The Cookie Law (in the UK at least)

godboko71

  • Fence accomplished!
  • Hello
  • Posts: 361
Re: The Cookie Law (in the UK at least)
« Reply #225, on June 20th, 2012, 06:38 AM »
How is asking users if its okay to store a cookie a stepping stone to limiting free speech? I don't follow the logic. It is in no way limiting you, about all it does is maybe add a small amount of work.

If you or the software you use ask the question, you know it was asked, so you have proof, so they can't come after you just because they have cookies from your site. Say you let the browser do the work, you have zero proof that they clicked I accept, so they turn you in and you get fined. Oh yeah the user turned off the the cookie question because they didn't read the check mark that says don't ask again.

Do you really trust browser makers to implement a standard that works worth a darn.

Plus, your site still have to interact with the browser, yes send them the cookie, okay you get to sign in, no don't send cookie. Send them to a page that explains why they can't use that part of your site. So at the end of the day you have the same extra work, it still have to play nicely with the big four.

All your freedoms are limited already anyway, your freedom can't encroach on Tims freedom over there. You can say you don't like red heads, that's your right. You can refuse to interact with redheads, that's your right. You have no right to limit what Tim the redhead does. Your right to not like him ends when you don't want.

You can still do whatever you want with your site, this law and others like it in no way limit what you as a site owner can do.
Thank you,
Boko

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: The Cookie Law (in the UK at least)
« Reply #226, on June 20th, 2012, 03:04 PM »
Quote
How is asking users if its okay to store a cookie a stepping stone to limiting free speech? I don't follow the logic. It is in no way limiting you, about all it does is maybe add a small amount of work.
The argument being made is that forcing a little regulation on site owners is the tip of the iceberg and unless it's fought back against, it'll be the start of an avalanche of regulation, which will ultimately limit what you can publish online. Not that there aren't already some restrictions.
Quote
Do you really trust browser makers to implement a standard that works worth a darn.
Given that the only other method is DNT, the second most popular browser still hasn't implemented it (and probably won't unless forced to) and the W3C are trying to mandate that DNT is turned OFF by default... no, no I don't trust them one iota.
Quote
You can still do whatever you want with your site, this law and others like it in no way limit what you as a site owner can do.
Yup. But it is mandating taking some responsibility for what goes on.
Posted: June 20th, 2012, 02:21 PM

Also note that XenForo has now introduced such measures into the forum core but they seem to be disabled by default - I'll experiment with this later on today.
When we unite against a common enemy that attacks our ethos, it nurtures group solidarity. Trolls are sensational, yes, but we keep everyone honest. | Game Memorial

nend

  • When is a theme, no longer what it was when installed?
  • Posts: 165
Re: The Cookie Law (in the UK at least)
« Reply #227, on June 20th, 2012, 06:23 PM »
Quote from godboko71 on June 20th, 2012, 06:38 AM
How is asking users if its okay to store a cookie a stepping stone to limiting free speech? I don't follow the logic. It is in no way limiting you, about all it does is maybe add a small amount of work.
Quote
Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.
Because it is forcing the action of asking a question in the body of the page.You have the right to ask the question or not ask the question. It doesn't matter if I like it or not, it is a right and all rights should be protected.

If there was a standard though this would be allot better. If the site owner chooses to ask the question the better for them, this would be the route I would go if a better browser method isn't available when a similar law hits the US. So that being stated I would be happy to explain to my users the use of cookies on my websites. However if a site owner, which is not myself, doesn't choose to ask that is honoring there freedom not to do so and somewhere the slack needs to be taken up, this IMHO should be done by the browser to protect the best interest of the user.

Like I said I believe the slack should be taken up elsewhere if the webmaster doesn't comply. Browser based compliance does not violate this amendment since it is a technology. HTML is text based and should be treated like a publication. Via the press or the internet the government does not have any say what goes into a document or publication.

This doesn't mean that I am against webmasters making things perfectly clear to the user. I really like the idea and if anything I would like a similar law but putting the regulations heavier on the browser. However with how things work this will certainly be a nightmare unless mandated, which will be another nightmare within itself.

PantsManUK

  • [me=PantsManUK]would dearly love to dump SMF 1.X at this juncture...[/me]
  • Posts: 174
Re: The Cookie Law (in the UK at least)
« Reply #228, on June 21st, 2012, 05:15 PM »Last edited on June 21st, 2012, 05:28 PM
Wow, you drop off a site for a few weeks and all hell breaks loose.

As someone that has to implement solutions for this law (my employer's website is UK hosted and for UK visitors mostly, my personal website is UK hosted and I suspect mostly EU visited, and the site for the organisation I'm president of is US hosted and for EU visitors mostly, so I/we implement for all three), the best solutions I've seen so far don't operate in-page, they overlay the page (in some way, bottom-left corner remains my preferred position) and are not too big. It's simple really, until you the user say you don't mind accepting the cookies I would like to send you, I don't send those cookies. You, the visitor, can continue to visit those parts of the various sites that don't *require* the cookies to operate.

