The Cookie Law (in the UK at least)

Nao

  • Dadman with a boy
  • Posts: 16,080
Re: The Cookie Law (in the UK at least)
« Reply #210, on June 15th, 2012, 03:23 PM »
Quote from Arantor on June 15th, 2012, 03:01 PM
Oh, yes. It's been discussed at SMF that the 'hide online' doesn't hide last online time for users, this is an extension of the same idea.
Didn't think of that one. Hmm...
Well, I suppose we could just hide it entirely, too. It's a bit annoying because sometimes you'll (at least) want to know whether someone is an active member or not, but...

Oh, maybe we could hide the item *only* if the user has been online in the last X months...? i.e. if you're no longer a regular visitor, what do you care that people know you aren't...?
Quote
There is still an issue, though, regardless of whether hide online is enabled or not - it's still logged as to what they're doing and it's still shown to admins, so even if 'hide online' is on, it's not hidden from admins. Whether that's a privacy issue is also questionable, of course.
Admins have access to the database anyway, so showing this is okay. (I added em tags around the action because AFAIK there's no other way in a profile page to see that a user wants their privacy enabled.)
(AFAIK we have only one regular lurker who's hiding his online status here, and it was helpful for my tests earlier today :P)

Now, as to whether or not we should STORE their online status in the database... I think it's asking a bit much not to do it, right..?

nend

  • When is a theme, no longer what it was when installed?
  • Posts: 165
Re: The Cookie Law (in the UK at least)
« Reply #211, on June 15th, 2012, 04:30 PM »
My argument stands IMHO, this is still a threat to freedom of speech and should be placed on the arms of the browser creators and not the content creators. My argument is any noob isn't going to know how cookies work and download or use some old software that violates the law. They may even think that their site uses no cookies.

This would be a good reason for the government to take a site offline or fine a site owner for something they may have not known they where doing. In the respect of freedom of speech these complications are just going to make things harder for new content creators and this is just the tip of the iceberg.

All these new laws and legislation are just going to mute out freedom of speech and make it more difficult for noobs to set up a website. Like I said this is just the tip of the iceberg and the cookie law isn't that bad if you know what your doing. But somebody out there is going to break this law with no idea they did so.

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: The Cookie Law (in the UK at least)
« Reply #212, on June 15th, 2012, 05:08 PM »
Quote
My argument stands IMHO, this is still a threat to freedom of speech and should be placed on the arms of the browser creators and not the content creators
You do know that even Do Not Track requires content creators to actually respect it, right?
Quote
But somebody out there is going to break this law with no idea they did so.
For the love of $deity, have you not been listening to what I've been saying? The whole point of this law is so that site developers actually take some responsibility. That means they should be reviewing the site and doing something about it. And if they're not capable of doing that, they should get someone who is - that way the site operator is showing that they've done something towards being compliant - which goes a long way towards being beaten over the head with the legal stick.
When we unite against a common enemy that attacks our ethos, it nurtures group solidarity. Trolls are sensational, yes, but we keep everyone honest. | Game Memorial

markham

  • Finally finished the Slideshow... phew!
  • Posts: 138
Re: The Cookie Law (in the UK at least)
« Reply #213, on June 15th, 2012, 06:17 PM »
Quote from Arantor on June 15th, 2012, 03:01 PM
Quote
But there is new legislation being introduced by the government which may require sites to retain information that can be used to more closely identify users should they engage in anti-social behaviour such as cyber-bullying[1] and that would almost certainly require UK-based/owned Forums to register,
Yay, more legislation from lawmakers who don't understand the workings of the law. For example, the recent ruling in favour of the lady who was bullied on Facebook. What are the odds the people who were bullying were feeding FB fake data?
Speaking as someone whose daughter was a victim of cyber-bullying a few years ago, I have absolutely no sympathy with those who are made accountable for their actions. If it was fake data, then more fool them for posting it, knowing it was false and untrue.

