My question is: How much privacy are you willing to cede to techPresident in their quest to write uninformed blog posts?

When you visit techPresident.com, similar cookies get set. Are you tracking my browsing habit? Are you planning to steal my sessions? The answer is no, you are using Drupal which uses PHP session and sets a cookie with your session id. And you are using Google Analytics, which sets any number of cookies that track where you can from and where you are. You are, however, (at time of writing) missing a Privacy Policy. At least the candidates' Internet Directors took a few minutes to whip one up.

Responsible web browsers should manage their own cookies and for you lazy blog readers, Safari has a porn private mode that will delete all your cookies and history when you close the program.

Our apologies about the privacy policy -- it was an oversight and there is now one up on the site. It reads, "TechPresident values your privacy. We only collect and store your email address for login purposes and in order to send you updates about the site. We do not sell, rent, share or distribute your email address in any way.

TechPresident contains links to other sites. We are not responsible for the privacy practices of those sites, and recommend you read their privacy policies for further information."

I don't know of any any serious interactive website that doesn't use cookies. How is that even an issue?

First, I feel that raising cookies as a specter here is a little bit of a straw man. Sure, there are "privacy concerns" with cookies, but interactive, login-based sites can't reasonably operate without them. I guess my point is they are ubiquitous.

Of course, cookies primarily exist to identify you as unique in the site. The real "privacy" concerns would come from log analysis or inline javascript. As an analogy, imagine being recorded on video as you walk around a store. Your distinctive jacket or hairstyle is your "cookie", but the video cameras and audio surveillance? That's the javascript and log analysis. I know that analogy may not be super coherent, but the point is that cookies only play a small part in the privacy equation.

Regardless, none of the presidential sites are going to operate cookie-less, just like most other interactive sites on the net. And since you've already stepped back on the conflation of cookies and malware, I think my objections have pretty much been put to bed.

I think all the marketing issues related to precision/persuasive micro-target marketing are important to vet. It's not just harmless "cookies" anymore. Through an ever-growing evolution of cookies and collection via datapoints (including online video use), there is now behavioral targeting and behavioral retargeting. A whole range of user attitudes and actions are being collected, stored, shared, etc. in the commercial realm. The use of "immersive" multimedia ["rich media"] content, especially in relation to obtaining data via more stealth means, should also be an issue debated here.

My NGO and US PIRG filed a Federal Trade Commission complaint last November summarizing many of the new approaches to online marketing and data collection which raise privacy concerns. One can read it via:
http://www.democraticmedia.org/issues/privacy/FTCprivacypr.html

The key here for me is to create a set of public interest practices/expectations early on for digital political communications across the broadband PC, mobile, and IPTV platforms. Demanding privacy practices by candidates and campaigns that provide for full disclosure and meaningful opt-in should be the standard.

Of course privacy is an issue, but what does that have to do with Barack Obama's website? Nothing at all as far as I can tell. The association David has made with the subject line "malicious spyware" and large graphic "barackobama.com" makes this smell like a partisan attack, not a substantive discussion of issues that affect every campaign.

If you want to have a real discussion, I suggest you take this post down and write one that addresses the issue without sensationalism and veiled attacks.

A commenter on the cross-posted version of this David's blog says:

"The cookie you reference above that practically never expires is given by Google Analytics (formerly called Urchin). Any site running Google Analytics (all should really, its a a great and free service) will be giving this cookie."

If this were such a non-issue then the discussion wouldn't be so provocative and interesting.

For example, Mitt Romney's Privacy Policy doesn't mention the use of cookies, yet they use four.

Should he tell his users that they are using cookies?

If we, as the "experts," are unable to discuss the issue openly, then who will? Instead, I believe we need to develop standards on a bipartisan basis for candidates in the modern world before it becomes a bigger problem.

________________________________________
David All
The David All Group
http://davidallgroup.com
________________________________________

as innocent as the cookies in use are, i agree with david in that it is something that has to be discussed. not because there is any evidence of privacy abuse in campaigns YET, but that the possibility is definitely there. its better to talk about it ahead of time rather than after something bad happens. this is most certainly an issue worth discussing, not a non-issue.

phoenix

Some people are really paranoid about cookies being on their machine. They set their browsers to inform them any time one is set or they just reject them outright. I'm not one of those people.

This really isn't a big deal because virtually any site you visit does this to do things like track how you interact with the site, offer personalization and keep you logged in. Most of the presidential candidates are using commercially available or open source CMS systems, this is just part of how those systems work. It wasn't a conscious choice on the part of the candidates or their IT team to use cookies, it was a choice by the developers of the CMS system they are using.

Using them maliciously here would have to be a conscious choice since their IT team would have to deliberately modify the CMS.

One can use cookies to do malicious things but until someone has proof that is going on I don't think the issue is really worth discussing.

My advice to candidates would be:
1. Disclose it in your privacy policy.

2. Don't select a CMS that will not function if someone has cookies turned off. If that is the case it is a poorly written CMS and is just as bad of a mistake as a web developer depending on javascript being present for some critical function.