News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

[WIP/BETA] EU cookie law

Started by emanuele, April 21, 2012, 04:30:56 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 3 4 5 ... 13
User actions

Arantor

#40
May 21, 2012, 09:09:31 AM
Quote from: feline on May 21, 2012, 02:35:24 AM
We have decided to allow no access to the contents before the cookie storage is not accepted.
This switchable option we have implemented in our portal, but no one MUST use it.
That is at least more than SMF and other mod authors make ..

Won't that screw up search engine access entirely?

feline

#41
May 21, 2012, 09:17:26 AM
Quote from: Arantor on May 21, 2012, 09:09:31 AM
Won't that screw up search engine access entirely?
No .. search engines (they detect by SMF as robot) can read all  ;)

Arantor

#42
May 21, 2012, 09:23:37 AM
Oh, fantastic, you're going to fall foul of the cloaking rule then.

Basically Google penalises sites that show drastically different content to robots as to users. A certain technical site that expects people to pay for viewing answers, but showed everything to Google, was a notorious example, especially after Google dropped their site-wide PR by several points.

Whether that's automated or not is not entirely clear - but it's the reason why SMF doesn't allow you to show boards to search engines that guests cannot.

feline

#43
May 21, 2012, 09:47:19 AM
Well .. of course can google and co. not scan boards/topics they not visible for guests ..
a spider can see that what a guest can see .. if the ECL function enabled or not ..

Arantor

#44
May 21, 2012, 09:58:55 AM
But if you require people to accept cookies before any access to content, how can a search engine agree to accept cookies?

feline

#45
May 21, 2012, 10:49:33 AM
Well ... guest != spider  ;D
if($user_info['is_guest'] && !$user_info['possibly_robot']) go to ECL accept page
works also for wap/wap2/imode

Arantor

#46
May 21, 2012, 01:23:24 PM
Yes, yes, yes I know that guest != spider but if you show content to spiders and not to guests, firstly a user can spoof their user agent, and secondly it can and does draw SEO penalties from Google.

feline

#47
May 21, 2012, 02:44:14 PM
if a user spoof their user agent, then it's not a site holder problem .. that have nothing to do with the ECL.
And what have google to do with this? Google see the same with and without ECL accept  ???

Arantor

#48
May 21, 2012, 02:45:55 PM
-sigh-

You've provided the option for site owners to not allow content to be seen without ECL agreement. But you've allowed search engines to see it anyway.

Google can and has penalised sites for doing this.

feline

#49
May 21, 2012, 02:55:45 PM
Quote from: Arantor on May 21, 2012, 02:45:55 PM
You've provided the option for site owners to not allow content to be seen without ECL agreement. But you've allowed search engines to see it anyway.
True .. while google don't have a mouse button to click on "accept"  :D

Quote from: Arantor
Google can and has penalised sites for doing this.
Google have to learn the we are have a Law in the EU ..

Arantor

#50
May 21, 2012, 03:05:22 PM
So what if there is this law in the UK? Makes no difference to them. My problem with this is your implementation, because I guarantee Google aren't going to change that policy of theirs to be able to 'accept' anything.

CircleDock

#51
May 21, 2012, 04:02:29 PM
This is what happens when ill-informed politicians, egged-on by privacy activists, enact legislation that is frankly unworkable. Feline has implemented the safe option to stop all cookies until the (human) visitor makes a conscious decision to accept them, but she's allowing search engines to carry-on as normal. That's a fairly logical and sensible thing to do. But because Google will penalise sites that show different content to spiders than a visitor can see, that site will be penalised. And since Google is one of the main offenders with regard to third-party cookies, that's simply crazy.

So we have two choices: Prevent access to everyone including spiders to prevent first and third-party cookies being set and not have our pages indexed at all; or, prevent human visitors accessing pages but allow spiders and risk being penalised by Google. Great. Thank you Denmark for such a well thought-out piece of legislation.

feline

#52
May 21, 2012, 04:13:26 PM
Well .. we have implemented this as option for users in UK and other country's the have a concrete ECL.
No body MUST enable this .. it's a option they protect the users PC for cookies they he will not accept.
A non modal version is not cookie secure specially if you have google ads in your content. And SMF itself it's also not cookie secure (as example guest votes) and without a session cookie not all works correct.

Arantor

#53
May 21, 2012, 04:24:06 PM
I know what you're saying and I appreciate that you've put in the time and effort to do so but what I'm saying is that doing it screws other things up and people need to be aware of that fact (and taking the decision you have to treat search engines differently is not a wise one - but as long as you're aware of the consequences in penalties for sites that use it, that's up to you)

QuoteSo we have two choices: Prevent access to everyone including spiders to prevent first and third-party cookies being set and not have our pages indexed at all; or, prevent human visitors accessing pages but allow spiders and risk being penalised by Google. Great. Thank you Denmark for such a well thought-out piece of legislation.

Not really, no, we have other options.

