Setting cookies during site review.

[MoonHare]

I have been doing some site reviews and find the presence of cookies very disturbing in early stage projects. Why do you need to write to my hard-drive when I am looking at your front-page? I am trusting you to even go look at your site, if I can't do that with some sense of privacy and anonymity, then I don't want to do it. Am I off base here? Is there something I don't understand? Does this bother anyone else?

Dave (staff) wrote something on this issue in thread253-5868. He suggested that you can at least clarify what you are trying to put in a cookie so that the viewer is informed of what you are doing. I suppose that is the beauty of IE, the average viewer has no idea of how many cookies are getting set, but as for me.... I LIKE TO KNOW!

Other opinions?
Yrs,
The Moonhare

 

[Wullie]

Hi mate,

I think that setting a cookie does not always have to be explained to a user at the exact time it is happening.

If I use cookies on a site, it depends on what the information is used for whether or not I notify the user when the cookie will be written.

I would say that most of the cookies on sites are for advertising campaigns so that they can track return visitors etc.

On my current site, I don't use any cookies at all, but I still have a section in my privacy policy that explains why I might use them in the future or have in the past.

Assuming that they hav one, read the privacy policy for the site that you are on, it should always explain what information they gather and what they do with that info.

I used to allow a user to customise my site colours to their preferred combination, this also had a function to update all the urls on the site to pass the info on incase the user disallowed the cookie.

If it really bothers you, then disallow cookies in your browser, IE can do this very easily as can other major browsers.

Cookies can be dangerous things, but mostly they are used to make life easier for you in the future when you return to that site.

Hope this helps Wullie

sales@freshlookdesign.co.uk

http://www.freshlookdesign.com

http://www.thomsonassociates.co.uk

The pessimist complains about the wind. The optimist expects it to change. The leader adjusts the sails. - John Maxwell

 

[Wullie]

Hi mate,

I also noticed your post about this in another thread, that site is using session cookies which are totally different.

Hope this helps Wullie

sales@freshlookdesign.co.uk

http://www.freshlookdesign.com

http://www.thomsonassociates.co.uk

The pessimist complains about the wind. The optimist expects it to change. The leader adjusts the sails. - John Maxwell

 

[colcrys]

In some ways I share your concern but as wullie says it really is easy to disable automatic cookies and set them to 'Prompt'.

Having them prompt you also gives you the opportunity to examine the cookie's details before you agree - and if disagreeing causes the site to reject your visit... well there are many more sites to visit.

IMHO it is always preferrable to be the one in control and setting all scripts and cookies to prompt instead of allowing them to be automatic will - although slowing things down slightly - allow you to be the one who decides which site places things on your system.

Most really are innocuous - save for the ones with expiry dates some time in the year 2030 which seem to me like overkill - and can be very helpful.

But, I too wonder why a site under construction would need to place a cookie and if it was from a forum or participants other than those at tek-tips I also may be a tad suspicious.

I would suggest though, that there are much more serious things to be concerned about than cookies such as VBS and Active X scripts automatically runing willy-nilly behind the scenes.

 

[lbrown13]

If cookies are that much of a concern to
you, then you should set your browser
to prompt as suggested by colcrys and then look at the details before feeling like something malicious is taking place. You mentioned about getting a creepy feeling about my website setting a cookie. The cookie was merely setting the default language to english.
Not all websites have sneaky things going on.
=o)

Larry

 

[MoonHare]

I agree that you are all correct in saying that accepting cookies is a choice, but what is the value to you of having set them on your reviewers hard-drives? That's what I don't understand. If there is a reason, then it is reasonable to set cookies. Well, I will admit to being somewhat of a privacy advocate, I hope you all will forgive me.
Yrs,
The Moonhare

ps. The difference between worrying about malicious javascript and activex is that we have firewalls up to protect us there, but we have a mostly open door for cookies.

 

[lbrown13]

MoonHare,
Nothing to forgive, you were stating your opinions
and thankfully you and many others are concerned about
privacy issues. Sometimes I tend to be too trusting and
unconcerned, thanks for bringing the issue to light. It
never hurts to be cautious!