Do I think this it the thin end of a wedge? Not really, I don't think the Internets will be locked down because of this. I'm inclined to agree with Pete on this, it's time for the content providers to take some responsibility, especially those that are using cookies for the purposes of multi-site tracking. I/we don't, but there are plenty of folks out there that do.

Do I think this will magically fix the law breakers, even once there have been a few prosecutions? Nope, I'm not that stupid (wish I could spell naive ;-) ). The law breakers that are inside the EU/US[1] will just move further offshore and further offshore and eventually they'll end up funding a corrupt state somewhere just so they can continue doing what they're doing. As long as there is no "consensus law" and individual nation states are left to their own devices...
 1. Oh, you, me and the side-board know *full* well that the US is going to enact something similar to this in the not too distant future. It's inevitable...
« What is this thing you hoomans call "Facebook"? »

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: The Cookie Law (in the UK at least)
« Reply #229, on June 22nd, 2012, 01:38 AM »
XenForo's implementation - at least what's on xenforo.com/community/ is IMHO sub-par.
Quote
This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
in the header - and then the Learn More takes you to a very bland page that doesn't really explain what the cookies are or why they're used (like the 1 main cookie and the 4 Google Analytics cookies)

nend

  • When is a theme, no longer what it was when installed?
  • Posts: 165
Re: The Cookie Law (in the UK at least)
« Reply #230, on June 22nd, 2012, 05:02 AM »
Do you have to explain all cookies on the site even external ones? How about the cookies you don't know about, the ones that could possibly be set by images or other files that the user embedded in a post? Is the site owner responsible for these cookies?

A good example of this can be Coppermine, when a image is linked it sets a cookie in the browser from the site the image is linked from. If the site the image is linked from is responsible then how would they comply since they have no interface to talk to the user?

Another example can be my news ticker script I made for forum signatures which can be embedded into a forum signature with simple BBC. It sets a cookie from the image with the time the image was loaded. When the user clicks the link which is directed at another script it loads the cookie, computes the time difference, figures what message was displayed on the news ticker and redirects.

This can be a complicated matter when looking at it, however I am sure judges can give some sites some slack if there is no way for the site to display a message to the user or the owner of the site is unaware of the cookies being set.

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: The Cookie Law (in the UK at least)
« Reply #231, on June 22nd, 2012, 05:06 AM »
Yes, you are supposed to explain external ones - at least ones you know about. I saw your demonstration, but that's something that we'll have to deal with if and when it happens. I suspect the ICO would understand the fact that site operators cannot verify all content that they do not have control of.

The bottom line is responsibility: site owners who show signs of trying to act in line with the policy will be far less viciously hauled over the coals if a complaint is made.

Mind you, the way it's all implemented, most sites aren't being particularly explicit about cookies - XenForo for example has now complied with the law but falls a bit short on thoroughness IMHO, it doesn't even mention that the analytics cookies are from Google. And the cookies are set before the user has a chance to refuse them.

nend

  • When is a theme, no longer what it was when installed?
  • Posts: 165
Re: The Cookie Law (in the UK at least)
« Reply #232, on June 22nd, 2012, 05:24 AM »
I was thinking there is nothing I can do about that news ticker to make it compliant. If I remove the cookie then the ticker doesn't work anymore.

As you can tell I quit using the ticker for quite a while ago since it doesn't work in Chrome due to APNG support. It is a nice script though, I may convert it to GIF so it will work in all browsers, but maybe there will be a law soon that will make this code illegal. I wouldn't consider the cookie harmful either, it is really a shame. :sob:

markham

  • Finally finished the Slideshow... phew!
  • Posts: 138
Re: The Cookie Law (in the UK at least)
« Reply #233, on June 22nd, 2012, 06:06 AM »
@nend: Yes but you know what cookies could be set, it's simply a case of displaying a page with their names, persistency, content and use  :). You can use this page as a model if you wish.

I'm pretty sure I'm correct in saying that you would be responsible for all the cookies Coppermine sets as that software is on your server and is serving pictures etc., to people on your site.
Re: The Cookie Law (in the UK at least)
« Reply #234, on June 22nd, 2012, 06:13 AM »
Quote from Arantor on June 22nd, 2012, 05:06 AM
Mind you, the way it's all implemented, most sites aren't being particularly explicit about cookies - XenForo for example has now complied with the law but falls a bit short on thoroughness IMHO, it doesn't even mention that the analytics cookies are from Google. And the cookies are set before the user has a chance to refuse them.
Sounds a bit like the various "solutions" offered by Wolf Software; even if you refuse to accept the cookies, it sets one anyway.

nend

  • When is a theme, no longer what it was when installed?
  • Posts: 165
Re: The Cookie Law (in the UK at least)
« Reply #235, on June 22nd, 2012, 06:27 AM »
Quote from markham on June 22nd, 2012, 06:06 AM
@nend: Yes but you know what cookies could be set, it's simply a case of displaying a page with their names, persistency, content and use  :). You can use this page as a model if you wish.

