[ch0llima]

(Original post by GenerationX)
Wow wells that sounds interesting, give what are these terrible things TSR are up to.

I would be more concerned with a whole host of data mishandling issues leading into the distant past long before TSR got hacked recently. AcumenPI do seem to be taking this very seriously though, so I can't complain too much.

Was the hack reported to the ICO? I don't know, but it should have been considering AcumenPI are a registered company handling personal data.

Have supermoderators had their access to this information permanently revoked? They should, and they should never have had it in the first place because they don't need it and Acumen definitely weren't enforcing the proper controls and were turning a blind eye to complaints about leaks. Well, whadya know? Them chickens sure came home to roost didn't they? I would happily bet the price of a tank of diesel on this being a contributory factor to the hack.

Honestly, this sort of thing is much closer to home than some esoteric and vague cookie regulations coming out of Brussels.

The spam PM flames from immature members can't be blamed on TSR thats down to the self importance and arrogance of particular members.

Deal with it. Alternatively, try and beat him at his own game.

However I suppose if you feel tracking your activities on the internet is no big issue you will be happy with the planned goverment regulations to monitor your activities including URI along with time and dates of other electronic activity.

You talk as if this is something new. Electronic surveillance has been going on for years in this fashion.

You think your dubious Eastern European VPN provider is white knighting, sticking two fingers up to Uncle Sam and honestly doesn't keep any logs?

One question though are you happy to download and install spyware on your computer?

Yes, as I'm a security researcher and have a secure environment in which to do this.

[ANARCHY__]

(Original post by ch0llima)
You think your dubious Eastern European VPN provider is white knighting, sticking two fingers up to Uncle Sam and honestly doesn't keep any logs?

Yes, as I'm a security researcher and have a secure environment in which to do this.

Out of interest, how much security would a Tor connection and/or a VPN provide?

[GenerationX]

(Original post by ch0llima)
I would be more concerned with a whole host of data mishandling issues leading into the distant past long before TSR got hacked recently. AcumenPI do seem to be taking this very seriously though, so I can't complain too much.

Was the hack reported to the ICO? I don't know, but it should have been considering AcumenPI are a registered company handling personal data.

Have supermoderators had their access to this information permanently revoked? They should, and they should never have had it in the first place because they don't need it and Acumen definitely weren't enforcing the proper controls and were turning a blind eye to complaints about leaks. Well, whadya know? Them chickens sure came home to roost didn't they? I would happily bet the price of a tank of diesel on this being a contributory factor to the hack.

I would fully agree with you on this concern and yes AcumenPI seem to be taking it seriously now,although there is a valid question around the 7 days it took for them even to discover the attack had taken place as well as the then extra one day to get the announcement up to the members. As I actually put to TSR its a almost pointless taking steps to change a password attackers have had for 8 days as they are more likey to have got their use out of it by then. Personally I have seen an increase in overall spam especially in a particualr type of spam to the email addres I have used here and prior to the announcement was wondering which of the sites I have signed up to would likely fall into collecting email addresses for spam. No certainty it relates to the attack at TSR as correlation does not prove causation, but from the limited data TSR insists you enter into the member database just to join then passwords and emails would seem the likely target.

However I was asked to consider moving this point to its own topic by one of the mods.

Honestly, this sort of thing is much closer to home than some esoteric and vague cookie regulations coming out of Brussels.

Again this is a matter of perspectives personally I don't see the directive as esoteric in any way, but even if you look at it from your own outlook on AcumenPI's handling of the data loss. What does AcumenPI consider the priority at TSR is it to build and benefit from a secure and functional application backend that supports a vibrant student community or is it to get in place a functional off the shelf application framework to which they can accumulate users and mine data to sell to the highest bidder.

Deal with it. Alternatively, try and beat him at his own game.

Already have, personally find it more effective to laugh at them and let them wind themselves up.

You talk as if this is something new. Electronic surveillance has been going on for years in this fashion.

The short answer is well murder has been happening for thousands of years should we just give up on that and take the laize fair attitude of 'you just happened to be in the wrong place at the wrong time'. The long answer would all be about trying to curb surveilance has been going on for just as long as the sureilance does that mean that now privacy has managed to get one victory we should all just give in and go ok so it happens.

