Feeds

EU agency calls for clear consent on indelible and zombie cookies

Don't just go shoving them down people's throats

Intelligent flash storage arrays

New, more persistent cookies pose an increasing risk to the privacy of consumers online, according to an EU security agency report released on Friday.

The advertising industry is pushing the adoption of new, more "persistent and powerful cookies" which profile users, often without users' awareness about what's happening.

Surfers should only be offered these cookies under a system of informed consent, according to ENISA (the European Network and Information Security Agency), which is calling on the industry to explain what it is doing and make it easier to delete unwanted advertising cookies.

Cookies were initially used to manage browser-server interaction but this role has been expanded over time to include advertising management, profiling and tracking. Most of the developments were driven by the advertising industry.

The new cookies support persistent user-identification. How this technology is being applied is less than clear, especially to users, so it is therefore hard to quantify privacy and security implications that arise from their use.

ENISA wants the industry to move towards informed consent so that, for example, the utility and the data stored in cookies is clear to users.

Surfers should be given the ability to either manage or remove cookies as they see fit, it says. The EU security agency also wants cookies to be stored within browser control, a reference to Flash-type so-called zombie cookies that stay on a system even if a user clears their browser history and cache.

Finally, surfers should be given secondary mechanisms to access web services if they choose not to accept cookies from a website, it says.

Professor Udo Helmbrecht, executive director of ENISA, said: ”Much work is needed to make these next-generation cookies as transparent and user-controlled as regular HTTP cookies, so as to safeguard the privacy and security aspects of consumers and business alike.”

The EU has put forward a directive that partly covers the use of cookies (Directive 2009/136/EC) and set a timetable for this to be incorporated into the national law of member states by 25 May. The rules emphasise the need for clear consent from a user, underpinned by clear up-front explanations, before cookies are installed on a user's machine. ®

Intelligent flash storage arrays

More from The Register

next story
Nexus 7 fandroids tell of salty taste after sucking on Google's Lollipop
Web giant looking into why version 5.0 of Android is crippling older slabs
Be real, Apple: In-app goodie grab games AREN'T FREE – EU
Cupertino stands down after Euro legal threats
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
SLURP! Flick your TONGUE around our LOLLIPOP – Google
Android 5 is coming – IF you're lucky enough to have the right gadget
Microsoft: Your Linux Docker containers are now OURS to command
New tool lets admins wrangle Linux apps from Windows
Bada-Bing! Mozilla flips Firefox to YAHOO! for search
Microsoft system will be the default for browser in US until 2020
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Internet Security Threat Report 2014
An overview and analysis of the year in global threat activity: identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.