Libertarians please note, this has nothing to do with "freedom of speech" but everything to do with accountability. Just because the internet provides a cloak of anonymity, some misuse that to publish things that they wouldn't otherwise be able to.
Quote
My argument stands IMHO, this is still a threat to freedom of speech ...
Just how is the Cookie Law a threat to freedom of speech, nend?

godboko71

  • Fence accomplished!
  • Hello
  • Posts: 361
Re: The Cookie Law (in the UK at least)
« Reply #214, on June 15th, 2012, 07:55 PM »
Well as silly as this law may be and how it may not affect me now. I am all for the handling in core. If its based on what ever law is most stringent it means most will comply everywhere. I can't see how asking a user is it okay if I put cookies on your computer is in any way infringing on freedom of speech.

DNT is a fairy good concept but it still requires work of site owners not sure what all the hoopla about this is TBH. Sure the people making these laws are ignorant to how technology works, but at the end of the day nothing to scary yet,
Thank you,
Boko

markham

  • Finally finished the Slideshow... phew!
  • Posts: 138
Re: The Cookie Law (in the UK at least)
« Reply #215, on June 15th, 2012, 08:31 PM »
Quote from godboko71 on June 15th, 2012, 07:55 PM
Well as silly as this law may be and how it may not affect me now. I am all for the handling in core. If its based on what ever law is most stringent it means most will comply everywhere. I can't see how asking a user is it okay if I put cookies on your computer is in any way infringing on freedom of speech.

DNT is a fairy good concept but it still requires work of site owners not sure what all the hoopla about this is TBH. Sure the people making these laws are ignorant to how technology works, but at the end of the day nothing to scary yet,
Both the Cookie Law and DNT share one thing in common: the onus is on the site owner and/or his software supplier to ensure compliance.

I agree that a Wedge implementation should take the strictest case - but how far do you want to go along that road? The UK, for example, requires a single affirmative action to accept all the cookies that a site serves but other EU members may require a per-cookie acceptance. The other point is, do you combine DNT with ECL so that if a user has DNT enabled and accepts cookies from your site, do you prevent him receiving tracking cookies you would otherwise serve, or cause to be served?[1]
 1. I believe you should.

nend

  • When is a theme, no longer what it was when installed?
  • Posts: 165
Re: The Cookie Law (in the UK at least)
« Reply #216, on June 19th, 2012, 05:55 PM »
Quote from markham on June 15th, 2012, 06:17 PM
Quote
My argument stands IMHO, this is still a threat to freedom of speech ...
Just how is the Cookie Law a threat to freedom of speech, nend?
It is a stepping stone, that will soon lead to site content. The publisher should not be responsible for security concerns around cookies. It is a way of censorship by censoring ones ability or saying you must do it this way. What they are doing here is forcing their idealism onto us saying we must say this, choosing what we say is one of our freedoms.

If you don't like what is on TV you change the channel, same on internet, if you don't like the site go to another one. If anything the content provider should be reliable for some sort of rating system and content/technological description that should be transparent and handled by the browsing mechanism as it chooses. Even though a browser is perfectly capable of denying cookies on a site basis already.

The site is not the driving software, the browser is and it should be the sole responsibility of the browser to handle these things. It is the same like loading a text document, the text editor is responsible for all security concerns, not the document. All the document is for is to tell the program what it contains, how to render it, etc. It is up to the program to decipher these things and adjust on user settings.

A web page is the same, it is a document, no different then any other document you may find on your computer. Just because it is sometimes generated by another computer makes no difference, it is what it is.

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: The Cookie Law (in the UK at least)
« Reply #217, on June 19th, 2012, 06:09 PM »
Quote
It is a stepping stone, that will soon lead to site content. The publisher should not be responsible for security concerns around cookies.
Why? You're responsible for the content on the site, why should that not include cookies?
Quote
it should be the sole responsibility of the browser to handle these things.
No, it shouldn't. You have the choice of software to run on the server and you can take some responsibility for what your site does.
Quote
. It is the same like loading a text document, the text editor is responsible for all security concerns, not the document.
No it isn't. The operating system is, i.e. the system offering the file. Every single operating system that allows for multi-user handling (i.e. where security is any kind of issue, even going right back to Multics) is responsible for securing the file at the user level and it is up to the operating system whether a given file can be accessed, not by the user-land program the user is using.

