Cookie Law Update

Well the deadline for the imposition of the EU’s cookie law has come and gone, and I suspect that thousands of websites throughout Europe are still massively non-compliant. I checked my bank’s website last week and while they had something it clearly wasn’t compliant. The BBC doesn’t seen to have even tried.

In recognition of this, the authorities performed a massive climbdown at the weekend. As this Guardian article explains, the UK’s Information Commissioner changed its guidelines at the last minute. Initially they insisted that active consent was required: that is you had to actively ask the user if using cookies was OK before any cookie was deployed. The new guidelines (which my bank appears to have followed) say that implied consent is OK. So as long as information about cookie use is clearly displayed the site’s visitors can be assumed to have consented to that use. As The Guardian notes, this appears to be in direct contravention of the EU guidelines, so the UK may be in trouble over this in future, but until they are UK businesses should be safe following the local rules.

US readers may find this a bit confusing, but this is the way that “states’ rights” tend to be dealt with in the EU. If Brussels passes a daft law, everyone just ignores it. Well, almost everyone. The UK seems to delight in enforcing the daftest laws in draconian fashion so as to give the tabloid newspapers something to write scare stories about, but in this case we seem to have done the smart thing.

Anyway, as a result, I have posted what I hope is a clear description of how cookies are used on this website. If anyone has any questions or concerns, I’d be delighted to hear from you so that I can improve things. You can read the site’s cookie policy here.

EU Cookie Law

Most of the time I am fairly much in favor of the EU. I’m an internationalist, and anything that gets up the noises of the jingoists at places like the Daily Mail and Daily Express has to be doing something good. Like most governments, however, it is often woefully ignorant when it comes to IT issues, and that means that it is prone to doing things that are monumentally stupid. Here is a case in point.

Last year the EU decided that cookies on websites were an unacceptable intrusion into citizen’s lives, and that all websites would have to gain consent from users before creating any cookies. The IT industry complained that doing this would require time, so they were given until May 26th this year to get their act together. Nevertheless, a KPMG survey published in April estimated that only 5% of major UK companies were compliant. The level of compliance is likely to be much lower amongst small businesses. Indeed, I suspect that vast numbers of small businesses, and private individuals who own websites, don’t even know that the law exists, and wouldn’t have a clue how to comply if they did.

What’s a cookie? Well, it is a piece of software that allows a website to store information in your browser and pass that information on, either from page to page on that site, to another website you visit, or simply back to itself next time you visit. It is a very useful tool. Yes, it can be used to install malware, or to harvest personal data, but sharp knives can be used to kill people and that doesn’t stop cooks using them on a daily basis.

To give you some idea of the problem, here are the different ways in which cookies are used on this website.

1. Google Analytics — this is a very useful piece of software that very many websites install to get an idea of the where their visitors are coming from. Google is apparently negotiating with the EU, but as yet no statement has been issued.

2. Spam prevention — one of my main tools for preventing comment spam uses a cookie.

3. Social media — those nice little buttons that allow you to easily share posts with your friends on Twitter, Facebook and Google + use cookies.

4. Comments — WordPress (the software on which this blog runs) uses cookies to remember your name, email and URL so that once you have made one comment here you don’t have to type those things in each time.

5. Links to other sites — those nice little widgets that allow you to click through and buy books from my bookstore? Yeah, they use cookies too.

So now I have to give you the option as to whether any of these cookies will be created so that you can opt out if you wish. Ideally I should do that individually for each type of cookie, because you might approve of some and not of others. And I have to do that before you interact with the site, so that no cookies can possibly be generated without your consent. And I may have to do it each time you visit the site because the only way to remember from one visit to another whether you consent to cookie use or not is to create a cookie, and you might not want me to do that.

See the problem?

It gets worse. All of those systems I mentioned above are supplied by third parties. I didn’t code any of it myself. I know that the cookies are there because I’m smart enough to know how to find them. Other people may not be. Ignorance, sadly, is no excuse under the law. I can’t change the code myself. All I can do is either disable the particular piece of software that uses the cookie, or turn the cookie off if such an option is provided. The spam blocker has provided an alternate mechanism that doesn’t use cookies but will be less effective at spam blocking. With the comments I can add text to every post noting that by commenting you are consenting to cookie use. But Google Analytics, the social media buttons and the bookstore links will have to go.

