Text only | Text with Images

ElkArte Community

Elk Development => Feature Discussion => Topic started by: elk.helmer.co on January 13, 2014, 03:45:54 am

Title: EU notification of the site use of cookies
Post by: elk.helmer.co on January 13, 2014, 03:45:54 am
Hello,

I just installed elk on one of my sub-domains "elk.helmer.co". Have not had time to create any boards yet, but will get to it in time. I have an issue in that my sites are hosted in Germany and as such I have to notify. all visitors and users about the sites use of cookies. This is not a problem on SMF as there is a mod for it.

I noticed that when I went to the system screen it said it could not connect to the main ,site and all versions listed on the left were question marks. Also, when I want to the package manager it informed me that the third party site was not available.

Is there any mods available and if so can you provide a link?

Anyways back to the cookie notification, I cannot open the site to the public until I have either a mod or feature.

Thanks,


John

BTW: I really liked what I see so far, great job!
Title: Re: EU notification of the site use of cookies
Post by: emanuele on January 13, 2014, 05:06:20 am
Hello John and welcome at Elk! :D

Which mod are you using from SMF?
Depending on several factors it may even still work with Elk.

I wrote one for SMF, and I want to port it to Elk "soonish"[1], but it was intended for the UK (first, strict) version of the law (so no use of cookies unless explicitly accepted, etc.).
I didn't have motivation, now I have it, I didn't have the time, but I can find it.
Title: Re: EU notification of the site use of cookies
Post by: elk.helmer.co on January 13, 2014, 11:57:39 am
Thank you for the welcome. The EU mod I use for SMF is EUCookie1.1.zip. The other mod that I always install is GoogleTranslateforSMF2.0v1.4.zip.

Thanks,

John
Title: Re: EU notification of the site use of cookies
Post by: TE on January 13, 2014, 12:05:12 pm
the translator modification is IMHO useless these days.. all modern browsers such as Chrome or IE11 (dunno if FF also) has got a build-in translation support and suggests websites to be translated in your native language.
Title: Re: EU notification of the site use of cookies
Post by: elk.helmer.co on January 13, 2014, 12:29:29 pm
TE,

While what you say about browsers may be true, this is the most requested mod at my other sites.
Title: Re: EU notification of the site use of cookies
Post by: emanuele on January 13, 2014, 12:47:40 pm
http://custom.simplemachines.org/mods/index.php?mod=3693

Will take a look and try to mix with mine (just to have only one to maintain O:-)).

A couple of weeks ago I opened this issue:
https://github.com/elkarte/Elkarte/issues/1207
since there are more and more requests around the world for privacy policy and cookies and so on, I think that it could be addressed (maybe partially, dunno exactly how yet) for 1.1.
Title: Re: EU notification of the site use of cookies
Post by: elk.helmer.co on January 13, 2014, 04:21:44 pm
Thank you. I will have to wait to configure my new Elk site until this is resolved. I am really surprised it was not part of the beta unless they were only targeting the US?
Title: Re: EU notification of the site use of cookies
Post by: emanuele on January 13, 2014, 04:52:35 pm
TBH I'm still a bit unsure about all the different EU regulations... :-\
Title: Re: EU notification of the site use of cookies
Post by: elk.helmer.co on January 23, 2014, 12:00:15 am
emanuele,

I just heard from the author of the SMF EU Mod and good news, he has ported it to ELK. He would like to know where to upload it too? Have you setup an area yet? If not do I need to host it on my site?

Thanks,


John
Title: Re: EU notification of the site use of cookies
Post by: emanuele on January 24, 2014, 03:12:24 am
Sorry for the late reply.

For the moment we have collected the addons at github:
https://github.com/elkarte/addons
Sorry for the "technical mumbo-jumbo", but it's to give all the info, if there are doubts feel free to ask!
This repository is a bit "special", because we are not pushing there the full code, but just "sub modules (http://git-scm.com/book/en/Git-Tools-Submodules)" (it's a way to deal with repositories so that you don't have to push changes to a "central repository", in fact a way to collect "links").

I'm not completely sure this is the best way to deal with addons and suggestions are welcome of course!
Title: Re: EU notification of the site use of cookies
Post by: emanuele on November 30, 2014, 03:25:43 pm
Baaaaack on topic here for a second.

I was re-digging the EU directive and the various laws to better understand another situation I have pending and I would like to share a bit of my own considerations.

First off: [abbr=I'm not a lawyer]IANAL[/abbr].

That said, let's have a look at the legislation.
At the Europe level, the only thing we have is a directive, the so called ePrivacy directive (http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32002L0058:EN:HTML).
For those not familiar with European legislation paths, a directive is a sort of "general idea" that the bodies of the European Union give to the various Member States (yeah, I know, it's very, very summarised), based on that text, each MS has to write a law that covers the various points of the directive.

So, we have a directive and 28 different implementations, one for each MS.
In the literature section of the wikipedia page, you can find a couple of links to descriptions of the implementation of the directive in UK and France:
https://en.wikipedia.org/wiki/Directive_on_Privacy_and_Electronic_Communications

Honestly I still have to deeply read the Italian one, because it's a bit messy (it resulted just a slight variation of text of a previously existent law about privacy), but luckily, we have from the EU a nice web page with a summary of the goals of the directive and some hints on the implementation in order to be compliant with it:
http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm

There are two interesting parts, the first is:
QuoteIn other words, you must ask users if they agree to most cookies and similar technologies (e.g. web beacons, Flash cookies, etc.) before the site starts to use them.
that means that simple javascript boxes to inform the user "we use cookies, deal with it." are not enough. You actually have to ask the user in advance if he allows the site to store cookie or not.

And the second interesting part is:
QuoteCookies clearly exempt from consent according to the EU advisory body on data protection- WP29 (http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2012/wp194_en.pdf) include:

  • user‑input cookies (session-id) such as first‑party cookies to keep track of the user's input when filling online forms, shopping carts, etc., for the duration of a session or persistent cookies limited to a few hours in some cases
  • authentication cookies, to identify the user once he has logged in, for the duration of a session
  • user‑centric security cookies, used to detect authentication abuses, for a limited persistent duration
  • multimedia content player cookies, used to store technical data to play back video or audio content, for the duration of a session
  • load‑balancing cookies, for the duration of session
  • user‑interface customisation cookies such as language or font preferences, for the duration of a session (or slightly longer)
  • third‑party social plug‑in content‑sharing cookies, for logged‑in members of a social network.
and that means all the cookies set by ElkArte are all (almost) acceptable.
There may be a couple of edge cases, where the cookie is set forever, instead of a "short period", but not a terribly big deal.

