Wednesday, August 5, 2015

Legal Notice

Blogger has been sending around the following notice:
European Union laws require you to give European Union visitors information about cookies used on your blog. In many cases, these laws also require you to obtain consent.

As a courtesy, we have added a notice on your blog to explain Google's use of certain Blogger and Google cookies, including use of Google Analytics and AdSense cookies.

You are responsible for confirming this notice actually works for your blog, and that it displays. If you employ other cookies, for example by adding third party features, this notice may not work for you. Learn more about this notice and your responsibilities.
I have checked and if you are viewing this from an EU country then an ugly banner informing you of Blogger's  use of cookies does indeed cover the header of the site.

For those curious I know of the following cookies that blogger uses (explanations come from here, and here; different browsers may get different sets of cookies):
  • TL
  • S
  • SID
  • HSID
  • SSID
  • APISID
  • SAPISID
  • _utmt
  • _utma
This cookie is used to determine new and returning visitors.  It has an expiration time of 2 years.  If the ga.js library is executed and no _utma cookie exists, this will be recorded as the users’ first visit and a _utma cookie will be set.  If a _utma cookie is already in place, the expiration time is reset and the user is recorded as a return visitor.
So let’s go through a quick run through of what the string of numbers means.  The string starts with a domain hash, this defines which domain the cookie relates to and is unique for every domain.  The Unique Identifier is what defines the user/browser. The time stamp refers to the visits the user makes to your website and the number of sessions refers to how many times they have visited your website.
This cookie is what’s called a “persistent” cookie, as in, it never expires (technically, it does expire…in the year 2038…but for the sake of explanation, let’s pretend that it never expires, ever). This cookie keeps track of the number of times a visitor has been to the site pertaining to the cookie, when their first visit was, and when their last visit occurred. Google Analytics uses the information from this cookie to calculate things like Days and Visits to purchase.
  • _utmb
This cookie is used to determine a new session.  The cookie is set when the ga.js library executes and there is no _utmb cookie in place.  It has an expiration time of 30 minutes, therefore if a user is inactive for a period longer than this, a new cookie will be set when the library executes and the interaction will be recorded as a new session.
The _utmb cookie contains the same domain hash as above.  This cookie records information about this particular session. 
  • _utmc
The B and C cookies are brothers, working together to calculate how long a visit takes. __utmb takes a timestamp of the exact moment in time when a visitor enters a site, while __utmc takes a timestamp of the exact moment in time when a visitor leaves a site. __utmb expires at the end of the session. __utmc waits 30 minutes, and then it expires. You see, __utmc has no way of knowing when a user closes their browser or leaves a website, so it waits 30 minutes for another pageview to happen, and if it doesn’t, it expires.
  • _utmz
This cookie is used to determine the traffic source, medium, campaign name and campaign term which delivered the user to your website.  It is created when the javascript library executes and expires after 6 months.  This helps Google collect the data which can then help them to determine which traffic sources assist conversions within the multi-channel section of Analytics.
Again the domain is the same as the above cookies as it refers to the same domain.  From this cookie we are able to determine the campaign source, campaign name, campaign medium and campaign terms.
Mr. __utmz keeps track of where the visitor came from, what search engine you used, what link you clicked on, what keyword you used, and where they were in the world when you accessed a website. It expires in 15,768,000 seconds – or, in 6 months. This cookie is how Google Analytics knows to whom and to what source / medium / keyword to assign the credit for a Goal Conversion or an Ecommerce Transaction. __utmz also lets you edit its length with a simple customization to the Google Analytics Tracking code.
  • GoogleAccountsLocale_session
  • GAPS
This stands for Google Apps Password Sync and according to here:
Google Apps Password Sync (GAPS) automatically keeps your users' Google Apps passwords in sync with their Microsoft® Active Directory passwords. Whenever a user's Active Directory password is changed, GAPS pushes the change to Google Apps immediately.
GAPS never changes your Active Directory passwords; it only syncs Active Directory password changes to Google Apps.
If you object to these cookies you should be able to change the settings on your browser to accept or reject them or to have them expire at the end of a session.

I have not set any cookies on this site although Blogger has.