Firstly - any number of cookies from a single domain are equivalent, you can always use whatever identifier is in the cookie's data to store and retrieve an arbitrary amount of data about the user. That there are lots of them implies either that the site is using a bunch of different front end libraries / components that don't talk to one another (which is irrelevant from a privacy perspective) or that more data is being stored/cached directly in the browser rather than being retrieved from a remote server which is the opposite of a privacy issue, since it's keeping your data in your browser.
Secondly - cookies are one of: "session", "expiring", "perpetual". With the first set to expire when you close the browser, the second expiring at some period between now and when your browser/cache/computer/operating system gets wiped or replaced (i.e. ~<12 months) and the third expiring at any arbitrary date after that (i.e. anything with an expiration date of more than ~12 months is the same, who cares if it's two years or ten thousand).
It's horrifying that this is a study paid for with public money and fed back to the public from a source purporting to be an expert.
Edit: by saying "from a single domain" I'm expressly avoiding the differentiation between first and third-party cookies - it obviously makes a difference how many third parties you share data with, which defensibly has some relationship to the number of different domains that serve third party cookies on a site.
I completely disagree with your assessment, and I don't understand why you're so offended by it.
The article is accurate and provides details of the methodology and results. Of particular note, if you look at the report, is that two thirds of cookies on UK sites are third-party ones. That's a significant number, and means the average site places 30 third-party cookies on a users machine.
Your proviso about being 'from a single domain' is pretty much irrelevant – that's not the issue at all!
>> opposite of a privacy issue, since it's keeping your data in your browser.
In a way instantly accessible to the host site.
Data I wasn't really consulted about. Data I might not be comfortable sharing every time you ask for it.
This whole law about disclosing cookie use, which I will agree is not necessarily a good approach to the problem, does nevertheless exist because of a problem - People getting tracked, followed and profiled without their permission. Website operators and browser-makers seemed to be complicit in this. Some website operators seem to think it's their god-given right to do whatever they want in the browser on my computer...
Evil ad networks only need a handful of cookies to track you. They could probably go without cookies entirely, just by fingerprinting the browser. They have the resources and know-how.
This happens because many webmasters build frankensites by copying and pasting snippets of code to get the functionality they need. Those load a bunch of resources from all over the net and dump a jar of cookies in your lap. It's the same laziness that makes devs set expiration to 9999.
The popouts, or banners, with cookie information are a pointless annoyance, not an encouraging development.
Not disagreeing with what you say, but browser fingerprinting is a great deal less accurate than cookie-based tracking, so the ad networks would certainly like to retain a cookie on the client machine, if they can.
It seems a bit disingenuous to present numbers like that. For the lay person, it may sound scary that there as 44 cookies on a given page, but that's a completely arbitrary measure. I would think that the important thing isn't the number of cookies, but rather what which entities they are shared with and to some extend the information attached to them. First party cookie for example are not a privacy issue at all.
As I see it, a website should upon landing either set zero or one cookie, depending on if the website has some sort of persistent functionality (like a message to first time visitors).
The other 43 cookies are, in my view, therefore unnecessary to the normal functioning of the website, and is therefore more likely being used for other purposes such as tracking and advertising.
When I visit the ICO site I also get a "civicCookieControl" cookie which you don't list. I guess that this is probably coming from javascript and your site isn't processing this?
Part of the problem is that the browser just mindlessly goes along with it.
We've got into a situation where the vast majority of users don't know and don't want to know about any of the details of what's going on, and by default most browsers just allow them to be tracked in a variety of different ways. Website writers/maintainers quite often don't know themselves what a framework is doing, and everyone writes using the assumption that cookies are something they can just use. It sometimes looks like everyone except the end user was involved in the development of the situation.
When cookies were first introduced a number of sensible people had reasonable concerns about privacy.
I'm not sure how we got from there to here - a sub-optimal law and not-great research (81 sites?) all while companies aggressively collect and mine data.
Laziness and greed.
But really, it's mostly laziness. If you tell someone cookies are 100% bad because they kill kittens, people won't use them unless they want to kill kittens. If you nebulously say that they might potentially be used to kill kittens at some point in the future, nobody cares.
[+] [-] gearhart|11 years ago|reply
Firstly - any number of cookies from a single domain are equivalent, you can always use whatever identifier is in the cookie's data to store and retrieve an arbitrary amount of data about the user. That there are lots of them implies either that the site is using a bunch of different front end libraries / components that don't talk to one another (which is irrelevant from a privacy perspective) or that more data is being stored/cached directly in the browser rather than being retrieved from a remote server which is the opposite of a privacy issue, since it's keeping your data in your browser.
