Posted on

Panicky public gets scammer’s charter for cookie law

Are you worried about websites you visit using cookies? If so, you’re completely wrong; probably swept up in a tide of hysteria whipped up by concerned but technically ignorant campaigners. The Internet is full of such people, and the EU politicians have been pandering to them because politicians are a technically illiterate bunch too.

A cookie is a note that is stored by your web browser to recall some information you’ve entered in to a web site. For example, it might contain (effectively) a list of things you’ve added to your shopping cart while browsing, or the login name you entered. Web sites need them to interact, otherwise they can’t track who you are from one page to another. (Well there are alternatives, but they’re cumbersome).

So what’s the big deal? Why is there a law coming in to force requiring you to give informed consent before using a web site that needs cookies? Complete pig-ignorance and hysteria from the politicians, that’s why.

There is actually a privacy issue with cookies – some advertisers that embed parts of their website in another can update their cookies on your machine to follow you from one web site to another. This is a bit sneaky, but the practice doesn’t require cookies specifically, although they do make it a lot easier. These are known as tracking cookies. However, this practice is not what the new law is about.

So, pretty much every small business with a web site created more than 12 months ago (when this was announced) or written by a “web developer” that probably didn’t even realise how their CMS used cookies, is illegal as from today. Probably including this one (which uses WordPress). Nonetheless, head of the ICO’s project on cookies, Dave Evans, is still “planning to use formal undertakings or enforcement notices to make sites take action”.

What’s actually going to happen is that scamming “web developers” will be contacting everyone  offering to fix their illegal web sites for an exorbitant fee.

The ICO has realised the stupidity of its initial position and now allows “implied consent” – in other words if you continue to use a web site that uses cookies you will be considered to have consented to it. Again, this is a nonsense as the only possible problem cookies are tracking cookies, and these come from sources other than the web site you’re apparently looking at – e.g. from embedded adverts.

So – if you want to continue reading articles on this blog you must be educated enough to know what a cookie is and not mind about them. As an extra level of informed concent you must presumably agree that Dave Evans of the ICO and his whole department is an outrageous waste of tax-payers money. (In fareness to Dave Evans, he’s defending a daft EU law because that’s his job – its the system and not him, but he’s also paid to take the flack).

Posted on

Claire Perry’s porn prohibition set to make politicians look foolish

The government is going to protect us from pornography on the Internet. Our children will at last be safe from depravity and corruption. Hurray! Claire Perry MP (Conservative) has accused Internet service providers of being complicit in exposing children to pornography and wants something done about it. Specifically she wants ISPs to filter the filth, unless a subscriber specifically wants to receive it. David Cameron has now jumped on her bandwagon, clearly without first checking to see which way it’s heading or whether the wheels are properly attached.

This isn’t going to be popular with the consumers and producers of Internet-delivered pornography, but that’s their problem. What worries me are the technical issues, and the consequences of trying to implement any form of censorship.

Let me make this clear: IT WON’T WORK. There is no technical solution available that can prevent porn from being transmitted over the Internet, and there never will be. It’s simply not possible for a computerised filter to tell the difference between porn and everything else, and it will become much harder if you give people a reason to avoid detection. About the best you can do is block known porn websites, and if the site promoters cooperate (i.e. keep them on fixed addresses) then you’re going to get a reasonable level of protection. And porn publishers, at present, are likely to cooperate. They’ve no interest minors viewing their wares, because minors don’t have the credit cards to pay for it. And besides, it’s a multi-million pound industry which includes many serious people with children of their own and similar concerns to the rest of us.

However, as soon as you start blocking these sites at ISP level, porn publishers will have to change tactics, as they’ll want to evade such draconian filtering. Legitimate producers will suffer; the vacuum will be filled by others underground, joining the leagues of the cyber-criminals, operating from agile addresses on servers operating outside jurisdictions that care. Claire Perry’s bright idea won’t work. It’s not better than nothing; it’s worse.

The porn operators would disguise their sites to avoid the filter, and in order that customers might find them, spam everyone using every means possible as they did in the late 1990’s. Right now you need to go looking to find it – a simple Google search away. If Perry gets her way it’ll be delivered to everyone’s Inbox, Facebook page, Skype and every other instant messaging technology you can think of, It’ll be encrypted and impossible to filter. It’ll be indiscriminate; kids will receive it too. If such a law was enforced, all encrypted content would have to be blocked as there is no way of telling what it is. This means farewell to, Skype, secure connections to your bank, private email, working from home on a VPN… Okay, it’s not realistic as well as being unenforceable.

The Internet dealt with issues similar to this twenty years ago, before the politicians were involved, but if the technicalities aren’t for you (as they aren’t for Perry and Cameron), there are plenty of other parallels. Society’s attempts to ban bad things that some people still want always seem to make things worse. I need hardly mention prostitution, drugs and alcohol, but I will. Making drugs illegal when so many people want to use them has simply improved the margins for the suppliers. Where there’s money to be made, people will find ways to smuggle drugs; and if the whole business is illegal then it’s certainly going to be completely unregulated. And it’s not a lack of resources and commitment. If we can’t stop people supplying drugs to inmates of a high security prisons we stand no chance of banning drugs anywhere else.

Similarly, it’s folly to attempt to ban pornography transmission on the Internet. There is no way to do this technically, and any attempt that simply makes it more difficult will give the criminals a huge advantage over the legitimate publishers, making regulation impossible.

The government is allowing crazy headlines out about this consultation and what they’re going to do. No doubt they’ll be consulting with child psychologists, women’s rights campaigns, children’s charities and a few suits from big business ISPs. Why don’t they consult the right people first – computer scientists. Ask the most important question:  “Is it possible?” Committees can spend as much time as they like navel-gazing on the moral and policy issues, but that’s not going to change anything if it can’t be implemented. It’s just going to make them look stupid.