# Please FreeBSD Forum without Accept Cookies?



## Spartrekus (Dec 9, 2018)

Hello,

Please would it be possible that this forum is without this wonderful new "Accept Cookies"? Somehow.

This would be greatly appreciated here.

Thank you for your feedbacks !


----------



## drhowarddrfine (Dec 9, 2018)

Do you mean the "this site uses cookies" warning? That's a EU requirement called GDPR. Nothing this forum can do about it. Your complaint is with the EU but you'll have to get in a long line that wraps around the world.


----------



## T-Daemon (Dec 9, 2018)

You can get rid easy of the “Accept Cookie” warnings with “Fanboy’s Cookie List” blocker for example.

If you are using a browser which supports the “uBlock Origin” extension, open the dashboard, go to “Filter lists” tab -> “Annoyances”, check “Fanboy’s Cookie List”, go to page up, on the right side click “Apply changes”.

In Midori after activating the "Advertisement blocker" extension, go to preferences and put as custom list address https://www.fanboy.co.nz/fanboy-cookiemonster.txt . Same in QupZilla or any other browser supporting adding a new subscription from the corresponding adblocker configuration.

In Epiphany to set block lists see here.

There are also other cookie blocker lists for various other ad block extensions.


----------



## yuripv (Dec 9, 2018)

Blocking legitimate cookies from the sites you trust, like this, is like shooting yourself in the foot as it severely cripples usability.  Don't really need to go to extremes.


----------



## T-Daemon (Dec 9, 2018)

Hi yuripv.


You misunderstood the purpose of the cookie list blocker. It is not about blocking cookies, it is about blocking “Accept Cookie” consent notifications. This occurs when you haven't granted a site to set cookies. Correction: "The Cookie Law is a piece of privacy legislation that requires websites to get consent from visitors to store or retrieve any information on a computer, smartphone or tablet." If you take a look at Fanboy’s list it will be clear what exactly is blocked.


----------



## obsigna (Dec 9, 2018)

Spartrekus said:


> Hello,
> 
> Please would it be possible that this forum is without this wonderful new "Accept Cookies"? Somehow.
> 
> ...


In case you got www/squid installed on the gateway, you can do the following:

https://forums.freebsd.org/threads/introducing-nukie-the-cookie-notice-nuker.66995/


----------



## yuripv (Dec 9, 2018)

T-Daemon said:


> Hi yuripv.
> 
> 
> You misunderstood the purpose of the cookie list blocker. It is not about blocking cookies, it is about blocking “Accept Cookie” consent notifications. This occurs when you haven't granted a site to set cookies. Correction: "The Cookie Law is a piece of privacy legislation that requires websites to get consent from visitors to store or retrieve any information on a computer, smartphone or tablet." If you take a look at Fanboy’s list it will be clear what exactly is blocked.



Got it, sorry guys.


----------



## obsigna (Dec 9, 2018)

drhowarddrfine said:


> Do you mean the "this site uses cookies" warning? That's a EU requirement called GDPR. Nothing this forum can do about it. Your complaint is with the EU but you'll have to get in a long line that wraps around the world.


The GDPR does not directly deal with Cookies, but a special EU-Cookie legislation does exist.

http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm

For me the important piece in this legislation in the given respect, i.e. the Accept Cookies Notice on our Forums is:


> ...
> For consent to be valid, it must be informed, specific, freely given and must constitute a real indication of the individual's wishes.
> However, some cookies are exempt from this requirement. Consent is not required if the cookie is:
> 
> ...



Given above generous list of exemptions, I hardly believe that the Accept Cookies Notice on our Forums is really required.


----------



## Spartrekus (Dec 9, 2018)

obsigna said:


> The GDPR does not directly deal with Cookies, but a special EU-Cookie legislation does exist.
> 
> http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm
> 
> ...



this law makes no senses, really. It is issued from politics. Anyhow governments are governed themselves by important, strategic companies of the country.
The bad thing is when these powerful companies are producing weapons, like some countries in EU.

Privacy and data protection:
http://ec.europa.eu/ipg/basics/legal/data_protection/index_en.htm
They removed Privacy from their website.
Note that EU won't try to work against Google at all, or either Microsoft. EU has little chance to win.

When you have an Android, you have no choice to Accept whatever access.
You are done because it is a single button option. Privacy, ? freedom? Spying?
https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2001:008:0001:0022:EN:PDF

When you install an app, you will end to a form with
"Accept All"
and no button to "decline".
What does EU? Sleeping?


----------



## getopt (Dec 9, 2018)

obsigna said:


> The GDPR does not directly deal with Cookies, but a special EU-Cookie legislation does exist.
> 
> http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm
> 
> ...


obsigna, that is absolutely correct. The FreeBSD forums no not need this. There was a really strange hype going on outside the EU opposing the GDPR legislation spreading advice to the not so legally competent admins around the world to make sure they add anger to even dumber users. Looks like we have to live with this madness here till our webmaster gets enlightened by someone.