What really requires approval, are cookies used by 3rd-party services, like google analytics, or google adsense (just to mention the two most famous). In these cases, before "enabling" the code for these tools, you should ask the user visiting your site if they want to have these cookies on their computers.
Title: Re: EU notification of the site use of cookies
Post by: Jorin on December 01, 2014, 07:54:00 am
Thank goodness! Nothing needs to be done! Puh!
Title: Re: EU notification of the site use of cookies
Post by: emanuele on December 01, 2014, 08:10:35 am
Of course that's my own personal interpretation of what the Europe seems to want, it may differ from the specific legislation of each single Member State.
But unless some very strict interpretation has been made it should be all good.
Title: Re: EU notification of the site use of cookies
Post by: radu81 on May 18, 2015, 03:27:03 am
I just read an article that before 3 June all websites who are using cookies should mention it. I am using Google Analytics and G. Adsense on my forum. Is there any addon for Elkarte regarding cookies? TY
Title: Re: EU notification of the site use of cookies
Post by: emanuele on May 25, 2015, 12:03:24 pm
I guess I'd have to write down something.
As far as I understood, analytics should be fine with the simple "warning", while adsense may be a little trickier (because it is a profiling cookie), though I'm no more sure of anything on the matter... :-\
Title: Re: EU notification of the site use of cookies
Post by: emanuele on May 26, 2015, 05:20:18 am
@radu81 http://www.italiansmf.net/forum/index.php?topic=1582.0
I'll push it later to the addons site.

For the reference page you can either use:
a topic (simple and no messing)
 SP (http://www.elkarte.net/community/index.php?topic=1399.o) if you already have it installed (install SP just for one page seems overkill)
* the Pages (http://www.elkarte.net/community/index.php?topic=2494.0) addon.
Or create a page by yourself. :P
Title: Re: EU notification of the site use of cookies
Post by: radu81 on May 26, 2015, 05:56:29 am
It works, thank you! Now I have to write the policy info. I'll use SP pages, I already use it on my forum
Title: Re: EU notification of the site use of cookies
Post by: radu81 on March 09, 2016, 02:47:09 am
@emanuele I think this was not inserted into the addons site, or at least I wasn't able to find it
Title: Re: EU notification of the site use of cookies
Post by: emanuele on March 09, 2016, 05:02:11 pm
Most likely not. O:-)
Title: Re: EU notification of the site use of cookies
Post by: ahrasis on March 10, 2017, 08:27:25 pm
I think this can be made into an addon without much difficulties: https://cookieconsent.insites.com/download/
Title: Re: EU notification of the site use of cookies
Post by: Feline on March 12, 2017, 03:49:50 pm
As a Note from me:  in Europe specially in Germany​ it's not allowed to set any cookie until ECL is accepted !!  Also not a session cookie or what else ...

Our new Forum system have a ECL that exactly do that ...

Feline
Title: Re: EU notification of the site use of cookies
Post by: emanuele on March 12, 2017, 05:25:24 pm
Interesting fact what seems to be the German government doesn't respect its own rules then: https://www.bundesregierung.de/Webs/Breg/EN/Homepage/_node.html
It sets me 2 (session) cookies and it doesn't even have a banner or something informing me these cookies are set.
amazon.de that sets some 7/8 cookies and I don't even allow the js on the ad system... :-\
spiegel.de (just a random site I found on google that seemed somehow relevant), instead, sets something like 23 cookies (some session, some lasting few days, some lasting a month), including google analytics, and I can't see any hint on the screen that cookies are used (actually, not even searching for cookie reveals anything).

I admit we are lacking in the area, but don't give me the "this is important" propaganda, it's just a law that nobody cares about.
The day someone will be fined for not showing a notice about cookies I'll consider it a critical issue, otherwise I have other much pressing issues to care. :)

And BTW: https://webdevlaw.uk/2017/01/10/cookie-law-reform-announcement/
So, in about a year the rules will change again...
Title: Re: EU notification of the site use of cookies
Post by: radu81 on March 12, 2017, 05:54:26 pm
Quote from: Feline – As a Note from me:  in Europe specially in Germany it's not allowed to set any cookie until ECL is accepted !!  Also not a session cookie or what else ...
It's the same in Italy, or at least it should be this way but there are very few websites that are respecting this rule. When this law came out I lost a couple of nights reading all the information available and investigate some famous websites. The results were similar to what Emanuele found, and only a few websites set the cookies only after the user accept it. 
Title: Re: EU notification of the site use of cookies
Post by: ahrasis on March 13, 2017, 12:05:45 am
Lol. I am not ready to talk about the cookie laws or comment any of them. I was merely suggesting something that could be used to create an addon. Not that I could not do it myself but I am kinda lazy lately. :P
Title: Re: EU notification of the site use of cookies
Post by: Jorin on March 13, 2017, 02:11:00 am
Quote from: ahrasis – I think this can be made into an addon without much difficulties: https://cookieconsent.insites.com/download/

Thanks a lot!  :)
Title: Re: EU notification of the site use of cookies
Post by: Feline on March 13, 2017, 05:53:14 am
Well .. I don't known what other Sides do and what not .. but I say it is possible to browse (limited) a side without any cookie. This you can see on our side ...

But .. this is only possible with a lot of changes in the code .. and that is one point we do in our new Forum system  ;)
Title: Re: EU notification of the site use of cookies
Post by: ahrasis on March 13, 2017, 07:25:20 am
Actually I visit portamx from time to time, though I may not log in, so, I kinda knew all about your new forum @Feline, including the cookie thing. And it runs well with your portal too. Congratulations for that.

