7 Matching Annotations
  1. Oct 2018
  2. May 2018
  3. Apr 2018
    1. A purpose that is vague or general, such as for instance ‘Improving users’ experience’, ‘marketing purposes’, or ‘future research’ will – without further detail – usually not meet the criteria of being ‘specific’”.[

      I see a lot of cookie notices that give vague reasons like "improving user experience". Specifically disallowed by GDPR?

  4. Oct 2017
    1. Weusecookiestoprovideyouwithabetterservice.Carryonbrowsingifyou’rehappywiththis,orfindouthowtomanagecookies.’

      ¿Podría haber un formato para determinar los permisos y datos que requiere una cookie, similar a como lo hacen las aplicaciones móviles que indican qué permisos requieren del usuario antes de instalarse? ¿Cómo puede ser esto extendido a aplicaciones de escritorio?

    2. However,evenwhenconsensuallyinstalled,usersrarelyunderstandhowspywareworksandoftenforgetaboutitspresence.[50]Cookiesarethemostpervasiveform.Theyarebitsofdatastoredondevicesandsenttobrowsersbywebsitesthatarevisitedorthroughtechniqueslike‘devicefingerprinting’,whichenableswatchingsubjectswhodeleteordonotstorecookies.[51]Theyareusednotonlyformonitoringdigitalactionsbutalsofortrackingpreferredlanguage,login,andotherpersonalsettingssuchassearchpreferencesandfortargetingadvertisingandtrackingnumbersofvisitstosites.[52]Digitaltracespickedupbycookieshavealsobeenrepurposedbysecurityagencies,suchastheNSA’sutilizationofGoogle’sadvertisingcookiestotracktargets.
  5. Feb 2016
    1. When not setting an explicit domain for a cookie, the default in most browsers is to only send the cookie when the domain matches exactly. However, Internet Explorer violates the RFC, and will send it to all subdomains as well.
  6. Dec 2015
    1. It is important to note that the path attribute does not protect against unauthorized reading of the cookie from a different path. It can be easily bypassed using the DOM, for example by creating a hidden iframe element with the path of the cookie, then accessing this iframe's contentDocument.cookie property. The only way to protect the cookie is by using a different domain or subdomain, due to the same origin policy.