I'm pretty sure I'm correct in saying that you would be responsible for all the cookies Coppermine sets as that software is on your server and is serving pictures etc., to people on your site.
That makes perfect sense.

What we are talking about though is cookies set by another website without the forum owners knowledge and/or consent.



I hate to do another example, but here is a image above. It is a SMF attachment from another site. If you look at your cookies now there will be some new cookies in there that are not from wedge.org or authorized and/or have proper consent from wedge.org but in the browser they are associated with wedge.org and this page. If you notice there will be a few cookies from sicomm.us in the site wedge.org.

However this could be a honest user who doesn't know the image comes with a cookie. This however from what I hear is not condone.

The thing I want to know is if the news ticker is condone because I know there is no way to display a consent due to security and without the cookie the news ticker will not work.

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: The Cookie Law (in the UK at least)
« Reply #236, on June 22nd, 2012, 12:50 PM »
Quote
What we are talking about though is cookies set by another website without the forum owners knowledge and/or consent.
As I already explained, if it's being set without the forum owner's knowledge or consent but the forum owner is acting in good faith towards compliance, I doubt the ICO will have a problem, especially on user-submitted content where it is neither practical or feasible in any fashion to continually monitor every case.
Quote
The thing I want to know is if the news ticker is condone because I know there is no way to display a consent due to security and without the cookie the news ticker will not work.
This would be covered under required functionality and thus acceptable - it will not work without a cookie and functionality will be impaired through any redesign. You would still need to document this on the cookie policy page, however.

markham

  • Finally finished the Slideshow... phew!
  • Posts: 138
Re: The Cookie Law (in the UK at least)
« Reply #237, on June 22nd, 2012, 01:02 PM »
Quote from nend on June 22nd, 2012, 06:27 AM
I hate to do another example, but here is a image above. It is a SMF attachment from another site. If you look at your cookies now there will be some new cookies in there that are not from wedge.org or authorized and/or have proper consent from wedge.org but in the browser they are associated with wedge.org and this page. If you notice there will be a few cookies from sicomm.us in the site wedge.org.

However this could be a honest user who doesn't know the image comes with a cookie. This however from what I hear is not condone.

The thing I want to know is if the news ticker is condone because I know there is no way to display a consent due to security and without the cookie the news ticker will not work.
No extra cookies have been set for wedge.org but a (ie 1) cookie was set for sicomm.us called nend_sig. But thank you for highlighting a problem area - and one that really doesn't seem to be covered. I guess in this case the onus of compliance would theoretically be on sicomm.us which, unless it can obtain prior consent, shouldn't be adding cookies to its images.

Are you saying though, that were I to re-use that image in a message - posted on another site - that anyone who reads that message (but not yours posted here) will also have that sicomm.us cookie? If so, how is that possible? Has it been encoded as an animated GIF and the "animation" part is some Java that sets the cookie because that's the only way I can see this working?

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: The Cookie Law (in the UK at least)
« Reply #238, on June 22nd, 2012, 01:05 PM »
Quote
Are you saying though, that were I to re-use that image in a message - posted on another site - that anyone who reads that message (but not yours posted here) will also have that sicomm.us cookie?
Yes.
Quote
If so, how is that possible? Has it been encoded as an animated GIF and the "animation" part is some Java that sets the cookie because that's the only way I can see this working?
Images have headers just like normal web pages, the cookie is an absolutely standard part of this (it's part of HTTP of sorts), so you can trivially set a cookie on requesting an image, just like you can to request a web page.

markham

  • Finally finished the Slideshow... phew!
  • Posts: 138
Re: The Cookie Law (in the UK at least)
« Reply #239, on June 22nd, 2012, 02:01 PM »
Quote from Arantor on June 22nd, 2012, 01:05 PM
Quote
If so, how is that possible? Has it been encoded as an animated GIF and the "animation" part is some Java that sets the cookie because that's the only way I can see this working?
Images have headers just like normal web pages, the cookie is an absolutely standard part of this (it's part of HTTP of sorts), so you can trivially set a cookie on requesting an image, just like you can to request a web page.
Yup, I can understand that scenario if I were to re-post the image on another site in exactly the same way has nend has here, by embedding its URL. But I can't see that working if I were to download that avatar from wedge.org and then upload it elsewhere and include it in a message.

I guess there's no way for a site to check if such a trick is being used - by which I mean, could (eg) wedge.org prevent another site from sending its user a cookie in the way nend has illustrated?