You think your dubious Eastern European VPN provider is white knighting, sticking two fingers up to Uncle Sam and honestly doesn't keep any logs?

I don't use TOR and actually said I do not think it is an appropriate solution. Doesn't stop it being a useful network for those that do. As for the two fingers to Uncle Sam. I'm a Scottish, UK and EU citizen I couldn't care what uncle sam wants were not the 51st state and we don't have US Software Patents thanks to the EU.

Yes, as I'm a security researcher and have a secure environment in which to do this.

Which by inferrence of your secure environment means you would not want to download spyware to your personal and possible childrens home computer. Neither would I but every time you download the Quantcast cookie you download spyware.

Good points though even where I do not agree with them.

[GenerationX]

(Original post by ANARCHY__)
Not necessarily dodgy things. And you can get the Tor browser bundle if you so wish. It's basically a .exe that you can run from a USB stick. I use Tor for anything I please and I do not see how you can curb user tracking when it is government endorsed. Thus the appropriate solution would surely be something non-governmental i.e. Tor.

I would not wish to infer in any way that you do use TOR for anything dodgy, however there are conotations regarding net users that go to the extent of achieving total annonymity that while I personally don't agree with are prevelant amongst the 'if you have nothing to hide' brigade.

Actually collecting this level of data is not what government is endorsing. the level of goverment tracking intrusion is who, where and when. All these are achievable from the server logs and don't require cross site tracking cookies that try to calculate if selling to you using banking advertising was more efficient than Domino's Pizza.

Actually the information sites need for the initial access is also available in the server logs so there is no good argument for why these cross site tracking cookies are bundled onto every user as a matter of habit.

[ANARCHY__]

(Original post by GenerationX)
I would not wish to infer in any way that you do use TOR for anything dodgy, however there are conotations regarding net users that go to the extent of achieving total annonymity that while I personally don't agree with are prevelant amongst the 'if you have nothing to hide' brigade.

Actually collecting this level of data is not what government is endorsing. the level of goverment tracking intrusion is who, where and when. All these are achievable from the server logs and don't require cross site tracking cookies that try to calculate if selling to you using banking advertising was more efficient than Domino's Pizza.

Actually the information sites need for the initial access is also available in the server logs so there is no good argument for why these cross site tracking cookies are bundled onto every user as a matter of habit.

I'm not advocating the implementation of the cross site trackers but simply stating the most effective way of getting around it. Whilst I see you hold your reservations about the Tor network, it - along with a secure VPN - is one of the few ways of circumventing such intrusion.

True, you can argue that there is nothing to fear if you have nothing to hide but then it says something about the government's faith in its general populace if such measures need to be introduced with as wide a netting as is possible.

[GenerationX]

(Original post by ANARCHY__)
I'm not advocating the implementation of the cross site trackers but simply stating the most effective way of getting around it. Whilst I see you hold your reservations about the Tor network, it - along with a secure VPN - is one of the few ways of circumventing such intrusion.

True, you can argue that there is nothing to fear if you have nothing to hide but then it says something about the government's faith in its general populace if such measures need to be introduced with as wide a netting as is possible.

The 'nothing to hide' argument is not one I am a great supporter of, I'd come under the opt in rather than opt out following. Which itself was supposed to be the norm from many years back just never really enforced.

I think the current proposals are yet to be voted on by the house of commons and as they are yet in debate I'm going to take the no comment route.

Not particularly reservations about Tor just don't feel I have the need of that level of annonymity and don't feel I should even be made to feel as if I do need that level of annonymity.

[ANARCHY__]

(Original post by GenerationX)
The 'nothing to hide' argument is not one I am a great supporter of, I'd come under the opt in rather than opt out following. Which itself was supposed to be the norm from many years back just never really enforced.

I think the current proposals are yet to be voted on by the house of commons and as they are yet in debate I'm going to take the no comment route.

Not particularly reservations about Tor just don't feel I have the need of that level of annonymity and don't feel I should even be made to feel as if I do need that level of annonymity.

Neither do I but my point is what is the alternative?

[GenerationX]

(Original post by ANARCHY__)
Neither do I but my point is what is the alternative?

