Today, June 2nd, is Festa della Repubblica in Italy. But it's also “cookiegeddon”: this midnight is an important deadline, as all webmasters will be forced to comply with the guidelines by the “Garante per la protezione dei dati personali” about the management of cookies, to implement a few European Union directives (informally known as the “EU Cookie Law”). For this reason, you're going to find a few new things on this site: a new page called “Privacy” has been added, the page footer has been updated, and before accessing some third-party services, such as embedded YouTube videos or the commenting facility provided by Disqus, you will have to agree to their cookie usage.
But I'm writing this post also to express a few thoughts, both as a webmaster and a web user. I'm starting with the user perspective, since my webmaster technical approach to the problem has been driven by that.
Unfortunately, it's the same monolithic approach that is spreading in the technology world... Consider Android: there's a reasonably well designed permission scheme, by which you can incrementally allow an app only the things it actually requires. But as apps evolve, they tend to require everything. For instance, once I had a home-banking app: the initial version only required network access, which is obvious. Then updates added features such as geo-location of teller machines, augmented reality, calling the support phone number... Lots of things, totally useless for me, stuffed into a single bloated app, which now requires almost all the permissions, such as accessing the phone, my contact list, the GPS, the camera... jeopardising the incremental approach that Android offers. Insane. Instead, please make a basic app with only basic stuff, and an optional advanced app (thanks to Android, this approach can be offered with a seamless integration). For me everything that is useless is evil: so all bloated apps have been removed.
So, I took the chance of this forced update to my websites to review and jettison all the useless stuff. StoppingDown and my personal site went totally cookieless. In fact, the only cookies they used were those from Google Analytics and I recognised that I don't need that service: I only want stats about visitors' countries, browsers, browser screen resolution, most visited pages, all things that can be searched into the server logs and don't require cookies. So, bye bye Google Analytics. For the site you're reading, I need Disqus plus some embedded YouTube video. I went the incremental way: instead of asking you to either accept any kind of cookies or disable any extra feature, you will be asked case by case. See for instance the comment stuff just below. For YouTube, I configured the code so cookies are used only when you start playing the videos: there's simply a short advisory near each embedded videos.
In other words, I'm offering you most of the contents without avoidable complexity, and asking you for approving extra complexity only in those specific cases where it's needed. I think this it's the way technology should go.