Should Governments Mandate Cookie Transparency?

from the is-that-needed? dept

Wed, Mar 9th 2011 6:56pm — Mike Masnick

The BBC is reporting on the EU's e-privacy directive that's set to go into effect towards the end of May, which will apparently require that sites using cookies get explicit consent from users before using certain forms of cookies. As some have noted, the BBC's version of this is a bit one-sided, and the details aren't quite as bad as the original report makes it out to be -- but that doesn't mean they're good, either. Basically, this new directive will mean various EU countries have to pass laws relating to transparency around cookies, and those laws could push sites to have to ask before placing tracking cookies. It appears this is mostly limited to cookies that also track info off-site -- so mainly advertising cookies, rather than login or shopping cookies (which likely wouldn't be impacted).

Still, even once you understand the details, I have to question why this is necessary. Asking people to opt-in to any cookies just creates a massive nuisance for everyone. While the supporters of such rules believe that this increases knowledge and transparency, there's little evidence that this is the case. Instead, as some earlier studies have suggested, it seems to just increase the nuisance factor. People who are regularly presented with a popup asking them for permission to proceed just get into the habit of clicking to make the box go away, rather than understanding what they're clicking. That's because when they go to visit a site, they don't care about the cookies and don't want to be interrupted.

I'm sure the politicians supporting this move think they're doing something good, but it really does the exact opposite of what they really want. It won't make people care any more about their privacy. It'll just make them more annoyed about the overall process. The way to make people more concerned about their privacy is to educate them and make it their choice in how they deal with these things. There are already plenty of easy-to-use tools on the market for users to set up preferences via browser extensions. Mandating rules for websites is just going to cause a hassle for everyone else.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cookies, transparency

31 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

MeMeMeMe, 9 Mar 2011 @ 7:35pm

But...
I can totally get on board with your thoughts. I think the legislature is driven more towards those users who really have no clue what they're doing, couldn't tell you what a browser extension was, and probably had to ask a child how to get on that world wide webby thing.

So while it would be a major PITA for you or I, at least it gives those w/no clue, some pause for thought.

And perhaps users would be more likely to decline off-site cookies. Do we really need the big ad machine agencies having carte blanche to follow everyone, everywhere, off-site ...just because mom, dad, and the old folks don't grasp what a cookie is?
[ link to this | view in chronology ]
MeMeMeMe, 9 Mar 2011 @ 7:35pm

But...
I can totally get on board with your thoughts. I think the legislature is driven more towards those users who really have no clue what they're doing, couldn't tell you what a browser extension was, and probably had to ask a child how to get on that world wide webby thing.

So while it would be a major PITA for you or I, at least it gives those w/no clue, some pause for thought.

And perhaps users would be more likely to decline off-site cookies. Do we really need the big ad machine agencies having carte blanche to follow everyone, everywhere, off-site ...just because mom, dad, and the old folks don't grasp what a cookie is?
[ link to this | view in chronology ]
- Capitalist Lion Tamer (profile), 10 Mar 2011 @ 2:37am
  
  Re: But...
  This seems to be the same mentality that helped develop Windows Vista: give the user no control over the system by default and ask them to click on an Approval dialog box every time anything happens.
  
  It's an annoyance. I was completely flabbergasted when I first set up the system to find that it recommended that the main user account be set up as, no shit, a "Guest."
  
  "Thank you for purchasing our operating system, you incompetent noob. Enjoy your computer on which you will be unable to install anything, including Flash or Java updates."
  
  I've used Windows 7 and it still seems to be concerned that every user with brick their computer right out of the box. Every plugin install is hounded by dialog boxes asking me if I want to change the registry, etc. What the hell? I though I made it pretty clear I wanted it changed when I clicked on "I Agree" button and the Install as Administrator command and right-clicked to download and etc.
  