I also hope you can upgrade that subforums mod so that it can be used with your forum users/followers. It definitely has its own fans though one of them have decided to move on to ElkArte. ;) As you might already know, I adjusted it to work for ElkArte with the help of @emanuele and @Spuds and it is available in the addon section.

Keep up the good work and all the best @Feline.
Title: Re: EU notification of the site use of cookies
Post by: Jorin on August 23, 2017, 05:36:56 am
I often stick with e-recht24.de, a website giving information about all that matters (for admins). So I installed the cookie notification too.  ::)  I used this one, it's 100% local stored. No script from another site needs to be loaded.

Edit: Hey @Spuds, I got the error with the link inserted at the beginning of the text, not at the cursor position! I wrote the text above, marked the part "this one", clicked on the URL BBC button, inserted the URL https://cookie-bar.eu/, and the code jumps at the very beginning of the text.  :o
Title: Re: EU notification of the site use of cookies
Post by: ahrasis on August 23, 2017, 09:11:43 pm
@Jorin, I am not sure whether you are answering to this topic or the addon created at http://www.elkarte.net/community/index.php?topic=4328.0 but I guess it should be the later. But I am not going to move this post yet before you confirm this or you can move it yourself later on.

In any event, the addon does use the script from external source as stated in its (only) code:
Code: [Select]
	$context['html_headers'] .= '
	<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.css" />
	<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.js"></script>
	<script>
	window.addEventListener("load", function(){
	window.cookieconsent.initialise({
	  "palette": {
		"popup": {
		  "background": "#000"
		},
		"button": {
		  "background": "#f1d600"
		}
	  }
	})});
	</script>
	';
Clearly, this can be downloaded to EA and use as an internal source rather than external without much hassle. The only good thing about this external source is it is using CDN[1]which won't affect your site very much if you are using the addon as it is.
Talking about CDN, I was practically playing around with it when my server went off two months ago. May be I'll post and talk about it in here later.
Title: Re: EU notification of the site use of cookies
Post by: Jorin on August 24, 2017, 01:41:29 am
Quote from: ahrasis – @Jorin, I am not sure whether you are answering to this topic or the addon created at http://www.elkarte.net/community/index.php?topic=4328.0 but I guess it should be the later. But I am not going to move this post yet before you confirm this or you can move it yourself later on.

I posted it here because I don't use your addon for this matter. So why should I post this in the addon thread? It's a general post about cookie notification handling, so in my opinion it should stay here, don't you think?
Title: Re: EU notification of the site use of cookies
Post by: ahrasis on August 24, 2017, 01:53:36 am
Sorry about that but I didn't know and as said, I just guess.

And that may be because I was re-reading this thread from what we have previously discussed about / regarding this and misunderstood your previous response:
Quote from: Jorin –
Quote from: ahrasis – I think this can be made into an addon without much difficulties: https://cookieconsent.insites.com/download/

Thanks a lot!  :)

And since you confirmed otherwise, so . . . :P
Title: Re: EU notification of the site use of cookies
Post by: Jorin on August 24, 2017, 02:22:51 am
No problem! It's a bit confusing and I am a bit of responsible for that.  O:-)
Title: Re: EU notification of the site use of cookies
Post by: Spuds on August 24, 2017, 11:08:25 am
Quote from: Jorin – Edit: Hey @Spuds, I got the error with the link inserted at the beginning of the text, not at the cursor position! I wrote the text above, marked the part "this one", clicked on the URL BBC button, inserted the URL https://cookie-bar.eu/, and the code jumps at the very beginning of the text.  :o
If you are using Edge then I know about that problem and have a work around committed for RC2
Title: Re: EU notification of the site use of cookies
Post by: Feline on August 24, 2017, 03:04:45 pm
Here in europa a site do not set any cookie until the visitor have accepted that.
Also you need a info page, on where you can see wich cookie is set, from where it's comes and for what it's used.

This we have on our Forum Release implemented ..
So it's NO cookie set, but a Visitor can browse the site (limited) without any cookie !!
No session id cookie .. simple nothing ..  only Spider can set cookies (he never see the ECL overlay)  ;)

For normal Visitors a small overlay at the top is shown until you click on "I accept cookies" ..
Then a ECL cookie is set for 30 days, and a session id cookie is created.

If a visitor comes back before the ecl cookie becomes timeout, no ecl screen is shown and the ecl cookie is set fot the next 30 days. Have the user a valid login cookie, he is logged in automatically.

Also we have implemented a "Spider test", so you can see what a Spider can see and what he can do ..
If you start a Spidertest,. you will be logged out and all cookies are removed. Now you are a Spider  :o
You can Browse the forum and what YOU can see also a Spider can see .. a good test I think ..

If you stop the Spidertest, you are automatically logged in and all your cookies are restored.

That is what we need in Europe  ;)

Fel
Title: Re: EU notification of the site use of cookies
Post by: Frenzie on August 24, 2017, 05:14:47 pm
Quote from: Feline – Here in europa a site do not set any cookie until the visitor have accepted that.
Also you need a info page, on where you can see wich cookie is set, from where it's comes and for what it's used.

Would you happen to have a link to the German implementation of the EU directive? I've laid out my position here (https://github.com/elkarte/Elkarte/issues/2395#issuecomment-210798988).
Title: Re: EU notification of the site use of cookies
Post by: Feline on August 25, 2017, 06:29:57 am
Look here
http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm
Title: Re: EU notification of the site use of cookies
Post by: Frenzie on August 25, 2017, 09:48:30 am
At http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm#section_2 it refers to the same source I mentioned regarding cookies that are exempt. In many countries something like a PHPSESSID cookie also has implied consent because it's completely harmless, even though it's probably non-essential. (That being said, what does Elk use it for anyway?)
Title: Re: EU notification of the site use of cookies
Post by: Feline on August 25, 2017, 11:39:58 am
well .. our Forum works (without the ECL cookie and without a session cookie) mostly complete ..
you can see most content but not login or register a account.
also we have a info screen for the description of each cookie we use. also exactly what is describe in the legislative ...
and I don't understand why other forum's that NOT have...
if you live in a other country you can disable this function.
Title: Re: EU notification of the site use of cookies
Post by: emanuele on August 25, 2017, 12:18:21 pm
Yes, Feline, you are fairly perfect with your forum software, we all know. Thanks for the reminder. :)

Quote from: Frenzie – (That being said, what does Elk use it for anyway?)
IIRC (but it's a while I don't check it out), the PHPSESSID is used to store the current session name.
The session is then used to:
1) maintain what most of the forum admins want the most:
QuoteMost Online Today: 55
2) Partially is used for http://www.elkarte.net/community/index.php?action=stats too (i.e. the part that keeps track only every so often).
3) For "customization" (e.g. toggling of the header/other elements).
4) The only other case I think the session is used for guests is in case of bans to avoid checking at each and every page load the status in the database (but actually this is covered by another specific cookie).
5) Of course, it's also used in case of guests allowed to posts (should remember both the last time of the post (attempt to reduce spam) and the id data like selected user name and email), and guests allowed to vote in pulls (keeps track of the vote as a soft way to prevent multiple votes... as valid as it is).

