Cookie monster

There’s been quite a bit of chatter in the press about the new EU cookie law, which comes in to force today. For those who don’t know, a cookie is a small text file placed on your computer by your web browser when you visit a website. Cookies are used for useful things like indicating that you’ve logged into a website or storing the contents of your on-line shopping basket. Like most pieces of technology they can also be abused, tracking your web use without you knowing. There’s also a large grey area between legitimate and illegitimate use of cookies, which don’t directly benefit you but do benefit third parties, like serving you targeted adverts based on sites you’ve been viewing or helping web site owners track your activity around their website.

Cookies are everywhere on the web. A quick look in my browser’s settings shows a couple of hundred of them on my machine at the moment. This law means that every website has to declare what cookies it sets on your computer, what each is used for and let you accept (or reject) the use of those cookies. Well, at least the sites based in the EU do. I’m all for web privacy and it’s ironic that this law is being implemented to protect people’s privacy at the same time that other laws are being proposed to do the opposite. But it’s not simple to ensure you’ve complied with the law and most businesses are still figuring out what to do about it. It seems that even personal websites are covered by this law, which presents a massive implementation, communication and enforcement problem.

It’s also quite tricky, technologically. I use WordPress to run both this blog and my wedding photography site. Several WordPress plugins try to set cookies as soon as you visit the site, whilst the new law wants site owners to give people visiting the site the opportunity to opt out before any cookies are set. Someone could find my site from a search engine and land on any one of the four hundred or so pages, so a notice on the landing page doesn’t seem to be enough. I also use Google Analytics, which sets its own cookies as soon as a page is viewed. I used this neat Firefox extension to find out what cookies my site is setting. I will also being trying out this extension to WordPress which has been developed specifically in response to the new cookie law.

I remember when I had a piece of anti-spyware software on my PC that popped up an alert every time a website tried to set a cookie. It became a frustrating experience to browse the web with every site bringing up a slew of alerts. If this new law serves to force businesses to examine their use of cookies more carefully and to curb the most excessive and intrusive use of them, then great. But it seems like this law won’t be terribly effective at actually preventing abuse of cookies and will create a lot of work for private website owners, community groups, small companies and large corporations alike.

How has this law affected you? Are you ignoring it and hoping that it goes away or have you had to design and implement something to help you comply with it?

Be Sociable, Share!
    Pin It

    One Response to Cookie monster

    1. skierpage says:

      Most cookies are laziness on the part of sites. Browser form history will remember your username and login for a site, and once you’re logged in the site can write & read your profile, which you should be able to review and edit and clear. The only persistent cookie should be a token for “Remember me”, but that would be even better served by a browser login like Persona that you can tell “Automatically log me in to tonywhitmore.co.uk.

      The bigger privacy problem these days is the god-awful mound of code behind all those tweet/like/+One buttons. Every single one of them is contacting home for script or an iframe or image, so all those companies get an HTTP Referer telling them that a browser with their token (i.e. me) has visited your page. (A similar thing happens for all the ad tracking and analytics agencies). I use Ghostery to block them all. Like logging in, sharing stuff should be a facility of your browser, not a collection of 5-20 bloody buttons and slow script on every page on the web.

      I doubt the European law will cover this combination of HTTP referer to third-party sites. Your site isn’t setting a Google PlusOne cookie, you’re just linking to https://plusone.google.com/_/apps-static/_/js/plusone/p1b,p1p/rt=j/ver=sMBgdTxQ0SU.en_US./sv=1/am=!x9F5bRECv-7SjYd0/d=1/rs=AItRSTPpMTYpeM3oR5zwRhId3EGNR4xMzQ (Thanks, internet, I really needed that 😉 )

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    Comment Spam Protection by WP-SpamFree