I'm the founder of Silktide and they guy who wrote that page.
Whilst I appreciate the law exists for a good reason, that doesn't mean the law is good. In it's current form it simply doesn't help user privacy or website owners. I'm hardly alone in saying as much.
We ourselves wrote no "functionality that tracks people" - our site merely uses Google Analytics (anonymous measurement of visitors) and social plugins like Disqus, the Tweet and Like buttons. By the letter of the law those have to be concealed until a user has manually opted in to display them.
In practice everyone instead started showing slide-down banners which accomplish nothing for privacy but piss off users.
Anyone who uses analytics properly knows there's no equivalent log-based solution. Understanding the path users take through a site, how long they view pages for, whether they buy when they came from one advert versus another - these are common practice for good reason and they have ABSOLUTELY ZERO implication for user's privacy, as all this data is anonymous.
The relatively few websites which genuinely might be jeopardising user's privacy - Facebook, Google, Amazon etc - tend to be large, ubiquitous and mostly ad networks. The average 10 page company website is not technically sophisticated enough to subvert a user's privacy nor do they have the visitors to do so.
I agree the law is bad. I actually stated that the legislation is not very good. However, suing people is probably the best approach bar forcing Firefox, Chrome and IE to ship Ghostery (then what are you going to do?) I mean you're obviously annoyed, aware and scared of the consequences.
However, the fact that you plug oddles of stuff into your web site that intentionally tracks people and hide under the banner of "we merely use" is the sort of attitude we don't want and the sort that should get you sued.
Ignorance and laziness is not an excuse.
I don't want to be tracked by Google Analytics and for my usage to be profiled and tracked across different sites (this almost certainly does happen as GA is capable of reading enough info from the browser to identify a user or at least build a persistent profile). Google do not have to operate under EU privacy laws as they aren't EU based.
Disqus, Twitter, Facebook all track users through these buttons just by them simply being there. None of these have to operate under EU privacy laws as they aren't EU based.
Your buttons and analytics MUST be disabled until someone agrees because you operate under EU privacy laws. That's your problem.
Either put the banner up or get rid of all the junk that you've plugged into your web site.
Regarding analytics, it sounds like analytics has grown to encompass too much of your business model. Have you thought that perhaps you are possibly not entited to the information that you gather?
As for advertising - if your revenue is derived from that, good luck. You're going to die miserably. Find a better model. Build something you can sell rather than something you can scatter with crap to pay your bills.
Sorry don't I don't buy your argument. It seems naive and arrogant.
Suing websites is going to force browser makers to do something? Perhaps that chain of reasoning can be expanded upon...
Fighting urge to flame the revolutionary baiting in this post, such as use of we don't want in paragraph 2, and possibly not entitled in paragraph 8. I usually don't like deconstructing posts, but the tone rubbed me the wrong way for an intellectual discussion.
All that laws designed to limit technology do is limit technology.
Not really. It's more that browser vendors are worried that it'll shoot their market share so they won't turn this on by default. If users get used to it, that is likely to be less of an issue.
You know, I'm the type of person that operates as you would like most people to (i.e. NoScript, Adblock, RequestPolicy, BetterPrivacy, etc.), and by reading your comments you've made me realize how I've been kind of a jerk for installing these things on friends' machines. They get annoyed and call me asking what I did to their machines (and how to "fix" it).
Obviously, I should've explained the use of and showed them how to use these add-ons, but such things are difficult to do in a casual/ social context. Many of the concepts are foreign, and there is a whole set of jargon that requires explanation in the first place. These are non-technical, yet educated, people in their 30s for whom most of this seems academic. So, I've just installed, and hoped they'd figure it out. I wish it were easy, but it's not; now, I'm certain I will no longer do this because I don't want them to "get used to it" for any reason other than that is what they choose to do.
That's a great approach and I admire your honesty. I think users should always have a choice. At the moment, there is a big assumption made which is the problem.
"Either put the banner up or get rid of all the junk that you've plugged into your web site."
then we'd still be setting cookies, but we'd be telling users about it after we did so. This is exactly what most sites are doing right now, and it's clearly farcical.
When you start attacking anyone who depends on advertising on the Internet - by which I guess you mean Google, Facebook, Twitter and every commercial news site in existence - then I start to lose you. Those services cost billions, and somebody has to pay for it.
Google and commercial news is fine - advertising is a big chunk but Google have other products and commercial news still sells paper and has television slots. Legislation will not kill them.
Neither Facebook or Twitter have a sustainable model and will fall in time. They don't actually do much of value really apart from enslave people into walled gardens full of noise and bombard them with advertising.
If you put all your eggs in the advertising basket, get pumped on VC cash and act like a dick, yes you will lose billions.
I quote: You have no right to make money shoveling magic unicorn shit.
Those of us who have a real product and earn from that, it's not a problem. We'll be here in 10 years. We were 10 years ago (in fact we started in '92). Empires have risen and fallen in our time. We have never advertised at all.