As is depressingly typical these days, the law is also very vague. It says that cookies are allowed if they are “essential” to the operation of the website, but what exactly does that mean? How essential does the cookie have to be? I can do without all of the above, it is just a total pain to have to do so.

Then there’s the scope. All of my websites are hosted in the US. The domains are registered in the US. But I’m a UK citizen living in the UK. Am I covered by the law? Probably, but I may not be. What about the bookstore? I don’t host that myself. It is part of the Shopify site. If it is covered by the law, then in all likelihood my LiveJournal account is too, and that has cookies all over it. What about my Twitter account? Or Facebook? The dividing line between a website that you own, and are responsible for, and one where you are simply a customer, is very blurred.

All of these things will doubtless be sorted out by test cases eventually, and hopefully common sense will prevail. However, I have no particular desire to be a test case (if you want to know why, see yesterday’s post on equality under the law). So I’m going to do my best to comply. This may result in various websites becoming rather annoying, for which I apologize in advance.

Oh, and before anyone mansplains me, yes, I do know that various people are offering tools to help you get around this. If you can find one that doesn’t use cookies to store visitors’ cookie preferences, and which allows visitors to choose which cookies to allow, please let me know.

A Word of Thanks

The amount of comment spam that my blog receives had dropped by about 80% over the past week. I can’t be certain why that is, but I rather suspect that someone in law enforcement somewhere in the world has done a good job. Whoever you are, thank you!

Bookstore Update

I promised you an update on what is happening with the Wizard’s Tower Bookstore. Here it is.

When you run an ecommerce site it is inevitable that you will come under attack from hackers. That’s even more the case if you are selling digital downloads, because people want to be able to steal the content to put it on torrent sites. As a store owner, you have to rely on your hosting company to protect you from this. You have neither the skill nor the time to do it yourself.

I continue to be confident that my store was secure. I would not have been selling other people’s books if I wasn’t. Nevertheless, attacks happened and recently I discovered to my horror that this was costing me a lot of money.

You see, many hosting companies put a limit on the bandwidth your site is allowed to use. Hacking attacks, especially things like brute force attempts to guess a password, mean that the servers are being constantly pounded by bots. And of course some people launch denial of service attacks at websites just for fun. My bookstore was getting pounded in this way, and the hosting company was charging me for the excess bandwidth used. At one point on Monday the site ran up 2 GB of bandwidth usage in an hour. My monthly limit was 20 GB, and overage charges were £2/GB. Hopefully you can see why I had to put a stop to that.

The hosting company claimed that it was impossible for them to screen out all bot attacks, and it was my duty as a store owner to keep an eye on bandwidth usage and block any IP addresses that were causing problems. If necessary, they said, I should block entire countries. At the time, most of the bot attacks were coming from Japan and The Netherlands. I think you can see why I didn’t like this idea. Cybercrime is not limited to third world countries.

So eventually we came to a more or less amicable parting of the ways. They agreed to waive all outstanding charges, and I agreed to go elsewhere. It is a real shame in some ways as I liked their store software. If they had been able to outsource the actual hosting to a big server farm I’d still be there, but their charges for both disc space and bandwidth were way above industry norms, even without any excess charges.

What I’m doing now is testing some alternative store software. These folks, to be precise. You’ll note that they offer unlimited bandwidth. If anyone has experience of using them I’d be very pleased to hear from you. I’m hoping that I can get a new store at least started by the end of next week, because I have Juliet’s book to launch. Whether the store continues to sell books by other publishers or not depends on whether they wish to continue working with me, and on certain other business considerations that I am not yet at liberty to talk about. One way or the other, however, the books should be available again in a month or so.

Spam Report

This blog gets a lot of spam. Hardly any of it gets through. Bad Behavior, which detects spam based on its source, catches about 400 posts a day. I never see any of it. Akismet, which detects spam based on its content, catches another 300 a day. I do see that as it occasionally gets false positives, but Akismet has a success rate of well over 99.9%. Most of the comment spam is easily spotable, and I have been posting some of it for your entertainment here so you can see how bad it is.