There are two somehow not so solid points:
1) the point 1 above, that strictly speaking is not exactly necessary to provide the service,
2) the lifetime of the cookie is usually not set to expire, though the session is set to be removed every... hour or so, so even though the cookie with the session name remains, the session disappears from the server, so, all in all the information of the cookie after the session is expired is pointless.

All the other points, to my understanding, are fairly within the specifications of the law.
Title: Re: EU notification of the site use of cookies
Post by: Frenzie on August 25, 2017, 03:10:55 pm
It is indeed a beaut of a cookie information notice @Feline !

Quote1) the point 1 above, that strictly speaking is not exactly necessary to provide the service,
Right, I guess that one could potentially be tricky if your local jurisdiction has decided to implement the EU directive draconically for some reason. But when you consider that according to 00879/12/EN WP 194 even limited first-party analytics is regarded as borderline exempt already, with a recommendation to add a third exemption, then this little "is this even analytics?" cookie to provide an approximate number of unique visitors doesn't seem worth nearly as much thought as we're giving it right now. :P

Quote2) the lifetime of the cookie is usually not set to expire, though the session is set to be removed every... hour or so, so even though the cookie with the session name remains, the session disappears from the server, so, all in all the information of the cookie after the session is expired is pointless.
Maybe it depends on what you do while looking around but when I check it just says it'll be deleted when you close the browser.
Title: Re: EU notification of the site use of cookies
Post by: emanuele on August 25, 2017, 03:40:12 pm
Quote from: Frenzie – doesn't seem worth nearly as much thought as we're giving it right now. :P
O:-)

Quote from: Frenzie –
Quote2) the lifetime of the cookie is usually not set to expire, though the session is set to be removed every... hour or so, so even though the cookie with the session name remains, the session disappears from the server, so, all in all the information of the cookie after the session is expired is pointless.
Maybe it depends on what you do while looking around but when I check it just says it'll be deleted when you close the browser.
hmm... maybe I was wrong. :P
Title: Re: EU notification of the site use of cookies
Post by: Feline on August 25, 2017, 03:48:41 pm
Quote from: emanuele – Yes, Feline, you are fairly perfect with your forum software, we all know. Thanks for the reminder. :)
 
Well .. I do my best .. but perfectly ? no.. but I do that from where I think that  what I do is good for our members. so you can stop your ironic.
thanks, Feline
Title: Re: EU notification of the site use of cookies
Post by: ahrasis on August 25, 2017, 08:19:22 pm
Quote from: Feline – if you live in a other country you can disable this function.

I was thinking is there a simple way to make this cookie notification appears only in EU countries as it could be annoying for people from other countries to see the notification not related to them each time?
Title: Re: EU notification of the site use of cookies
Post by: Feline on August 26, 2017, 06:28:09 am
it is not the point from where the visitor comes. the point is who the site is hosted and who is the home of the site owner ..
Title: Re: EU notification of the site use of cookies
Post by: ahrasis on August 26, 2017, 07:22:57 pm
So, this EU Cookie laws are affecting "only" site's hosting place and owner or end users as well? Before, I thought it depends on the end users, where they are i.e. if they are in EU, they must be notified by this cookie notification, otherwaise, if they are from other countries, they don't have to be notified.
Title: Re: EU notification of the site use of cookies
Post by: Feline on August 27, 2017, 06:51:10 am
Well .. most sites (also outside the EU) do inform the user, that the site uses cookies (see Google), but this is only a information, not a "supress" settings of cookies.
And I dont understand where is the problem to
a) inform the user about cookie settings
 and
b) supress the settings of cookies until user accept this

it is not the problem that this is not possible, it's a problem on the thinkig (or ignorance) of the Programmers ..

Fel
Title: Re: EU notification of the site use of cookies
Post by: ahrasis on August 27, 2017, 07:15:36 am
If it is not an obligation, I will prefer not to display it by default to users from other countries and that is just a matter of personal preference. So, repeating my question, is there a simple way to make this cookie notification appears only in EU countries / users in EU countreis? If yes, I would like to try that as an addon for ElkArte since we do not have it by default in here.

Edited: Done. EU Cookie addon updated to give effect to this.
Title: Re: EU notification of the site use of cookies
Post by: Jorin on August 28, 2017, 04:10:17 pm
Quote from: Spuds –
Quote from: Jorin – Edit: Hey @Spuds, I got the error with the link inserted at the beginning of the text, not at the cursor position! I wrote the text above, marked the part "this one", clicked on the URL BBC button, inserted the URL https://cookie-bar.eu/, and the code jumps at the very beginning of the text.  :o
If you are using Edge then I know about that problem and have a work around committed for RC2

It happened with IE.
Title: Re: EU notification of the site use of cookies
Post by: emanuele on August 28, 2017, 05:59:28 pm
Quote from: Feline – it is not the problem that this is not possible, it's a problem on the thinkig (or ignorance) of the Programmers ..
And to me it's ignorance of the users. How many do you think give a s*it about what's written in the notice?[1]
And for those that actually read it, how many do you think understand the implications?
I guess just the programmers.
On top of that, each and every user already has all the tools he needs in his own browser, but guess what? Nobody use any because nobody really cares[2].

