andy_1984 Posted March 9, 2011 Share Posted March 9, 2011 The way websites track visitors and tailor ads to their behaviour is about to undergo a big shake-up. full article here: http://www.bbc.co.uk/news/technology-12668552 carlover 1 Quote Link to comment Share on other sites More sharing options...
andy_1984 Posted March 9, 2011 Author Share Posted March 9, 2011 (edited) What is your idea on how osCommerce shopkeepers should handle this? ive been thinking about a less painless way since hearing about it last night. removing the need for cookies completely and using sessions instead is one option the other (for people who need to use cookies) will need to ask the European users permission when first accessing the website. rough example: this website requires the use of cookies but due to new European law we must ask for your permission to store cookies on your computer. do you wish to enable cookies. selecting no will prevent you from using the site properly and may effect your shopping etc etc. (yes / no button here) obviously there would need to be a rewrite of the cookie functions to accommodate this permission request but i havnt got that far yet Edited March 9, 2011 by andy_1984 Quote Link to comment Share on other sites More sharing options...
web-project Posted March 9, 2011 Share Posted March 9, 2011 the law been created by person without any knowledge of web or PC... Quote Please read this line: Do you want to find all the answers to your questions? click here. As for contribution database it's located here! 8 people out of 10 don't bother to read installation manuals. I can recommend: if you can't read the installation manual, don't bother to install any contribution yourself. Before installing contribution or editing/updating/deleting any files, do the full backup, it will save to you & everyone here on the forum time to fix your issues. Any issues with oscommerce, I am here to help you. Link to comment Share on other sites More sharing options...
GwilliamP Posted May 26, 2011 Share Posted May 26, 2011 As this is now coming into effect, does anyone have any ideas on how to actually deal with this STUPID situation? According to the EU we have only 3 weeks to deal with this! Here in the UK it seems that we might have a 12 month grace period due to the fact that the responsible minister appreciates that we need time to come up with solutions. I have v2.2 RC2a sites so a suitable solution would be appreciated :) Paul. Quote Link to comment Share on other sites More sharing options...
GwilliamP Posted May 26, 2011 Share Posted May 26, 2011 Cookies for site functionality are fine. Are there any un-needed cookies in your site? http://www.ico.gov.u...es_prepare.aspx (PDF file) Thank you for the quick response. I have d/l and read the PDF. As a 'layman' most of it is gobledygook to me. I have absolutely no idea what cookies osC uses and, if it does, whether or not they fall foul of this nonsense. I suspect I am not alone in that I managed to sort out a domain and hosting, spent months 'tweaking' osC with add-ons but only because of the instructions that came with them and the help of this forum. 'Coding PHP/HTML' is a foreign art that I do not have. Consequently, adding add-ons is a challenge. As far as understanding cookies - ????. If it is not too much to ask, could someone help me, and others like me, by suggesting what we need to do to comply with this nonsense? Quote Link to comment Share on other sites More sharing options...
♥toyicebear Posted May 27, 2011 Share Posted May 27, 2011 It seems its more aimed at sites setting 3 party cookies Quote Basics for osC 2.2 Design - Basics for Design V2.3+ - Seo & Sef Url's - Meta Tags for Your osC Shop - Steps to prevent Fraud... - MS3 and Team News... - SEO, Meta Tags, SEF Urls and osCommerce - Commercial Support Inquiries - OSC 2.3+ How To To see what more i can do for you check out my profile [click here] Link to comment Share on other sites More sharing options...
GwilliamP Posted May 27, 2011 Share Posted May 27, 2011 It seems its more aimed at sites setting 3 party cookies In my opinion every cookie set by osCommerce is critical to the function of osCommerce, hence you need do nothing to comply. So a simple statement in Privacy stating that "no 3rd party cookies are used and any cookies created are for the sole purpose of, and essential to, the function of the site" should suffice? If that is the case then I am even more impressed by osC :) Quote Link to comment Share on other sites More sharing options...
Xpajun Posted May 28, 2011 Share Posted May 28, 2011 This wonderful line is in your cookie_usage.php (it shows when customers have their browser set not to accept cookies and your store is set to force cookie use) "Cookies must be enabled to purchase online on this store to embrace privacy and security related issues regarding your visit to this site. By enabling cookie support on your browser, the communication between you and this site is strengthened to be certain it is you who are making transactions on your own behalf, and to prevent leakage of your privacy information." osC cookies are not the tracking cookies that the EU are getting concerned about BarryEbenezer 1 Quote My store is currently running Phoenix 1.0.3.0 I'm currently working on 1.0.7.2 and hope to get it live before 1.0.8.0 arrives (maybe 🙄 ) I used to have a list of add-ons here but I've found that with the ones that supporters of Phoenix get any other add-ons are not really neccessary Link to comment Share on other sites More sharing options...
