The so-called “Cookie Law” came into effect on 26/05/2012.

EU stars inside a cookieSo, what are cookies? They are small text files placed on your computer by the website you are viewing. They are used by the owners of that website for various purposes:

  • Analysing their web visitors and what they do on the site.
  • Managing on-line shops (eg, remembering what’s in a visitor’s “shopping basket”).
  • Personalising the way the visitor sees the website (remembering preferences).
  • Tracking the online behaviour of the visitor to target advertising.

And what is the new law about?

It says that a website must seek “informed consent” before placing cookies on a visitor’s computer. This implies that the site must explain what cookies it sets and what their uses are (to ensure that the consent is “informed”), and that the user must agree to the cookies being placed (the “consent” part).

How will websites comply?

Aah, now it gets difficult. It’s been estimated that only about 5% of sites that need to comply have done anything about it. This is probably because no-one wants to use the most obvious solution. This is the introduction of a popup window explaining about consent and requiring the user to click on a button, thereby granting consent to place cookies. It would seem that everyone is watching everyone else to see who comes up with a better way of dealing with this.

And why is it stupid?

It will alienate web visitors rather than help them. They have to click to confirm acceptance of cookies EVERY TIME they visit a site. This, of course, could be repeated dozens of times a day as the visitor goes to different sites.

It’s about as blunt a tool as you can imagine. You won’t get to choose which type of cookies you accept or what the website can do with your cookies or anything like that. It’s simply a question of the website saying (in effect) “if you want to use this website you’ll have to agree to accept ALL the cookies I place on your computer”.

No-one’s going to take the slightest bit of notice of the information that websites will have to provide to ensure that consent is “informed”. Do you EVER read the “terms and conditions” that you have to agree to before you can install/update software? Of course not. It won’t be any different with information about cookies.

There are better ways of dealing with the privacy issues connected with cookies. Settings in the browser (Internet Explorer, Firefox etc) are better placed to deal with cookies in a way that suits the individual user (eg, by deleting all cookies when the browser is closed, denying acceptance of “third party” cookies, etc).

A cartoon of an ass (donkey)Even the authorities appear to think it’s stupid

The government has said that their own websites do not conform.

The ICO (Information Commissioners Office) is responsible for enforcing the new law, but even they appear to be saying “don’t blame us, it’s not our fault” when they say “The Information Commissioner is responsible for enforcing the law, and can’t change the legislation which was passed by the EU, and later implemented by the Department for Culture, Media and Sport (DCMS).” (source).

There is evidence that the government is already trying to wriggle out of having to enforce this law by suggesting that all that websites need to do is rely on the idea of “implied consent” – ie, all the website owners have to do is – nothing. The ICO site says “Implied consent is a valid form of consent and can be used in the context of compliance with the revised rules on cookies.” The ICO guidance booklet states that “implied consent” can be inferred from the mere act of visiting a website and moving from page to page! Honestly. I kid you not. Page 7 says “For implied consent to work there has to be some action taken by the consenting individual from which their consent can be inferred. This might for example be visiting a website, moving from one page to another or clicking on a particular button. The key point, however, is that when taking this action the individual has to have a reasonable understanding that by doing so they are agreeing to cookies being set. “ Duh!

See this Guardian article for further information on implied consent.

Conclusion: Like almost everyone else, I am not rushing into ruining my website by forcing visitors to respond to popup messages. I am recommending to my own computer clients that they don’t spend time and money making their own websites compliant at the moment as the ICO have made it clear that they are not going to be fining anyone in the forseeable future.

If you get annoyed by such popups on other sites, please have some sympathy for the site owner: they’re just trying to conform to a stupid law introduced by the same government that brought us Pastygate!

And just in case you’re inclined to defend this law by saying it’s only the UK enactment of an EU Directive, then I suggest reading the Guardian article referred to above: it appears that the rest of Europe is not taking this Directive seriously.

Here’s an online petition calling for the scrapping of the cookie law.

Large eye through a magnifying glassWe may be fighting a losing battle with online privacy. As mentioned in last week’s blog on Internet Privacy, companies like Google, Facebook, and Amazon hoover up every crumb of information they can glean about us and use it to target us with ads and content that they think will appeal to us. As far as I know there’s isn’t any perfect strategy for maintaining online privacy, but there are lots of small things we can do that will certainly help.

I’m not concerned here with security on the internet as it relates to the safety of children, or trying to hide our identity so that we may be completely untraceable. I’m just trying to keep down the amount of un-necessary information we give to the likes of Google. These tips are equally valid in a home computer or business computer environment.

