EU law banning cookies...

[Tony Reid]

I was going by the cookie notice they use... it has no opt in tick boxes etc..

See attached...

[Arantor]

Thing is, the cookies still get set, and that to me does not indicate implying consent. It's more a case of 'we're doing this, leave if you don't like it', and if you're browsing with NoScript enabled you won't even see it - but still get the cookies AIUI.

[feline]

Well .. we can do a long discussion, if the session cookie  'strictly necessary'.
For me (and I think Arantor) it's clear, that this is NOT 'strictly necessary' .. the forum works without these cookie.
The one and only point they never works .. you don't see Guests they not have accepted the ECL in the Who list.
OK .. for a secure implementation of ECL it's need a lot of changes on the SMF sources, many to avoid undefined index errors and so one, but the basic function works perfectly. What WE have do and how it's work, you can see on our site.
A more detailed information you can find on the topic http://portamx.com/3155/eu-cookie-law-deadline-may-26th-2012/

[Arantor]

That's exactly it, I cannot see how the normal SMF cookie falls under the 'strictly necessary' definition. It's only an architectural matter of SMF that requires it, it isn't required to actually be able to make the site function, as opposed to, say, a shopping cart that basically would require it.

[feline]

1+ 

[Arantor]

Wait, when did you and I ever agree on anything?

[feline]

because we are not stupid ? 

[live627]

if(!checkECL_Cookie() && empty($user_info['possibly_robot']))
   return;

What is checkECL_Cookie()? I assume it's a function from ema's mod to check for cookie consent.

And you didn't extend this to spiders?? How... interesting.

[Arantor]

Yeah, that's something I picked up on earlier, allowing spiders in when not allowing users in (assuming modal acceptance) is a sure way to get penalised by search engines.

[feline]

Spider are (imho) guests they have accepted the ECL 
Of course ... it's possible that (in modal mode) to get a penalize. But I don't known how this will detect 

[Arantor]

I suppose you can probably argue implied consent for spiders but the problem is that search engines do sometimes visit without identifying themselves as spiders to validate that people aren't hiding content from guests without hiding it also from search engines.

There was a 'tech help site' that did this - supply a user agent of Googlebot and you'd get all the answers you wanted, but use a regular user agent and you'd be expected to pay for answers to questions on the site. I won't dignify them with a name because IMHO the site is one of the lowest forms of scum on the net.

[feline]

OK .. Thanks for the infomation.   
But .. because we have enabled the non modal mode (onyl WAP is modal, but locked in robots.txt) we are on a good way (I hope)

[Arantor]

Yeah, you should be fine, the problem is when it's modal - effectively blocking genuine users until accepting the cookies, while not blocking spiders at all.

[feline]

I don't known .. but have google a search engine they emulate a mobile device (like android) ?

[Arantor]

Yes, there is also a mobile user agent, though I forget what it is. But even then they have been known to do detection against UA testing.

[青山 素子]

There was a 'tech help site' that did this - supply a user agent of Googlebot and you'd get all the answers you wanted, but use a regular user agent and you'd be expected to pay for answers to questions on the site. I won't dignify them with a name because IMHO the site is one of the lowest forms of scum on the net.

Expert Sex Change (well, not with that spacing or capitalization in their name...), I think it was. Bet you can't see their name any other way from now on, now.

They are actually following the rules because the answers are all the way at the bottom of the page, and they use a cookie to block those completely on the third visit to their site - removing that cookie shows the answers again. Not the nicest approach, but they are actually following the rules.

[Arantor]

Expert Sex Change (well, not with that spacing or capitalization in their name...), I think it was. Bet you can't see their name any other way from now on, now.

Yes, yes that's exactly who I'm thinking of, and that ambiguity was one reason I didn't want to mention them, though I believe they've actually put a hyphen in the name now.

They are actually following the rules because the answers are all the way at the bottom of the page, and they use a cookie to block those completely on the third visit to their site - removing that cookie shows the answers again. Not the nicest approach, but they are actually following the rules.

They are *now*. That was their response to the penalties from Google. Originally all one had to do to see any amount of answers was to visit as Googlebot.

[tpgames]

I've read where Americans were really picky about cookies and privacy. I find it humourous that as much as Europe laughs at the USA, they come up with the cookie directive. All a person really has to do is delete cookies and the session is over.

If anything pertaining to cookies really goes to law, they aren't going to be able to police 50 trillion forums, fan sites, communities, businesses and so on. And, the law is really only as effective as the barrister/lawyer behind that law when it is argued in court. Also, a simple legal statement pertaining to cookies only being used to keep someone logged in and how they expire the instant user signs out, should go a long ways in protecting against cookie laws.

About SMF and cookies: I notice that no matter how I set things, I'm automatically logged out and have to relog back in. This has always been an issue for me on the server I use. I set it to "stay logged in for 36,000" as a joke, as I'm always logged out every hour or so anyways.  (And no, not a support question!) This could indicate to the user, that cookies on your site is very temporary and largely useless and don't track anything...including active key strokes. With that said, I still prefer SMF as its the only forum in softaculous that works my way.

[MrPhil]

Expert Sex Change (well, not with that spacing or capitalization in their name...), I think it was. Bet you can't see their name any other way from now on, now.

Reminds me of a photo of a small store, posted on one of those "FAIL!" sites: The Children's Exchange. Only, the sign kind of ran the words together in a Small Caps font that barely distinguished between capitals and lowercase...

[MrPhil]

I've read where Americans were really picky about cookies and privacy.

Actually, we're conditioned to give up all our information privacy in return for trinkets. It's physical searches (and the loss of dignity) we're squeamish about (see "Don't touch my junk!" case).

I find it humourous that as much as Europe laughs at the USA, they come up with the cookie directive.

You laughin' at us? I said, are you laughin' AT US?

If anything pertaining to cookies really goes to law, they aren't going to be able to police 50 trillion forums, fan sites, communities, businesses and so on. And, the law is really only as effective as the barrister/lawyer behind that law when it is argued in court. Also, a simple legal statement pertaining to cookies only being used to keep someone logged in and how they expire the instant user signs out, should go a long ways in protecting against cookie laws.

They will rely on the fear of heavy fines to keep sites in line. They won't need to police individual sites, except if they receive a complaint about cookies being used. A few website owners made destitute will do the job quite effectively, by striking fear into the hearts of everyone else. With that much money at stake, I'm sure they'll find effective prosecutors to press cases. Finally, technical explanations don't matter with non-technical juries. They're not going to understand a word of it. It's all a matter of theatre.