♥14steve14 Posted June 8, 2011 Share Posted June 8, 2011 I have just received an email from the ICO office with a link to the PDF that is already listed in this forum. After having read this forum and the email, di i take it that oscommerc does not use cookies apart from those needed to complete a service requested by a customer ie to complete an order and send it. If that is the case, it looks as if nothing need to be done. I am not too hot on programming, so dont fully understand what oscommerce does with cookies. Quote REMEMBER BACKUP, BACKUP AND BACKUP Link to comment Share on other sites More sharing options...
GwilliamP Posted June 8, 2011 Share Posted June 8, 2011 (edited) I have just received an email from the ICO office with a link to the PDF that is already listed in this forum. After having read this forum and the email, di i take it that oscommerc does not use cookies apart from those needed to complete a service requested by a customer ie to complete an order and send it. If that is the case, it looks as if nothing need to be done. I am not too hot on programming, so dont fully understand what oscommerce does with cookies. We are in the same boat. I also read the document but had trouble making sense of it. From all the comments above I ended up adding the following paragraph to the Privacy page. On 26 May 2011, the rules about cookies on websites changed. This site uses cookies. One of the cookies we use is essential for parts of the site to operate and has already been set. You may delete and block all cookies from this site, but parts of the site will not work. We do not use 3rd party tracking cookies. For further information look at [url="http://www.allaboutcookies.org/"]allaboutcookies.org[/url] Edited June 8, 2011 by GwilliamP Quote Link to comment Share on other sites More sharing options...
NielsVanDelt Posted September 15, 2011 Share Posted September 15, 2011 (edited) I have just received an email from the ICO office with a link to the PDF that is already listed in this forum. Edited September 15, 2011 by NielsVanDelt Quote Link to comment Share on other sites More sharing options...
♥14steve14 Posted November 13, 2011 Share Posted November 13, 2011 Go to the ICO website and see what they have done on their front page. There is a large box at the top of the page explaining about cookies. Its the first time i have seen something like this. Quote REMEMBER BACKUP, BACKUP AND BACKUP Link to comment Share on other sites More sharing options...
graith Posted December 12, 2011 Share Posted December 12, 2011 To be absolutely pedantic for a minute, a cookie is stored to maintain a session and having it stops the need for URLs to have oscsid=aabbccdd112233 in the URL. If you were to say why not do that, I'd say that it is indeed a security risk. Where a site is misconfigured and they maintain this, past the first page click, those links sometimes get posted on Google and clicking on the link can restart a session. That session is then shared with anyone else who clicks on the link. That means the second customer can go to the account details page and see your address and your past orders. However The session is only needed to store your cart, a non-default language, a non-default currency, so if a customer is just looking around, comparing prices, seeing what you've got to sell, there's really no need to have that information stored so a session doesn't need to be started. Also, that tends to be what web robots and spiders do - they don't need sessions. The trick then becomes, can we start the session when a "Buy Now" button is pressed. The other aspect is Google Analytics. That surely is not necessary to the customer experience but very useful for store owners. The final piece is $_SERVER variable called $_SERVER['HTTP_DNT'] which is set to 1 in Firefox if the customer has configured "Tell websites I do not want to be tracked". Other browsers don't support it yet, but surely it's only a matter of time. Graith Quote Link to comment Share on other sites More sharing options...
MrPhil Posted December 19, 2011 Share Posted December 19, 2011 That's an interesting proposition -- to not start a session (by either sessionID or cookie) until it's necessary to pass information between pages. I'm sure that normal session maintenance cookies certainly don't violate the spirit of the law, although who knows if some computer-illiterate bureaucrat or judge would interpret it as violating the letter of the law. If I were in the E.U., I would go ahead and use session cookies, and if someone wanted to prosecute me for it, make a huge public stink about how stupid the law is and the E.U. should simply go out of business! An aside: I wonder how the Dutch feel about limiting cookies? After all, the word descends from a Dutch term for "little cakes" and spread from New Amsterdam (now New York) into American English. I understand that the British still call them "biscuits". Quote Link to comment Share on other sites More sharing options...
BarryEbenezer Posted January 23, 2012 Share Posted January 23, 2012 Does that mean they will disallow cookies completely? What would the implications be for forums and sites that use them at the moment? Quote Link to comment Share on other sites More sharing options...
