites terms & conditions and privacy policy and just have a one or two line'r about cookies that are used. If someone registers then it's there own bad for not reading the too pages and you're covered.

It's a 10 minutes job for a site admin and if the site admin is worried about it they'll implement it. No need for forum software to include cookie laws/regulations unless there legally threatened.

Arantor · « Reply #**202**, on June 15th, 2012, 12:35 AM »

Apart from the fact that the ICO considers SMF's (and Wedge's) cookies beyond what is reasonable, (putting aside the privacy implications of Who's Online) the fact that the registration agreement is only barely acceptable and that in the UK, officially forum owners are actually supposed to register with the ICO for being data controllers... yes, apart from those tiny details, it's fine.

Go back and read the letter I sent them and their response. Even though I actually pointed out to them that SMF's default registration agreement does mention cookies.

Oh, and SMF's registration agreement etc. definitely does not extend to the likes of Google Analytics, which are so far beyond what is acceptable without work that it isn't even funny.

Nao · « Reply #**203**, on June 15th, 2012, 08:51 AM »

Hmm who's online is not a privacy issue per se as concerned users can hide their online status and thus activity.. No?

live627 · « Reply #**204**, on June 15th, 2012, 09:11 AM »

Yes, they can. But the majority don't bother. So, moot point...?

Nao · « Reply #**205**, on June 15th, 2012, 09:32 AM »

I think so.

However... Bug report?
I had a look at determineAction(), in Who.php, and it never tests for mem.show_online, assuming that if the user isn't shown in the Who's Online list, the action won't be shown either...

*However*, because Wedge also shows their current action in the profile summary, it should test whether the user is online or not, and whether they want their online status to be given away or not.
Is this a SMF or a Wedge bug? From a look at the *code*, it looks like if a user is online, their Online icon is green regardless of their privacy settings, and their current action is indicated. I'm pretty sure that if a user doesn't want to "show up in the online list", they certainly don't want their online status to be given away either...? (Heck, we could even *hide* the icon everywhere it shows up, whether online or offline, for non-admin members...)

Is that something relevant...?

Norodo · « Reply #**206**, on June 15th, 2012, 11:04 AM »

Quote from Arantor on June 15th, 2012, 12:26 AM

I don't mind having to think about privacy and I think it's a good thing that people do, but saying that this makes people think about privacy is like making police wear pink suits for people to think about police more, but only if the police are outside the police station (A solution that strikes way more police than it probably should, just like this law strikes way more sites than it should). It's just not a good approach. The thought behind it is good. I don't mind the govt having a snoop around those pesky Facebook "Like" buttons that track you whether or not you utilize them, but when they start punishing hobbyists like me who are acting in good faith, that's just silly and makes me want to kneejerk at them, something I probably will.

markham · « Reply #**207**, on June 15th, 2012, 12:03 PM »

Quote from Arantor on June 15th, 2012, 12:35 AM

Apart from the fact that the ICO considers SMF's (and Wedge's) cookies beyond what is reasonable, (putting aside the privacy implications of Who's Online) the fact that the registration agreement is only barely acceptable and that in the UK, officially forum owners are actually supposed to register with the ICO for being data controllers... yes, apart from those tiny details, it's fine.

Go back and read the letter I sent them and their response. Even though I actually pointed out to them that SMF's default registration agreement does mention cookies.

Oh, and SMF's registration agreement etc. definitely does not extend to the likes of Google Analytics, which are so far beyond what is acceptable without work that it isn't even funny.

Actually I'm not so sure about that as things are right now. The advice I've been given suggests that log-in names, email and IP addresses can be stored without having to register as a Data Controller. But there is new legislation being introduced by the government which may require sites to retain information that can be used to more closely identify users should they engage in anti-social behaviour such as cyber-bullying[1] and that would almost certainly require UK-based/owned Forums to register,

1.	Similar legislation is also being proposed in the US and the Philippines but with different aims in the latter case where there will be a definite affect on the freedom of speech.

Arantor · « Reply #**208**, on June 15th, 2012, 03:01 PM »

Quote

Is that something relevant...?

Oh, yes. It's been discussed at SMF that the 'hide online' doesn't hide last online time for users, this is an extension of the same idea.

There is still an issue, though, regardless of whether hide online is enabled or not - it's still logged as to what they're doing and it's still shown to admins, so even if 'hide online' is on, it's not hidden from admins. Whether that's a privacy issue is also questionable, of course.

Quote

It's not a good approach

I know that. But can you imagine anything else that's going to get any number of sites to actually consider what they're doing about privacy? Sites have shown more than once that they don't care - and if there's no penalty to being lax, they'll keep doing it. This law, however badly implemented, is at least understanding that privacy is being eroded in favour of companies who want to monetise you. And it IS getting sites to consider how they're doing things, the fact that we're having this debate is proof of that.

Quote

I don't mind the govt having a snoop around those pesky Facebook "Like" buttons that track you whether or not you utilize them, but when they start punishing hobbyists like me who are acting in good faith, that's just silly and makes me want to kneejerk at them, something I probably will.

Yup. I take much the same view, but I can also argue about my cookies because I know what all of them do ;)

Quote

The advice I've been given suggests that log-in names, email and IP addresses can be stored without having to register as a Data Controller.

That is also the same understanding I have, though you'll note the reply from the ICO is a bit vague on that point.

Quote

But there is new legislation being introduced by the government which may require sites to retain information that can be used to more closely identify users should they engage in anti-social behaviour such as cyber-bullying[1] and that would almost certainly require UK-based/owned Forums to register,

Yay, more legislation from lawmakers who don't understand the workings of the law. For example, the recent ruling in favour of the lady who was bullied on Facebook. What are the odds the people who were bullying were feeding FB fake data?

Norodo · « Reply #**209**, on June 15th, 2012, 03:22 PM »

Quote from Arantor on June 15th, 2012, 03:01 PM

And it IS getting sites to consider how they're doing things, the fact that we're having this debate is proof of that.

But I already concidered this before deciding not to sign up for Google analytics. I'm lazy. I don't like to think again just because buerocrats tell me to. :whistle:

The people who are doing malicious stuff already thought things through and said fuck it, we'll do it even if it's unethical.

Wedge

Home

Login

Register

live627

Re: The Cookie Law (in the UK at least)

Norodo

Re: The Cookie Law (in the UK at least)

Nao

Re: The Cookie Law (in the UK at least)

Arantor

Re: The Cookie Law (in the UK at least)

Norodo

Re: The Cookie Law (in the UK at least)

Arantor

Re: The Cookie Law (in the UK at least)

ziycon

Re: The Cookie Law (in the UK at least)

Arantor

Re: The Cookie Law (in the UK at least)

Nao

Re: The Cookie Law (in the UK at least)

live627

Re: The Cookie Law (in the UK at least)

Nao

Re: The Cookie Law (in the UK at least)

Norodo

Re: The Cookie Law (in the UK at least)

markham

Re: The Cookie Law (in the UK at least)

Arantor

Re: The Cookie Law (in the UK at least)

Norodo

Re: The Cookie Law (in the UK at least)