Today, June 2nd, is Festa della Repubblica in Italy. But it's also “cookiegeddon”: this midnight is an important deadline, as all webmasters will be forced to comply with the guidelines by the “Garante per la protezione dei dati personali” about the management of cookies, to implement a few European Union directives (informally known as the “EU Cookie Law”). For this reason, you're going to find a few new things on this site: a new page called “Privacy” has been added, the page footer has been updated, and before accessing some third-party services, such as embedded YouTube videos or the commenting facility provided by Disqus, you will have to agree to their cookie usage.

But I'm writing this post also to express a few thoughts, both as a webmaster and a web user. I'm starting with the user perspective, since my webmaster technical approach to the problem has been driven by that.

I think that the European Union “cookie law” has got a point, because as a user I don't like being profiled at all, I don't like behavioural marketing, above all I don't like being subjected to these things while being unaware of them - yes, as a software engineer I understand what's happening whenever I visit a website, but most of people don't and can't. So, enforcing an advisory page about this makes sense. Unfortunately, as usual, the law is ambiguous, verbose, difficult to understand (especially the one implemented in Italy), and - above all - there are missing parts that, in the end, make things worse as they were before. To be practical: I've been running my web browser with cookies disabled by default for ages, only enabling those that are needed for delivering a service. While everybody can do that - because all browsers provide tools for cookie management - in practice only technically skilled people can, because they have to understand how cookies work. The proper solution to the problem would be to force websites to provide the advisory and to let people choose, with a simple dialog box, every single kind of cookies/services they want to be enabled. Instead what I'm seeing is that some newpapers, in case you don't accept their new cookie policy, just prevent you from reading, because as soon as you scroll the page, a refresh is forced and the page is shown again from the top (unintentional bug or feature?). Probably I can still go to the cookie management tool in the browser and selectively allow only the cookie behind this new “feature”, but it's cumbersome and requires even more technical skills than before. As the net result, people now are being forced to accept more stuff than they did before.

So, I took the chance of this forced update to my websites to review and jettison all the useless stuff. StoppingDown and my personal site went totally cookieless. In fact, the only cookies they used were those from Google Analytics and I recognised that I don't need that service: I only want stats about visitors' countries, browsers, browser screen resolution, most visited pages, all things that can be searched into the server logs and don't require cookies. So, bye bye Google Analytics. For the site you're reading, I need Disqus plus some embedded YouTube video. I went the incremental way: instead of asking you to either accept any kind of cookies or disable any extra feature, you will be asked case by case. See for instance the comment stuff just below. For YouTube, I configured the code so cookies are used only when you start playing the videos: there's simply a short advisory near each embedded videos.

In other words, I'm offering you most of the contents without avoidable complexity, and asking you for approving extra complexity only in those specific cases where it's needed. I think this it's the way technology should go.