So, I (i.e. a developer of a software) have to spend time creating tools (not effective and that are duplication of something that already exists) in order to give owners of websites the possibility to try to teach something to someone that is not in the slightest interested in learning it.

Yeah, sounds like a very good way to invest time. :P

You have your opinion, I have mine.
I was the one that first came up with a mod for SMF to force the opt-in of cookies by the visitors (and IIRC at the beginning you used it yourself), at the time I thought it was worth. Now I don't think it is, and as such I'm not going to spend time implementing it for ElkArte.
If anyone else is going to take up the task I'm of course not against it.
Considering I still have to meet someone that has read even once the terms and conditions of any service he subscribed to.
Let alone the consideration that these tools once were very prominent in the browsers, but then, in order to make life easier, the browser developers hidden these settings away in remote areas of the settings that it's even difficult to find
Title: Re: EU notification of the site use of cookies
Post by: Feline on August 28, 2017, 06:18:11 pm
Well .. YOU have your meanings, I have a other ...
I live in Germany and we have a law for cookies .. so I adhere to this law .. and make this available in my software.
Nobody must use it, but everyone can use it .. that's how simple life can be ...  :D

Fel
Title: Re: EU notification of the site use of cookies
Post by: Frenzie on August 29, 2017, 05:12:55 am
Quote from: emanueleLet alone the consideration that these tools once were very prominent in the browsers, but then, in order to make life easier, the browser developers hidden these settings away in remote areas of the settings that it's even difficult to find
Except possibly in Opera I don't think it was ever prominent. I suppose you mean how for a while in the early days of Firefox 4+ idiocy they hid it under advanced history settings or something especially unintuitive like that.
Title: Re: EU notification of the site use of cookies
Post by: Jorin on August 29, 2017, 05:30:31 am
Quote from: Feline – I live in Germany and we have a law for cookies ..

Do we? Not really. Read this please:

Quote from: https://hosting.1und1.de/digitalguide/websites/online-recht/die-eu-cookie-richtlinie-teil-1-was-gilt-in-deutschland/In Deutschland wurde die Cookie-Richtlinie nicht eigens mit einem neuen Gesetz umgesetzt. Der Grund: Die Bundesregierung sieht die Richtlinie bereits mit dem deutschen Telemediengesetz (TMG) als erfüllt an. Jedoch deckt das TMG die Forderungen der EU-Richtlinie nicht umfassend ab. Denn viele verstehen die Cookie-Richtlinie der EU als Anordnung einer Opt-in-Pflicht, wogegen das TMG allein eine Opt-out-Variante vorschreibt. Datenschützer kritisieren deshalb die schwache Umsetzung der EU-Richtlinie. Da das TMG momentan geltendes deutsches Recht darstellt, müssen Website-Betreiber in Deutschland lediglich folgende Anforderungen erfüllen:

•Die Nutzer müssen über die Datenspeicherung verständlich und umfassend informiert werden.
•Die Nutzer müssen der Datenspeicherung widersprechen können.
•Die Daten dürfen nur anonymisiert gespeichert werden – außer die Nutzer stimmen der Speicherung personalisierter Daten zu.

It's very difficult for admins in the EU to be sure what they must do and what they can do. I hate this situation.
Title: Re: EU notification of the site use of cookies
Post by: Ruth on August 29, 2017, 06:23:40 am
I am a bit confused now, Jorin.

So it would be still enough to have a little information about cookies while people register - as we always had it before?
Our users agree in which way cookies work in our forum, when they register.

There is also a topic for guests, in which they can read the same text about cookies.

If this would be enough, I do not need to install an addon....and I don't have to close an information-box any time, when I enter the forum - to see it complete. ::)  It is just disturbing for me on sites which are using such an addon.
Title: Re: EU notification of the site use of cookies
Post by: Jorin on August 29, 2017, 06:33:15 am
The absolute minimum is an information that cookies are used AND the possibility to reject them - which you will when you are not logging in or leaving the site. That's what 1&1, e-recht24.de and some other sites are explaining, yes.

You can do more to be on a safe path for the future. But for now... This is the least you should do.
Title: Re: EU notification of the site use of cookies
Post by: Feline on August 29, 2017, 06:34:07 am
Quote from: Jorin –
Quote from: https://hosting.1und1.de/digitalguide/websites/online-recht/die-eu-cookie-richtlinie-teil-1-was-gilt-in-deutschland/•Die Nutzer müssen über die Datenspeicherung verständlich und umfassend informiert werden.
•Die Nutzer müssen der Datenspeicherung widersprechen können.
•Die Daten dürfen nur anonymisiert gespeichert werden – außer die Nutzer stimmen der Speicherung personalisierter Daten zu.

Exactly what I do in our Forum ...
We have a small area (at the top), so any user can read the Privacy Notice ..
Um die Rechtsvorschrift der Europäischen Union zu erfüllen sind wir verpflichtet, Benutzern die auf "portamx" von innerhalb der EU zugreifen, über die verwendeten Cookies dieser Website und die darin enthaltenen Informationen zu unterrichten und ihnen die Möglichkeit zum "Opt-in" ("Zustimmen") zu geben, Cookies zu setzen. Cookies sind kleine Dateien, die von Ihrem Browser gespeichert werden und alle Browser haben eine Option, wo Sie den Inhalt dieser Dateien überprüfen und löschen können, wenn Sie es wünschen.

Die folgende Tabelle zeigt die Namen der einzelnen Cookies, wo es herkommt und welche Informationen wir über die Inhalte der Cookies haben.

Here follow a table with all cookies we use on our site.

If a user not accept cookies, he can simple close his browser or leave the site .. NO cookie is save
Any questions, remarks, other comments ?

Fel
Title: Re: EU notification of the site use of cookies
Post by: Ruth on August 29, 2017, 06:45:27 am
Quote from: Jorin – You can do more to be on a safe path for the future. But for now... This is the least you should do.

I think, a portalblock for guests - visible in forum and portal - could be a better way, to infom guests about cookies, than a topic is. Those blocks will disapear, if users log in....and registered and logged in users know our information about cookies anyway.