This morning I was reading a post by the author of Bad Behavior talking about his plans for future development. This comment stood out for me:

As of now, Bad Behavior is shockingly effective, as one user said, at blocking automated spam and other malicious activity. However, that doesn’t catch all possible spam. There’s one important class of automated spam I would like to catch but cannot right now: that is delivered from hijacked Web browsers. This accounts for virtually all of the spam that Bad Behavior currently misses.

So, all of that spam that Akismet is catching, most of that is being delivered by malware installed in web browsers. And I’m guessing that that spam I get is coming from the browsers of people who read this blog. That means you, dear readers. Probably only one or two of you. But somewhere out there a few folks are unwittingly sending a lot of spam my way, and to other blogs they read.

Please install some security software, folks. If you are on Windows, Microsoft Security Essentials is free and does a decent job.

Honey Trap

This blog gets around 300 spam comments a day. None of them get through, but that means you folks don’t get to see how daft some of them are. So I thought I would make a honey trap post and add to it any comments it receives. I will, of course, edit out the links to porn sites and malware distribution sites. I may also be unable to refrain from snarking occasionally.

A Little Signal Boost

Listening to the new Galactic Suburbia podcast today, I was alerted to this post by Diana Peterfreund which makes some very valid points about how internet controversies play out. It isn’t just that a link to something really good elicits a yawn, while a link to something atrociously offensive gets a clicking frenzy. Even when you get a controversy that plays out, results in changing how people think, and produces something really good, that good thing may then sink without trace.

I can certainly back this up. The anthology controversy that Diana refers to in the article was all over my in box for days. I never heard a peep about the final book, nor that sales of it would be benefiting a charity for homeless LGBT youth. And I’ve checked my archives for the Outer Alliance mailing list. The book, Brave New Love, is a YA anthology of romances set in dystopian worlds, so absolutely on target as far as current marketing trends go. It is edited by Paula Guran, so the quality should be very good. Worth checking out, I think.

Manufactured Proof

It must be great to be a right wing extremist. You don’t have to justify anything you say, you can just make it up. As long as your followers are prepared to swallow it, any old rubbish is OK. But why be content with any old rubbish when it can be funny.

A case in point. This morning Ken MacLeod re-tweeted a link from Jim Henley (who I don’t know, but who deserves the credit). The link is to a page on Conservapedia that contains a heap of “facts” intended to prove that the Earth cannot be more than a few thousand years old. You have to be pretty dumb to swallow some of it, but my attention was drawn to the section on Biology where point 1 is as follows:

The intelligence of humans is rapidly declining, whether measured by SAT scores, music, personal letters, quality of political debates, the quality of news articles, and many other measures. This means that if one goes back far enough, intelligence would measure at ridiculous heights, if humans were even tens of thousands of years old.

And the best evidence for the rapidly declining intelligence of humans is…

I cannot believe that anyone would have written this without their tongue firmly in their cheek. Will someone pay me to write this stuff? It would be so much fun.

Online Price Checks Hit High Street

There has been a certain amount of concern in the book business of late about a new initiative from Amazon. What they are doing is encouraging consumers to report the prices that are being offered by bricks and mortar bookstores so that Amazon can ensure that they are not being undercut by anyone. There’s a financial reward for consumers who participate.

This behavior is not confined to Amazon. ASDA (Walmart) is running a similar promotion for its UK supermarkets. And indeed it is a familiar problem to any online retailer. One of the reasons I don’t offer sales in the Wizard’s Tower Bookstore is because if I do Amazon is liable to reduce the prices on the books in their store to match, and then not put them up again when my sale ends. Unless you happen to be a big name publisher with enough clout to negotiate one of those “agency pricing” agreements then you have no control over what price Amazon sells your books for, and I only stock books by indie publishers. I can’t put them at risk.

Nicola Griffith has an interesting blog post in which she makes the point that what bookstores need to do is offer a better shopping experience than Amazon. But how do you compete? There’s exclusivity of course, but you can only negotiate exclusivity deals if publishers think you are big enough. Guess who qualifies. Amazon knows that they sell 80% of all ebooks, probably more than that for books from independent presses and individual writers, so actually giving Amazon an exclusive in return for better promotion might make good sense to individual publishers. It is also worth noting that one of the reasons why Amazon is so successful is that it has put a lot of time and effort into delivering a top class shopping experience.