Well I would say the e-Privacy Directive is a good starting point, but it must be backed up with the teeth to stop web sites loading a visitors computer with tracking cookies the second they arrive at the domain entry page even if that is a deep linked page appearing on search results. They should also then have prominent links to the cookie usage policies with clear instructions on how you can opt out of accepting the cookies without having to choose not to use the site or only getting part content where the cookie is only a tracking device and gives no functional benefit to the site. Scorecard Research do offfer this at their web site and I have selected to opt out of there cookies although time will show whether that is the same as clicking the stop these emails link at the bottom of junk mail. I would prefer that even members had to opt in but if I visit tesco and don't want their loyalty card I am not asked to drop my purchases and leave the shop so if I don't want tracking cookies it should not affect my use of a web site. If you are happy to participate in generating user data and many people are willing to do so it should after you have opted in to the system.

It won't happen unless people demand it though so if everyone sticks to the sheep outlook of well it goes on everywhere then yes it will continue to go on everywhere. ICO does not have the resources to actively police this directive so its really up to those that want to be good netizens but if you do and feel a net without continous usage tracking is a better internet then consider the high profile web sites you use that are clearly regulated within Europe, do a cookie audit on the site as if you were a first time user arriving from Google on a first ever visit. Use Live HTTP Headers and also check the cookies from the options in your browser and if you feel that the site is being intrusive and is not complying then first contact the site and then if they refuse to deal with your concerns contact ICO through the form on their web site

[Mad Vlad]

I'm struggling to think of a more boring topic, tbh. It's a bit tragic that you're so het up about it, GenerationX. It's admirable that you're standing up for users' privacy, but the reality is, advertising uses tracking cookies and sites like TSR rely on adversiting to be profitable. It's pretty obvious to anyone that is remotely aware of how the internet works that sites use cookies and sites with advertising use tracking cookies to make adverts more relevant to the user and to make advertising space more valuable to clients.

The reality is, you can't use anything interesting on the internet without agreeing to the use of these cookies, unless you choose to block them with additional browser functionality, of course. The legislation is well meaning, but as with pretty much all European legislation (and all legislation regarding computers and the internet), it's utterly pointless. The UK guidance for it is weak and woolly at best, as we've seen. It's burdensome to business and clearly ineffective. I really don't see what the point of it is. I think it's right that sites make the use of cookies completely transparent, but it should be taken as read by the user that if they do not want to be tracked using cookies, then they should not use cookies in their browser settings or simply not use the internet. Websites should not have to implement onerous workarounds for privacy obsessed users - it's for the user to work out how they're going to use a website that requires cookies to run.

TSR's pretty open and honest about the cookies used on the site. I personally feel they're doing enough. Whether it's compliant with the regs, I don't know - the care factory is out of stock, and I don't intend to read through reams of Eurocratic guidance to find out.

[GenerationX]

(Original post by Mad Vlad)
I'm struggling to think of a more boring topic, tbh. It's a bit tragic that you're so het up about it, GenerationX. It's admirable that you're standing up for users' privacy, but the reality is, advertising uses tracking cookies and sites like TSR rely on adversiting to be profitable. It's pretty obvious to anyone that is remotely aware of how the internet works that sites use cookies and sites with advertising use tracking cookies to make adverts more relevant to the user and to make advertising space more valuable to clients.

The reality is, you can't use anything interesting on the internet without agreeing to the use of these cookies, unless you choose to block them with additional browser functionality, of course. The legislation is well meaning, but as with pretty much all European legislation (and all legislation regarding computers and the internet), it's utterly pointless. The UK guidance for it is weak and woolly at best, as we've seen. It's burdensome to business and clearly ineffective. I really don't see what the point of it is. I think it's right that sites make the use of cookies completely transparent, but it should be taken as read by the user that if they do not want to be tracked using cookies, then they should not use cookies in their browser settings or simply not use the internet. Websites should not have to implement onerous workarounds for privacy obsessed users - it's for the user to work out how they're going to use a website that requires cookies to run.

TSR's pretty open and honest about the cookies used on the site. I personally feel they're doing enough. Whether it's compliant with the regs, I don't know - the care factory is out of stock, and I don't intend to read through reams of Eurocratic guidance to find out.

Seriously is there any time you can put your point across without making the logical falacy of appeal to authority. I personaly don't find it necesarry to try and convince people of my expertise by stating it in every post but I can without any problem read through regulations and understand them without requiring a solicitor to explain them to me and actually find it boring when someone starts every comment with 'Ive been doing this for 30 odd years martha'.

