- From: Willy Tarreau <w@1wt.eu>
- Date: Wed, 29 Aug 2018 04:13:58 +0200
- To: Martin Thomson <martin.thomson@gmail.com>
- Cc: Dan Veditz <dveditz@mozilla.com>, Mike West <mkwst@google.com>, HTTP Working Group <ietf-http-wg@w3.org>
On Wed, Aug 29, 2018 at 11:38:40AM +1000, Martin Thomson wrote: > On Wed, Aug 29, 2018 at 3:14 AM Willy Tarreau <w@1wt.eu> wrote: > > Quite the opposite in fact : asking *is* useful, it's what pisses off > > users and encourages sites to be careful not to piss them off. You just > > want to ask this when it's above the configured threshold. > > Asking has a real cost and we are very careful not to do that if we > believe that it will result in bad answers. I know and my suggestion is to ask only when cookies have too long validity duration, and the question should not be about "yes/no" but "this site uses abnormally long-lived cookies that allow to track your activity on 3rd party sites. What maximum duration do you want to apply to such cookies ? [ session | 1 day | 1 week | 1 month | 1 year | unchanged ]". > How many people would be inclined to click on a blue box that said > "Acknowledge" next to a notice that was framed as a cookie warning > that instead said: > > "This site uses cookies. We make every effort to use best practices > for building this site to modern privacy standards, but we also sell > all the information we collect such as names, addresses, and credit > card details to anyone we please, a list of whom you can find > described in more detail in our lengthy _privacy policy_. [ > Acknowledge ]". > > Who would believe that this comprised meaningful consent to those practices? It's almost what we're asked to validate today with GDPR. Some allow you to choose what to share, others only allow you to click on accept :-/ That's why I don't just want "yes/no". Willy
Received on Wednesday, 29 August 2018 02:14:25 UTC