UK.gov to miss another deadline on privacy The UK government will not have its regulatory house in order by 25 May when a new EU law on cookies come into force. At the same time, the Information Commissioner's Office is warning businesses to be ready for the changes, even though the government's own guidelines won't be published until after that date. Under the …
"the ICO was concerned that it could also 'cause an unnecessary burden on UK businesses' "
Woudn't it be a darn sight more accurate to say "We're totally incompetent to even think of dealing with this - just look at the complete balls-up we started with our never-ending inaction over UK ISPS who routinely intercept people's browsing for commercial gain."
Fuckwits, to a man.
really?
so you want to censor the internet and log all of our personal correspondence in a government stalkabase, but you CARE about our privacy so you are going to restrict the use of cookies? Wow. *slow clap*.
Maybe stop this fear mongering about cookies (because that's what it is) and actually EXPLAIN what they are and what they do. Not just spew nonsense like "tracky advert behavioral website file linky download" that only serves to make people confused and frightened. THEN you can work on restricting their use (note: I'm not saying this is necessarily a bad thing)
Shit a brick.
What does that actually mean?
It is not clear from the article and I'm damned if I'm reading the whole instrument in order to find out this basic explanation.
AFAIK, a website only ever has access to the cookie(s) that it creates. There is therefore no mechanism by which a web site can determine the existence of or read the information stored in cookies from other web sites.
The potential risk to privacy stems from third-party cookies that can allow an ad network (I.e. Google) to track pages that a user visits across large parts of the web.
Does this or does it not affect every website that employs the use of cookies? Or, as would be more appropriate for the threat, only ad networks that use third-party cookies?
Is every web site really going to have to ask every anonymous visitor 'is it ok to use cookies?' - to which many will answer 'no', leading them to then complain that the web site or the Internet is broken?
Cookies are valid below a specified folder on the domain. If you (as a website) ask for it to apply to the root then any other site/app on that domain can read it.
Ad cookies work by switching to another domain in an iframe so it can set it's own cookies and read them back from another site.
Now think about the average website. That facebook 'like' button is a script brought in from facebook that can set and read cookies, regardless of whether you have a facebook account, they can track you across anywhere with such a button.
A lot of pages bring in stuff from google-analytics, and that gets to set/read a cookie also.
And then there are the ad networks, and the bigger ones will have content across millions of sites. Hell, this very 'reply to post' page brings in scripts from doubleclick (google now, I believe).
So it's not as simple as cookies only being set for the site you're on, it's cookies being set for hundreds of sites you never visited explicitly but were brought in anyway.
Take a look in your cookie dialogue in your browser. There will be hundreds. This is why I recommend use of the "Cookie Monster" extension with firefox, it lets you control this stuff and switch off third party cookies while allowing the first-party ones you need to make the sites you actually visit work correctly.
How do we track users that have selected "no" so that we don't have to keep asking them on every page? Can we store it in the session... or do session cookies still count as cookies? In which case we'll have to just pass the session id along in the url... nice and secure :D
Paris, because she always gives permission to access her cookies.
That the browsers are now putting in place.
Or you could, you know, not track anyone until/unless they actually log in to your site having clicked through your terms of use. Casual browsers should not be tracked by default.
Why does everything need a session? And why is it a problem to have a session in the URL for most online activites in which any sort of session security is secondary?
which is why I see this as being a complete balls up.
you can use cookieless URL's but everythings going to have to run through an encoding and/or encryption and its easily broken because how many people never click back or use bookmarks or other browser aids to navigate?
also that is a fairly major re-write on most sites.
Be the first to find an official EU web site that meets the new directive.
Easy, isn't it?
To give you a head start, the official web site for the European Parliament Information Office in the United Kingdom , http://www.europarl.org.uk/, is FAIL. It doesn't ask permission to store cookies. It uses Google Analytics, like everyone else.
Do sites that have already set cookies have to remove them if you don't opt in? EG HMRC sets a cookie with a 5 year's life time. Can I take HMRC to court for breaking the law at any time between when the government starts enforcing this directive, and 21 Feb 2016 when their cookie expires? (I want some of my tax back!).
If a user tries to logon to a site and gets presented with "Would you permit this site to store cookies?" how many people are going to say "No" when it may as well read "Would you like this site to function correctly?"
Unless the types of cookies that are allowed is clarified this is an insane waste of time which nobody will want "protecting" them.
(Sarcastic icon for the ICO)
An online shop for instance, could not track until someone clicks an "add to cart" button, or a buy button. Then they say "we need cookies to carry on or the site won't work" and the prospective buyer then makes the decision.
I'm not sure anything more than session cookies are required even then.
A forum site which remembers the user via cookies could survive with session cookies if it made people log in every time, and be login-free if the user agrees to persistent cookies.
There are many ways to minimise cookie use, and there are many ways the user can be told (or asked) "cookies or no site for you".
This is the worst Website law I have seen in a long while, based on a complete misunderstand of cookies and privacy.
My websites store NO personal information about visitors. On the other hand, a visitor's Browser may store some information in cookies, on their Browser, but it is not personal information, and no private information is involved.
For example, a cookie called "javascript" may contain the value "true", and be related to the Web site www.example.com. When you visit the site again, rather than go through a relatively length process of detecting whether you have Javascript, it simply checks the cookie for the site, giving your a smoother and quicker visit., But as can be seen, there is no private information stored, and the site www.example.com can not check cookies from other sites.
I checked through the 3000+ cookies stored by my Browser and found the number that contain personal information, such as my postcode: none. Or contain my telephone number: none. Or my name: 6 sites where I had provided my screen name.
In other words, there is no privacy issue. And anyone with a modern Browser can block cookies if they wish.
It's not about whether the cookies themselves contain identifiable information.
It's about tracking. It can be a random number in the cookie itself, but when half the internet brings in something from doubleclick or google-analytics then google and the other ad networks can track your browsing habits and get a good picture of everything you do online.
Some people have a problem with this.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