I think the importance of privacy is fully discussed throughout the thread and accept some may not find it important. I don't think you should have to be concerned about it if you don't want to be so does that mean just because you don't care everyone should have cameras in their televisions just so you don't get bored.

You pointed you work in security for infosec, can you tell me why you find that so important hacking happens on the net firewalls, DMZ's and user priviledges are pretty common knowledge so only stupid people would have their security for their network breached or let priviledged user accounts become forgotten about and compromised so that the user database could be stolen. Or does your attitude change when it does involve your special interest.

[Mad Vlad]

(Original post by GenerationX)
I think the importance of privacy is fully discussed throughout the thread and accept some may not find it important. I don't think you should have to be concerned about it if you don't want to be so does that mean just because you don't care everyone should have cameras in their televisions just so you don't get bored.

The two concepts are non-sequitur. Just because I'm happy for advertisers to serve me up adverts relevant to my browsing habits (which I block anyway) doesn't mean I'm happy for the state to install hidden cameras in my A/V equipment.

You pointed you work in security for infosec, can you tell me why you find that so important hacking happens on the net firewalls, DMZ's and user priviledges are pretty common knowledge so only stupid people would have their security for their network breached or let priviledged user accounts become forgotten about and compromised so that the user database could be stolen. Or does your attitude change when it does involve your special interest.

Network security's a bit more complex than that. The concepts of each of those things are very simple to understand. Applying them in practice, at scale, cost effectively, without impacting on the organisation's ability to carry out its day to day business, with limited resources, isn't as simple. I'm happy to discuss this further, but I don't want to drag this thread off-topic. PM me if you like.

[GenerationX]

(Original post by Mad Vlad)
The two concepts are non-sequitur. Just because I'm happy for advertisers to serve me up adverts relevant to my browsing habits (which I block anyway) doesn't mean I'm happy for the state to install hidden cameras in my A/V equipment.

I never said state there would be a benefit to Sky broadcasting if they could see how many people were sitting around the set for each programme. Thats very much equivalent to the quantcast spyware.

Network security's a bit more complex than that. The concepts of each of those things are very simple to understand. Applying them in practice, at scale, cost effectively, without impacting on the organisation's ability to carry out its day to day business, with limited resources, isn't as simple. I'm happy to discuss this further, but I don't want to drag this thread off-topic. PM me if you like.

Thats allright I know what I need about security never been breached, but thanks for the offer.

As a general note though the internet works primarily via the Internet Protocol (IP) with the addition of the Hyper Text Transfer Protocol (http) for the web. taking the view of for dummies books in explaining it a client makes a request general based on a domain name either by typing the addres in the browser directly or by clicking on a link. The browser sends a lookup request to a Domain Name Server (DNS) which returns the IP Address (a number assigned to each server or routing device on the internet) of the target server so the request is then broken up into packets with a header attached to each packet containing the packet number and the requesting as well as target IP addresses. The Internet Service Providers routing tables then derive a route from the requesting client to the target server based on their routing protocols and peering agreements each packet does not have to take the same route as any other.

As the target server receives the packets it rebuilds the request and looks to see if it can fulfil the request based on its server config and whether it actually has the content being requested providing a response code based on success or failure. If the request can be fulfiled the requested content is broken down into packets given the requesting clients IP address as well as a packet number, based on the server farm providers routing tables, protocoles and peering agreements a route is created back to the client making the requst and the packets sent on their way. As the client receives the packets it attempts to rebuild the content and as long as enough packets have made their way through you get your conent you requested.

No part of this client server transaction requires the use of cross site usage tracking.

A web application is intended to be a dynamic way of serving complex content to the internet audience. Because the web is a stateless environment this means the objects, data and state only persists until the browser completes the loading of a page. The compiled programming languages of Java and ASP.Net are making inroads towards a more stateful environment but currently a web application still needs some way to maintain state between client requests to the server. Currently this is achieved using cookies and session variables and in this way applications can be developed to provide functionality to the user. These types of cookies are eplicitly exempted from the directive as they are required only to provide the functionality of the web application.

Transparent usage tracking cookies provide no functionality to the users they are being inserted on and that is exactly what the Directive wants to do is make sure you don't need to have attended remedial internet 101 to understand cookies just to figure out how to say no thanks to the loyalty card.

