Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2011-06-30 08:24:40

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,090
Website GitHub Mastodon Twitter

cookies

In the light of the upcoming eu law already implemented in the uk, would there be any changes regarding this matter in the core install and/or plugin guidelines?


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#2 2011-06-30 08:37:54

Gocom
Developer Emeritus
From: Helsinki, Finland
Registered: 2006-07-14
Posts: 4,533
Website

Re: cookies

Doesn’t really effect core Textpattern. The admin-side session/login cookies are excluded as they are requirement for the system to operate correctly, and TXP provides an option not to store contents of the comment form which also is just information provided by the user itself. Site author is free to add additional information to the comment form if they want to.

Same as with the IP logging regulations in some countries. The feature ie. logs and remember me checkbox can be disabled if needed.

Plugin guidelines? Could be good, maybe. If you have something relevant that would be good to know. Most of the plugins don’t use cookies at all.

Last edited by Gocom (2011-06-30 08:43:16)

Offline

#3 2011-06-30 08:56:10

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,090
Website GitHub Mastodon Twitter

Re: cookies

@Gocom… Point made

IPs:If you are referring to Germany, IPs are now been allowed to be harvested

cookies front end/plugins: I can not think of any just now except rss_front_edit which is now outdated and requires (like the login system) a manual enabling.

The only thing that I can think of are statistics including Google analytics, slimstat, mint, etc, some of which have txp plugins


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#4 2011-06-30 10:51:13

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 4,726
Website

Re: cookies

IPs:If you are referring to Germany, IPs are now been allowed to be harvested

Yiannis, I’m not sure that that is the most recent state of affairs in Germany. In November 2009 the data protection authorities ruled that google analytics collects too detailed information. Google then introduced two tools – one is a browser add-on that allows users to opt out of google analytics, the other is an Ip anonymizer that you add to your google analytics code snippet. Apparently talks broke down earlier this year, particularly with regard to the Opt-out Browser-Addon, and the situation is currently unclear. In Germany at least the use of anonymizeip() is definitely recommended and one needs to additionally inform the user in the impressum (also law in Germany). Two links for German users:

  • legal article (in German) arguing that google analytics is possible with the anonymizeIp() function. The article includes a sample disclaimer text for the imprint / impressum page.
  • optimized google analytics code builder including anonymizeIp(). Similar to the optimized code in the HTML5 Boilerplate. Note that the code builder falsely encodes the && as entities (easy to correct).

Last edited by jakob (2011-06-30 12:28:31)


TXP Builders – finely-crafted code, design and txp

Online

#5 2011-06-30 11:39:02

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,090
Website GitHub Mastodon Twitter

Re: cookies

jakob wrote:

Yiannis, I’m not sure that that is the most recent state of affairs in Germany.

Ah huh! I stand corrected! Jakob, thanks for that. The idea for this thread came up because of a text I am writing for ISEA which I now need to amend:)

ps (and off topic). is there something wrong with textile? Tried to correct the link in your comment above but it is just not recognised.

Last edited by colak (2011-06-30 11:41:26)


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#6 2011-06-30 11:58:09

uli
Moderator
From: Cologne
Registered: 2006-08-15
Posts: 4,306

Re: cookies

Yannis, it’s the umlaut (ö) that broke the link. Thanks for spotting.


In bad weather I never leave home without wet_plugout, smd_where_used and adi_form_links

Offline

#7 2011-06-30 12:19:58

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,090
Website GitHub Mastodon Twitter

Re: cookies

uli wrote:

Yannis, it’s the umlaut (ö) that broke the link. Thanks for spotting.

corrected on behalf of Jakob:)


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#8 2011-06-30 12:29:07

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 4,726
Website

Re: cookies

yes, that was wierd. Clever idea with turning it into an entity. Thank you!

BTW: don’t quote me on the above. That is just my current understanding of things.

Last edited by jakob (2011-06-30 12:29:47)


TXP Builders – finely-crafted code, design and txp

Online

#9 2011-06-30 12:56:03

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,090
Website GitHub Mastodon Twitter

Re: cookies

Jakob wrote

Yiannis, I’m not sure that that is the most recent state of affairs in Germany…

Another off topic question. If you are not allowed to see the IP and apart from having a robust server/software, what is the recommended method suggested to protect your site from malicious hackers and/or site attacks?

Also… does the German law re IP collection apply for the Host logs too?

Last edited by colak (2011-06-30 12:58:57)


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#10 2011-06-30 13:39:24

wet
Developer Emeritus
From: Schoerfling, Austria
Registered: 2005-06-06
Posts: 3,330
Website Mastodon

Re: cookies

colak wrote:

Also… does the German law re IP collection apply for the Host logs too?

Wir speichern nicht advocates the use of mod_removeip to comply with German privacy requirements. This would remove IP addresses before they hit the logs.

Offline

#11 2011-06-30 14:04:38

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,090
Website GitHub Mastodon Twitter

Re: cookies

wet wrote:

Wir speichern nicht advocates the use of mod_removeip to comply with German privacy requirements. This would remove IP addresses before they hit the logs.

Interesting! What about the first part of the question though? (added a few more worries)

If you are not allowed to see (or save) the IP and apart from having a robust server/software (impossible as the recent hacking of top us .gov sites proved), what is the recommended method officially suggested to protect your site from malicious hackers and/or site attacks? Are sites and servers just seen as collateral damage in favour of privacy?

Last edited by colak (2011-06-30 14:26:28)


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#12 2011-07-01 01:13:47

phiw13
Plugin Author
From: Japan
Registered: 2004-02-27
Posts: 3,192
Website

Re: cookies

jakob wrote:

yes, that was wierd. Clever idea with turning it into an entity. Thank you!

That link still doesn’t work. You need to convert the offending character to its utf-8 equivalent: for ö that would be %C3%B6, I think.


Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern

Offline

Board footer

Powered by FluxBB