It is a difficult problem, and one I certainly don’t have an answer for right now, primarily because I have neither the time nor the money to invest heavily in new ideas. Still, I’ll keep trying, and I do have some good bookstore news coming soon.

Beatts on Bookstores

This morning over breakfast I listened to the latest episode of Alisa Krasnostein and Jonathan Strahan’s podcast, Live and Sassy. This featured an interview with the owner of one of my favorite bookstores: Alan Beatts of Borderlands Books in San Francisco. It is well worth a listen, if you are at all interested in the book business.

Alan talks mainly about the impact of ebooks, and Amazon in particular. The most notable point he makes is that if we, as readers, buy just 1 in 4 of our books online, without increasing the number of books we purchase, then most bricks and mortar bookstores will go out of business, because they can’t survive a 25% drop in turnover. The chain stores will go first, as indeed Borders already has, and independents will suffer a brief renaissance in their absence, but ultimately most of them are doomed.

Where I got most interested is where the discussion turned to “what next”. Assuming that bricks and mortar books stores do vanish, where will we buy books in future. Amazon obviously. ABE books for second hand? Oh, they are owned by Amazon. The Book Depository? Oh, they are owned by Amazon. See where I’m going with this?

Alan says that he thinks publishers will increasingly try to sell books direct to the customer. Gollancz’s SF Gateway ought to be a good example of this, except that it isn’t because they don’t sell the books themselves, just point you to Amazon. Angry Robot, with far fewer resources, managed to get the job done right.

Of course creating an online bookstore does cost. Alan says it is far too difficult for a small press. That’s not actually true. Lee Harris managed it for Angry Robot, and I used the same software to create my store. The problems here are twofold. First, there’s currently no off-the-shelf store software that does ebook purchase as seamlessly and conveniently as Amazon. Hopefully that will change soon (and indeed I’m working on something myself). The other problem is volume. Licensing the store software is expensive, and if you don’t have much turnover then you won’t make any money. One of the reasons I started a bookstore is to attract more customers and sell more books, because there is no way it would have been economic just selling my own books.

Alan also talks about websites that sell books through affiliate schemes. You can do that, and you might look like a bookstore, but it is really hard to make any money that way. If I sell books through a bricks and mortar store like Watestones they are liable to want 35% or more discount before stocking them. If I sell ebooks through Amazon they take at least 30%. My own store takes 15%, because I’m trying to help small presses. I’m not making money at that rate. Amazon’s affiliate scheme promises “up to 15%”, but you generally only get that much on big ticket items and selected best sellers. You normally get a lot less.

Also, as Alan mentions, Amazon has a patent on the way in which their affiliate scheme works, which makes it hard for other stores to do such things as well as they do. And of course if your “bookstore” is essentially just a front for Amazon then you are not really increasing competition.

There are a few people trying to do genuinely independent ebook stores. Baen’s Webscriptions, Small Beer’s Weightless Books, and my own store, are all examples within the SF&F community. But is it much more difficult to make this work than it is with a bricks and mortar bookstore.

How do you compete? On price? No, Amazon ruthlessly monitors rival stores and will reduce prices to match any offers. On selection? No, Amazon sells everything. On convenience? Very difficult, as Amazon has far more money and can develop much better software than you can. By being local? Well only if you live in a country without an Amazon store, and they are starting to expand.

The thing about online retailing is that it makes to very hard to differentiate yourself from anyone else. And that means that it is difficult to see any future for bookselling except direct from major publishers, or from Amazon.

As someone who has spent much of her career in economics breaking up monopolies, this worries me a lot.

Following Worldcon

Kevin and I are not providing much in the way of live coverage of this year’s Worldcon. Obviously I’m not there, but as I noted back in June I think the need for ConReporter.com has largely gone away. There will be a lot of fans tweeting from the convention. Look for the hashtags #renosf #worldcon and #hugos. In addition the convention has produced a mobile app to help you follow the event. Instructions as to how to get it for your iOS or Android device are available here. Alternatively you can see it from an ordinary PC at this address (but only if you are using Chrome or Safari, not Firefox or IE).

This is exactly the sort of thing I hoped conventions would start doing when I started ConReporter.com, so to a certain extent I can say, “my work here is done.” And well done Reno for raising the bar.