So, here are some tips. They’re not listed in any particular order. Some are easier to put into practice than others:

  • Create another email account that you never intend to use for “real” email. Don’t include your own real name in the account name and don’t give real data when completing the compulsory items of information in the account profile. Quote this email address on any websites that demand you supply one and where you don’t expect a normal, ongoing, email exchange (since you don’t want to have to keep checking this account for incoming emails). Having an “anonymous” account like this also helps in keeping spam out of your main email account.
  • If a website demands that you give personal information that is not connected with a financial transaction nor has other legal implications, then LIE. I will NOT give my real address or date of birth online when there is no legitimate NEED for it (and there are few legitimate needs except the protection of the other party in financial transactions). If I am entering a compulsory date of birth on a website where this is “relevant” (but not essential for financial reasons) then I enter a date that is close to my own (so that it makes no difference for the legitimate purposes of the website) but from which I can not be traced.
  • When filling in online forms, exercise judgement in completing any item that is not marked as compulsory (usually indicated by an asterisk or written in red). If they don’t require you to give a date of birth then why would you? If an item is compulsory but impertinent then LIE.
  • Don’t click on any “like” buttons in Facebook or anything similar (eg in Google).
  • Don’t take part in online quizzes or polls.
  • Preferably, don’t use Facebook at all. If you are a Facebook user and have any concerns at all about the privacy of your data, read this article about Facebook’s attitude to privacy.
  • Magnifying glass over computer keyboard

  • If you’re still keen to use Facebook, go through all the settings and mark everything private except what you explicitly wish to share.
  • If you use LinkedIn, do not click on ads without first changing your privacy settings to exclude monitoring your activity re ads.
  • Do not use Gmail or any of its branded versions (I think Virgin’s webmail is one of those). Google reads your emails and bombards you with “appropriate” Google ads (sponsored links). See last week’s blog on Internet Privacy.
  • If you must use Gmail, at least ensure that you sign out when you are not actually using the email as Google records everything you do in your browser if you are logged in as a Gmail user. They then use this info to target you with Google ads. I also sign out of other sites, such as Microsoft Live, as soon as I’ve finished with them.
  • Disable or remove browser add-ons that place “toolbars” and/or “search boxes” at the top of your browser. These often have tracking software in them. Incidentally, your browser performance will also be improved by doing this and your browser screen will be less cluttered.
  • Be very careful about “linking” any social networking site to any other (by giving any of them permission to access others). You might add data to one program, believing it to be private, forgetting that you have linked it to another program that sucks in what you thought was private data and spits it out somewhere more public.
  • Set your browser so that all cookies are deleted as soon as you close the browser (but this has implications – read on).
  • Set your browser to delete your browsing history as soon as you close your browser.
  • Set your browser to disallow third party cookies.
  • Turn off Amazon browsing history.
  • If you use Firefox or Chrome as your browser then you can install AdBlock Plus. This will stop most ads from appearing while you are browsing.
  • If you use Firefox, another excellent add-on is Better Privacy. This deletes the “flash cookies” that are placed on your hard drive by Flash Player. Flash cookies (also known as LSOs – Locally Stored Objects) are not removed or blocked along with other cookies.
  • Do not be misled into thinking that “private browsing” will give you any protection. It does suppress evidence on your own computer but it does not prevent sites you visit from recording your activity. Nevertheless, it may help to turn it on.
  • More technical ways of throwing websites off your scent include using proxy servers and using a dynamic IP address.
  • If you want to make an online purchase from a website that you don’t completely trust, you can use a prepaid Mastercard. This will limit your financial exposure to the value on the card and will also keep all your personal information from the website.

As if all this wasn’t already a nightmare worthy of a Kafka novel, some of these measures nullify others. You can turn off Amazon’s “browsing history” and, similarly, stop ask.com from retaining your history but the instructions to turn these off are held in cookies so if you delete cookies (as recommended above) you’re back to square one with these two sites. Doh!

Some of the tips above are easy to carry out and others less so. I haven’t attempted to give specific instructions (eg for different versions of different browsers) as it would just take too long.

If you’d like some help in tightening up your online privacy, contact me to arrange either a computer support visit or some online remote support.

Remote Support may be suitable for this topic

© 2011-2014 David Leonard
Computer Support in London
Privacy Policy Suffusion theme by Sayontan Sinha