It is easier for me and will look prettier than an information-box created by an addon....and there will be no need to click this box away. ;)
Title: Re: EU notification of the site use of cookies
Post by: Jorin on August 29, 2017, 06:48:15 am
Sure. But if it is necessary that your users allow the saving of cookies with a click on a button (any time in the future), that is not enough.
Title: Re: EU notification of the site use of cookies
Post by: Ruth on August 29, 2017, 06:54:50 am
Yes...but until this time, I can handle it with a potalblock as well.

It is just because of the "styling" ...I don't want such a large and "ugly" information-box in my forums. ::)

Title: Re: EU notification of the site use of cookies
Post by: Feline on August 29, 2017, 10:52:53 am
Quote from: Ruth – Yes...but until this time, I can handle it with a potalblock as well.
It is just because of the "styling" ...I don't want such a large and "ugly" information-box in my forums. ::)
If you handle that with a Portal block, then your System have allways set  cookies WITHOUT the incomming user can stop this.
You have to stop any settings of cookies until the user have accept this !!!

Fel
Title: Re: EU notification of the site use of cookies
Post by: emanuele on August 29, 2017, 03:20:04 pm
I find it rather funny when going to:
https://www.bundesregierung.de/Webs/Breg/EN/Homepage/_node.html
that as far as I know is the German Federal Government website, two cookies are set:
JSESSIONID
SERVERID
and later on other three appear:
tw
PIWI_SESSID
banner

No prominent notice as far as I can tell of the fact cookies are there, but going around there an explanation in a page and the option to "disable" the tracking cookie (not a generic cookie used for other, but a piwik (https://piwik.org/) cookie).
When you click on the "disable", another cookie is set:
piwik_ignore
then you can remove the PIWIK_SESSID, that remains unset... provided you do not visit again the page to disable the tracking cookie, because if you do the PIWIK_SESSIO cookie is created again.

Well, I guess this last part is an overlook by their part, but still are technically infringing their own law.
Anyway, the other session cookie (the ones that are not tracking cookies) are created without warning, and always left in place.

Since, as far as I understand, they are the ones that create the legislation, I guess they know  what they are doing (more or less).
Title: Re: EU notification of the site use of cookies
Post by: Ruth on August 29, 2017, 03:31:24 pm
Sorry for posting in German...I cant say this in English:

Quote from: Feline – If you handle that with a Portal block, then your System have allways set  cookies WITHOUT the incomming user can stop this.
You have to stop any settings of cookies until the user have accept this !!!

Feline, bitte schrei mich nicht so an. Was ich muß oder oder nicht muß, kannst du weder beurteilen noch mir vorschreiben.

Gegenwärtig scheint es eine Auslegungssache zu sein, wie diese EU-Richtlinie angewandt wird.

QuoteTechnisch notwendige Cookies dürfen laut Cookie-Richtlinie von Anfang an gesetzt werden, also auch ohne vorherige Zustimmung durch den Nutzer.

"Technisch notwendige Cookies" sind zunächst mal nicht personenbezogen. Das heißt für mich, dass es gegenwärtig in Deutschland noch völlig ausreichend ist, einen Gast in meinem Forum mit ein paar schlichten und allgemein verständlichen Worten zu informieren, warum im Forum Cookies verwendet werden und welcher Art sie sind. Es ist nicht nötig, dass der Gast der Verwendung von Cookies mit Klick auf einen Button zustimmt. Es ist ausreichend, wenn ich ihn bitte, unsere Seite zu verlassen und von einer Registrierung abzusehen, falls er keine Cookies mögen sollte.

Ein Mitglied, das sich registriert, stimmt im Registrierungsformular der Verwendung von Cookies zu, wird auch dort nochmals informiert, in welcher Weise welche Daten im Forum gespeichert werden, etc. Wer nicht auf "Ich bin einverstanden" klickt, kann sich nicht registrieren.
 
Es gibt derzeit kein "Gesetz" in Deutschland, das etwas anderes verlangt. Deine Aussage dazu war m.M.n. nicht korrekt

Selbst wenn meine Auslegung/Meinung zur EU-Richtlinie/dem Tele-Mediengesetz völlig falsch sein sollte, Inhalt und Form unserer bisherigen oder künftigen Hinweise auf Cookies nicht ausreichend wären und ich schon jetzt zwingend ein Addon mit Info-Box und Button zum Wegklicken bräuchte - oder gar so eine umfangreiche Abhandlung über Cookies, wie du sie in deinem Forum für angebracht erachtest - Du hast keinerlei Recht in so einem Ton mit mir zu schreiben.

Ein wenig mehr Höflichkeit, Freundlichkeit und Rücksichtnahme auf andere fände ich angebracht. Hier schreiben doch lauter Admins/Forenbetreiber miteinander, die sollten sich gegenseitig unterstützen und die Netikette einhalten, auch andere Meinungen und Auffassungen gelten lassen. Ich finde so ein Geplänkel und Rechthabereien unwürdig und es bringt Mißtöne in dieses Forum. Das muß doch nicht sein...



Title: Re: EU notification of the site use of cookies
Post by: Ruth on August 29, 2017, 03:38:34 pm
Quote from: emanuele – ....they are the ones that create the legislation, I guess they know  what they are doing (more or less).

 :D  I seems to me, that there is a difference between legslation, law and rule...
Title: Re: EU notification of the site use of cookies
Post by: Frenzie on August 29, 2017, 04:48:48 pm
Functional cookies ("Technisch notwendige Cookies") such as required for login are exempt from notification. As I've mentioned above.

To be exempt:
Quote from: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2012/wp194_en.pdf p. 3 and onwards1) The information society service has been explicitly requested by the user: the user (or subscriber) did a positive action to request a service with a clearly defined perimeter.
2) The cookie is strictly needed to enable the information society service: if cookies are disabled, the service will not work.
That also includes cookies like for preferences, such as the up/down arrow in the top right ("upshrink") on Elk, even without logging in.

