Cookies
- Matt_K
- Posts: 4809
- Joined: Mar 21, 2018
Hey mods, here's a write up on cookies; let me know your thoughts. I already disabled the banner as doing further research, it probably doesn't apply to us... but as you might have noticed about me, I prefer to be safe than sorry!!
Begin message:
So everyone's favorite banner is now disabled. There is a really good[url=https://privacypolicies.com/blog/eu-cookie-law/]summary found on privacypolicies.com. I'll provide some additional insight here that uses that article as a citation for the sake of expedience, although it would be easy to corroborate these facts elsewhere.
What are Cookies?
Cookies are files that a website leaves on your machine that allow it to store information about your browsing experience. Due to the way that website navigation works, it would be nigh impossible to have a functional user experience without these; they are an essential part of the web browsing experience. Even for static websites (in comparison to dynamic content such as this forum) they can be essential for storing login information, settings, shopping carts, and other myriad uses. They can also be used to track analytic information as well as be used for more nefarious use. Put more simply, cookies are a neutral technology that can be extremely useful, though like other technologies, can be used in ways you don't know or worse know about but would prefer otherwise!
Does TromboneChat use Cookies?
Yes! As do most websites. You'd be hard pressed to find a website, actually, that does not. We use the default settings in the phpBB software that use cookies to store such things as your login information (either for a session or for a longer period if you login while checking 'Remember Me'), what posts you have seen (so that you don't see posts you've already read in the 'Unread messages' section), and setting based information.
What are some of the "bad" uses of cookies?
The use of cookies can also raise a number of privacy concerns because of what certain websites use them for, which can include tracking for the purpose of data collection and targeted advertisements. This means that while you are browsing certain sites (most actually), things like Google are collecting things like the text in the browser, the relative location of a page that you are viewing, and other browsing habits for the purpose of selling you stuff.
Why did we have that annoying banner and why don't other sites have that?
A lot of people find cookies useful, but some are quite troubled by the level of tracking they are exposed to. They find it far too easy to be tracked; in 2011, the European Union agreed, and passed Directive 2009/136/EC, referred to as the "Cookie Law". This mandated that all countries within the EU setup laws requiring websites to obtain "informed consent" before they were allowed to retrieve information on a visitor's computer --- this includes cookies, whether or not they are used for tracking or are explicitly a part of the technology of the website; e.g. you have to still give a shopping cart permission to store your items even though the shopping cart is an integral part of the application and may serve no other motive.
How did that banner "solve" the problem?
The policy adopted by the all countries in the EU had 4 actions that were required for those utilizing cookies:
The banner is a feature of phpBB and helps comply with the law. You might have noticed that if you refuse, you were still able to log in. More on that in a little bit; that's an astute observation an you should feel proud of yourself for noticing!
Wait, is TBC a European website?
No, the TBC is US based. However, there is conflicting advice on just exactly who this law applies to, and we were playing it safe.
What about the "strictly necessary" clause?
As mentioned earlier, if you are a shopping cart, cookies are basically the technology. It would be pretty silly, and even impossible(?) to decline to use cookies and still have any functionality. The EU does make an exception for such "strictly necessary" cookies; however, this is not clearly defined. For example, those of us who use the "unread posts" are utilizing cookies that help keep track of what is read and when, so that when you come back you don't have duplicates or filter out posts you haven't read yet. Yet, this is not necessary for the functioning of a forum. But it sure is a "nice to have."
So now that the banner is gone, how are you complying with the EU law?
There are several ways to comply:
Additionally, there is a distinction made in the law regarding "First-Person" cookies vs. "Third-Person" cookies. We do not currently employ Third-Person cookies, meaning cookies from other sites for the purposes of targeted advertising. First-Person cookies are generally considered okay for these "nice to have" features, whereas third-party cookies are required to be disclosed. Option 3 was the method employed up until this point; however, it is possible to add this to our "Terms and Conditions". We are currently investigating changing the login screen to include this information, as that would be sufficient to satisfy the law, though as we only currently use first-person cookies and only for features of the site, we still do not have to do this; we simply prefer to be 'above board' and transparent about our activities.
Hopefully that clarifies the situation, and we're sorry for the inconvenience the banner may have resulted in over the time it was enabled.
Begin message:
So everyone's favorite banner is now disabled. There is a really good
What are Cookies?
Cookies are files that a website leaves on your machine that allow it to store information about your browsing experience. Due to the way that website navigation works, it would be nigh impossible to have a functional user experience without these; they are an essential part of the web browsing experience. Even for static websites (in comparison to dynamic content such as this forum) they can be essential for storing login information, settings, shopping carts, and other myriad uses. They can also be used to track analytic information as well as be used for more nefarious use. Put more simply, cookies are a neutral technology that can be extremely useful, though like other technologies, can be used in ways you don't know or worse know about but would prefer otherwise!
