Feeds

EU agency calls for clear consent on indelible and zombie cookies

Don't just go shoving them down people's throats

Build a business case: developing custom apps

New, more persistent cookies pose an increasing risk to the privacy of consumers online, according to an EU security agency report released on Friday.

The advertising industry is pushing the adoption of new, more "persistent and powerful cookies" which profile users, often without users' awareness about what's happening.

Surfers should only be offered these cookies under a system of informed consent, according to ENISA (the European Network and Information Security Agency), which is calling on the industry to explain what it is doing and make it easier to delete unwanted advertising cookies.

Cookies were initially used to manage browser-server interaction but this role has been expanded over time to include advertising management, profiling and tracking. Most of the developments were driven by the advertising industry.

The new cookies support persistent user-identification. How this technology is being applied is less than clear, especially to users, so it is therefore hard to quantify privacy and security implications that arise from their use.

ENISA wants the industry to move towards informed consent so that, for example, the utility and the data stored in cookies is clear to users.

Surfers should be given the ability to either manage or remove cookies as they see fit, it says. The EU security agency also wants cookies to be stored within browser control, a reference to Flash-type so-called zombie cookies that stay on a system even if a user clears their browser history and cache.

Finally, surfers should be given secondary mechanisms to access web services if they choose not to accept cookies from a website, it says.

Professor Udo Helmbrecht, executive director of ENISA, said: ”Much work is needed to make these next-generation cookies as transparent and user-controlled as regular HTTP cookies, so as to safeguard the privacy and security aspects of consumers and business alike.”

The EU has put forward a directive that partly covers the use of cookies (Directive 2009/136/EC) and set a timetable for this to be incorporated into the national law of member states by 25 May. The rules emphasise the need for clear consent from a user, underpinned by clear up-front explanations, before cookies are installed on a user's machine. ®

Bridging the IT gap between rising business demands and ageing tools

More from The Register

next story
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Put down that Oracle database patch: It could cost $23,000 per CPU
On-by-default INMEMORY tech a boon for developers ... as long as they can afford it
Google shows off new Chrome OS look
Athena springs full-grown from Chromium project's head
Apple: We'll unleash OS X Yosemite beta on the MASSES on 24 July
Starting today, regular fanbois will be guinea pigs, it tells Reg
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.