Do cookies cut it? Readers have their say

CW360.com readers have more views on cookies than a convention of master bakers. Lawyer Peter Hall got the juices flowing with...

CW360.com readers have more views on cookies than a convention of master bakers. Lawyer Peter Hall got the juices flowing with his piece on the EU's move to curtail cookie use and give greater powers to Web users, as you can see from this review of our mailbag.

Read Peter Hall's column on EU cookie plans>>

Peter Hall's column took the view that EU moves to restrain companies' cookie use was misconceived, and many of those who responded to his article agreed. But just as many were only too happy to back the EU "spam-busters".

Many felt that companies' ability to track an individual's computer use was an infringement of privacy, against which current arrangements do no offer adequate protection.

"It is absolutely right to ban the use of cookies not approved by the person on whom data is being collected," says sales engineer Milton Hey.

"The current method of approving individual cookies when a browser is set to 'prompt' is cumbersome and intrusive. The alternative - to set the browser to 'no cookies' - then restricts the operation of sites that use cookies for above-board purposes and the person browsing often does not know why a site does not work.

"The latest version of a popular browser has an improved system for the rejection of unwanted cookies which allows the user to reject cookies from all but selected Web sites."

Fears have been overdone
Technical consultant Ian Buxton believes, however that the fear of the cookie is overdone. "Cookies have long been wrongly touted as evil demons," he writes. "People also misunderstand the stateless nature of HTTP and assume that 'the Web site can tell' that they are
"I can see no reason to use cookies other than to snoop on people either for collecting stats or for some illegitimate use. In today's world I am surprised that cookies are still used let alone discussed by the EU!"
Ray Pagden
the same person who clicked a button 20 seconds ago, when this is not the case without some mechanism for maintaining state, such as cookies.

"Sessions can be implemented using obscure querystring data but this can arguably be less secure - the querystring is there to see for anyone who cares to look, and may be passed as the 'referrer' to subsequent sites (so they will have an instant way in to a session) whereas a cookie can be sent to the browser once and then only sent back to the site
"Ten-second sound-bites on radio have branded cookies demonic hell-spawn with the ability to spy on you, reveal highly personal details, insert sharp objects into your VCR, sleep with your wife, etc. with little coverage being given to the benefits they afford the user and business"
Matt Tordoff
it came from.

"Perhaps there should be some distinction between 'persistent cookies' (stored on a user's hard disk) and 'session cookies' (just stored in memory until the user closes the browser."

A tool of the snoopers
But Ray Pagden sees no justification for using cookies at all, saying Peter Hall's argument that Web site owners need cookies is itself half-baked. "Companies would have records of your past orders on their systems. If you deleted all of your cookies and then logged in to their Web site again I am sure they would still have this information," he points out.

"In fact I can see no reason to use cookies other than to snoop on people either for collecting stats or for some illegitimate use.

"In today's world I am surprised that cookies are still used let alone discussed by the EU!"

Are they really a health risk?
IT consultant Spiro Stathakis believes that for technical reasons the alternatives to cookies would be even less secure, and reckons the simplest solution is via the browser.

"If the European Parliament really thinks that cookies cause cancer, they should instruct the few browser manufacturers to set the default of cookies to 'prompt'," he says. "With a message indicating 'The European Internet Health Minister advises that cookies can damage your rights and freedoms as an individual - Are you sure you want to activate cookies?'

"This would more or less have the same effect but requires two or three companies to add two or three lines of code to their browser instead of millions of Europeans having to rewrite their Web sites. It would also have the added advantage of only requiring the user to give permission once instead of on every site that they visit.

"If the EU really wants to make the Internet a better place, there are loads of other things they can do like fight spam. But this law would send Europe into the dark ages as far as Web development is concerned. People would move their servers to the US or find legal ways to circumvent it. This would have a negative impact on jobs and revenues of business within Europe."

Senior analyst Andy Keohane takes the view that the Eurocrats are merely keeping themselves occupied between banking their salary cheques. "Once again the bureaucrats with little better to do are trying to fix a (small) problem with damaging legislation," he argues. "The role of politicians should be to identify potential problems and coordinate expert opinion to arrive at a sensible solution.

"Unfortunately they usually get a bee in their bonnet about some issue or other (reference IR35) and implement policies against all expert opinion. Since their jobs depend on implementing more and more legislation, I guess they won't be happy until we're all unable to do anything useful."

Cookies are innocent OK
Internet development manager Matt Tordoff has problems with the EU line because he believes it will reduce the convenience of the Web to consumers and because he sees it as more demonisation of the hapless cookie.

"This legislation fails to take into account legitimate concerns of business and users. I say users because it's easy to point and rant about how businesses are using this data for commercial gain but what about the user?" he asks.

"The majority of users will only have a somewhat vague idea of what a cookie is, most certainly won't have a clue about the benefits in convenience and speed of use cookies can provide them, yet they will use them without realising this.

"If cookies are removed from Web sites it is difficult to see any gains for the users. Their perception will be that the Web sites they have previously used are no longer as user-friendly.

"The EU move also increases the hysteria surrounding Internet security and privacy. Over the past month I've heard all sorts of nonsense about cookies, mainly in the non-technical media. Ten-second sound-bites on radio have branded cookies demonic hell-spawn with the ability to spy on you, reveal highly personal details, insert sharp objects into your VCR, sleep with your wife, etc. with little coverage being given to the benefits they afford the user and business."

"Finally, yes I agree something does need to be done about some online advertising businesses abusing the technology, and indeed some of the latest browsers to give you the option of disabling third party cookies.

Information is the key
"But the answer lies in keeping the user informed, I don't have an issue with telling users what we use cookies for, what information we store, how we use it, etc. Surely as long as Web sites are open and honest about it this shouldn't be a problem, should it?

However, those who are less than confident that Web site owners can be trusted will probably agree with the reader who succinctly summed up his feelings as follows:

"I have more faith in the Eurocrats than the money-grubbers. It's my damn computer. I say who can use my property."

Read Peter Hall's column on EU cookie plans>>

Thank you to all who responded - our apologies if your views were not quoted directly. All reader feedback on CW360.com is published only with the specific authorisation of the correspondent.

Read more on E-commerce technology

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close