[rmhumphries]

(Original post by GenerationX)
Transparent usage tracking cookies provide no functionality to the users they are being inserted on and that is exactly what the Directive wants to do is make sure you don't need to have attended remedial internet 101 to understand cookies just to figure out how to say no thanks to the loyalty card.

You pay for your current account. You pay not give them money, but you receive less interest than inflation (and the Bank of England interest rate) and certainly less money than what the bank lends out, and that is why the bank offers you a 'free' account.

Transparent usage tracking cookies pay for your use of certain free websites, but allowing them to generate more money. Imagine that tracking cookies were made opt-in. Advertisers would make less money, so they would pay out less to websites, so websites wouldn't either become slower as they couldn't afford the servers needed, or would shut-down / wouldn't start in the first place. Websites related to a service that generates money in other ways, such as bbc.co.uk would survive, as would personal websites - but google wouldn't offer anywhere near as many services, TSR may not survive and so-on.

There is no such thing as a free lunch.

[GenerationX]

(Original post by rmhumphries)
You pay for your current account. You pay not give them money, but you receive less interest than inflation (and the Bank of England interest rate) and certainly less money than what the bank lends out, and that is why the bank offers you a 'free' account.

Transparent usage tracking cookies pay for your use of certain free websites, but allowing them to generate more money. Imagine that tracking cookies were made opt-in. Advertisers would make less money, so they would pay out less to websites, so websites wouldn't either become slower as they couldn't afford the servers needed, or would shut-down / wouldn't start in the first place. Websites related to a service that generates money in other ways, such as bbc.co.uk would survive, as would personal websites - but google wouldn't offer anywhere near as many services, TSR may not survive and so-on.

There is no such thing as a free lunch.

Seriously another jump in direction every time I take on the arguments you have its dream up some other reason to think your getting the chance to lecture a noob.

So a free lunch, the bank pays slightly less interest when this happens does the bank sell its business customers a list of all the people you have done businees with or paid a bill to this month? when you visit the Doctor does he sell your data to the pharmacueticals companies?

Forums and social sites are nothing knew and existed long before web 2.0 the same as Google, Yahoo or Hasta La Vista. The last web bubble burst when people finally realised that they were being sold a pig in a poke of services that had no driect inputs from which an income earning output was created and the only value of the shares they held was based on hype about the potential of nothing. Look whats happened with Facebook recently all the hype of the 100bn valuation then mad supporters of web 2.0 who believe in Facebook realised they bought a large pile of nothing with a plummeting value so go crying boohoohoohoo all the way to the courts in order to lodge lawsuits.

The web will survive and if the dross sites that rely only on you bringing the content so they can analyse your marketing fall of at the wayside thats no bad thing.

Edit: Thouhgt I would carry this crazy analogy's of free lunch to where it actually compares with usage tracking if done in the real world.

So what if everytime you walked in a shop you were stripped searched to find out what possesions you have what the shop could potentially serve you, then had to provide a barcode that showed what other shops you had ever visited. As you left the shop your purchases were checked and anything they could have sold but didn't is listed, your barcode is updated and your told to hand it in at the next shop you enter. Seriously I'm laughing at this but think this would take to much staff effort do a bit of research on the potetnial of body scanners and texture matching in images or the chemical analysis of your scents. Just because something can be done doesn't mean it is correct behaviour to actually do it.

[rmhumphries]

(Original post by GenerationX)
Seriously another jump in direction every time I take on the arguments you have its dream up some other reason to think your getting the chance to lecture a noob.

So a free lunch, the bank pays slightly less interest when this happens does the bank sell its business customers a list of all the people you have done businees with or paid a bill to this month? when you visit the Doctor does he sell your data to the pharmacueticals companies?

Forums and social sites are nothing knew and existed long before web 2.0 the same as Google, Yahoo or Hasta La Vista. The last web bubble burst when people finally realised that they were being sold a pig in a poke of services that had no driect inputs from which an income earning output was created and the only value of the shares they held was based on hype about the potential of nothing. Look whats happened with Facebook recently all the hype of the 100bn valuation then mad supporters of web 2.0 who believe in Facebook realised they bought a large pile of nothing with a plummeting value so go crying boohoohoohoo all the way to the courts in order to lodge lawsuits.

