Share/E-mail This Story

Email This



EU's Cookie Law Should Crumble

from the not-a-good-situation dept

A bunch of folks have been sending in versions of this story about new EU cookie rules that will require anyone placing cookies on your computer to first get consent. This is the sort of law that is passed by people who don't understand the technology at all, and misinterpret "cookies" as automatically being malicious. This is the sort of thing that people who were first understanding the web got concerned about a decade ago, until they realized it was nothing to worry about. Except... it appears some people haven't quite figured that out yet, and tragically, they make laws in the EU.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    A Dan (profile), Nov 13th, 2009 @ 1:57pm

    Oddly familiar

    The description on the linked website reminds me immediately of UAC in Windows Vista. It may sound good in theory to ask someone if you want to do something they may not want. But, in practice, that results in an excessive number of messages and clickthroughs any time a user wants to do something, well, useful.

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    Dark Helmet (profile), Nov 13th, 2009 @ 2:07pm

    Question...

    Am I the ONLY one the manually goes through my cookies folder every now and again and deletes any that aren't super familiar to me?

    Or are you Europeans too busy drinking wine, eating cheese, and trying to figure out how the fuck the EU got to be the Fourth Reich to do that kind of thing?

    ;)

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymoose, Nov 13th, 2009 @ 2:09pm

    ...and another case where people who care about this sort of thing already have tools to control them e.g. any of the dozens of cookie control plug-ins, private browsing options or cookie settings baked into the browsers already..

    Governments... meddle.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    duckling, Nov 13th, 2009 @ 2:17pm

    Re: Question...

    I stop them from being placed in the first place, and regularly delete them all. There's software for that, no need to do it manually.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Chris, Nov 13th, 2009 @ 2:23pm

    Re: Re: Question...

    There's no need for a law either. There is already software to allow/disallow cookies. It's called a browser. The settings are already there, usually in privacy mode even.

     

    reply to this | link to this | view in thread ]

  6.  
    icon
    Dark Helmet (profile), Nov 13th, 2009 @ 2:26pm

    Re: Re: Question...

    "I stop them from being placed in the first place, and regularly delete them all. There's software for that, no need to do it manually."

    I'm sure there is. If it isn't strictly about network security, I'm kind of a technotard. I know a little about everything, and a lot about nothing.

    Hell, I'm right now trying to figure out how to turn my amatuerish PDF eBook into a torrent file and get you fuckers reading it ;)

    See? If I was one of those viscious raporist pirates, I'm sure I'd already know how to do that!

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    Chris in Utah (profile), Nov 13th, 2009 @ 3:13pm

    Re:

    Couldn't have said it better myself.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    techdirtReader, Nov 13th, 2009 @ 3:56pm

    I don't like the idea of a persistent cookie unless it is a service that has a logon. Washington Post makes everybody login. People can reasonably deduce that the Post can track what they do at the Post.

    Multisite tracking cookies do bother me. They don't announce themselves. They just track. I don't know what the proper remedy is. I am not claiming the regulation is the answer. Just saying I am bothered by them. I would estimate more would be bothered if they understood, but they don't.

    Yes, there are tools to remedy the problem, but only the tech savvy know about them. I can't imagine the time it would take me to get my mom up to speed. It would be impossible.

    I recommend TACO and BetterPrivacy firefox extensions. TACO will automatically setup opt-out cookie values for the famous tracking companies. BetterPrivacy will delete flash cookies (or cookie equivalents) upon browser close. Up until two months ago, I didn't even know about the existence of flash cookies.

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    Azrael (profile), Nov 13th, 2009 @ 10:56pm

    Re: Question...

    Nope, me too. And i've set the cookie rule to Ask before accepting. Why? Because it's very easy to get cookies from some sites your employer would find as a reason to fire you, especially when the cookies are from ads placed in totally benign (or even work related) sites.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Nov 13th, 2009 @ 11:38pm

    Re: Question...

    No you are not the only one to go through your cookies ... GRIN .... you red wine drinking, cheese eating, hairy under armed wanna be french man ....