New Westercon Website

Some of my pals back in California have been busy revamping the website of Westercon, the travelling convention for the west coast. Jo, Chaz and Andy seem to have done a fine job there, though by their own admission they’d love to hear from a good graphic designer who can help them make it prettier.

This is the sort of thing that Kevin and I wanted to do to the Worldcon website after we had finished rebuilding the Hugo Awards website. At the time (2008) the Mark Protection Committee chose someone with better qualifications than me, which is fine. However, for a variety of good personal reasons he was unable to get the job done, and ever since then inertia has set in. Maybe WSFS could get the folks who did the Westercon site to help them out.

Women, Wikipedia & Bristol

Next Thursday (August 18th) there will be another Girl Geek Dinners event in Bristol. The guest speaker is Fiona Apps, who is an administrator on the English Wikipedia and a member of Wikimedia’s Volunteer Response Team. Naturally the topic for discussion is getting women involved with Wikipedia. Go here to book a place.

If you think that’s a non-issue, take a look at this recent research from the University of Minnesota’s College of Science and Engineering. One of the significant findings is:

The research indicates that the articles females tend to edit are twice as likely to be about controversial or contentious topics. In addition, female editors are significantly more likely to have their early contributions undone by their fellow editors, and are more likely to be indefinitely blocked by fellow editors. Taken together, these findings hint at a culture that may be resistant to female participation.

The researchers say they are surprised that women tend to edit more controversial articles, but looking at the paper I see that their definition of a “controversial” article is one that has a lot of edit wars. If work by women editors is much more likely to be attacked than work by men, then of course women will appear to be focusing on controversial subjects. I also note that women editors are slightly more likely to be banned from Wikipedia than men. The researchers suggest this may be because male trolls disguise their gender in the hope of more lenient treatment, but my own suspicion is that those women who don’t just give up will often get very, very angry, and get banned as a result.

Oh, and to save you reading the comments at that link, yes there is someone who claims that this proves that women are stupid and incompetent.

Note to LJ Users

No, they probably won’t see this, but here goes anyway.

The current problems with LiveJournal have been preventing me from cross-posting from here, and from SF Awards Watch, for more than a day. I’m kind of used to LJ being flaky, but I have just noticed that the problems with the LJ cross-poster are stopping my posts from being cross-posted to Twitter. That won’t do, so I have turned the LJ cross-poster off. Will someone please let me know when (if) it is safe to turn it back on again?

Some Quick Comments on Google Plus

First of all, thanks to all the people who sent me invites. I think it it open to all now, so hopefully that piece of silliness is over.

Second, I’m going to be on the road for the next 10 days, so I won’t have much time to look at what Google Plus has to offer. My apologies to all of you who are getting enthusiastic over the new toy.

Having said that, from what I have seen so far I won’t be spending much time on Google Plus. I don’t have the time for social networking any more complex than Twitter. I am on Facebook only because there are people who won’t read my tweets and blog posts unless they appear on Facebook. I haven’t, as yet, found any means of automatically importing feeds to Google Plus, and no way am I going to re-post anything manually.

Also I do most of my social media interaction on my iPad, and I’ve seen from other people that Google Plus won’t let you use it from a mobile device unless you give them your location. That’s another disincentive to using it.

Some of the features do look interesting, but I won’t be able to try them out until I get back from Finland.

Amazon and The Book Depository

Yesterday’s Twitter updates brought the depressing news that Amazon is to buy up my second favorite online bookstore (the first being my own, naturally), The Book Depository. Reaction to this in my corner of the blogosphere has been pretty much uniformly negative, with many people suggesting that they’ll stop using TBD.

Meanwhile business-oriented news sites are trying to figure out what this is all about. Paid Content suggests that it is a question of expertise. While Amazon has largely followed chain bookstores such as B&N and Waterstones in focusing on the bestseller market, TBD has followed a more diverse business strategy, catering for a wide market and a diversity of tastes. By buying TBD, Amazon may be seeking to cover both bases.

The idea is given some credibility by the news that the two companies will remain independent. So it will be sort of like a hotel company owning several brands, each catering to a different segment of the market. I don’t think this will work. I think the economics of online retailing will inevitably favor a bestseller approach. While TBD might be happy with a less-profitable business model if it means it appears to be a viable alternative to, rather than a pale copy of, Amazon, once the two operations are overseen by the same board of directors it won’t be long before TBD is deemed insufficiently profitable and is wound up.