I would argue that PHPSESSID also counts as a functional cookie. Regardless, it's a completely harmless unnecessary cookie at worst, which is the only cookie potentially open for debate on default Elk. (That is, it might depend on the specifics in your local jurisdiction. It's fine in the Netherlands and Belgium.) Of course as soon as you include ads or analytics the picture changes.
Title: Re: EU notification of the site use of cookies
Post by: Feline on August 29, 2017, 05:31:09 pm
Quote from: Ruth – "Technisch notwendige Cookies" sind zunächst mal nicht personenbezogen. Das heißt für mich, dass es gegenwärtig in Deutschland noch völlig ausreichend ist, einen Gast in meinem Forum mit ein paar schlichten und allgemein verständlichen Worten zu informieren, warum im Forum Cookies verwendet werden und welcher Art sie sind. Es ist nicht nötig, dass der Gast der Verwendung von Cookies mit Klick auf einen Button zustimmt. Es ist ausreichend, wenn ich ihn bitte, unsere Seite zu verlassen und von einer Registrierung abzusehen, falls er keine Cookies mögen sollte.
Also .. zunächstmal "schreie" ich nicht, ich rede Klartext.
Ich verstehe das ganze hier auch nicht mehr .. Es SOOO einfach, diese Regelung umzusetzen .. man muss es nur WOLLEN .. und natürlich (aus Programmierersicht) das Köpfchen ein bischen anstregen .. und schwups ... hat man die richtige Lösung.

Man braucht tatsächlich kein einziges Cookie um in einem Forum ein wenig herum zu schauen .. das geht ganz ohne ..
Erst dann, wenn man sich Registrieren oder Anmelden will .. ja dann werden Cookies gebraucht .. Also muss der Besucher erst mal seine Zustimmung zur Speicherung von Cookies abgeben (OPT-IN). Vorher geht nichts ... ausser eben ein bischen im Forum rumschauen.
Es sind alles in allem vielleicht 50 Zeilen (php) code und ein bischen html/css für das ECL-Overlay, also wirklich keine große sache.
Ok .. noch ein bischen Javascript, wegen der popups die es hier ja auch gibt, aber das wars dann auch ...

Ich kenne den Code von ElKarte nicht, aber da es -so wie auch unser Forum- von SMF geclont ist, sollte es kein Problem sein, das in gleicher art und weise zu implementieren, wie ich es gemacht habe.
Das Problem sitzt aber nicht im Programm Code ... das sitzt in den Köpfen der Developer / Programmierer.
Ist hier wie bei SMF .. Zitat  ".. wir sind nicht in Europa, was geht uns euer "Cookie Gesetz" an .." ... schwups erledigt ..

Und die User die das Forum dann verwenden stehen im Regen und werden im schlimmsten Fall sogar verklagt .. wegen 1 oder 2 Cookies. Tja .. dumm gelaufen.

Ich denke halt ein bischen weiter als bis zum Tellerrand .. und wenn es so ein Gesetz gibt, muss ich es umsetzen, Punkt.
Und .. ich mache das alles alleine .. kein riesiges Team .. eine one woman show  :D

Und jetzt könnt ihr alle machen was und wie ihr wollt .. ist nicht mein Problem.
Ich habe aufgezeigt DAS es geht .. kann sich jeder gerne von Überzeugen .. Link zu unserem Forum steht unten.

So .. ich denke aus meiner Sicht ist alles gesagt, was es zu diesem Thema zu sagen gibt ...

Schönes WE und Gruß an die Cookies  ;)

Fel
Title: Re: EU notification of the site use of cookies
Post by: Feline on August 29, 2017, 05:41:58 pm
Quote from: Frenzie –  That also includes cookies like for preferences, such as the up/down arrow in the top right ("upshrink") on Elk, even without logging in.
For what cookie .. this can be stored in the cache .. have elk no chaching?
Any visitor have a unique ip address .. these can used, to store these states in the cache .. we do so  ;)
And if the user accept cookies, these vars are moved to cookies .. so he have the same state as before ... simple !?  8)

Fel
Title: Re: EU notification of the site use of cookies
Post by: ahrasis on August 29, 2017, 09:44:58 pm
Why everybody is so serious about this? Because it is a law? Or is it just a matter of personal preference?  :D
Title: Re: EU notification of the site use of cookies
Post by: Jorin on August 30, 2017, 01:35:59 am
Quote from: Feline – Also .. zunächstmal "schreie" ich nicht, ich rede Klartext.

Du weißt doch sicher auch, dass groß geschriebene Worte im Internet allgemeinhin bedeuten, dass man schreit, und dass dies eigentlich überall im Netz nicht erwünscht ist? Mehrere Ausrufezeichen hintereinander wirken auch nicht unbedingt freundlich, zusammen mit der Wortwahl kann ich Ruths Einwand schon ein bißchen verstehen. Wenn du etwas betonen möchtest, unterstreiche es zukünftig bitte einfach. Das hebt das entsprechende Wort deutlich genug vom Rest ab und niemand fühlt sich angegriffen. Danke!

Alle Standpunkte sind ja nun klar. Vielleicht sollten wir nun Ruhe einkehren lassen.

@all: Sorry for the german language inside this thread. I think (hope) we can stop arguing about personal preferences now.  ;)
Title: Re: EU notification of the site use of cookies
Post by: live627 on August 30, 2017, 02:38:51 am
Quote from: ahrasis – Why everybody is so serious about this? Because it is a law? Or is it just a matter of personal preference?  :D
Both? :D  That law seems so ambiguously written that no one seems to agree what to do. And everyone falls over each other with their own interpretations. That is what I gather from all the banter...

(http://whall.org/blog/files/lolcats-mouse-cookie.jpg)

I just had cake. Chocolate cake with white frosting. Also a brownie. And ice cream.
Title: Re: EU notification of the site use of cookies
Post by: Frenzie on August 30, 2017, 04:45:25 am
@live627
It's really not ambiguous when the Elk example I used is literally mentioned as an example:
Quote from: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2012/wp194_en.pdf p8Typical examples of customization cookies are:

Language  preference  cookies that  are  used  to  remember  the  language  selected  by  a user on a multilingual website (e.g. by clicking on a “flag”).
 Result  display  preference cookies that  are  used  to  remember  the  user’s  preference regarding online search queries (e.g. by selecting the number of results per page).

