On consenting to cookies
Alright lets talk about cookies a second. Remember the EU Cookie Directive? All those pop ups asking to allow cookies are a direct result of that cookie directive.
State of things
Yes it is a little bit annoying, especially if you’re visiting a website only momentarily to look something up and the pop up covers your entire screen preventing access. To be honest, I didn’t pay much attention to them. In fact, I didn’t even read what the pop up said, instead my mind would seek a way out of it by looking for a highlighted button with words like Accept/Allow/OK/Dismiss just so that I could get to the content that I was trying to view. In all fairness, this was the case because I didn’t visit the site expecting to agree to some contract but to view the content of the website.
As an Engineer, I know what the cookie directive says. I know that I shouldn’t agree to it unless I really do but in most cases, like most normal people would treat terms and conditions, my instinct is to find a way out of it. So lets look at what the cookie directive actually says:
“Member States shall ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information, in accordance with Directive 95/46/EC, inter alia, about the purposes of the processing. This shall not prevent any technical storage or access for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or as strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service.;”https://cookiepedia.co.uk/eu-cookie-law
So to comply with this, websites started putting up those annoying pop ups so that they can provide “clarity” into whatever use case they have of storing cookies on my computer. How do they do it? Well, usually, these things have two action buttons, Allow All or Reject Cookies. I don’t know about you but it feels like a red pill / blue pill moment to me.
There is however a third option. It usually resembles “Manage settings”, “more options” or in cases when they really don’t want you to click on it, “Learn more”. When you click on this option, the pop up usually changes into something a bit more helpful.
Now that makes sense – this is what BuzzFeed wants to do with my cookies. Note that everything is “Off” by default. This is what is supposed to be the default, but if you remember the previous screen, the primary button, designed to draw your attention and make you click was the Agree and Exit button.
What would happen if you clicked that? Well I checked and in this case, it stored 34 cookies in my browser – in addition to you permitting all the above use cases. Whoa thats a lot of cookies. No wonder my computer is fat! What if you clicked Disagree and Exit button? 4 cookies. Thats it. If you clicked More Options, here again, the primary button is Agree and Exit, seems like they really want to store cookies in your browser! Alas, if you click that, your browser will have 34 cookies again, same result as if you never had clicked on More options in the first place. Although, if you clicked Save and exit, the number of cookies stored are only 4. Here’s a small list to help you with the math.
- Agree & Exit: 34 cookies
- More Options -> Agree & Exit: 34 cookies
- Disagree & Exit: 4 cookies
- More Options -> Save & Exit: 4 cookies
Now BuzzFeed is actually one of the good websites so they have a direct option to Disagree & Exit which effectivelly turns off other cookies. Here’s a website called Healthline.com who don’t provide this option:
When you click Manage Settings, you get a nice page with all fancy cookie use cases turned off by default:
Had you agreed to the first pop up and clicked on “Accept and continue to site” you’d have consented healthline.com and its partners to do whatever they want to do under “Special purposes” and “Special features” (+ all the other use cases they have outlined) and received 12 cookies stored in your web browser. On the other hand, if you go into “Manage settings” and click “Save settings”, it’ll take you to anon.healthline.com – which is an ad free version of the website. It still stores 7 cookies but they are not storing any third party or marketing cookies on your web browser.
And of course, this is assuming the websites are actually complying to the cookie law and aren’t doing naughty things anyway. Of course there’s no real way of knowing that. Websites could store cookies in your browser to track you and still send your information to the third party, via a serverside route without you knowing it happened at all.
The thing about this that is striking to me is that for most people, the EU cookie directive has become more pain than something that actually works. From a consumer standpoint, it is merely an annoying pop up that gives bad user experience. Users just want to find the quickest way out of it and the website developers are happy to provide that – using the same dopamine driven design psychology that they use to get consumers to “Buy”, “Like” and “Share” things.
As an Engineer, this is annoying on several levels. It interrupts the user experience flow. It breaks immersive experience. It is annoying to implement. And even after all that, it doesn’t give users what they deserve because they accept everything without reading anything.
I’ll explore the potential solutions some other time, but for now, the only real approach is to “take control” by reviewing the cookie consent and proceeding in an informed manner. Whether you’re on a well known recipe website just cheekily reading that korma recipe or sifting through tons of web pages trying to figure out whether aliens really made the pyramids, take a few seconds of your time to review what you are consenting to. Or better yet, if you’re only browsing to check something quickly, use something like Firefox Focus (or incognito/private mode in your favourite web browser), which effectively gives you a disposable browser where when you’re done with your session, you can wipe the slate clean.
If you want to explore the wonderful world of websites and the cookies they work with, you can try https://www.cookieserve.com. Type in a URL and it’ll explain which cookies serve what purpose. Its not bullet proof but is good at catching google and facebook cookies if a website is sneakily using them.
You could also use browser plugins that prevent tracking cookies from being stored. I use uBlock Origin (chrome/firefox) which is a general tracking blocker. Additionally, if you use a modern web browser like Mozilla Firefox, it comes with tracking protection baked in and turned on. Not sure about Google Chrome, it probably doesn’t since Google’s revenue depends on Ads. I’ve heard of an alternative called Chromium – which is supposed to be the core open source version of Google Chrome without the Google stuff but I’m not too sure about it so can’t strongly recommend.