Larry

 

[Tarwn]

Well, if I was asking for a layout review, I would agree that setting cookies would be in bad taste, but if I am asking for a site review, shouldn't I have the site running as close to finished as possible? or should I spend more time hacking it to make it work without cookies in order to get peoples advice on it?

The above were rhetorical, I generally tend to not use cookies and rarely use session variables, and then people complain about all the information I am passing in forms. Unfortunatly the document.all.readUsersMind.preferences() collection isn't part of any language I have seen yet, so the data must be kept up with somehow.

In my mind when you are asking for a site review, it should be set up as your customers/visitors/clients will see it. Cookies, activeX, advertising, everything. If it's annoying someone will mention it, thats part of a site review.

-Tarwn --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
For my next trick I will pull a hat out of a rabbit (if you think thats bad you should see how the pigeon feels...)

 

[colcrys]

Hi MoonHare,

While I must demur with your comment about firewalls being all that effective against Active X, Java and VBS - except perhaps for in emails in the freeware of ZA (I think the Pro version offers slightly more protection).

If your software firewall is other than ZA or Tiny Personal Firewall - or unless you use a powerful hardware firewall, the idea one's 'puter is protected from sites running scripts automatically in the background is but an illusion.

Although I use ZA and Spyblocker, I still keep all script requests and cookies set to prompt. Try it and you will see that you will constantly get dialogue boxes popping up asking you if you want to let an Active X script run, or the 'Scripts are usually safe. Do you want to allow a script to run?' dialogue box (must have been written back in the Win3.1 days) when you visit many sites - regardless of your firewall.

Perhaps though, to calm your concerns somewhat, may I offer this link to a 'freeware' program I have been using for some time that will, at the click of your mouse, remove any and all cookies, links, temp files, and even clean your clipboard for you:

http://www.danish-shareware.dk/soft/emptemp/

You can set it to protect cookies from sites you view as friendly - such as the tasty 'Remember Me' cookie tek-tips uses (for which there is the classy link to turn it off on the Tek-tips home page) - and for all others they get the boot at your command.

I do share your concern though because after all....it isn't paranois if they really are after you.

 

[BDNFLNC]

If I am building a site and I ask that it be tested, I may want to know that the cookie works too. That is part of the development. Part of the testing also.

Don't like it? Don't test it!

 

[onpnt]

I guess I'll start it

This whole thread sounds like a bad case of misinformation and paranoia. Is there a valid reason behind things such as your browser type/version, OS etc. not wanting to be known? I'd really like to know that answer because I can't think of a reason on why it is an issue. Besides the fact that browsers already reveal some information about you without cookies: your IP address, operating system, browser type, etc. with far easier means then the use of cookies.

Although I do not use cookies, I use session variables on my site and many that I have worked on. It can be far more efficient then other means. I just really do not see the reasoning on why some are so against cookies. And to date, there has not been a single recorded incident of a virus being passed on through a cookie and or harm being caused. A language that doesn't affect the way you think about programming is not worth knowing.

http://www.onpntwebdesigns.com

admin@onpntwebdesigns.com

 

[Wullie]

One thing I also noticed in the very first post was:

I am trusting you to even go look at your site, if I can't do that with some sense of privacy and anonymity, then I don't want to do it.

Let's take a website and your local shop as being on the same par. When you walk into your local shop, the shopkeeper says "Hi, you back again, weren't you here earlier?" Do you complain and walk out?

There is nothing to imply that you have a right to anonymity on the web, just as you don't when you are walking down the street or doing anything else.

Setting a cookie to your machine is not a big deal, it does not give any more information out to the site other than what they set in that cookie in the first place.

Hope this helps Wullie

sales@freshlookdesign.co.uk

http://www.freshlookdesign.com

http://www.thomsonassociates.co.uk

The pessimist complains about the wind. The optimist expects it to change. The leader adjusts the sails. - John Maxwell