We can avoid setting cookies and not issue anything to users pending agreement, or even not use cookies for guests whatsoever and not even start a session for them in the first place, which has other interesting aspects to it - but it does mean we have all sorts of choices ranging from strict to lax.

feline

#54
May 21, 2012, 04:40:04 PM
We have long time tested on this .. if you have a better solution for all the things, then let me known ...

Arantor

#55
May 21, 2012, 04:42:37 PM
My preferred solution is not one you want to implement, trust me on this.

Thantos

#56
May 21, 2012, 05:57:27 PM
What is funny is that while cookies might be the easiest way to track people it isn't the only way.  Anyone remember browser fingerprinting?

CircleDock

#57
May 21, 2012, 06:56:10 PM
Quote from: Arantor on May 21, 2012, 04:24:06 PM
QuoteSo we have two choices: Prevent access to everyone including spiders to prevent first and third-party cookies being set and not have our pages indexed at all; or, prevent human visitors accessing pages but allow spiders and risk being penalised by Google. Great. Thank you Denmark for such a well thought-out piece of legislation.

Not really, no, we have other options.

We can avoid setting cookies and not issue anything to users pending agreement, or even not use cookies for guests whatsoever and not even start a session for them in the first place, which has other interesting aspects to it - but it does mean we have all sorts of choices ranging from strict to lax.
As far as SMF right now is concerned, I don't believe we do have the luxury of other choices. What you're talking about are radical changes to the core and whilst that's undoubtedly do-able, it's not something that's going to happen in the next 2 days, 2 weeks or 2 months. I'm not sure if Emanuele's modification is SMF's official answer to the issue but if not then what is?

The issue may be addressed in v2.1, whenever that will be released, but who knows? Meanwhile we have just over two days to become compliant - or as close to full compliance as is possible and there are two solutions on offer: Feline's and Emanuele's. Neither are ideal - Feline's is part of PortaMx whilst Emanuele's fails to take into account third-party cookies, although there are ways to overcome that.

Your remarks are from the standpoint of a completely unmodified installation where the only cookies are those set by SMF itself. However I'd suggest that very few SMF powered Forum sites are quite so barren. Many I'm sure will have Google Analytics, mods such as Nibongo's multi-quote and/or Adk Portal and let's not forget the social network sites and Adsense which all deliver cookies via SMF served pages but are not necessarily stored in the browser's cookie folder for that site. Therefore it is quite impracticable to allow visitors to access the site under these circumstances, given that SMF is not designed to work without cookies.

As I said earlier, given the current constraints, it is better to allow spiders to index the pages and risk PR penalties than to lock-out spiders completely.

The real answer - and the long-term solution - must come from SMF since it is their software that is serving the pages. Surely it must be possible for the "system" to strip-out cookies from the prepared pages prior to serving them?

Arantor

#58
May 21, 2012, 07:03:19 PM
QuoteAs far as SMF right now is concerned, I don't believe we do have the luxury of other choices. What you're talking about are radical changes to the core and whilst that's undoubtedly do-able, it's not something that's going to happen in the next 2 days, 2 weeks or 2 months. I'm not sure if Emanuele's modification is SMF's official answer to the issue but if not then what is?

All the evidence I've seen is that if you are making reasonable attempts to be compliant and are working towards compliance (i.e. by working with the software manufacturers) then that's the best you can do, note that the ICO's OWN WEBSITE is not even compliant though they are working towards it, by their own admission. This is the same deal.

QuoteYour remarks are from the standpoint of a completely unmodified installation where the only cookies are those set by SMF itself.

*shrug* That's the only meaningful position I can take, since I don't use Google Analytics, nor any of those other mods that set cookies. All of my sites would theoretically be compliant with Emanuele's mod installed, so in that respect I'm not seeing much of a problem.

That said, how, exactly, would you suggest I take a different position? I cannot deal with all the permutations of mods that work with mods, there are so many permutations of mods that may or may not use cookies.

I know how I could solve this, in a mod, in time for compliance-day, but I also know that no-one here would want that solution, even though of all the benefits I believe it brings, and it would improve SMF's SEO position, save a buttload of resources in the process and so on, by simply not setting any kind of session until such time as a user actually logs in (and lose all tracking of guests)

Antechinus

#59
May 21, 2012, 07:17:43 PM
Quote from: Arantor on May 21, 2012, 07:03:19 PMI know how I could solve this, in a mod, in time for compliance-day, but I also know that no-one here would want that solution, even though of all the benefits I believe it brings, and it would improve SMF's SEO position, save a buttload of resources in the process and so on, by simply not setting any kind of session until such time as a user actually logs in (and lose all tracking of guests)...........

When you say "lose all tracking of guests", exactly how do you mean that? Would it still be able to show how many guests there were, and their IP's? If so, that would be fine IMO. I don't care what guests are actually doing, as long as I can check IP's.
Print
Go Up Pages 1 2 3 4 5 ... 13
User actions
Advertisement: