[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fsuk-manchester] Cookies policy of Manchester City Council's websit

From: Simon Ward
Subject: Re: [Fsuk-manchester] Cookies policy of Manchester City Council's website
Date: Tue, 22 Oct 2013 08:44:31 +0100
User-agent: Kaiten Mail

Michael Dorrington <address@hidden> wrote:

>There is also the Information Commissioner's Office (ICO) page on the
>matter (which tries to set a cookie on visiting it without asking with
>the helpful footer of "We have placed cookies on your computer to help
>make this website better. You can change your cookie settings at any
>time. Otherwise, we'll assume you're OK to continue.".

This is fine. Browsers are much better placed to provide a user interface for 
accepting and rejecting cookies, and they can do it regardless of the web site 
you visit. It is a bad assumption that every site will ask you if you want to 
set cookies.

>From the ICO's point of view, the EU directive was to increase the awareness 
>of the use of cookies. It initially took a strict interpretation, but later 
>updated it as it decided the objective was met[1].


>Looking at the articles, Manchester City Council is probably not
>breaking the law, or at least any law that is being enforced, when
>cookies for a web form.  However, there are alternative methods to
>cookies for this, as described in the Wikipedia article above in the
>"Alternatives to cookies" section.

Cookies are not inherently evil. They are just parts of the HTTP request and 
response, the same as any other header or the data of the web site. The 
difference is that a representation of the cookie is stored on your computer, 
and that your browser could send it back to a completely different site if you 
let it. There it is again, the browser is in the perfect place to control what 
happens to these cookies.

Now, consider the alternatives. Hidden tokens in forms and URI parameters can 
both be used to track state, across sites too. These can take a variety of 
forms, and can be hard for the browser to detect and therefore take action on. 
If we remove cookie functionality from HTTP, we essentially remove something 
useful just because it can also be used badly. Worse, more sites will use the 
alternatives, and it will become harder for you/your browser to manage.

That said, there's nothing to stop sites using alternative, more underhand, 
methods of tracking anyway, irrespective of whether cookies exist.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]