  I can hardly wait for this to fly through so that the internet itself runs like an operating system that plays 20 questions with the user every time a minute upgrade is applied.
  [ link to this | view in chronology ]
  - abc gum, 10 Mar 2011 @ 6:17am
    
    Re: Re: But...
    Yeah, it's not funny to shell out big bucks for the "Professional" version and then be hounded like a noob. Maybe they could come out with a version for professionals.
    [ link to this | view in chronology ]
  - Sean T Henry (profile), 10 Mar 2011 @ 7:49am
    
    Re: Re: But...
    You can turn that off by going to run and type "msconfig" go to the last tab and find UAC then turn it off now instillation is like in XP.
    [ link to this | view in chronology ]
    - Capitalist Lion Tamer (profile), 10 Mar 2011 @ 1:12pm
      
      Re: Re: Re: But...
      Yeah, I did that after a few days of dealing with the annoyance. I found a third-party utility that would shut that all off, or rather, leave it in "Protected" mode but suppress the dialog boxes.
      [ link to this | view in chronology ]
  - Windoze, 10 Mar 2011 @ 10:01pm
    
    Re: Re: But...
    "This seems to be the same mentality that helped develop Windows Vista: give the user no control over the system by default and ask them to click on an Approval dialog box every time anything happens."
    
    Oh, you mean like OSX. Yeah its annoying.
    
    "Every plugin install is hounded by dialog boxes asking me if I want to change the registry, etc. What the hell?"
    If you dont know how to turn that feature off, then it is doing exactly what it was designed to do.
    [ link to this | view in chronology ]
Rose M. Welch (profile), 9 Mar 2011 @ 7:50pm

And some dev will just made an addon that automatically accepts the cookies, so this proposal is ultimately useless.
[ link to this | view in chronology ]
Jon B., 9 Mar 2011 @ 8:27pm

Every browser since the beginning of cookies has been able to prompt before storing cookies. Most even have settings for third-party cookies. If browsers aren't shipping with that as the default, that's because it's what users want.

I would personally like to see browsers ship with an option to block third-party resources entirely. Not just blocking cookies and referrers, but blocking images, frames, videos, scripts, etc entirely. Does youtube.com need to know I visited your page even though I didn't click on the video? Does prototypejs.org need to know every time I visit a page that hotlinks prototype.js? If we're going to have options, that's one I'd like to see.

But again, these should all be a decision between a user and his browser, not some website and his government.
[ link to this | view in chronology ]
- abc gum, 10 Mar 2011 @ 6:22am
  
  Re:
  Turn off javascript
  [ link to this | view in chronology ]
- Q�r Tharkasd�ttir (profile), 11 Mar 2011 @ 2:17am
  
  Keeping cookies at bay in OSX
  In OSX, I think that the combined use of Firefox (cookie settings in the prefs + additions NoScript! and Adblock Plus), Little Snitch and MacScan will keep you free from most of the unwanted crap. Occasionally, though, some sites just won't work properly on Firefox, or require cookies to work as expected, which makes the use of Safari necessary. I try to take that as a lesser evil, like keeping my home ad-free but having to suffer some visual pollution when I'm driving around.
  [ link to this | view in chronology ]
Anonymous Coward, 9 Mar 2011 @ 8:33pm

Still trying to spot the Techdirt privacy policy. Anyone?
[ link to this | view in chronology ]
Anonymous Coward, 9 Mar 2011 @ 8:57pm

There are already plenty of easy-to-use tools on the market for users to set up preferences via browser extensions. Mandating rules for websites is just going to cause a hassle for everyone else.