Analoguously, the software that offers content to users is also responsible for dealing with security matters.

If your site doesn't need to send a cookie, don't send a damn cookie. The point of this law, as mentioned in the wording of the law and not the hyperbole the media has spun, is to make site owners review their sites and make a judgement as to whether cookies are necessary or not and if they're not absolutely required, to allow the user to make informed consent.

What I want to know is why are you so reluctant to be a fucking responsible web developer and take some damn responsibility for what your site does?

nend

  • When is a theme, no longer what it was when installed?
  • Posts: 165
Re: The Cookie Law (in the UK at least)
« Reply #218, on June 19th, 2012, 06:21 PM »
LOL, don't get upset I am just pointing out my views like we are all allowed to do.

My main concern is they are forcing content into the actual document when this should be handled at the browser level. If a message is to be displayed maybe the site can send it in the headers somehow and the browser displays it in a message window. If the site owner doesn't supply a message the browser should still display a message saying the site didn't explain its use of cookies do you still want to continue?

Implementation is all wrong and by bad implementation it does affect the freedom of speech. IMHO anything in the body tags should be the sole decision of the webmaster. If any other content needs to be sent, should it be ratings or cookies consents, it should be done in the head of the document or the headers. This is sort of similar to DNT however it is on a consent basis.

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: The Cookie Law (in the UK at least)
« Reply #219, on June 19th, 2012, 06:37 PM »
Quote
LOL, don't get upset I am just pointing out my views like we are all allowed to do.
Except I've put this question to you several times and each time you've ignored me. That is, ultimately, one of the key things behind this law, to make web site owners take some responsibility for what they do. Your entire attitude says to me 'I don't give a shit about my users as long as I can make something out of them'.
Quote
IMHO anything in the body tags should be the sole decision of the webmaster.
What about the head tags? What about the response headers? It's still content related.
Quote
This is sort of similar to DNT however it is on a consent basis.
And yet, DNT requires the site owner to adhere to it. Different side of the same coin.

nend

  • When is a theme, no longer what it was when installed?
  • Posts: 165
Re: The Cookie Law (in the UK at least)
« Reply #220, on June 19th, 2012, 07:08 PM »
Quote from Arantor on June 19th, 2012, 06:37 PM
Except I've put this question to you several times and each time you've ignored me. That is, ultimately, one of the key things behind this law, to make web site owners take some responsibility for what they do. Your entire attitude says to me 'I don't give a shit about my users as long as I can make something out of them'.
However I have provided examples of other ways to do it, what part of that shows I don't care? If I didn't care I wouldn't provide better alternatives. Better yet if I didn't care about others why did I just volunteer countless hours to design a developer portal for a Android ROM manager application, I don't know maybe I am the one who doesn't care and doesn't notice it. Maybe I should sell their emails and make a quick buck, the truth that isn't me and you know it, I would never compromise my users.

I am not casting judgement on you and would respect that you do the same. I honor your opinion and your right to it and I am not making judgment on you. I am not mad but wish you just stop with the unkind and untruthful remarks. I know life has been serving you up some hard ones lately, no reason to take it out on somebody else. Get out have some fun, you don't need all this stress and lingering here is not doing any good.

I however will follow but would prefer if a better system is put into place, there is nothing wrong with that. I would like that eventually all browser makers would provide this alternative for us. Sorry that I am not all filled with excitement over the current ways of implementation.