Secondly - cookies are one of: "session", "expiring", "perpetual". With the first set to expire when you close the browser, the second expiring at some period between now and when your browser/cache/computer/operating system gets wiped or replaced (i.e. ~<12 months) and the third expiring at any arbitrary date after that (i.e. anything with an expiration date of more than ~12 months is the same, who cares if it's two years or ten thousand).
It's horrifying that this is a study paid for with public money and fed back to the public from a source purporting to be an expert.
Edit: by saying "from a single domain" I'm expressly avoiding the differentiation between first and third-party cookies - it obviously makes a difference how many third parties you share data with, which defensibly has some relationship to the number of different domains that serve third party cookies on a site.
[+] [-] matthewmacleod|11 years ago|reply
The article is accurate and provides details of the methodology and results. Of particular note, if you look at the report, is that two thirds of cookies on UK sites are third-party ones. That's a significant number, and means the average site places 30 third-party cookies on a users machine.
Your proviso about being 'from a single domain' is pretty much irrelevant – that's not the issue at all!
[+] [-] Nursie|11 years ago|reply
In a way instantly accessible to the host site. Data I wasn't really consulted about. Data I might not be comfortable sharing every time you ask for it.
This whole law about disclosing cookie use, which I will agree is not necessarily a good approach to the problem, does nevertheless exist because of a problem - People getting tracked, followed and profiled without their permission. Website operators and browser-makers seemed to be complicit in this. Some website operators seem to think it's their god-given right to do whatever they want in the browser on my computer...
[+] [-] blfr|11 years ago|reply
This happens because many webmasters build frankensites by copying and pasting snippets of code to get the functionality they need. Those load a bunch of resources from all over the net and dump a jar of cookies in your lap. It's the same laziness that makes devs set expiration to 9999.
The popouts, or banners, with cookie information are a pointless annoyance, not an encouraging development.
[+] [-] jfindley|11 years ago|reply
[+] [-] troels|11 years ago|reply
[+] [-] Drakim|11 years ago|reply
As I see it, a website should upon landing either set zero or one cookie, depending on if the website has some sort of persistent functionality (like a message to first time visitors).
The other 43 cookies are, in my view, therefore unnecessary to the normal functioning of the website, and is therefore more likely being used for other purposes such as tracking and advertising.
[+] [-] matthewmacleod|11 years ago|reply
[+] [-] bartkappenburg|11 years ago|reply
ico.org.uk places 3 cookies (1 session, 2 other valid up to today and 2017): http://www.cookie-checker.com/check-cookies.php?url=ico.org....
[+] [-] omh|11 years ago|reply
[+] [-] equil|11 years ago|reply
[+] [-] JamesBaxter|11 years ago|reply
http://i.imgur.com/3PIC1af.png
[+] [-] graystevens|11 years ago|reply
[+] [-] creshal|11 years ago|reply
[+] [-] Padding|11 years ago|reply
Yes it takes some effort to delete them, but so does looking left and right before crossing the street.
[+] [-] Nursie|11 years ago|reply
We've got into a situation where the vast majority of users don't know and don't want to know about any of the details of what's going on, and by default most browsers just allow them to be tracked in a variety of different ways. Website writers/maintainers quite often don't know themselves what a framework is doing, and everyone writes using the assumption that cookies are something they can just use. It sometimes looks like everyone except the end user was involved in the development of the situation.
[+] [-] Tepix|11 years ago|reply
The number of sites that don't work with 3rd party cookies is very small - whenever I run into one I usually use an alternative site or complain.
[+] [-] DanBC|11 years ago|reply
I'm not sure how we got from there to here - a sub-optimal law and not-great research (81 sites?) all while companies aggressively collect and mine data.
[+] [-] JustSomeNobody|11 years ago|reply
[+] [-] unknown|11 years ago|reply
[deleted]
[+] [-] Sharlin|11 years ago|reply
I'm pretty sure that's exactly his point...
[+] [-] unknown|11 years ago|reply
[deleted]
[+] [-] heeen|11 years ago|reply
[+] [-] threedaymonk|11 years ago|reply
1. https://addons.mozilla.org/en-US/firefox/addon/self-destruct...
[+] [-] aikah|11 years ago|reply