Could someone tell me the purpose of the qos_token cookie? I can see it in browser developer tools, it says the cookie comes from the domain openstreetmap.org. My boss wants to know what it does so he can inform our users about their privacy.
I don’t see this cookie, however I think there is a serious issue here, OSM is hosted in the EU, and some of the cookies I do see do not seem to be exempt under EU cookie law, and http://wiki.osmfoundation.org/wiki/Privacy_Policy#Cookies seems to be far from adequate in explaining their use. In particular, “navigation state” seems to be used as a catch all.
Best practice is to name each cookie and describe its purpose, even if it is technically exempt.
On the other hand, it does look as though OSM is exceptionally free of third party cookies. Most sites would need to describe many third party cookies.
The privacy page does have a contact address. I’d suggest using it for this question and also, if you agree, pointing out that the current description of how cookies are used is inadequate.
As the name says qos stands for quality of service and is used as a means to rate limit access to tile servers and other services provided by osm.org. It’s based on ruby on time passwords, hence no reason for any privacy concerns with this particular one imho.
BTW: this information is publicly available on the osm github repository, in particular the chef repo.
Thanks mmd for the explanation. I was googling and searching some forums, but I didn’t check the github repo. The name was pointing at Quality of Service, which I told my boss, but he wanted to be 100% sure :-). Once again, thank you.
I am not clear from the descriptions given of the cookie that it does fall under the exemptions. I think the closest exemption would be where a proxy diverts traffic to a particular worker and it is necessary for the whole session to be routed to that server. The description makes me think this is more about the load balancing decisions, than about how those decisions are actioned.