    ... Big Ole Grin

     

    reply to this | link to this | view in thread ]

  11.  
    icon
    Ralph-J (profile), Nov 14th, 2009 @ 1:15am

    Automatic Cookie Acceptance Mode

    What if browser makers decided to add automatic cookie acceptance as the default in the newer versions of their browsers? Since the new law only applies to third parties actually carrying out the "storing of information on the equipment of a user" (in other words the websites that want to track their users), it doesn't seem to apply to the makers of user software.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Doh, Nov 14th, 2009 @ 9:07am

    Re: Automatic Cookie Acceptance Mode

    I guess it would be time to remove them manually, just like we used to do.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Nov 14th, 2009 @ 1:43pm

    There are cookies and there are "cookies".

    There is the normal cookie that nobody cares about and that can be easily deleted or viewed by anyone and there is the super-cookies like flash cookies that few know about it or the new standard DOM storage.

    DOM Storage can be used to store large amounts of information that can then be upload to somewhere like the Halfnote app does.

    https://developer.mozilla.org/en/DOM/Storage

    It is starting to get a bit scary indeed.
    The Flash cookies can store information too and can be controlled by a flash application that can record and store things. Is that not a bit scary?

     

    reply to this | link to this | view in thread ]

  14.  
    icon
    bugmenot (profile), Nov 14th, 2009 @ 2:57pm

    so Your to rely on the ignorance and apathy of the general population to ignore security: "out of sight out of mind as it were!"

    clearly your not thinking this through, its a good thing.

    and re-enforces all the old law we already had availanle to protect our personal data streams and our personal copyrights....

    theres a twist, using copyright for the protection of the people.... Not the Corporations.

    think about it.

    https://nodpi.org/2009/11/05/eu-telecoms-package-bad-news-for-advertisers/
    "...
    Personally I don’t see this as a bad thing because people need to be more aware of what data they are giving away and what it is being used for – so I am all for a little bit of inconvenience or annoyance to educate the general public on privacy. But many people will be annoyed about it.

    However, on the positive side – this also means that tracking cookies (which are used by a countless number of advertising networks and behavioural profiling companies) and Local Stored Objects (LSO or Flash Cookies) – will now also have to present users with a clear explanation as to what they are, what they collect and what they will be used for.

    As we saw in a recent research paper over 60% of consumers in the US do not want Behavioural Advertising so it is reasonable to assume the same would most probably apply with EU countries as well – in fact we may well see even more people opposed to it in EU states given the last couple of years of campaigning on the subject by privacy advocates (such as the members of this web site) meaning it is very much an issue which is in the public focus.

    This is exactly what companies like Phorm and Audience Science did not want to happen – Opt-Out meant they could rely on the ignorance and apathy of the general population not to bother with opting out meaning they would capture a large percentage of the market without the consumers even knowing what was going on.

    Now however, not only must they get permission from people (opt-in) but they also must give truthful and accurate information to consumers as to what they are doing – which is far more likely to illicit a reaction of NOT opting in as people do not want to be tracked.

    This is going to hit the bottom lines of these companies very hard indeed and it is likely (in my opinion) that their revenues are in for a dramatic decline. I would be suprised if they can capture even 30% of the market with the new regulations – a long way from the current 90+% they probably have under Opt-Out models.

    The changes would also make it illegal for companies to reset traditional cookies or gather behavioural information with Flash Cookies (LSO) without consent – which has become a new trend as advertisers realised they could bypass countermeasures which led to the deletion of their tracking cookies from users machines (such as deleting cookies when a browser is closed or only allowing session cookies – which are popular features of modern browsers and plugins).

    Of course, as always – the devil is in the details. We need to keep pushing parliamentarians to make sure that this is added to UK law in an appropriate way.

    ....
    "

     

    reply to this | link to this | view in thread ]

  15.  
    icon
    bassmadrigal (profile), Nov 16th, 2009 @ 2:15am

    Re: so Your to rely on the ignorance and apathy of the general population to ignore security: "out of sight out of mind as it were!"