The web will survive and if the dross sites that rely only on you bringing the content so they can analyse your marketing fall of at the wayside thats no bad thing.

Edit: Thouhgt I would carry this crazy analogy's of free lunch to where it actually compares with usage tracking if done in the real world.

So what if everytime you walked in a shop you were stripped searched to find out what possesions you have what the shop could potentially serve you, then had to provide a barcode that showed what other shops you had ever visited. As you left the shop your purchases were checked and anything they could have sold but didn't is listed, your barcode is updated and your told to hand it in at the next shop you enter. Seriously I'm laughing at this but think this would take to much staff effort do a bit of research on the potetnial of body scanners and texture matching in images or the chemical analysis of your scents. Just because something can be done doesn't mean it is correct behaviour to actually do it.

Actually I decided to leave the 'main' argument based on Captain Jack's post, and am waiting for what the ICO say - hence while others have posted since him, I just read the posts but didn't reply. I just decided to argue against the last line of your post, which I disagreed with, and wasn't related to TSR itself complying or not complying with the ICO. I thought this was a discussion - am I am not meant to post my viewpoints? Or do you expect me to argue other people's points as well to avoid 'random' jumps in direction?

No, the bank / doctor don't sell information, but they do not need to - as I said, everyone who uses the bank pays the bank but receiving less interest and the doctor is either funded by you paying directly (if seeing the doctor privately) or paid by the NHS. Both are not free though, and the point is that everyone pays for them - on this website in particular, while a very small number of people pay for additional features (which include not being shown advertisements), then it is mostly funded by advertisements.

Yes, the web will survive, but a lot of websites would fail. How do you suggest that a website, such as The Student Room funds itself? It costs a fair amount of money to run a website this big - and general forums wouldn't survive on a subscription-only model. It relies on advertising to generate that money - and targeted advertising raises more money. Back 10 years ago or whatever you didn't need targeted advertising, as there were less competition websites, and less people on the web in general - connecting at much lower speeds, resulting in less resources needed to run the websites, and more money from advertisers as they had less people to pay (in essence - if there were less websites, then it was more important to advertise on the ones with a high amount of visitors, and so more would be paid out. Now, with lots of websites generating lots of traffic, there are more options for where to place an ad so 1000 people see it).

The difference between a website and a shop, is first that if you are in the shop, you are likely to want something in the shop. The advertising has already drawn you in, with the advertising based around purchase information and so-on. Secondly, you are not 'strip-searched' by TSR, there is no analysis of what software is on your PC, nothing that goes beyond asking you to carry a bit of paper which says "I went here". Thirdly, I am sure that shops *do* do some analysis of the people who visit their shops, time of day, and possibly even what the people look at. And then they will share this information with other shops in their chain to make popular items nearer the front and so-on. So, to a level not too unlike what TSR does, shops do do that.

[GenerationX]

(Original post by rmhumphries)
Actually I decided to leave the 'main' argument based on Captain Jack's post, and am waiting for what the ICO say - hence while others have posted since him, I just read the posts but didn't reply. I just decided to argue against the last line of your post, which I disagreed with, and wasn't related to TSR itself complying or not complying with the ICO. I thought this was a discussion - am I am not meant to post my viewpoints? Or do you expect me to argue other people's points as well to avoid 'random' jumps in direction?

No, the bank / doctor don't sell information, but they do not need to - as I said, everyone who uses the bank pays the bank but receiving less interest and the doctor is either funded by you paying directly (if seeing the doctor privately) or paid by the NHS. Both are not free though, and the point is that everyone pays for them - on this website in particular, while a very small number of people pay for additional features (which include not being shown advertisements), then it is mostly funded by advertisements.

Yes, the web will survive, but a lot of websites would fail. How do you suggest that a website, such as The Student Room funds itself? It costs a fair amount of money to run a website this big - and general forums wouldn't survive on a subscription-only model. It relies on advertising to generate that money - and targeted advertising raises more money. Back 10 years ago or whatever you didn't need targeted advertising, as there were less competition websites, and less people on the web in general - connecting at much lower speeds, resulting in less resources needed to run the websites, and more money from advertisers as they had less people to pay (in essence - if there were less websites, then it was more important to advertise on the ones with a high amount of visitors, and so more would be paid out. Now, with lots of websites generating lots of traffic, there are more options for where to place an ad so 1000 people see it).

