Hacker News new | past | comments | ask | show | jobs | submit login

I wonder if placing a cookie on my computer without prior written consent constitutes "unauthorized access". Class action anyone?



It's your own browser that interprets the header, saves the cookie, and passes it back to sites you visit. Passing a "here's a cookie" header to your machine doesn't, on its own, do anything. Your browser has to actively parse and store it.


By the same token, my sending an HTTP request to a server doesn't, on its own, do anything. Their server has to actively parse the request and send data.


In Britain it's illegal for a website to store a cookie without informing you, so I have a feeling someone may have already tried this.


No, it isn't. That's not what the infamous "cookie law" says, nor how it's been interpreted in practice by official regulators across the EU.


What does it actually say?


The details are probably too complicated for an HN comment, but one point that sometimes gets missed is that you normally don't have the same disclosure/consent obligations for cookies that are essential to the normal operation of the site like login tokens or tracking what's in a shopping basket.


Likewise in EU.




Consider applying for YC's first-ever Fall batch! Applications are open till Aug 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: