It seems that in the last couple of years, it has become standard for web sites to have irritating pop-over notifications that their web site uses cookies “to enhance your user experience” or something like that. As far as I can tell, this is done in compliance with the European Union's GDPR regulations (though that is perhaps not entirely true). I find the notifications to be totally uninformative and irritating, so I am curious whether this practice was an intended consequence of those laws or regulations, or whether it was an unintended consequence of a regulation that was intended to compel a different sort of behavior.
Asked
Active
Viewed 170 times
3 Answers
0
Yes, it was intended. It is because the law requires the sites to allow you to decide if you want cookies that are not necessary and allows you to opt in and out of specific cookies.
There just isn't a good way to do those things without making you click stuff.
Putvi
- 4,050
- 11
- 22
0
Yes, it is intended.
Good would be to have a button together with the message to turn of cookies. This is rare, but for example slashdot.org does this.
Some reasonably good sites let you turn off all cookies with three clicks; it looks very much like they all use the same software for this.
Other sides make it ridiculously difficulat. arstechnica.com used to have links to 50 pages of their advertisers where you could supposedly turn off cookies for each advertiser individually. That's the kind of thing that makes you absolutely hate a website.
And then there is webmd.com . A website providing medical information. A website where I would expect more privacy than from other sites. The contrary happens: They don't allow access to their site unless you agree to their terms. According to the GDPR, such forced consent is not consent. In other words, webmd.com stores information about users residing in the EU without their consent, in absolute violation of GDPR.
gnasher729
- 35,915
- 2
- 51
- 94
0
Here’s a cybersecurity perspective. Cookies can have the ability to do a wide range of things. In addition to small arbitrary data, cookies can be used for authentication mechanisms and trackers. This from Wikipedia on tracker cookies:
...tracking cookies, and especially third-party tracking cookies, are commonly used as ways to compile long-term records of individuals' browsing histories – a potential privacy concern that prompted European and U.S. lawmakers to take action in 2011. European law requires that all websites targeting European Union member states gain "informed consent" from users before storing non-essential cookies on their device.
Security things to consider:
- Line of death and zones of trust. Malware droppers can masquerade as cookie prompts. If you don’t know what legitimate, trusted prompts should look like and WHERE they should be, it’s pretty easy to get owned.
- Review/change your browsers default cookie action, and clear cookies often.
- Detect and block trackers with Privacy Badger. You may not have a good web experience blocking all cookies by default. This extension tries to determine the behavior of a tracker, and blocks it.
- bonus: get a good ad blocker. Ublock Orgin is free and awesome.
- bonus: make sure your connections are using SSL encryption with HTTPS Everywhere Most legitimate sites use SSL for their core content. Even so, lots of little 3rd party HTTP requests are made for tracking and adds... block them and watch lots of ads disappear, and it will also help warn you before going to bankofarnerica (...ARNERICA, yes, I’ve seen this phishing attempt from typo-squatted http sites).
Follow these tips for safer, faster browsing.
sadtank
- 155
- 6