Cookies - User Options

General Discussion
  • Hey all,

    Under EU law all website visitors must be informed if the site uses cookies or any other storage.

    I don't see anything on nodebb to indicate that it complies with this?

    This is just one of many sites explaining the law.

  • @Dave-Huggy-Jones NodeBB is Canadian, therefore doesn't have to comply to this, nor include it in their software. Just make a widget with an I agree or a I disagree button, if they click agree, remove the widget, if they disagree, send them to google.

    It's a stupid law anyway, no one has ever been prosecuted for not having a cookie warning. And no one ever will. For a time in the past, it was illegal to eat a mince pie on Christmas Day, but people still did it.

    A prime example is the ico website, they have no cookie warning that I can see, just a page about it in the footer.

  • @a_5mith

    The rules

    Interestingly, despite the fact that the legislation is based on protection of personal information and privacy, it applies even when a cookie is not being used to collect any personally-identifiable information. The rules apply to all cookies, and are intended to prevent information from being stored on users' computers without their informed consent.

    As is the case with privacy consents in general, the preferred approach for cookies is to obtain explicit consent. This can be achieved, for example, by providing a notice to the user explaining what cookies are, how they will be used, what they will do, and asking the user to click "I agree."

    Explicit consent is the best legal way to ensure that the user has really consented to the issuance and acceptance of cookies. However, it is onerous and irritating, especially if it is done each time the user visits the website. That's why implied consent is also acceptable, at least in the U.K.

    Implied consent involves providing information to the user and looking for some action by the user which indicates that the user has consented. For example, a website may post a clear and unavoidable notice when the user first visits the site, advising the user that cookies will be used, and explaining what cookies are. If the user clicks on any other pages within the site after the notice has been displayed, the user may be deemed to have given implied consent to receiving the cookies described in the notice. The requirements and wording of the notice may vary depending on the audience, such as how tech savvy it is.

    Failing to comply with the rules may result in a number of actions. In the U.K., those actions range from an information notice and request to comply (on the low end), to a monetary penalty of up to £500,000 (on the high end).

    Canadian companies

    The U.K. law applies to all companies in the U.K., even if their websites are hosted elsewhere. Likewise, the U.K. Information Commissioner's Office has taken the position that Canadian and other foreign companies should comply with the legislation if their websites are designed for the European market, or if they provide products or services to European customers. Practically, it may be difficult for EU authorities to enforce this law against Canadian companies that have no assets in the EU; however, there are good domestic reasons for Canadian companies to comply with the legislation as well.

    Canadian Law

    In particular, Canada's anti-spam legislation, which has been passed but not yet implemented, contains similar rules regarding cookies in Canada. The starting point in Canada is that express consent is required to install a computer program on anyone's computer system.

    Obtaining consent requires: (a) clearly and simply explaining the purposes for which the consent is being sought; (b) describing the function and purpose of the program and providing all other prescribed information; and (c) obtaining the user's consent. The legislation permits implied consent for cookies if the user's conduct is such that it is reasonable to believe that they have consented to the installation of the cookies.

    I agree with it being a stupid law, I didn't make it!
    From what I read I believe that if the website may attract EU visitors then you need to apply the rule.
    Which I read as any website.

    And with nodebb being multilingual that probably implies that the site (or any installation of) needs to at least have this popup option to cover everyones arse.

  • I think the general consensus here is if you don't want Cookies on your PC, disable them, or don't use the internet. I mentioned clicking I disagree and sending them to google, but they use cookies too, so the only place you could logically send them is My point still stands, no one has been fined £500,000 and no one ever will. Why panic about a law that's not being enforced by anyone?

    And the overall thing is if you want to include a page for cookies, there's a CMS /custom pages plugin that would allow you to do that. Or just throw some Javascript in the header to ask people to accept. There. Done.

  • @a_5mith

    Yes I totaly agree, I need to add something to comply with this as I'm in the UK (my bad), even tho I think it's stupid and may never get enforced.

    I can't afford the legal costs if it ever did and as a community/open source project I'm just informing the rest of the community who may or may not be aware of this, as I didn't find it mentioned before.



Suggested Topics

  • 2 Votes
    1 Posts

    I would like to add a button in every post that before clicking on it will be gray and after clicking on it will be green for all users !!
    This means that as soon as one user clicks on it he will color for everyone.
    And that I can know who pressured him ...
    Is it possible to insert such an element with the user ID that clicked on it?

  • 0 Votes
    2 Posts

    There's no built in functionality to do this. There may be a plugin but I don't know of one.

  • 0 Votes
    2 Posts

    We highly recommend you stay up to date for the latest security fixes.

    This looks more like a cacheing issue though. You can try running a rebuild and restart, that should reset the cache buster.

  • 0 Votes
    5 Posts

    @yariplus said in Normal users are able to "feature" topics.:

    You seem to have installed either featured-topics-extended or featured-threads. Neither of these is included in the default package.

    This appears to be a bug, since the option should not appear for non-moderators. However, the buttons do not actually work.

    As for broken links, I tested my plugin featured-topics-extended and all links are working. The plugin featured-threads is broken however.

    Damn I keep forgetting to turn on the "Watch topics you create" option so I keep missing replies on here. Sorry about that!

    Thank you very much for the response, I just figured that out today actually. I had both installed still so I thought that all "featured topics" plugins were broken on my forums, after I disabled the other one yours worked.

    P.S. (Not sure if it's a new feature but I didn't see it at first) But I love the featured topic cards. That's exactly what I was looking for when I first joined these support forums. Keep up the good work!

    P.S.S. If you ever need any testing grounds or anything on a large scale for your plugins, our forums got almost 13,000 registered users in under two weeks and we expect it to continue to grow.

  • 0 Votes
    1 Posts

    I need some advice in connecting small sails.js app with nodeBB. In my sails.js application I need to get current logged user. I set sails.js session id key to express.sid (as in nodeBB), and configured it to use nodeBB collection as session storage. Then I can query for user id by session id (also from nodeBB storage). It is almost what I need to, but I can't get through some problems

    nodebb and sails app have to be on same domain when user visits sails app first, then nodeBB sets another session id and sessions are different on both apps when user logs in nodeBB, gets new session id and also, sessions are different on both apps

    Maybe OAuth is best way to go?

    PS. Thanks for nodeBB, great work!