----------



## MarcoB (Dec 9, 2018)

Cookies and cookiewalls will be regulated in detail by the "e-privacy regulation". But this regulation is not yet approved by the EU's council of ministers, so at the moment the e-privacy directive from 2002 is still valid. Until then the rules about cookies aren't as strict as they should (and will) be.


----------



## ShelLuser (Dec 9, 2018)

obsigna said:


> Given above generous list of exemptions, I hardly believe that the Accept Cookies Notice on our Forums is really required.


You're right, but you're also wrong.

The problem isn't so much if it's required or not, it's basically about making sure you can't get into trouble. See: just as with the (unrelated) GDRP itself the whole cookie law is contradictive as heck. Although it clearly specifies cookie types which are not governed by the rules those definitions are way too vague. In other words: user-input cookies (exempt) can also be used to track (forbidden). Actually _any_ cookie can be used to track you to some kind of degree.

So basically if you don't warn the users and the government figures that your cookies can be used for tracking then you run into problems. And the effect of that can result in a whole set of administrative misery, one way or the other it's going to cost you a dime or two. In the end it's all about money (fines) after all.

Although I agree that just setting up the cookie banner is the easy way out it's also the smartest. The webmaster would be stupid to turn this off, simply because it's your best bet of saying out of trouble.

And that's also the reason why I oppose this whole cookie law and deem it moronic. It didn't fix anything, all it did was legalize the tracking. I mean: if you want to shop online then you have no choice but to give your consent otherwise you can't access the shopping website. But for a website such as this forum it also makes sure that the government can't come after you and make trouble.

Ergo: they can't turn this off. See: it's not so much about what we think is exempt, it's about what the government thinks. And that kind of stuff can only be tested in a courtroom, and no one is looking forward to that because it'll cost way more money than any fine will.


----------



## kpedersen (Dec 9, 2018)

This GDPR cookie thing seems like an elaborate scheme to make absolute sure everyone has Javascript and cookies enabled on their browser. Otherwise either nothing works or these annoying sodding dialog boxes keep coming up.

Since this law came into play, my web browsing experience has been even bloody worse 

Also, have you tried using a web browser through Tor. It is almost unusable because of this stuff.


----------



## obsigna (Dec 9, 2018)

ShelLuser, we are not talking about all the Web Sites in the world. We are talking about our Forums, and DutchDaemon made already very clear that:


> For the record: we do not use Google Analytics, nor do we share site data or usage statistics, anonymized or otherwise, with third parties.



So all your considerations, that any cookie types may be misused for tracking simply DO NOT apply in our special case, and I just verified that the Forums sets only session cookies which are explicitely exempt from the regulations. And in the local web storage I see editing hints and a session event record, both of which are as well in the exemption list.

IMHO, web masters who try to explore this in order to track their users may be fined until the shit in their heads has been expelled - I feel no pity with those. As said already, this is not the case here, the Forums do not Track.

Please don’t let’s spoil the very specific request regarding this Forums with considerations about the general case.


----------



## ShelLuser (Dec 9, 2018)

obsigna said:


> ShelLuser, we are not talking about all the Web Sites in the world. We are talking about our Forums


I'm well aware, thank you very much.



obsigna said:


> I just verified that the Forums sets only session cookies which are explicitely exempt from the regulations.


Good for you, but that won't hold up in a courtroom. As I said before: it doesn't matter what _we_ think, the only thing which matters is how the government would react when the banner is taken offline and no one can predict that.

And fact of the matter is that they have gone after other organizations and companies alike before and one way or the other that's going to cost you money. And in the case of the FreeBSD foundation they would be gambling with community money at that. Of course this doesn't apply to everyone, but I could imagine that some people might not enjoy seeing their donations wasted on something which could have been avoided by a mere banner that only pops up _once_ (normally).

Like it or not but if most websites use such a banner and if you then turn yours off (even though Xenforo themselves recommends that you don't) then you're making a target of yourself. With all the attached risks. Sure, small risks, but if they do come knocking then I don't see any of you paying those fines.

It's easy to talk about this if it doesn't personally (or directly) affect you.


----------



## obsigna (Dec 9, 2018)

Some people feel at higher risk when getting up from bed in the morning. However, as a matter of fact the bed is the most risky place in the world, since most people die in there.

The point which I want to make is that you perhaps feel being in lower risk with the cookie notice, but you are not. Why? In order the cookie notice works well from visit to visit for the occasional user, you need to set just another cookie, which is not that clearly identified in the list of exemptions. And now it becomes hairy - DutchDaemon has been faced already with this kind of concerns, see the thread: I had to confirm I'd read the rules in order to be allowed to read the rules!