Someone will end up writing a Greasemonkey script to disable the annoying popup that tells them about the cookie they already blocked.
Offhand, I'd say this is yet another case of a government regulating something that it doesn't understand.
[ link to this | view in chronology ]
Tshiung Han See, 9 Mar 2011 @ 9:13pm

How the hell would you enforce this kind of policy? Without a good punitive mechanism, this thing will die on its feet.
[ link to this | view in chronology ]
Anonymous Coward, 9 Mar 2011 @ 9:13pm

I am sure people concerned about privacy would feel otherwise. Not every site collects cookies and Firefox could have an option to remember your cookie preferences for sites that you visit regularly. So I fail to see how it would inconvenience users other than the first visit to the site.
[ link to this | view in chronology ]
ts, 9 Mar 2011 @ 9:36pm

I think internet providers should give customers a test to determine their level of technical competence. People who are deemed to be morons should not be allowed access to the internet. Problem(s) solved.
[ link to this | view in chronology ]
- abc gum, 10 Mar 2011 @ 6:26am
  
  Re:
  "I think internet providers should give customers a test to determine their level of technical competence. People who are deemed to be morons should not be allowed access to the internet. Problem(s) solved."
  
  The idea of poll testing is alive and well - so yeah, why not go full retard.
  
  http://www.denverpost.com/politics/ci_14345675
  [ link to this | view in chronology ]
- Q�r Tharkasd�ttir (profile), 11 Mar 2011 @ 1:59am
  
  Re: Morons
  "I think internet providers should give customers a test to determine their level of technical competence. People who are deemed to be morons should not be allowed access to the internet. Problem(s) solved."
  Sounds to me like getting rid of the nobility by chopping their heads off. Do you realize how many IPs - yes, providers�- are morons themselves, either as single individuals or as organisations? If you're an IP yourself, pardon me, and if you think that wisdom is a feature of IPs, well, think again.
  [ link to this | view in chronology ]
SD (profile), 9 Mar 2011 @ 9:58pm

It's really on the browser developers...
"There are already plenty of easy-to-use tools on the market for users to set up preferences via browser extensions."

Most users aren't aware those extensions exist or the privacy risks associated with third party cookies at all. And some people who became aware yesterday or last week are asking their governments to regulate it. Where were they 16 years ago? LOL.

I guess nobody could have predicted the abuse of cookies would get to the point is at today, where a few big companies now have as much spying power as big brother and can track the exact sequence of pages a user visits no matter what site they go on. They're basically trading services like "free analytics" and "free comments" to website owners for their visitor's information and they take it hook, line, and sinker.

Regulation won't fix the problem because a lot of the lawmakers are promoting some very bad plans like popups for everything and those laws would only have reach within their own country anyway. I think a good cookie whitelisting and third party cookie blocking system needs to be added to the browser cores. Extensions break between versions but a core addition wouldn't, and it would bring more awareness since it's a "new" feature. Users liked it when popup blocking was finally added into browser cores, and better cookie control would be along those same lines.
[ link to this | view in chronology ]
Anonymous Coward, 9 Mar 2011 @ 10:07pm

There was a very good study in the field of cryptography (I'm not going going to look for it now) that actually showed that more security popups actually make security worse for the users because users get so used to automatically clicking unimportant popups that they begin to automatically click the important ones just as well. The best way to improve security is to reduce the amount of popups that users must click to only the important ones so that users know that a popup is something to pay attention to.
[ link to this | view in chronology ]
- Anonymous Coward, 9 Mar 2011 @ 10:12pm
  
  Re:
  (if you're really interested in the study, I'll see if I can find it, but not now).
  [ link to this | view in chronology ]
Stephen John Anderson, 9 Mar 2011 @ 10:56pm

This is a lot easier to implement than you're making out.
On the user's first visit to the site, they can be asked if they consent to being tracked. This then can be used to set a "track" cookie for that site which stores their preference. Because that cookie is essential to the functioning of the site, it's exempt from the EU directive. That's it. Once only. The only remaining inconvenience is to the companies trying to track you.

Personally, I don't have problem with tracking of the sites I visit - whenever I browse, I do so under the working assumption that that information may one day become public knowledge - but I am sick and tired of the adverts that "stalk" you through the web, trying to prompt you to buy things that you had only glanced at on other sites. Especially if I've already bought it cheaper somewhere else. So, whilst I may have to do extra work to deal with this in my professional life, I don't immediately have a problem with this.
[ link to this | view in chronology ]
D Rounding, 9 Mar 2011 @ 11:58pm

Analytics Data
Whilst I agree with the underlying issues of privacy it is obvious that those making the decisions have little to no idea of the impact blocking of cookies may have.

