Category Archives: Digital Identity

The Cookie Monster is here

Cookie Monster

The UK’s implementation of EU Cookie regulations come into force this Saturday and the web design world is frantically trying to work out what to do! Firstly a bit of background into cookies and why we are where we are!

Cookies make the web go round – they’re how a website remembers who you are so you don’t have to remind it every time you load a page; they allow websites to personalise what you see; they make online shopping possible by remembering what’s in your shopping basket and they allow website owners to track the performance of sites to determine what’s working and what isn’t. Suffice to say without cookies the web would be a sorry place.

But they also have the potential to be abused. They can reduce your privacy on the web by tracking what you do on the web. By linking information together it could be possible for sites to build up a detailed profile of your online behaviour and the EU decided to act to better protect users’ privacy.

The UK’s implementation of the EU regulations is being enforced by the ICO who have issued guidance but things are never that simple! There isn’t – so far – an accepted “right” solution to compliance. The ICO themselves have taken quite a hardline approach – a bar across the top of every page asking for permission to set cookies. When this launched it had a devastating affect on their ability to analyse site usage which is vital if you’re going to build good websites.

BT and the BBC take a bit more of an opt-out approach by telling site visitors they will receive cookies unless they say otherwise.

These show the first time a visitor comes to the site and in BT’s case disappears after 10 seconds – much less off-putting and probably clearer than a simple “Do you want cookies?” prompt, but is it enough to satisfy the ICO? Only time will tell!

While the implied consent may still be unknown one thing that is generally agreed is that providing the user with more information in a form that they can understand is a Good Thing™ so that’s where we’ve started.

[I should note much of what we’ve implemented so far is based on a very pragmatic post by James Cridland of Media UK]

  1. We’ve added notices to key login pages like GO to say that you’re going to have to accept cookies if you want to log in. We’ll expand this to other services like the online shop and Rose Theatre ticket office in due course.
  2. We’ve added a Cookies page the the site listing how we use cookies and what for. I’m sure this isn’t 100% complete so if anyone would like to let me know gaps then please shout!
  3. We make a distinction between cookies which link to personal information and those that don’t.
  4. We link to instructions on how to manage cookie settings and mention “private browsing” modes in modern browsers as an easy alternative.

As James says in his post #3 is the most contentious:

ICO is primarily concerned with personal information and personal data – and I’m registered under the Data Protection Act and take personal data very seriously. However, Google Analytics and AdSense cookies, etc, are anonymous, and will only ever contain personal information if you deliberately log in to Google services (and even then Google claims not to link Analytics or AdSense with your Google account anyway). The same goes for Twitter and Facebook too. And the ICO go out of their way to say, in their advice: Although the Information Commissioner cannot completely exclude the possibility of formal action in any area, it is highly unlikely that priority for any formal action would be given to focusing on uses of cookies where there is a low level of intrusiveness and risk of harm to individuals. Provided clear information is given about their activities we are highly unlikely to prioritise first party cookies used only for analytical purposes in any consideration of regulatory action.

What does this look like? The cookie page is linked to from the header and footer of every page:

The Learning Edge landing page is a bit more explicit about how it makes use of cookies:

Depending on feedback from our users and others in the sector we may roll out some form of non-interrupting information box along the same lines as the BBC’s approach. We have also done some work on a cookie level chooser like BT have but the technical implementation across multiple in-house and third party systems is non-trivial.

If you have any feedback or questions about Edge Hill’s approach to cookie legislation compliance please leave a comment or get in touch and I’m sure there will be more changes to come!

Protect your digital identity and information on social networks

Sites like Facebook, Twitter, MySpace , LinkedIn, Orkut, Zorpia, Flicker, twicpic, yfrog and YouTube.etc, are social media sites designed to share information such as who and where you are and what you are doing, photos and video. This is a comical example of how information is shared using social media sites to tell the Digital Story of the Nativity.

Social media sites are a great way to connect to close friends and family, or even re-connect with old classmates and old co-workers. Also it can be a great way to find and connect to new groups with interests common to your own.

With just a few clicks people can access messages, know where their contacts are, what are they doing. All this makes for an entertaining experience network. The speed and immediacy that characterizes them are useful to inform and share content, true, but it can also jeopardize your own job or worse and compromise your privacy and security. Also the content posted on the site stays on the server even after you disable your account and is searchable.

The trouble starts when it becomes an addiction, if people spend too much time discussing everything that happens in their lives without taking the necessary steps to protect what is shared. It is logical to enjoy safely social media sites, which have the ability to control how visible your information and pictures are on the site as well as any search engines who parses that data.

Below is a series of recommendations to protect the identity information in digital networks and it is up to you to decide how visible you want your contact and profile information, videos, photos, and other posts need to be, and take the time to set the appropriate controls within the media site in question. For each one of us it is important to have a good view of what is published and learn to manage and protect our identity.

Although this presentation is from last year some of the information is still relevant

Exposure Level

The search is an important aspect of social networks. It is up to the users if they want to be seen by all members of a network or just want to be seen only by their contacts.

It should make a conscious choice and set the profile, rather than leave it to the default settings, they usually allow some of the profile information such as name and main photo to be found on page and through Internet search engines.

Personal Data
Be cautious about posting and sharing personal information. Do not reveal passwords, keys, date of birth, home address, phone number and place of birth. Do not put your full resume online, if you must, remove it when you find a job. Protect the answers to secret questions that make social networks. The combination of that publicly available information and your public post about hanging out with friends on Saturday night across town could be enough for someone to take advantage of the situation and break into your house.

Information Policy
Generally every page has a link that explains how to use the information by users and gives tips for safe keeping. Note that when entering a network, it is giving license or right to use any information that is on these sites.

Privacy
All sites have a link to a “Privacy” page that explains how your information is used and provides tips on staying safe. Determine how visible the information is that you post on social networks and search engines (profile, photos, videos and posts.) Each page allows you to select privacy settings, read them and adjust by trial the level of control and privacy you want.

Twitter Safety
There is an option that messages, pictures and videos that can only be seen by their followers, for this you must change the default settings of Twitter.
Think twice before posting or even clicking on a post. Consider what could happen if a post becomes widely known and how that may reflect both on you (as the poster) or your family, friend or workplace. i.e. Jason Manford quits The One Show over sex messages

With a little effort and some common sense you can enjoy and safely participate in social media sites. Ultimately though, it’s up to you to manage your digital identity. You must use good judgment about what you post and learn how you protect your personal data and reputation from the digital networks.

Happy Christmas.