And he solved the problem by begging to everybody: "Please don’t sue us!"

Without the respective cookie notice, occasional visitors won´t be subject of any data collection and data processing, so this class of visitors would be with respect to the GDPR simply a no brainer, the GDPR does simply not apply(full stop)

Users, who apply for a user account would need to read and accept the rules in compliance to the GDPR only once, namely right before they become members. There is no need to ask members for reading & accepting the rules again and again and again. Bottom line, the legal situation is more clear, and I would say for this reason less risky, without a Cookie Notice.


----------



## DutchDaemon (Dec 10, 2018)

In this respect, we're using the forums software as-is, and will continue to do so -- moreover, we'd probably have to saddle FreeBSD Legal with this issue, and they have bigger fish to fry. There are tools to suppress and/or block cookies, which may or may not have consequences for the forums user experience. YMMV.


----------



## Rastko (Dec 10, 2018)

It's like that thing with ad-tracking, which I've presented to Oracle.

They've incorporated the opt-out for ad tracking, but you need to allow third party cookies to opt-out. Same thing when I actually tried to opt-out on that website that deals with the opt-outs directly, so yeah. Chicken and egg.


----------



## drhowarddrfine (Dec 10, 2018)

Does this forum retain email addresses in any way, shape or form? Then GDPR applies. Does this forum retain a history of visited pages by a user? Then GDPR applies. I don't know if the rest of FreeBSD web pages apply to the forum but I wouldn't be surprised. In which case, GDPR applies. 

This is what happens when you have politicians and ordinary users make technical decisions.


----------



## obsigna (Dec 10, 2018)

drhowarddrfine said:


> Does this forum retain email addresses in any way, shape or form? Then GDPR applies. Does this forum retain a history of visited pages by a user? Then GDPR applies. I don't know if the rest of FreeBSD web pages apply to the forum but I wouldn't be surprised. In which case, GDPR applies.



The Forums are designed to allow 2 kinds of visitors:

Registered and logged-in users ➔ the GDPR of course applies and you need to inform the users about any processing and trans-passing of their personal data. The big ones inform & ask for acceptance of the policies once in the course of registration and occasionally again, in case of any policy changes. Here we would not need to display any acceptance notice on each visit, because the user has accepted already.


Occasional visitors who are not logged-in, and come here for reading only. Such users leave their IP addresses in the server logs, but usually nothing else which can even remotely be considered as being person related data. Professionals obfuscate the IP addresses in their server logs and are done with the GDPR compliance for this kind of users.

The problem for this kind of visitors starts if we set cookies which are not mentioned in the list of exemptions, in which case we draw ourselves under the full coverage of the cookie directive and in addition perhaps of the GDPR as well. The "✓ Accept" cookies is at least dangerous here, since even in case it contains nothing it is kind of a tracking cookie which would let us count the number of visits, for example.
Keep in mind, that the request of the OP is essentially addressed to the second kind of visitors. I understand that most of you do no understand the actual problem with this Cookie Notice and the "✓ Accept“ button because you saw it only once in your lifes and forgot about it already. Now the OP and I do frequently delete all the cookies and anything else in the local web storage of our browsers, and we see this nonsense again and again and again. I usually login to the Forums in order to commit a message, and I usually logout directly afterwards, otherwise I am here anonymously for reading only.

My personal conclusion is that this Cookie Notice is a complex non-solution of a simple non-problem. Simply obfuscate the IP addresses in the logs and you’re done - again, I am talking about the case 2 visitors, i.e. the anonymous ones. Case 1 needs to be handled more sophisticatedly in any case, and that cookie notice does at least not harm here, but it won’t help for anything either.


----------



## Spartrekus (Dec 10, 2018)

*Free* BSD means likely Freedom, which likely means that the website should be easy to access *everyone*.

Look here, no cookies to click 
https://stallman.org


----------



## sidetone (Dec 10, 2018)

FreeBSD is based in the US. Does it matter, because some mirrors and servers are in the EU, and does it matter because if FreeBSD doesn't go by the EU's rules they get blocked there?

The cookies notice bothered me before, but they pointed out that FreeBSD doesn't use or track information the way other organizations do.



getopt said:


> I consider to fry my big fish elsewhere. And remember that are the words you used.


As in, FreeBSD doesn't want to be dealing with nonfunctional Internet rules that are a distraction (perhaps nuisance), when it gets in the way of important tasks.

I don't like how the EU makes a rule, then websites and organizations not based in the EU have to worry about this.


----------



## Spartrekus (Dec 10, 2018)

A bit of fun and relax, here 

The web is already very slow, and the web browsers are heavy. 
Google, NSA,.. have to check all the traffics and to log everything  It takes time for them. 