The difference between a website and a shop, is first that if you are in the shop, you are likely to want something in the shop. The advertising has already drawn you in, with the advertising based around purchase information and so-on. Secondly, you are not 'strip-searched' by TSR, there is no analysis of what software is on your PC, nothing that goes beyond asking you to carry a bit of paper which says "I went here". Thirdly, I am sure that shops *do* do some analysis of the people who visit their shops, time of day, and possibly even what the people look at. And then they will share this information with other shops in their chain to make popular items nearer the front and so-on. So, to a level not too unlike what TSR does, shops do do that.

No one has said TSR has to stop using advetising or that those who want to give information are not allowed to the Directive only states that these tools should not be used untill the visitor has been given the chance to understand the options.

Actually the body scanner example I gave only relates to commercially worthwhile consumer information. I did not say the scanner would be checking to see if the visitor had a false leg or pacemaker.
If you check this information http://www.thestudentroom.co.uk/show...76&postcount=6 I think you will find the cookie provides a lot more than a text file saying I was here.

Even a free visitor not participating in spyware tracking adds to the value of TSR's advertising plans the only thing they lose is the targetting data, but depending on the plans they have with their advertisers they will generate impressions and possibly clicking on the ad providing further revenue. In fact given VIP subscfribers do not get presented with banner advertising you could argue that free non spyware participating visitors actualy add more value to TSR than the VIP memebr based on an advertising revenue model or does all this usage tracking not even equal a financial revenue of £3.99 per month. http://www.thestudentroom.co.uk/payments.php

Actually I think you pick tiny portions of a post on which you think you can appear to be overly knowledgable on and give a lecture. Your quite free to discuss your opinions on the e-Privacy Directive what Jack has asked is the time to consider where TSR are at at present and get advice based on that along with any concerns that have been raised. If you want to discuss the principle of what allows a site to comply based on the Implied consent and prior consent portions of the guidance as you were previously asserting as being comliant if achieved in retrospect you are free to do so.

[rmhumphries]

(Original post by GenerationX)
No one has said TSR has to stop using advetising or that those who want to give information are not allowed to the Directive only states that these tools should not be used untill the visitor has been given the chance to understand the options.

Actually the body scanner example I gave only relates to commercially worthwhile consumer information. I did not say the scanner would be checking to see if the visitor had a false leg or pacemaker.
If you check this information http://www.thestudentroom.co.uk/show...76&postcount=6 I think you will find the cookie provides a lot more than a text file saying I was here.

Even a free visitor not participating in spyware tracking adds to the value of TSR's advertising plans the only thing they lose is the targetting data, but depending on the plans they have with their advertisers they will generate impressions and possibly clicking on the ad providing further revenue. In fact given VIP subscfribers do not get presented with banner advertising you could argue that free non spyware participating visitors actualy add more value to TSR than the VIP memebr based on an advertising revenue model or does all this usage tracking not even equal a financial revenue of £3.99 per month. http://www.thestudentroom.co.uk/payments.php

Actually I think you pick tiny portions of a post on which you think you can appear to be overly knowledgable on and give a lecture. Your quite free to discuss your opinions on the e-Privacy Directive what Jack has asked is the time to consider where TSR are at at present and get advice based on that along with any concerns that have been raised. If you want to discuss the principle of what allows a site to comply based on the Implied consent and prior consent portions of the guidance as you were previously asserting as being comliant if achieved in retrospect you are free to do so.

I think we are going round in circles here - I was replying to your comment that the tracking cookies don't do anything for the user, but saying that they in theory pay for the services the user gets. I am no longer arguing about if TSR meets the directive or not; you think it doesn't, I think it most likely does, Captain Jack believes it does but is awaiting guidance from the ICO -> therefore I am waiting until the ICO reply in regards to what TSR needs to do. Although, I think that the directive says that users must be told / informed how to opt-out / etc etc (in a way that may or may not be done right here), I don't think that the site needs to wait until said message has been displayed (and/or acknowledged) before using tracking cookies - although again we may go round in circles without reaching a conclusion on that point.