I have explain my ideas, nothing else left to say. I don't want to get into this any deeper.

markham

  • Finally finished the Slideshow... phew!
  • Posts: 138
Re: The Cookie Law (in the UK at least)
« Reply #221, on June 19th, 2012, 07:27 PM »
The problem is that we as a society have become increasingly reluctant to take responsibility for our actions, more so over the last 70 years[1] and it is only since 1990[2]  that we have had any legislation concerning the (mis)use of computers. The Internet has long been regarded as the "last bastion of freedom" being as it has been largely unregulated. Some have exploited the freedoms it provided and now consider any internet-related legislation as being an attack on the freedom of speech. But what they forget is that with freedoms you have responsibilities: people want the freedoms but shun the associated responsibilities.

The Cookie Law, all its faults aside, does at least put the onus of compliance in the right place and, as Arantor says, should make site owners take a hard look at their use of cookies (and other similar devices such as web beacons) and possibly cull those that really aren't that important or beneficial (yes Google, I'm looking at you). But the law is not an attack on the freedom of speech.

For Forum-only sites, there really shouldn't be a problem but for multi-software sites the problems are far greater.
 1. The formation of the National Health Service immediately post-WW2 is seen by many as the birth of "nanny-stateism"
 2. The Computer Misuse Act

nend

  • When is a theme, no longer what it was when installed?
  • Posts: 165
Re: The Cookie Law (in the UK at least)
« Reply #222, on June 19th, 2012, 07:50 PM »
You know what would be nice though, far from implementation though is something similar to the permission system of Android when you go to install a app. It tells you everything the app will have access to before you install it so you can make a decision of whether or not to install it.

This information is stored in a xml file in the compiled application and the OS handles it upon installation. If you forget to add a permission in there and your app needs it then you will not be allowed access to that resource. Any resource access has to be defined in this document, if not then the app is out of luck.

I haven't been studying HTML lately but as I understand HTML5 can store some actual files on the system. Does anyone know if these require consent or are they just like cookies are right now, transparent to the user.

However on to my point when you browse to a page, before you are allowed to view the site.
Quote
The Web Site is Requesting Permissions
Store a cookie on your device.
Site reason for this here.
Store temporarily files to your device.
Site reason for this here.
That would be nice, but far off from now. Right now have to stick with the primitive methods.

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: The Cookie Law (in the UK at least)
« Reply #223, on June 19th, 2012, 08:14 PM »
You realise that that is essentially what the law is mandating, right? Just that the responsibility is being put on the developer, not the browser, because the ICO is well aware of the browser manufacturers not having such flexibility in them.

Is it really so bad that site owners are being made to take responsibility for what their site is doing? This is what pisses me off so much, that site developers are holding their hands up and saying 'it's not our responsibility to protect the user' but they're the ones who have the power not to issue cookies in the first place...

nend

  • When is a theme, no longer what it was when installed?
  • Posts: 165
Re: The Cookie Law (in the UK at least)
« Reply #224, on June 19th, 2012, 08:57 PM »
Both need to take responsibility, sorry if I might of came across any other way. My point is the method is not all that great but it will take some time before any real nice method is implemented in any browser. Browser makers should be made accountable for adding a solution in their system for the web developers use. If the developer is not willing to follow through then browser should be able to take over and display all the necessary permission options.

Also I would like to point out I am not putting any user in danger of how I am doing things right now. I don't need a silly message to show I am protecting their best interest. So the assumption that I am not protecting my users by not following this law right now is incorrect.

I am probably going to upset people here but the law is flawed when aimed to the ones that this law is for. If they plan to break the law and abuse cookies then they are not going to announce that they are doing so or say they are doing something less threatening like keeping you logged in. From there they can encrypt the data in that cookie and no one will ever know what the data in it is truly for.

I would rather have it done right though and not the wrong way and IMHO this law still needs time. I understand though your country is allowing this time and that is great, but I feel there is allot more that can be done with a better implementation. This is my main reason for going against it because as of right now it isn't well thought out. However there is no problem with giving it a try, I don't like loose ends but at least they tried to do something.