For security reason, we need to have cookies to make sure that it makes no senses. Anyhow, everything is logged and subject of research for google, nsa,...

Privacy makes no point, because in all case, there is no privacy any more, if you use or have an electronic device next to you.


----------



## drhowarddrfine (Dec 10, 2018)

sidetone said:


> FreeBSD is based in the US. Does it matter, because some mirrors and servers are in the EU


Even more so. 


sidetone said:


> I don't like how the EU makes a rule, then websites and organizations not based in the EU have to worry about this.


Tell me about it. It's not as big a hassle as it seems but it's another burden placed on web developers who may be short staffed.


----------



## ShelLuser (Dec 10, 2018)

Spartrekus said:


> *Free* BSD means likely Freedom, which likely mean that the website should be easy to access *everyone*.


Well, if you go to https://freebsd.org/ then that also applies; no cookie warnings. This only applies to the forum, and even then it's one single extra click. I can definitely understand that it annoys some people, but I fail to see the big problem. Especially if you consider that this banner gives the FreeBSD foundation the guarantee that they won't get into any legal problems.

It's not only about us, it's also about the FreeBSD foundation (and their funds) itself.



getopt said:


> Since the last "upgrade" most of that work is gone for good and annoyances do not encourage contributing here. I consider to fry my big fish elsewhere.


I definitely agree with you when you say that annoyances make the whole thing less appealing. However, it's not so much the forum administrators, not even the FreeBSD legal team, which are the cause of all this. That 'honor' definitely goes to the EU which set up this regulation.

It would be a different story I think if the FreeBSD forum was one of the few websites which used this approach but fact of the matter is that (nearly) all of them do so. Almost every forum you go to has such a banner, so is it really reasonable to put the full blame on the FreeBSD team?



sidetone said:


> FreeBSD is based in the US. Does it matter, because some mirrors and servers are in the EU, and does it matter because if FreeBSD doesn't go by the EU's rules they get blocked there?


It matters. As soon as Europeans can access the site then these rules apply. It is for that same reason why some US websites applied a very easy solution: block everyone from the EU from accessing. I'd have to look them up, but some (big) US news sites still apply this block today, just to avoid issues.


----------



## drhowarddrfine (Dec 10, 2018)

Spartrekus I'm very tired of every post you make relating everything back to the NSA.

Just because a web site uses cookies does not mean they are trying to invade privacy or find out about your sex life. Such means are very helpful for marketing, just like every commerce company has done for time immemorial, or for usability; such as keeping you logged in or your favorite site settings, etc. Of the I don't know how many web sites and companies I've worked with over the years, not one of them ever requested personal data on anyone beyond making their site perform better or providing product placement to match your previous interests. 

Like most things on the internet today, it's mostly fake news to draw viewers in and pure nonsense. There is no little man sitting in a room somewhere watching as you type on your keyboard.


----------



## drhowarddrfine (Dec 10, 2018)

ShelLuser said:


> some (big) US news sites still apply this block today, just to avoid issues.


This was true at first because the deadline for complying was too short. One of our clients almost blocked EU access but my company saved the day. Literally hours ahead of time.


----------



## Deleted member 30996 (Dec 11, 2018)

Of all the websites I visit this one ranks at the bottom behind mine on the list of sites I deem to be of potential risk, and I'm not afraid to login places when there are warnings of malware being downloaded. I know how to set my browser so it's not an issue. I never see the ads people keep talking about and nothing is slow about my desktops or the Internet. I make the decisions on what it and is not allowed my end. If there is a banner I don't see it.

In the forums, I enable scripting for freebsd.org only, jquery.com and bootstrap.cdn aren't needed for full forum functionality in posting messages. I show a total of 3 cookies set for forums.freebsd.org. If I keep the Eclipsed Moon Palemoon extension enabled it logs me out every time I switch pages, so I disable it after changing my UserAgent string. There's nothing untoward going on here for a forum or I'd probably know about it. If you trust using their OS but not their forum it's time to re-evaluate your priorities and browser config. It is, after all, a professional site run by the same group of people. Look to your ISP if you think someone is interested in what you're doing online.

Email addresses used here are a matter of record somewhere, DutchDaemon was kind enough to reference mine after I lost my password so I could get back after proving who I was by submission of retina scan to match that on file. Not long ago someone was saying they thought the database had been hacked because they were getting spam, not that using that email addy elsewhere possibly had anything to do with it or anyone else got spammed.

My website is hosted in Sofia, Bulgaria and I haven't heard a word from my host about regs. I don't use cookies but my W3C buttons show as trackers on Netcraft. Webalizer will show me the most visited pages and other stats. It's of limited interests and not something I closely track since everything is free, other than to notice rufwoof's screenshots get a lot of hits.  I got HTTPS to satiate Google. Untill I hear differently that's all I'm planning to do and didn't see the need for that.


----------

