

Implementing New Cookie Law Drops Use by 90% - dmytton
http://chinwag.com/blogs/sam-michel/cookiepocalypse-implementing-new-law-drops-use-90

======
wccrawford
Yes, the lack of tracking cookies is doom and gloom for those who want to
track people.

That's kind of the point of the law. People should be free not to be tracked.

Here's an interesting question, though. Does the law prevent you from
preventing users from using the site if they don't accept the cookies? Free
websites each some of their money from advertising, and they optimize that
advertising (among other things) with tracking cookies. If websites start
demanding that you accept cookies, it won't be long before there are 'auto-
accept cookies' plugins and such for lazy web users.

Because let's be honest. If people -really- cared they'd block the cookies
with a plugin or refuse to visit sites that use them. And most people haven't.

~~~
corin_
"Yes, the lack of tracking cookies is doom and gloom for those who want to
track people."

I believe that _some_ level of tracking should be allowed by default, unless a
user goes out of their way to avoid it.

Much the same as walking into a supermarket, I don't want them knowing what
shop I just came from, and what I usually buy (unless I sign up for that
stuff), but if they want to count how many times I visit in a week, or what
sex I am, anonymously, why should I get a say in stopping that?

Possibly biased given I work in digital marketing, but I don't think so.

~~~
underwater
Maybe a good compromise would be to disallow session based cookies without
opt-in. Sites could still store values like 'visits=11;opt-
in=rejected;zip=94304;locale=en_US'.

It would be much more transparent as to what the site is tracking and
relatively easy to police.

------
stingraycharles
For what it worth, The Netherlands accepted a law last tuesday that requires
excplicit opt-in for all third-party cookies for all websites that are aimed
towards a Dutch audience. The industry is required to comply by the summer of
2012, altough it claims it's not possible to implement this law, since it
requires the use of cookies to keep track of the visitor's preferences.

The industry in The Netherlands continues to implement the opt-out registry
found at www.youronlinechoices.org, since it sees the law as not technically
possible.

[http://www.iab.nl/2011/06/21/kamer-stemt-voor-
ondubbelzinnig...](http://www.iab.nl/2011/06/21/kamer-stemt-voor-
ondubbelzinnige-toestemming-cookies-branche-gaat-door-met-volg-me-niet-
register/)

Google translate:
[http://translate.google.com/translate?js=n&prev=_t&h...](http://translate.google.com/translate?js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&sl=nl&tl=en&u=http%3A%2F%2Fwww.iab.nl%2F2011%2F06%2F21%2Fkamer-
stemt-voor-ondubbelzinnige-toestemming-cookies-branche-gaat-door-met-volg-me-
niet-register%2F)

------
olliej
This isn't surprising, people don't want to be stalked online anymore than
they want to be stalked in the real world. If sites are worried about having
to bring up a big dialog saying "please let us track you and everything that
you do" hurting their site traffic perhaps they should just give up on
tracking users.

If 90% say no to a dialog there probably isn't much point in asking, and
asking probably turns people away from your site. The only reason that this
kind of stalking didn't turn people away in the past is because it was hidden
from them.

~~~
pyrhho
Your analogy to real-world "stalking" breaks down a bit. For one, real stores
_do_ record customers. It's called security cameras. If you're in someone's
store you should assume that they have video of you there. Why should that be
any different on the internet? If you visit my "store" I should be free to
record that.

Secondly, and more importantly, you make it seem like the user is merely an
innocent victim, however the user is choosing to use a browser which accepts
and explicitly sends cookies with every request. If they don't like that they
are free to turn off cookies in their browser, or use a browser which doesn't
accept cookies.

edit: fixing typo

~~~
X-Istence
Your analogy to an online store breaks down as well ... you have a users IP
address, and what part they accessed, thus you have logged this user.

What supermarkets don't do and what cookies do allow now is for you to track
said user over multiple visits. If I go to a supermarket and buy food and pay
with cash, they don't have a record of me having come in three days ago to
purchase the exact same items. With a cookie that is set for 12 years in the
future you will know it is me visiting again, and again, and again.

------
larrik
Title is very misleading. New cookie law drops analytics tracking by 90%.
Effects on "Use" is impossible to guess from this data.

~~~
corin_
It dropped use of cookies by 90%.

------
jasonkolb
Ok, so the law makes cookies illegal. What about browser fingerprinting? Does
the law say anything about that? (I did a quick Google search and was unable
to find the text of the law)

If browser fingerprinting or other covert tracking devices aren't spelled out
in the law, this isn't going to mean squat. If you're not familiar with this
technology, go to <http://panopticlick.eff.org/> and see just how unique you
look. You'll be surprised.

~~~
Silhouette
This is the pinprick in the balloon: the rules relate to storing information
on your visitor's system, not to anything they send you anyway that you keep
on your own server. Given that (for reasons I've never understood) most
browsers are quite happy to send a near-unique set of data every time they
request a page, I expect a whole bunch of tools will rapidly rise to
prominence over the next few months for precisely this purpose.

Edit: Also, the law does _not_ make cookies illegal. There is way too much FUD
in the discussions of this topic. The rules are about restricting cookie use
(a) without explicit user consent and (b) to do things that aren't necessary
to provide a service the user has requested.

The basic position is not unreasonable, they're just perhaps not going about
it in the most helpful way. But most of the vehement criticism is coming
either from people who don't understand or from people who have built a
business model by doing unsavoury things and don't like that they just got
spanked for it.

------
pittsburgh
Go visit <http://www.ico.gov.uk/> and notice the large cookie warning at the
top of the page. I'm all for empowering users and increasing their privacy,
but it's going to become very annoying if this starts to appear on a lot of
web sites.

EU citizens will complain about this law when the web starts to act like
Windows Vista, constantly asking for your permission.

~~~
Silhouette
This issue is directly relevant to something I'm working on, so I went to
visit the ICO page when the rules changed a few days ago. I actually laughed
out loud. The sort of totally-overdone-in-your-face-don't-ignore-
me-I'm-important presentation they have chosen is completely unnecessary under
the new rules, and just makes them look like fools (which is a shame, because
most of the time the ICO are reasonably clued up and some of the good guys).

I also had cause to visit a handful of other government web sites that day.
Every single one of them was blatantly illegal under the new laws.

------
tow21
Someone correct me if I'm entirely wrong, but I thought the point of the law
was to stop _third-party_ cookies being used to track users.

That is, if you want to track your users - that's fine, use as many cookies as
you like and don't ask anyone's permission. But it's your job to do the
tracking, you can't outsource it to Google.

~~~
Silhouette
> Someone correct me if I'm entirely wrong

I'm afraid you are indeed entirely wrong. The rules are not specific to third
party cookies. There are some very tight exemptions for cookies or similar
technologies where their use is genuinely necessary to provide a requested
service, such as for remembering that someone is logged in or the contents of
a shopping cart. Anything outside that scope, including using the same cookies
for tracking/advertising purposes, is against the rules without explicit user
consent.

~~~
tow21
Thanks. After reading the ICO's guidance, so it seems. I was, in fact entirely
wrong.

As someone elsethread pointed out, if this is taken seriously, people will
just start browser fingerprinting. That at least means that the information is
stored server-side rather than client-side, which the new directive seems
particularly concerned about.