I appreciate you don't like ads; I'm not a big fan either (not that this is what the law is about). But consider the implications of it not becoming viable.
And for the record my company doesn't advertise anything. We just want to be able to use non-invasive features of the Internet like every other country.
You refer to Facebook, Google, Amazon as the real culprits, and not yourself -- but right above that you admit to embedding those same services on your site.
Whether you wrote it or use it makes no difference, your users privacy is compromised when they visit your site.
You're right of course, but as the only solution would be for:
(a) Us to remove said services
(b) Our competitors to not
(c) Us to suffer unjustly, while they prosper
Then no. The obligation should be on the provider of those services, or the law should be enforced equally. It's not enforced at all.
We clearly explain what those services do in our privacy policy and we include in that an explanation of why we see there being no meaningful privacy implication for users. What's the worst Facebook/Google could do with your information - know you looked at our website? It's hardly porn.
The fact that non-European companies can abuse their users privacy in this manner, is not a good enough reason to allow European companies to do the same. If this is the way we wanted things to be, we'd get rid of the minimum wage so we could compete with Chinese labour costs better.
It's a trade-off. We gain privacy, and some companies potentially lose some business.
The law is not enforced in the UK at all. Accordingly those who do comply are being penalised unjustly.
The ICO (body responsible for enforcing) have themselves said they probably won't prosecute people for using analytics, because even though that's against the law it's not really all that bad. That's just one example of how vague the law has become.
So we're left in a mess where no-one knows what to do, and those doing the least possible profit. Hence our stance.
Honest question -- why do we assume our actions deserve privacy on the internet, when we access someone else's site? We don't have the same expectation for e.g., when I walk into a shop (eg I may desire, but do not receive, privacy from being tracked if I were to walk into a sex toy shop).
When you visit a website, that website gets a lot more information about you than when you walk into a shop. All I want is that websites are limited to the same information as a simple shop. I published the following blog post last year which covers my thoughts on it: https://grepular.com/2011_EU_Cookie_Legislation_Opinion_of_a...
Shops don't know the last shop you visited, but websites do know the last website you visited (referrers). Shops don't assign you a unique ID the moment you walk through the door which they use to identify you on subsequent visits, websites do (cookies).
I see what you're saying. But excepting the cross-site tracking, aren't all of those privacy leaks just data that my browser is sending? Seems to me that's more my responsibility than the site owners. (FTR, I do use a bunch of the privacy controls and find trackers like the FB bug a bit creepy.)
I have one suggestion for you: stop blaming everyone else.
The law itself is just fine. It's insufficient in itself, but so is the law making theft illegal.
If you use Google Analytics and third party social widgets, you're aiding and abetting, you're aiding and abetting companies that violate people's privacy rights on a massive scale. You choose to do so, so you should accept the consequences and the responsibility instead of pointing the finger to everyone else.
As an industry, we've had over a decade to fix this problem until the politicians finally took action. We, Silktide include, have not only done fuck all to solve the problem, we've participated in making is massively worse by putting Google Analytics and Facebook like-buttons on every site we put our hands on.
The politicians you're ridiculing are at least trying to fix the mess we created. We took a dump on privacy rights, and are now bitching about how bad politicians are in cleaning it up.
You really think they're going to listen to us as long as we keep acting like spoiled children with zero sense of responsibility?
> The relatively few websites which genuinely might be jeopardising user's privacy - Facebook, Google, Amazon etc - tend to be large, ubiquitous and mostly ad networks. The average 10 page company website is not technically sophisticated enough to subvert a user's privacy nor do they have the visitors to do so.
What this law should have required is a way to opt out of the tracking systems themselves. I should be able to opt out Adsense tracking wholesale if I want to (although, tbh, I think I might prefer targeted ads over generic random BS appearing in the sidebars of every site I visit).
Having to opt out on every different European site that embeds Adsense is thoroughly retarded, especially when you consider that many sites don't even give you an option to opt out -- they just tell you to leave if you don't consent to being tracked!
Whilst I appreciate the law exists for a good reason, that doesn't mean the law is good. In it's current form it simply doesn't help user privacy or website owners. I'm hardly alone in saying as much.
We ourselves wrote no "functionality that tracks people" - our site merely uses Google Analytics (anonymous measurement of visitors) and social plugins like Disqus, the Tweet and Like buttons. By the letter of the law those have to be concealed until a user has manually opted in to display them.
In practice everyone instead started showing slide-down banners which accomplish nothing for privacy but piss off users.
Anyone who uses analytics properly knows there's no equivalent log-based solution. Understanding the path users take through a site, how long they view pages for, whether they buy when they came from one advert versus another - these are common practice for good reason and they have ABSOLUTELY ZERO implication for user's privacy, as all this data is anonymous.
The relatively few websites which genuinely might be jeopardising user's privacy - Facebook, Google, Amazon etc - tend to be large, ubiquitous and mostly ad networks. The average 10 page company website is not technically sophisticated enough to subvert a user's privacy nor do they have the visitors to do so.
My fight is with a stupid law, not with privacy.