Hacker News new | ask | show | jobs
by mryan 4882 days ago
How about "session cookies for ecommerce and other transactional style web interaction, that track users across multiple sites without their knowledge or consent"? Are these good or bad?

We can decide on a case by case basis whether any particular use of cookies is good or bad, but coming up with a generic rule to do so is fraught with difficulties.
1 comments
Nursie 4882 days ago
Well those would be bad, as they've clearly strayed well beyond necessary use of cookies as a mechanic of the website operating and into tracking people without their knowledge or consent.

What about "Tracking people without their knowledge or consent" being A Bad Thing is hard to understand?

The original poster said " in certain cases, implied consent would be appropriate and this is judged on the basis of the type of cookies that a site is looking to set". Your example clearly goes beyond.

link
delinka 4882 days ago
"...necessary use of cookies as a mechanic of the website [operation]..."

My shopping cart cookie that tracks you across multiple websites is necessary because it keeps my prices lower than my competition giving me the competitive advantage and my customers a better price on the things they want.

Your turn.

link
Nursie 4882 days ago
Nope, you're still tracking someone without their consent, your reason is nothing to do with the technical operation of your website.

Keep trying though, this is entertaining.

link
im3w1l 4882 days ago
By tracking the user across many websites we can give personal recommendations of new products the user might like based on their surfing habits. For instance depression is correlated with erratic surfing behaviour. By making use of these types of relationships we can offer our customers what they need when they need it.

Another good feature is what we call multisite one-click shopping. Having to enter address, credit number, cvc etc on lots of websites is daunting for the customer and can hurt conversions.

/s

link
Nursie 4882 days ago
Cool, all sounds useful, so you have no issue asking for the user's permission to do this?

Because it's still not technically necessary for the functioning of whatever it is that the user is trying to do on your particular site.

These are all fine business reasons but (AFAICT) the entire intent of the law is that business reasons are not good enough to track people without their explicit knowledge and permission that that is what you're doing.

(yes of course they fouled up on the coding and execution of the law, bureaucrats were involved)

link
delinka 4882 days ago
Yet again, semantics matter.

You didn't originally say "technically necessary," but my argument is not with you. It's with half-baked legislation. Does the legislation make the distinction? You use the phrase "technically necessary for the functioning of..." and the business guys in the company will continue to argue that yes, this is technically necessary for the functioning of their company/website/business etc.

Ask the engineers whether these things are "technically necessary" to facilitate the business plan, because the business plan is the entire reason the company exists. The answer is yes. I'd suspect the workaround is that you just don't do business with people who don't want to be tracked.

Are we going to start legislating every detail of business?

link