    The one issue I see with your arguement is that so many people will just end up clicking to agree to them. Sure at first they might read through them, but how many people actually read through EULA's? Most of the time people will just look for that box that is near the sentence that starts with "I Accept".

    The fundamental problem with this, is the majority of people don't want to be constantly bombarded with messages to allow or deny. This is one reason why so many people hated Vista's UAC.

    Now, one way I could see that they could implement this, is only if it covers cookies not placed by the original domain. So if you go to example.com that site can place any cookies, but if an ad on that site from advertising.com it would request permission for it.

    I still think this is a bad idea. The more security popups we get the less time we will take to read them until you just blindly click yes. Then we are no better than we were before except getting ticked off anytime the stupid popup comes up.

    If you are worried about this, learn enough to be able properly use your browser. Whether you are making use of the features of the browser itself, or adding additional features with addons/plugins.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Alexander Hanff, Nov 16th, 2009 @ 7:57am

    You all seem to have not understood the issue

    First I find it shocking that the author of this article has failed to do any due dilligence and has instead merely taken what Out-Law published as fact - when in reality it is far from it.

    Pinsent Masons (who are Out-Law.Com) represent some of the largest organisations in the UK from this industry so naturally their viewpoint is going to attempt to shroud the public from the real interpretation of the ammendments in order to make noise for their clients.

    As was discussed last week at the BEUC 2009 Forums - the Telecoms Reform Package makes it very clear that the use of cookies which are needed to make the site function (such as login cookies, session cookies, shopping carts cookies etc.) will not require consent. Therefore the only cookies which will be effected by the regulations are 3rd party tracking cookies, marketing cookies etc. and is it a good thing that they should require Opt-In? Damn right it is.

    Furthermore, there is no reason for these to acquire consent every single time as a single control setting could be provided to the user for persistent consent.

    But more importantly, the ammendments are not just about cookies. They also protect the consumer from LSOs (Local Stored Objects aka Flash or Silverlight Cookies) which are being used more frequently to track consumers and even to respawn traditional cookies which users have deleted (which is so unethical it goes beyonds words). Also this new law will make drive-by adware/nagware/malware which are installed via active x controls and browser technologies - illegal without consent. It also expands even further in that it would outlaw the use of javascript to access a consumers browsing history.

    It is interesting to see that Out-Law claim this ammendment was slipped in through the back door and no-one knew about it...utter rubbish. I was speaking to someone from the EU Parliament on Friday and they assured me that the 5(3) Ammendments were very strongly lobbied against by industry.

    Message of the day? Actually do some research instead o just believing what you read on Out-Law.Com and you might develop a better understanding of the issues being debated.

    Alexander Hanff

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    known coward, Nov 16th, 2009 @ 11:01am

    i miss the point

    anytime anything is installed on a persons personal puter that person should be asked about it.

    Good for the EU.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Manfred Rolle, Nov 25th, 2009 @ 1:34am

    Cookies

    Find EVERYTHING you should know about cookies here:

    http://www.maxa-tools.com

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Cookie Pooper, May 19th, 2010 @ 4:06pm

    Deleting cookies and Killing Flash speeds up my PC

    Deleting cookies and Killing Flashplayer speeds up my PC.

    But I have to reinstall Linux to Kill Flashplayer.
    But Linux reinstalls faster than Windows boots!

    And I only have to do that when it slows down or
    if I misspell my favorite websites
    (and end up on everyone else's favorite websites).

    But right now I'm pissed because Flashplayer installs
    without permission even when its blocked, on any popular browser,
    so I have to use open source ones with the Flash hacked out.

    Flash LSO cookies have ROOTKITS in them,
    and that means they let other people hack in and remote control
    your computer!!! --- And STEAL stuff using your passwords too!
    And spam your friends using your email.

    Maybe I should move to Europe? :)
    Where everyone knows more about computers than
    the people who invented them forgot!

    Web cookies are as yummy as a poop sandwich!

    Social Network websites have more poop cookies than a dairy barn!!!

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This