Scanning a computer to see the software on it would be commercially viable information. I have a Total War game on my machine for instance, so advertisements could offer me offer games from the same chain. From what I see, then the information is mostly the same as would be known due to a Makro card for instance, or a Tesco Clubcard, but I prefer the Makro instance as to shop there you have to have a card, Tesco's card is optional. With Makro, you can't even opt-out, so it goes further than the tracking cookies, but it is still not strip searching you / etc etc.

I don't know that much about how much different advertisers pay, but you get more money for clicks than just displaying advertisements. Targeted advertisements are more likely to be clicked on. Therefore, targeted advertisements generated more money. If they didn't, they wouldn't be used. I don't know how much money is generated per active user in advertisements, I know that subscribers generate a lot less money than the advertisements, but then there are lots of guests and low-active members which still generate advertisement money as well as the more active users. I assume though, that if every active user (logs on more than once a week), then the subscriber payments would be enough money - although this is a guess, not fact.

Why, thank you for saying what I am free to discuss. I know what I am able to discuss, but I feel that doing so is pointless at the moment, you have your views, I have mine - and I feel we are not going to resolve these without external input from the regulating body. I didn't realise it was bad to discuss things which you have more knowledge on, and leave things which either you don't have as much knowledge on. I didn't comment on the stuff related to if this is worth being bothered or not, because I am not interested in that side of it. I am hardly lecturing either, I am saying what I disagree with - and giving reasons why. I thought that was what you are meant to do in a discussion?

[GenerationX]

Well did want to find another Quantserve participant just to show I am in no way persecuting TSR. Unfortunately after trying half of the participants listed at their web site none actually placed the cookie. Using the old link:quantserve.com at Google you get a few sites some complaining about it for technical reasons http://www.ridemonkey.com/forums/f6/...ve-com-246324/ , http://www.sega-16.com/forum/showthr...quantserve-com , The usual quite a large amount explain how to configure your web site to use it and one where someone has used it for the idea to develop software to block it http://www.exterminate-it.com/malped...quantserve-com. Not really overly convinced by that one how often is a spyware download preceded by a flashing you have been infected download our cleaner advert. So given the actual apparent lack of use within publicised participants it seems a really effective mass analysis tool. However I am also not persecuting Quantcast’s software this was only used to identify that a cookie can give a lot more than just a text file to say I was here, there are plenty other variants of this out there.

Am I surprised that technically minded people in an IT environment are defending the use of tracking cookies. Not very if you consider the internet is a polarized environment at one end you have techies likely to be involved in websites that want to analyse their user data and at the other end you have those that see a screen in front of them tick whatever box is required and don’t care as long as they get to see the content.

Have I actually posted that I want TSR or any site to close down?
Have I actually posted I want TSR or any site to be forced not to have advertising?
Have I actually posted that I want TSR or any site not to ever be able to analyse its users?

These may be great end of the world is nigh red herring arguments and cause a bit of side debates that if a visitor gets a choice it will be the end of the web and social networking, but there is plenty of free service sites existing very well out there without all the cross site tracking automatically being placed.
The e-Privacy Directive also in no way calls for anything like, it only expects that a visitor get the clear choice to consent. This can either be implied by as simply as choosing not to follow an obvious link explaining how to opt out. So for a really simple variant.
1/ Visitor lands on site page
2/ check to see if any previous site cookies exist
3/ If yes
3.1/ update cookies and set new ones
3.2/ if no
3.3/ start a JavaScript timer and display prominent div tag giving link to cookie usage
4/ If prominent link not clicked before timer times out
4.1/ Set the cookies and replace div tag with announcement of the day or other content
4.2/ If prominent link clicked
4.3/ wait and see what the visitor chooses as an option

In the time we have discussed this I could coded a dozen variations in several languages a great language specific coder could probably have sneezed one out in the time it took me to write this message.

Captain Jack’s request for time has been mentioned, I can confirm I have had communications with him and know he considers this a very important topic without being dismissive of the directive. The time delay is in no way a reflection whether he ranks this as a topic of interest or not.

In the same vein life is fluid and I am about to take on a new challenge which means I would need to take advice if I can continue to discuss this in public. Not looking for any sympathy vote for my perspective just trying to quickly explain that my sudden quiet from now on the subject does not mean I backtrack on my individual views I have discussed until this point.