Does TromboneChat use Cookies?
Yes! As do most websites. You'd be hard pressed to find a website, actually, that does not. We use the default settings in the phpBB software that use cookies to store such things as your login information (either for a session or for a longer period if you login while checking 'Remember Me'), what posts you have seen (so that you don't see posts you've already read in the 'Unread messages' section), and setting based information.
What are some of the "bad" uses of cookies?
The use of cookies can also raise a number of privacy concerns because of what certain websites use them for, which can include tracking for the purpose of data collection and targeted advertisements. This means that while you are browsing certain sites (most actually), things like Google are collecting things like the text in the browser, the relative location of a page that you are viewing, and other browsing habits for the purpose of selling you stuff.
Why did we have that annoying banner and why don't other sites have that?
A lot of people find cookies useful, but some are quite troubled by the level of tracking they are exposed to. They find it far too easy to be tracked; in 2011, the European Union agreed, and passed Directive 2009/136/EC, referred to as the "Cookie Law". This mandated that all countries within the EU setup laws requiring websites to obtain "informed consent" before they were allowed to retrieve information on a visitor's computer --- this includes cookies, whether or not they are used for tracking or are explicitly a part of the technology of the website; e.g. you have to still give a shopping cart permission to store your items even though the shopping cart is an integral part of the application and may serve no other motive.
In other words, if you’re in Europe and host a website that uses cookies, you are required to tell your visitors that you’re using cookies, let them know what those cookies are being used for, and get their consent before you can place cookies on their device.
How did that banner "solve" the problem?
The policy adopted by the all countries in the EU had 4 actions that were required for those utilizing cookies:
- When someone visits your website, you need to let them know that your site uses cookies.
- You need to provide detailed information regarding how that cookie data will be utilized.
- You need to provide visitors with some means of accepting or refusing the use of cookies in your site.
- If they refuse, you need to ensure that cookies will not be place on their machine.
The banner is a feature of phpBB and helps comply with the law. You might have noticed that if you refuse, you were still able to log in. More on that in a little bit; that's an astute observation an you should feel proud of yourself for noticing!
Wait, is TBC a European website?
No, the TBC is US based. However, there is conflicting advice on just exactly who this law applies to, and we were playing it safe.
What about the "strictly necessary" clause?
As mentioned earlier, if you are a shopping cart, cookies are basically the technology. It would be pretty silly, and even impossible(?) to decline to use cookies and still have any functionality. The EU does make an exception for such "strictly necessary" cookies; however, this is not clearly defined. For example, those of us who use the "unread posts" are utilizing cookies that help keep track of what is read and when, so that when you come back you don't have duplicates or filter out posts you haven't read yet. Yet, this is not necessary for the functioning of a forum. But it sure is a "nice to have."
The exact EU guidelines regarding the “strictly necessary” exception read as follows:
“This shall not prevent any technical storage or access for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or as strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service.”
If you are uncertain whether your cookies are strictly necessary, it’s best to consult your local regulators. They can provide additional insight and specific guidelines for your country. In general, it is best to err on the side of caution. Unless you absolutely know your cookies are strictly necessary, assume they are not.
Any cookie that does not fall under the “strictly necessary” definition needs consent before you can store it on a visitor’s device.
So now that the banner is gone, how are you complying with the EU law?
There are several ways to comply:
- Option 1 – Get rid of your cookies -- not really an option, since the forum simply wouldn't function without cookies
- Option 2 – Add a Pop-Up or Similar Technology
- Option 3 – Get Implied Consent
- Option 4 – Add It to Your Terms and Conditions
Depending on your country’s interpretation of the law, you may only need to get a user’s “implied consent.” Rather than forcing every user to click “accept” before they can access your site, you can instead display a short message informing them that cookies are being used, typically through a header bar or some other non-obstructive method. After a predefined period of time, which may be as short as a few seconds, the announcement can disappear. If the user remains on your site, consent is implied.
Additionally, there is a distinction made in the law regarding "First-Person" cookies vs. "Third-Person" cookies. We do not currently employ Third-Person cookies, meaning cookies from other sites for the purposes of targeted advertising. First-Person cookies are generally considered okay for these "nice to have" features, whereas third-party cookies are required to be disclosed. Option 3 was the method employed up until this point; however, it is possible to add this to our "Terms and Conditions". We are currently investigating changing the login screen to include this information, as that would be sufficient to satisfy the law, though as we only currently use first-person cookies and only for features of the site, we still do not have to do this; we simply prefer to be 'above board' and transparent about our activities.
Hopefully that clarifies the situation, and we're sorry for the inconvenience the banner may have resulted in over the time it was enabled.