Hacker News new | ask | show | jobs
by benjash 5496 days ago
Currently I have the freedom as a user to opt out of all cookies. But when & if this law even comes into play I wont be able to opt out of the endless pop-ups asking me to enable cookies.

I'm all for protecting user privacy, yet its not a problem. Most users understand how to use 'private browsing'. Yet a lot will be puzzled why a website wants cookies?

This will massively cripple the EU online industries. I'm shocked at the lackluster response from the industry it self.

Additionally the law is both overly specific and vague. It seems to pick out certain technical functions yet state a vague and broad solution.

Plus the laws fails to stop any really bad forms of tracking.
2 comments
mgkimsal 5496 days ago
You certainly have the freedom as a user. However, imo, what's been missing since day 1 is any sort of moderately understandable UI for controlling this. Most people understand the basics of bookmarking. If we had some browser UI with 3 or 4 lights (red/green/yellow, etc) that we could click to allow some or all cookies on a per site basis, people would have a sense of control over all this stuff (just like they do bookmarking).

The problem comes in when 'cookies' are intermingled with the word 'privacy', and control over that is typically buried multiple levels away in swathes of technomumbo.

http://gyazo.com/77a1c905b6477b10f6ee71e760075db3.png

^^^^

That's listed in 'under the hood', which non techies would probably shy away from. Even if I go there, I have to 'manage exceptions' and decide whether to 'block third party cookies from bet set' (while at the same time having to ignore exceptions if I want to block third party cookies).

I know this stuff inside and out and it's confusing to me. I understand the geek need for 'low-level controls to tweak everything how I want it!' but for goodness' sake - if we have a few up-front always visible controls in a user-friendly manner, the EU ministers could block cookies all day long, understand how to do it, and understand anyone else could do it too. It would not have the appearance of the black magic it does now.

link
waqf 5496 days ago
Well, your example's from Chrome which has the worst options management ever. Quick, is cookie management part of "Basics", "Personal Stuff" or "Under the Hood"? Or maybe it's not in any of those at all, but in the spanner [wrench] icon dropdown? Is there any setting you might want to change for which it's clear which of those categories is most appropriate?
link
mgkimsal 5496 days ago
I don't think FF is much better.

IIRC every new point version I'd get seemed to have moved things like cache info and cookie settings to different tabs, and renamed how things were labelled.

In FF5, "tell sites I don't want to be tracked" is a single checkbox under "privacy", but "advanced->network" has "tell me when a site wants to store offline data". Huh? I understand the tech differences, but it's just confusing, and again, hidden. Two or three minor additions to the nav bar allowing you to block or allow cookies would go a long way towards making users feel in control of this type of data.

link
Isofarro 5496 days ago
Your choice to opt-out of cookies has the side-effect of sites breaking because they assume cookies are accepted. So you're pretty used to broken / non-working sites.

In that case, I don't see in your case why having a constant pop-up message on every page of a working site is worse than a mostly broken website.

Do broken websites still work well enough for you?

This won't massively cripply EU online industries. Cookies used by the core service are unaffected, so EU companies can offer the same service as normal.

The restrictions really affect cookie based traffic reports (so use weblogs or image beacons instead), A/B testing preferences, accepting money from advertisers to track visitors through your site.

This hardly cripples EU online industries, it might have a positive side-effect of site visitors being more amenable to paying for online services which are currently ad-supported, so as to opt-out of cross-site analytics and advertiser profiling cookies.

The consumer having the choice about their privacy is an issue that's only going to get more important over the next couple of years. If your business depends on building profiles of users without their consent, yes, those businesses need to adopt non-cookie methods of doing this, and/or consider being more upfront to the visitors, and explain clearly why these features are of benefit to the visitor.

link
jodrellblank 5496 days ago
The restrictions really affect cookie based traffic reports (so use weblogs or image beacons instead), A/B testing preferences, accepting money from advertisers to track visitors through your site.

The article says that anything which you could use instead to get basically the same end result a cookie, but which technically isn't one, is still covered by this legislation. If so, you would need to get consent for non-essential image-beacons as well, or weblogs(?) or whatever else you chose.

link
jamiequint 5496 days ago
The definition of "cookies used by the core service" here is so far off its insane. Analytics packages like Google Analytics are not part of my "core service"?

It increases the burden on site owners collecting data about thing that are happening on their own site. Less data leads to less ability to make optimization decisions leads to a worse online experience for everyone who uses that site. If I can't A/B test my site how the hell am I supposed to improve it?

Additionally, for ad supported sites, don't be shocked to see revenue drop like a rock when sites can't fill any inventory with retargeted ads or other forms of more targeted advertising that pay a higher CPM. Less money = less resources = worse experiences.

link
Isofarro 5496 days ago
> The definition of "cookies used by the core service" here is so far off its insane. Analytics packages like Google Analytics are not part of my "core service"?

If Google Analytics is a core service your site offers to visitors, then I suggest you have bigger problems that just this tiny change to UK Law.

On the other hand, if what you say is indeed true, surely you can come up with a compelling explanation to your visitors over why it is in the visitor's best interests to opt into to having a Google Analytics cookie added.

>It increases the burden on site owners collecting data about thing that are happening on their own site

That's only if you decide not to give the user a choice of whether to opt in to tracking or profile-building cookies. I don't think you should write that option off so quickly

Sites should always take the privacy issues of their visitors seriously. Now is a good time to sit down and consider it. No longer can you turn a blind eye and let third parties use your site to build profiles about visitors. Now you have to get their informed consent first.

> If I can't A/B test my site how the hell am I supposed to improve it?

You can A/B test your site. If you want to use a method that requires cookies, then get the visitor's consent first.

> Additionally, for ad supported sites, don't be shocked to see revenue drop like a rock when sites can't fill any inventory with retargeted ads or other forms of more targeted advertising that pay a higher CPM. Less money = less resources = worse experiences.

This is not surprising. The value of ads is based on the profiles they build up about each visitor to your site. You've been making money by quietly leaking their browsing history to these third party ad-networks. Now you are being asked to be more responsible.

link
jamiequint 5496 days ago
> If Google Analytics is a core service your site offers to visitors, then I suggest you have bigger problems that just this tiny change to UK Law.

Why does caring about storing accurate data about what users are doing on my site so I can improve it mean I have "bigger problems"?

> You can A/B test your site. If you want to use a method that requires cookies, then get the visitor's consent first.

I could also ride a horse instead of driving a car...

link
Isofarro 5496 days ago
You do have quite a unique definition of "the core service of the site".

All I can suggest at this point is that you need legal counsel to confirm your definition is compatible with the definition within this particular legislation. If that is indeed compatible, then I guess you probably have a good argument indeed for the need of the Google Analytic cookie, and that it is required for the service you offer visitors.

> I could also ride a horse instead of driving a car...

I'm sorry you feel this way about the right of your site visitors' privacy. It's a great shame you don't seem willing to respect that.

link
jamiequint 5496 days ago
> you need legal counsel to confirm your definition is compatible with the definition within this particular legislation

Why bother, I would rather sacrifice operating in the entire UK than degrade the experience across the entire userbase. I would not be surprised if many other people made the same decision.

> I'm sorry you feel this way about the right of your site visitors' privacy. It's a great shame you don't seem willing to respect that.

Your condescending tone is noted and unappreciated. I would like to clarify that I am specifically speaking about tracking usage of the site for purposes of conversion optimization and usability improvements. I strongly disagree with your assumption of a reasonable right to privacy when you are using my website. If you choose to use my site what gives you the right to preclude me from tracking what you are doing on my website.

link