@Feline
But the Privacy and Electronic Communications Directive isn't about cookies, it's about data protection. Rhetorically speaking, when you only track people by their IP address and browser signature without using cookies it doesn't suddenly become legal to do so without notification.[1] On the flipside it also remains perfectly fine to do so for language or display preferences.[2]
Also see 2.2 on p. 6 in this document: http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2010/wp171_en.pdf
Even the EU themselves felt the need to come out with some myth debunking. See III on p. 8 and onward: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2011/wp188_en.pdf
Title: Re: EU notification of the site use of cookies
Post by: Ruth on August 30, 2017, 05:09:09 am
QuoteWhy everybody is so serious about this? Because it is a law? Or is it just a matter of personal preference?

Yes, it is both, ahrasis... ;) I like your cookie-mouse-picture, live627.  It is very sweet and funny.

I think, it is a difficult situation, because no german admin is really sure what that rules or laws mean exactly for their communities.

I also think, there is a difference between a "private" forum like our forum is, where a guest nearly can do nothing, except to register and to login.... and for example a comercial site with advertising, etc. like Frenzie has written, wich is using cookies not just for a "comfortable performance", as we do. But there are the same "rules" about cookie-information for each kind of forum or site.  

I think it would be the "overkill" to tell my members or guests everytime and everything about cookies - they are not interested in this at all. It will just confusing and frightening them. But our cookies, the ways their IP is logged and their "personal stuff" is in our database are all completly harmless and safe for them.


Sorry, Jorin...I don't wanted to start an argue here - but I must say, that the way Feline is talking to us in this topic here seems insulting and not nice at all to me. She always repeats, what she has written already and how well she had solved this cookie-thing in her forum.  This is not helpful, it is a kind of "spam" to me. I think, the link in her signature is enough of advertising for her project, I don't want to read about her software/portal in nearly every post of her. I am not interested in this on ElkArte.net. We should talk about ElkArte-Stuff here.

She seems not to be really well informed to me, about "the german law", cookies, our forums and ElkArte-coding;  but everyone has to accept her opinion and should do, as she tells us. She told us, that she does not know about the ElkArte-coding, she even does not need such an "cookie-addon", because she does not use ElkArte, as I believe.... but she is insulting the developpers and users here in a very nasty way, if they don't want to write or use such a code for ElkArte. She said, she has written here everthing about this subject and will stopp the posting here...but she is still going on with posting.  I think, she should accept other preferences too and stopp that behavior. Maybe it seems funny to her to give a cheeky and naughty reply as that one abough to me...but it is not funny at all to me. She is just trying to get as much as attention for her person  as possible.

Phrases like "ignorant", "Problem im Kopf", etc.  adressed to Emanuele and other people here, means that they  are not able to see the problems or don't want to pay attention to them, means that they cannot think and are stupid or mad. This is insulting.

I don't like this behavior, sorry. I will ignore any more reply of Feline in this topic.
Title: Re: EU notification of the site use of cookies
Post by: Jorin on August 30, 2017, 06:09:04 am
As I  explained before, Ruth:

Quote from: Jorin – The absolute minimum is an information that cookies are used AND the possibility to reject them - which you will when you are not logging in or leaving the site. That's what 1&1, e-recht24.de and some other sites are explaining, yes.

You can do more to be on a safe path for the future. But for now... This is the least you should do.

With this you are absolutely safe for now.
Title: Re: EU notification of the site use of cookies
Post by: Feline on August 30, 2017, 09:32:11 am
Bye

/me deleted offending content.
Title: Re: EU notification of the site use of cookies
Post by: emanuele on October 23, 2017, 09:41:21 am
For reference:
https://github.com/elkarte/Elkarte/issues/3018
Title: Re: EU notification of the site use of cookies
Post by: Feline on October 23, 2017, 11:57:45 am
Quote from: Feline – Bye
/me deleted offending content.

Ahh .. is familiar to me  :D
Title: Re: EU notification of the site use of cookies
Post by: Feline on October 23, 2017, 12:03:53 pm
Quote from: emanuele – For reference:
https://github.com/elkarte/Elkarte/issues/3018
If anyone of all this drastic thinks becomes true, you can forgotten any Forum ..
The IP is need for Banns as example and more
The Browser ID is need for many things
The email is need for communicate with the user
and mutch more User data we need ..

I think we leave the EU  :D

Fel
Title: Re: EU notification of the site use of cookies
Post by: emanuele on October 23, 2017, 02:39:32 pm
Quote from: Feline – If anyone of all this drastic thinks becomes true, you can forgotten any Forum ..
I'm not that drastic, but I feel many services will become harder indeed.

Quote from: Feline – The IP is need for Banns as example and more
Well, this is not really something "useful" anyway, with IPv6 banning an IP will be even more useless than now.

Quote from: Feline – The Browser ID is need for many things
Why do you need browser's data? ???

Quote from: Feline – The email is need for communicate with the user
Well, this will go into the agreement terms, if one doesn't give permission to use the email he simply will not be able to register, it's nothing new.

TBH, what I'm more worried about are the reporting of data breaches: normal forum owners are likely to be hacked without even notice it, let alone being willing to report such cases to an authority.
Well, anyway I have much to study for the Christmas holidays. xD
Title: Re: EU notification of the site use of cookies
Post by: Feline on October 23, 2017, 04:21:51 pm
Quote from: emanuele –
Quote from: Feline – The Browser ID is need for many things
Why do you need browser's data? ???
For many things in JS and CSS, because not all Browser do exacly the same on ONE THING (mostly css / Mobile)  :-\
So it's need to detect which Browser the user have ...

Fel
Title: Re: EU notification of the site use of cookies
Post by: emanuele on October 23, 2017, 05:49:18 pm
You don't necessarily need the user agent for that, you should test the feature, not the browser. ;)

Anyway, the user agent is not a personal data under any legislation I know of (and is not under 679/2016), it would be the same as say that a car model is a personal data.

Quote from: Feline – I think we leave the EU  :D
This won't make any difference as per Article 3.2.
Title: Re: EU notification of the site use of cookies
Post by: ahrasis on October 23, 2017, 06:15:48 pm
I think data protection be it an Act or merely a regulation[1] should be separated and discussed in other topics. It is different from EU Cookies law.
Our country implemented data protection laws in its own Act and various other law provisions since years ago.
Text only | Text with Images