Consumers, especially those in countries without a local Amazon affiliate, appear to be mainly worried about pricing, in particular TBD’s famous “free shipping” policy. I have seen suggestions elsewhere that this is an illusion — what they do is check which country you are logging in from and adjust book prices accordingly. In any case it seems unlikely that Amazon will want to compete with itself, especially given the lengths it goes to in order to try to prevent publishers from ever offering a book for sale at less than you can buy it for on Amazon. The only thing slowing down price matching will be the time needed to build the IT systems that enforce it.

That brings us to the question of competition law. As The Guardian notes, the deal is not yet done. Regulatory approval is required. I can’t see the Office of Fair Trading doing anything. There wasn’t really any serious competition in the UK anyway as we have a local Amazon affiliate and prices were probably matched already. Besides, Tory government. Other countries may see things differently, but whether the EU has jurisdiction over the matter isn’t clear.

One other thing does spring to mind. Amazon has recently been closing affiliate accounts in various parts of the USA because state governments have been imposing local taxes on internet sales. California was the latest to go. I don’t know what the situation with US residents signing up to affiliate schemes with TBD is. My own TBD affiliate account is in US$, but is linked to the Wizard’s Tower PayPal account which is UK-registered, so it isn’t a good guideline. Does anyone know? Could this be Amazon exploring a loophole in US tax legislation to allow them to continue running affiliate schemes?

Color Me Suspicious

So I have just bought some new music from Amazon (the utterly fabulous CN Lester, and some new kid called Lady Gaga who I understand is quite popular). When it came time to download the albums, something new happened. Instead of telling me to use the downloader, Amazon tried to persuade me to save the files to “the cloud” instead. Apparently this is free and means I have an offline backup of my data.

Well, you know, I have offline backups anyway, so no worries on that account, but what about other people? Here’s what I think happens. You save your MP3 files to “the cloud”. What that means is that they stay on Amazon’s servers. Every time you want to play them you have to stream them. Someone will want to charge you for the bandwidth usage. And Amazon will be trying hard to persuade you that it is much better to pay-per-play than to buy the songs outright. In any case, the mp3 files never get onto your PC, they stay in “the cloud”. And we all know how transient clouds can be, right?

I downloaded the files onto a local computer. I feel like I own them now.

In Conversation with GGK

Unusually this year’s Hugo Best Novel short list included three books that I had nominated. That, of course, means that two of my favorites missed out, and it will be no surprise to anyone that one of those sadly overlooked works is Under Heaven by Guy Gavriel Kay. I am trusting the World Fantasy judges not to be so careless.

Meanwhile Guy tells me that he will be talking to the world next Tuesday (May 3rd). Well, perhaps not the entire world, but a large chunk of it. He’s experimenting with a new online chat system called One Room, which sounds a bit like CoverItLive but is specifically designed for one-to-many mass chats (and by many they claim to mean “thousands”). I shall be interested to see how it works, and indeed how many people Guy gets for this world-wide event.

If you would like to participate, the sign-up form is here. You can also register a question in advance. The timing is 2:00pm Eastern, which is 11:00am West Coast and 7:00pm UK. I have a meeting in Bristol during the day, but I should be back in time to be online for this. Hopefully I can also get Guy to tell me what it is like from the author’s point of view.

Heaps of Thanks

One of the things I love about the Internet is that I now get birthday wishes from all over the world. I’ve only got one card — from my mother — but something like 200 people have sent me messages. And those people are spread all over. They are in the USA and Canada, Australia and New Zealand. They are in Finland, Norway and Sweden; France, Germany, Italy, Ireland and Spain. They are in Bulgaria and Romania; in South Africa, Brazil and the Philippines. The first message I saw on waking up was from someone in Delhi, India. I have probably missed a few countries as well. This would not be possible without the Internet. Thank you, everyone, and my apologies that there are too many to reply to personally.

In case you didn’t notice, Kevin and I has a lovely time on my birthday. Special thanks to Jo Hall for bringing yummy chocolate cake to the pub in the evening.