WallaceNetworks.co.uk Posted May 19, 2012 Share Posted May 19, 2012 I believe the main issues is if you have Google Analytics on your eCommerce site, as that uses cookies, and they are 3rd party tracking cookies. On the bright side, in the UK even the Information Commissioner's Office Website does not technically comply with the cookie law, but you have to wonder how likely it is that having cookies (even google analytics cookies) would result in legal action. Personally, i believe it is arguable that even the Google Analytics cookies are essential to the operation of your website, in order to make it function better for the visitors to it. This is of course merely my personal opinion and not legal advice, but for comparison, has any website owner ever been prosecuted under the disability discrimination act? Quote Link to comment Share on other sites More sharing options...
MrPhil Posted May 20, 2012 Share Posted May 20, 2012 This is a well-intentioned law (forbid the invasion of privacy by tracking cookies) implemented in a brain-dead manner. My non-legal advice would be to Make sure you don't install any add-ons (e.g., Google Analytics) which do add what could reasonably be called tracking cookies. If you really want to add tracking cookies (where they're legal), look into disabling that feature for EU users (both IP address geo-location and registered user's countries). Add some highlighted text to the Terms of Service notifying users that you do use session-maintenance cookies, that are deleted when the browser closes (check if that's true...). If the authorities come after you, raise a public stink about how government sites (e.g., ICO) use illegal tracking cookies, and how they should be prosecuted first! Maybe you can gain fame as the straw that broke the EU camel's back! Quote Link to comment Share on other sites More sharing options...
Mort-lemur Posted May 25, 2012 Share Posted May 25, 2012 Ok well it is now 25 May and this comes into effect tomorrow - Has anyone managed to come up with anything definitive on this subject for OSC ? especially the use of Google analyitics? Thanks Quote Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members. Link to comment Share on other sites More sharing options...
Mort-lemur Posted May 25, 2012 Share Posted May 25, 2012 I have just noticed that the ICO website Privacy notice has a useful looking table here : http://www.ico.gov.uk/Global/privacy_statement.aspx as I, like most people, have little understanding of how OSC & Google / Youtube (for embedded videos) etc use cookies and what their names may be, would it be possible for someone who understands this to produce a similar table for use in our privacy statements? Also, an acceptance box on the home page would not be appropriate - as most visitors enter on a product page via google shopping or a search engine / facebook link. Quote Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members. Link to comment Share on other sites More sharing options...
puddlec Posted May 25, 2012 Share Posted May 25, 2012 what about external payment gatewys (e.g. paypal, sagepay) would i need to include saying that they may set cookies (which is out of our control, or should i leave it to there policy Quote Phoenix support now at https://phoenixcart.org/forum/ App created for phoenixTinyMCE editor for admin Link to comment Share on other sites More sharing options...
Mort-lemur Posted May 25, 2012 Share Posted May 25, 2012 @@burt Thanks Gary, but not really that helpful, I already have the privacy policy - but it is the mechanics of the task, ie.: 1) How do I know what cookies my site sets and their names? 2) How do I know if they are "Essential" or not? 3) How to I creat an Opt-Out? maybe a button taking visitors to an opted-out page or back to google? As you are UK based and are in the EU then would I be right in assuming that you have already accomplished all of the above on your sites? If so would you care to share the info? Thinking about this - is the OSC Forum EU Based? Does it set cookies? Thanks Quote Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members. Link to comment Share on other sites More sharing options...
Mort-lemur Posted May 25, 2012 Share Posted May 25, 2012 @@burt Would you also like me to do the washing up ? Thats very nice of you - would you please? :shifty: Quote Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members. Link to comment Share on other sites More sharing options...
Mort-lemur Posted May 25, 2012 Share Posted May 25, 2012 @@burt Ok Had a look at that site - I dont see an opt-out link. Also if the customer is registered is his cart not retained by way of cookies if he returns later to purchase? Does that site only set one cookie? as asked above, what about payment processors you may use? Thanks Quote Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members. Link to comment Share on other sites More sharing options...
puddlec Posted May 25, 2012 Share Posted May 25, 2012 All cookies including externally set cookies. even if they have to go to paypal's / sagepay site to complete the transaction (e.g. they gone off my website), as my understanding of it is, that it is todo with them and not me so i would not need to worry about it in my policy Quote Phoenix support now at https://phoenixcart.org/forum/ App created for phoenixTinyMCE editor for admin Link to comment Share on other sites More sharing options...
Mort-lemur Posted May 25, 2012 Share Posted May 25, 2012 OK this is how I will address this: 1) a small opt-out box on each page, referring to our privacy statement and a "Leave Site Now" button 2) Produce a table in line with the one in the link I posted above So the only information I need to know is: How can I determine what cookies my site sets on a customers computer? Thanks Quote Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members. Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.