For example collecting analytics data is vitally important to websites and without it sites would not only generate less ROI but would also as a result not best suit the visitor expectations.

The data collected is only specific to a person by IP, no personal data such as names and addresses are recorded. Whilst the BBC doesn't say otherwise I do feel that the reporting is bordering on sensationalism (again) rather than educating the populous as to what cookies really do and why they are needed.

It should be the visitors choice as to whether they decide to browse with cookies enabled in their browser or not - it is not practical to accept or decline on a site by site basis. No one wants pop ups on every site they visit.

On the subject of tailored adverts based on browsing history - again I don't see the issue with this. Visitors would prefer to see adverts that are of their personal interest rather than about unrelated topics.

Users also understand that in many cases adverts pay for the site upkeep that they visit. Making them less efficient and decreasing the sales return will either reduce website quality or drive more content to be subscription based.

I can't see that many website owners are going to listen to this regardless of how it may be introduced into law. How can it ever be policed anyway?
[ link to this | view in chronology ]
Q�r Tharkasd�ttir (profile), 10 Mar 2011 @ 1:55am

Law passed in Denmark
Denmark, as usual the good girl in the class, has already passed the law. It will apply to all Danish websites as well as any site that addresses a Danish audience (based on, for example, language availability). It was voted by a parliament that, as is customary, doesn't have a clue about how the Internet works, and is due to come into effect with so short notice that the whole branch is freaking out. In typical Danish manner, though, the authorities have responded to criticism by granting that sanctions would not be applied before allowing a certain (undefined) period for sites to adjust to the new rules.
[ link to this | view in chronology ]
Anonymous Coward, 10 Mar 2011 @ 5:02am

"Should Governments Mandate Cookie Transparency?"

Hell no! Transparent cookies are hard to eat: I can never find them! Just like camouflaged steak or the invisible cake (it's not a lie, it's out there somewhere...taunting me).
[ link to this | view in chronology ]
- abc gum, 10 Mar 2011 @ 6:30am
  
  Re:
  Is that camosteak aged beef?
  [ link to this | view in chronology ]
Anon, 10 Mar 2011 @ 5:14am

...
Maybe they should make it EASIER to deactivate cookies, not make it HARDER to activate them...
Come on EU! Stop thinking about things backwards!
[ link to this | view in chronology ]
Atkray (profile), 10 Mar 2011 @ 9:54am

New opportunity
I see this as an ideal opportunity for ________________(insert country name here) hackers to make new apps (not apples) to hijack computers and because people will be so conditioned they will click right on in.
[ link to this | view in chronology ]
Anonymous Coward, 10 Mar 2011 @ 1:54pm

Meh, this is much worse than cookies, and the collective marketplace shrugs at it.
[ link to this | view in chronology ]
Gene Cavanaugh, 10 Mar 2011 @ 3:08pm

Cookies and stuff
What I find disheartening is the tendency to pretend to be in the "in crowd" and make fun of the ones in the "out crowd".
True, not everyone choses to be knowledgeable in computers. Is that a reason to dis them? Suppose I used my (definitely superior) knowledge of mathematics, physics, or law to call the computer people hacks? Feel good?
Personally, to me, advanced knowledge in any field is a TOOL that one uses; it does NOT make you "better", it simply makes you better qualified in areas requiring that tool. It certainly does not justify belittling others (in fact, I have found that people who do are generally inferior).
[ link to this | view in chronology ]
Cookies!!!!!!, 10 Mar 2011 @ 9:55pm

I dunno, I think transparent cookies would be good. No more biting into a cookie just to discover some crappy jelly and stuff hidden inside.
[ link to this | view in chronology ]