CW360.com readers have more views on cookies than a convention of
master bakers. Lawyer Peter Hall got the juices flowing with his
piece on the EU's move to curtail cookie use and give greater
powers to Web users, as you can see from this review of our
mailbag.
Read Peter Hall's column on EU cookie
plans>>
Peter Hall's column took the view that EU moves to restrain
companies' cookie use was misconceived, and many of those who
responded to his article agreed. But just as many were only too
happy to back the EU "spam-busters".
Many felt that companies' ability to track an individual's computer
use was an infringement of privacy, against which current
arrangements do no offer adequate protection.
"It is absolutely right to ban the use of cookies not approved by
the person on whom data is being collected," says sales engineer
Milton Hey.
"The current method of approving individual cookies when a browser
is set to 'prompt' is cumbersome and intrusive. The alternative -
to set the browser to 'no cookies' - then restricts the operation
of sites that use cookies for above-board purposes and the person
browsing often does not know why a site does not work.
"The latest version of a popular browser has an improved system for
the rejection of unwanted cookies which allows the user to reject
cookies from all but selected Web sites."
Fears have been overdone
Technical consultant
Ian Buxton believes, however that the fear of the cookie is
overdone. "Cookies have long been wrongly touted as evil demons,"
he writes. "People also misunderstand the stateless nature of HTTP
and assume that 'the Web site can tell' that they are
 | | "I can see no reason to use
cookies other than to snoop on people either for collecting stats
or for some illegitimate use. In today's world I am surprised that
cookies are still used let alone discussed by the EU!" | | | | | |
| | Ray Pagden | | |
|
|
the same person who clicked a button 20 seconds ago, when this is
not the case without some mechanism for maintaining state, such as
cookies.
"Sessions can be implemented using obscure querystring data but
this can arguably be less secure - the querystring is there to see
for anyone who cares to look, and may be passed as the 'referrer'
to subsequent sites (so they will have an instant way in to a
session) whereas a cookie can be sent to the browser once and then
only sent back to the site
| | "Ten-second sound-bites on radio
have branded cookies demonic hell-spawn with the ability to spy on
you, reveal highly personal details, insert sharp objects into your
VCR, sleep with your wife, etc. with little coverage being given to
the benefits they afford the user and business" | | | | | |
|  | Matt Tordoff | | |
|
|
it came from.
"Perhaps there should be some distinction between 'persistent
cookies' (stored on a user's hard disk) and 'session cookies' (just
stored in memory until the user closes the browser."
A tool of the snoopers
But Ray Pagden sees no
justification for using cookies at all, saying Peter Hall's
argument that Web site owners need cookies is itself half-baked.
"Companies would have records of your past orders on their systems.
If you deleted all of your cookies and then logged in to their Web
site again I am sure they would still have this information," he
points out.
"In fact I can see no reason to use cookies other than to snoop on
people either for collecting stats or for some illegitimate use.
"In today's world I am surprised that cookies are still used let
alone discussed by the EU!"
Are they really a health risk?
IT consultant Spiro Stathakis believes that for technical reasons
the alternatives to cookies would be even less secure, and reckons
the simplest solution is via the browser.
"If the European Parliament really thinks that cookies cause
cancer, they should instruct the few browser manufacturers to set
the default of cookies to 'prompt'," he says. "With a message
indicating 'The European Internet Health Minister advises that
cookies can damage your rights and freedoms as an individual - Are
you sure you want to activate cookies?'
"This would more or less have the same effect but requires two or
three companies to add two or three lines of code to their browser
instead of millions of Europeans having to rewrite their Web sites.
It would also have the added advantage of only requiring the user
to give permission once instead of on every site that they visit.
"If the EU really wants to make the Internet a better place, there
are loads of other things they can do like fight spam. But this law
would send Europe into the dark ages as far as Web development is
concerned. People would move their servers to the US or find legal
ways to circumvent it. This would have a negative impact on jobs
and revenues of business within Europe."
Senior analyst Andy Keohane takes the view that the Eurocrats are
merely keeping themselves occupied between banking their salary
cheques. "Once again the bureaucrats with little better to do are
trying to fix a (small) problem with damaging legislation," he
argues. "The role of politicians should be to identify potential
problems and coordinate expert opinion to arrive at a sensible
solution.
"Unfortunately they usually get a bee in their bonnet about some
issue or other (reference IR35) and implement policies against all
expert opinion. Since their jobs depend on implementing more and
more legislation, I guess they won't be happy until we're all
unable to do anything useful."
Cookies are innocent OK
Internet development
manager Matt Tordoff has problems with the EU line because he
believes it will reduce the convenience of the Web to consumers and
because he sees it as more demonisation of the hapless
cookie.
"This legislation fails to take into account legitimate concerns of
business and users. I say users because it's easy to point and rant
about how businesses are using this data for commercial gain but
what about the user?" he asks.
"The majority of users will only have a somewhat vague idea of what
a cookie is, most certainly won't have a clue about the benefits in
convenience and speed of use cookies can provide them, yet they
will use them without realising this.
"If cookies are removed from Web sites it is difficult to see any
gains for the users. Their perception will be that the Web sites
they have previously used are no longer as user-friendly.
"The EU move also increases the hysteria surrounding Internet
security and privacy. Over the past month I've heard all sorts of
nonsense about cookies, mainly in the non-technical media.
Ten-second sound-bites on radio have branded cookies demonic
hell-spawn with the ability to spy on you, reveal highly personal
details, insert sharp objects into your VCR, sleep with your wife,
etc. with little coverage being given to the benefits they afford
the user and business."
"Finally, yes I agree something does need to be done about some
online advertising businesses abusing the technology, and indeed
some of the latest browsers to give you the option of disabling
third party cookies.
Information is the key
"But the answer lies in keeping the user informed, I don't have an
issue with telling users what we use cookies for, what information
we store, how we use it, etc. Surely as long as Web sites are open
and honest about it this shouldn't be a problem, should it?
However, those who are less than confident that Web site owners can
be trusted will probably agree with the reader who succinctly
summed up his feelings as follows:
"I have more faith in the Eurocrats than the money-grubbers. It's
my damn computer. I say who can use my property."
Read Peter Hall's column on EU cookie
plans>>Thank you to all who responded - our apologies if your views
were not quoted directly. All reader feedback on CW360.com is
published only with the specific authorisation of the
correspondent.