[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Fsuk-manchester] Cookies policy of Manchester City Council's websit
|
From: |
Simon Ward |
|
Subject: |
Re: [Fsuk-manchester] Cookies policy of Manchester City Council's website |
|
Date: |
Tue, 22 Oct 2013 08:44:31 +0100 |
|
User-agent: |
Kaiten Mail |
Michael Dorrington <address@hidden> wrote:
>There is also the Information Commissioner's Office (ICO) page on the
>matter (which tries to set a cookie on visiting it without asking with
>the helpful footer of "We have placed cookies on your computer to help
>make this website better. You can change your cookie settings at any
>time. Otherwise, we'll assume you're OK to continue.".
This is fine. Browsers are much better placed to provide a user interface for
accepting and rejecting cookies, and they can do it regardless of the web site
you visit. It is a bad assumption that every site will ask you if you want to
set cookies.
>From the ICO's point of view, the EU directive was to increase the awareness
>of the use of cookies. It initially took a strict interpretation, but later
>updated it as it decided the objective was met[1].
[1]:
http://www.ico.org.uk/news/blog/2012/updated-ico-advice-guidance-e-privacy-directive-eu-cookie-law
>Looking at the articles, Manchester City Council is probably not
>breaking the law, or at least any law that is being enforced, when
>using
>cookies for a web form. However, there are alternative methods to
>cookies for this, as described in the Wikipedia article above in the
>"Alternatives to cookies" section.
Cookies are not inherently evil. They are just parts of the HTTP request and
response, the same as any other header or the data of the web site. The
difference is that a representation of the cookie is stored on your computer,
and that your browser could send it back to a completely different site if you
let it. There it is again, the browser is in the perfect place to control what
happens to these cookies.
Now, consider the alternatives. Hidden tokens in forms and URI parameters can
both be used to track state, across sites too. These can take a variety of
forms, and can be hard for the browser to detect and therefore take action on.
If we remove cookie functionality from HTTP, we essentially remove something
useful just because it can also be used badly. Worse, more sites will use the
alternatives, and it will become harder for you/your browser to manage.
That said, there's nothing to stop sites using alternative, more underhand,
methods of tracking anyway, irrespective of whether cookies exist.
Simon