Ganfyd:Cookies

From Ganfyd

Revision as of 22:21, 24 May 2012 by Mlj (Talk | contribs)
Jump to: navigation, search

Contents

Cookies

Ganfyd uses cookies (HTTP cookie) to allow site functionality and monitoring of activity on the site over time. These are both interpreted as storing of data that is necessary for technical reasons. For example administrators of the site use cookie information to prioritise page accuracy for the most popular pages at any one time. Ganfyd can not disable the cookies it uses, but you may, if you wish, use the site with software that prevents the use of cookies. Privacy setting options in most modern browsers allow you to block third-party tracking cookies.

The cookies that facilitate interaction with a user, particularly a logged in user are provided as part of the functionality of MediaWiki, the open source software that this wiki runs on. These cookies may allow personalization for a logged in user. Third-party cookies provided by Google Inc are used to monitor site activity.

Definitions

A HTTP cookie is a piece of text data (file) stored by a website within a browser, and then subsequently sent back to the same website by the browser. Cookies were designed to be a reliable mechanism for websites to remember things that a browser had done there in the past, which can include having clicked particular buttons, logging in, or having read pages on that site months or years ago. Typically, they contain at least two pieces of information: a site name and unique user ID. Other text may be appended but is not interchanged externally once created. However what was created might have been sent from the server so the server can cross reference back using the unique user ID.

Session cookies

Are text files that allow a site to link the actions of a visitor during a single browser session. They are not stored long term and are usually considered "less privacy intrusive" than persistent cookies.

Persistent cookies

These remain on the user's device between sessions and allow one or several sites to remember details about the visitor. They may be used by marketers to target advertising or to avoid the user having to provide a password each visit.

First-party cookies

A cookie is classed as being first-party if it is set by the site being visited. This is termed the domain, which can also relate to subdomains. It might be used to study how people navigate a site.

Third-party cookies

It is classed as third-party if it is issued by a different server to that of the domain being visited. It could be used to trigger a banner advert based on the visitor's viewing habits.

Potential problems

These mainly relate to tracking cookies and especially third-party tracking cookies that have been commonly used as way to compile long-term records of individuals' browsing histories. It is not known if the third-party tracking cookies used on Ganfyd could be used in this way as Ganfyd has had no control over their content and the way they have actually been used, independent of why they were installed on the website to monitor usage. It is suspected that users have minimum to fear in this regard as the third party chosen by Ganfyd would suffer legally, reputationally and commercially if it failed to comply with European privacy regulations.

Technical

A definitive specification for cookies was published as RFC 6265 in April 2011. Browsers are designed to handle cookies as securely as possible. It is recommended on general grounds that you use Ganfyd with an up to date browser as historically some browsers had problems in how they handled cookies. Browsers are now designed to cope with cookie lengths of up to four kilobytes, and at least 20 cookies per server or domain.

Cookie attributes

Cookies have a name–value pair (cookie crumb), but HTTP servers can also set several other cookie attributes:

  • Cookie domain
  • A path
  • Expiration time or maximum age
  • Secure flag
  • HttpOnly flag.

Browsers will not send cookie attributes back to the server. They will only send the cookie’s name-value pair. Cookie attributes are used by browsers to determine when to delete a cookie, block a cookie or whether to send a cookie (name-value pair) to the servers.

Legal

Ganfyd is hosted in Europe. The 2002 European Union telecommunication privacy Directive contains rules about the use of cookies. Article 5, Paragraph 3 of this directive mandates that storing data (like cookies) in a user's computer can only be done if:

  • The user is provided information about how this data is used;
  • The user is given the possibility of denying this storing operation. However, this article also states that storing data that is necessary for technical reasons is exempted from this rule.