

CloudFlare To Launch Service For Sites Dealing With Tortuous EU Cookie Law - spahl
http://techcrunch.com/2012/05/25/cloudflare-to-launch-service-for-sites-dealing-with-tortuous-eu-cookie-law/

======
jacquesm
The simple solution is to forbid 3rd party cookies (and while we're at it
third party JS as well, which I think is a much bigger problem than 3rd party
cookies. I'm sure that will send shudders through the industry). And enforce
it at the browser level by default and put up a big fat warning what the
consequences are when you disable it.

That way we don't need to have silly laws that nobody will respect and we can
all get on with making stuff work.

Third party JS opens so many cans of worms that I think it would be better if
we just forgot about that whole idea, it'll never be secure and it puts too
many juicy bits in the wrong hands.

~~~
ohgodthecat
Well third party javascript makes a lot of people money how do you propose we
get around their buying power?

Also what would the limits be of third party javascript be? Would it be
allowed on the domain level so people could still use CDN's and other things
easily such as cdn1.example.com, etc... if so It probably could be okay then
people could use CNAME or A records to link to their legitimate third party
javascript like analytics and ads and it could take away a lot of the
possibility of malicious third party javascript.

The web however would probably have to change a bit because a lot of websites
use third party javascript depending on your definition of it such as google's
1e100 domain and other such cdn measures that aren't necessarily served from a
domain record.

------
Zirro
This passed in Sweden about a year ago, as required by the EU-directive.
What's happened since? Essentially, nothing.

While a few government-related sites show information on cookies and a
checkbox for opting in, noting that the site may not work properly otherwise,
the average site has made absolutely no changes.

I think this proposal sprung from good intentions, but has been executed
poorly. It's likely aimed at reducing tracking-cookies, something which most
of us would consider a good thing, but this is clearly not the right way. I
know of no person or site that has gotten in legal trouble for not showing
this "Cookie-warning" or an opt-in button. It's simply unenforceable.

~~~
Karunamon
>I know of no person or site that has gotten in legal trouble for not showing
this "Cookie-warning" or an opt-in button. It's simply unenforceable.

Nor should it be. The day this becomes massively enforced (god forbid) is the
day that an adblock-esque plugin will be created to bypass all of this idiotic
government mandated nonsense. Those options exist in web browsers already.

And it is nonsense. It does nothing to protect users, for one. The average
user has no idea what a cookie is, and will either blindly click accept or
move on.

For two, its the government getting their hooks into mandating specific
content on the web. Yes yes, slippery slope is a logical fallacy and all that,
but when it comes to government expansion of power, it tends to ring true.

For three, it's a pain in the ass. I really _do not_ care what kind of cookies
random sites are sending me. If I did care, I'd be running a plugin to deal
with it or changing my browser settings accordingly.

Fourth, it's more work for web developers for questionable benefit.

Maybe this is just me being a typical ignorant American, but this kind of
nannyism is downright offensive to me.

~~~
mattmanser
They may have severely screwed up the implementation but there's very real and
very murky tracking going on through ad networks using cookies and any other
way they can think of. This is what the legislation was aimed at, but it went
totally OTT.

99% of the time, there is no good reason for anyone to know what different
sites I visit. Nor does anyone have any reasonable expectation that it is
happening to them.

Also why an adblock-esque plugin? That really makes no sense to me. This is
about a server not being able to set a cookie without explicit consent, I
can't see how a plugin would help.

~~~
Karunamon
>I can't see how a plugin would help.

Either a "yes I accept the damn cookies everywhere" (you know, the hassle free
system we have now) or a "no I don't accept the damn cookies anywhere" option.

People have an interesting way of engineering around annoyances.

~~~
mattmanser
It would obviously be the latter right? Because who wants some random
advertising agency putting together you like concentrated acid and bathtubs?

Just me?

~~~
Karunamon
You already have that option in your browser. It's called "disable cookies".

------
jgrahamc
A common misconception of the EU directive is that it applies to cookies only
leading to many technical people to laugh about it. Any method of storing
information in the user's browser is covered:
[http://en.wikipedia.org/wiki/Directive_on_Privacy_and_Electr...](http://en.wikipedia.org/wiki/Directive_on_Privacy_and_Electronic_Communications#Cookies)

Article 5:

3\. Member States shall ensure that the use of electronic communications
networks to store information or to gain access to information stored in the
terminal equipment of a subscriber or user is only allowed on condition that
the subscriber or user concerned is provided with clear and comprehensive
information in accordance with Directive 95/46/EC, inter alia about the
purposes of the processing, and is offered the right to refuse such processing
by the data controller. This shall not prevent any technical storage or access
for the sole purpose of carrying out or facilitating the transmission of a
communication over an electronic communications network, or as strictly
necessary in order to provide an information society service explicitly
requested by the subscriber or user.

------
andrewcooke
the bbc recently changed to reflect this law (i assume). i don't know whether
the law is tortuous or not, but the bbc's implementation was clear, easy to
understand, and helpful. i used it to protect my privacy. seems like a good
idea to me.

[http://www.bbc.co.uk/privacy/cookies/managing/cookie-
setting...](http://www.bbc.co.uk/privacy/cookies/managing/cookie-
settings.html)

~~~
mibbitier
You can use your browser to protect your privacy - disable cookies.

Also the idea that disabling cookies somehow achieves something, is very
naive. You'll still be tracked by any website that wants to track you. Your
browser is uniquely identifiable.

Adding messages to every website that exists is unnecessary, and idiotic.

~~~
andrewcooke
i already use ghostery, disconnect, do not track plus, and adblock. but i use
the bbc site frequently, and want to be able to use the site well, while still
avoiding ad-tracking. the new interface allows me to disable my "broad
spectrum" tools and use a more nuanced approach. and yes, i do trust them.

more than that, this is the kind of interface my parents could understand and
use.

finally, if i am an idiot then you're the dickwipe of humanity, a festering
boil that should be lanced (with a cattle prod, anally), and a poopy-pants.
you also come across as rather dull.

~~~
mibbitier
> "i already use ghostery, disconnect, do not track plus, and adblock."

> "you also come across as rather dull."

Good one!

