back to article AI-powered browser extension to automatically click away cookie pop-ups now promised

A team of researchers at University of Wisconsin-Madison and Google say they have found a way to use artificial intelligence to neutralize manipulative cookie consent pop-ups that have become ubiquitous on the web. The project, revealed this month and dubbed CookieEnforcer, has the goal of automating the clicking through of …

  1. ShadowSystems Silver badge

    You need AI/ML for that?

    My ancient browser is configured not to allow 3rd party cookies at all & to prompt for 1st party ones, so that stops most 3rd party cookie requests in their tracks;

    It's configured to block pop up windows, so that stops the tracking request widget in it's tracks;

    It doesn't run JS so that shoots that particular security-raping of my system through the head the moment it tries to raise it to say hello;

    and none of this requires AI, ML, or any other buzzword infused bollocks.

    So why does it need an AI/ML extension to accomplish on "modern" browsers?

    1. Anonymous Coward
      Anonymous Coward

      Re: You need AI/ML for that?

      You don't google much for solving issues, do you?

      If you did you'd know that disabling JS on web pages now days will give you non functional page at best, and a completely empty one at worst.

      Still AI seems like using shotgun to kill flies.

      1. ShadowSystems Silver badge

        Re: You need AI/ML for that?

        No I don't use Google search. I use DDG for that. No JS required.

        I do use Gmail, but JS isn't required there either. Nor for my bank, any of the forums, or news sites I frequent.

        If a site claims to need JS, especially if it says it's for *security*, that site gets an email to tell them they're utterly full of shit.

        Close the tab, hit DDG, & search for the same content elsewhere.

        JavaScript: Just Say No.

        1. Anonymous Coward
          Anonymous Coward

          Re: You need AI/ML for that?

          So what do you do when it's your government website that requires it (that has no substitute)? Declare your intent to renounce citizenship and move to another country?

          1. eldakka Silver badge

            Re: You need AI/ML for that?

            So what do you do when it's your government website that requires it (that has no substitute)? Declare your intent to renounce citizenship and move to another country?

            While I can't speak to your government, or most governments at all, while my government does have such websites, if I visit the appropriate office in person they will do the paperwork without me having to log in and use their website. It is very inconvienient, but possible. The government wouldn't have a legal leg to stand on in court if I said "I attended an appointment at office X, and they refused to do the work of that department, requiring me to use their website, and now they are taking me to court for not filling out form X online, despite me in-person giving them all the information".

            Requring the use of the website, with absolutely no alternatives, would break all sorts of accessability and discrimination laws. This isn't to say that they make it easy to bypass the websites. I needed a new health card, lost mine years ago and needed it for some health services. I went to an office, where in the front area it was full of a couple of banks of computers. The 'greeter' at the door asked what services I was seeking, and pointed me to the computers and said words to the effect of "you can use one of these computers to log in to your government portal account, access the health services page, and log your replacement-card request", I told them no, I do not have and will not create a government portal account. I had to wait about an hour for a staff member to serve me in person, but it was done.

            1. Anonymous Coward
              Anonymous Coward

              Re: You need AI/ML for that?

              Not sure which country you're in.

              The UK benefits calculator is only available online and there's no government help for those who can't/don't/won't use computers - although there are charities that will help.

              UK fisherman, by law, have to log their catch on a government website before they land it. If, as you suggest, they landed it and drove it to the ministry of farming, fisheries and food and asked them to do the paperwork then they'd be breaking the law and risk a criminal record.

              That's just two I've got personal experience of over here. I'm sure there are others and I'm certain it will get worse.

              1. Doctor Syntax Silver badge

                Re: You need AI/ML for that?

                You don't say whether JS is required for these sites nor, if it is, whether 3rd party JS is required. In general I find that whatever other faults gov.uk sites may have (such as always apparently being in beta!) intrusive JS isn't one of them.

                Until these issues are actually tested in court we don't actually know whether they're really legally enforceable or not. What, for instance, would happen if a fishing vessel couldn't get a connection for one reason or another and went to the harbour-master, not DEFRA*, to report the catch? What would happen in the event of a discrimination case brought on behalf of someone who couldn't use the benefits calculator?

                *MAFF hasn't been its title for years.

              2. Falmari Silver badge
                Joke

                Re: You need AI/ML for that?

                @AC "UK fisherman, by law, have to log their catch on a government website before they land it. If, as you suggest, they landed it and drove it to the ministry of farming, fisheries and food and asked them to do the paperwork then they'd be breaking the law and risk a criminal record."

                Not to mention the risk of their vehicle smelling of rotting fish after driving their catch from the port all the way to London.

                1. Version 1.0 Silver badge

                  Re: You need AI/ML for that?

                  "Give us access to the data we require, or be prepared to be blasted out of the sky" - a line in the Red Dwarf episode, Tikka To Ride back in 1997.

                  I wonder how that would be written these days, would they mention cookies?

                2. Anonymous Coward
                  Anonymous Coward

                  Re: You need AI/ML for that?

                  I've got a picture somewhere of a notice on a No.15 bus, a route that goes past Billingsgate fish market, that implores the workers not to bring their work home with them!

              3. eldakka Silver badge

                Re: You need AI/ML for that?

                UK fisherman, by law, have to log their catch on a government website before they land it. If, as you suggest, they landed it and drove it to the ministry of farming, fisheries and food and asked them to do the paperwork then they'd be breaking the law and risk a criminal record.

                Fair call. I was thinking more in terms of personal situations rather than business-oriented situations where you already need some sort of license/permit to operate in the first place.

              4. Anonymous Coward
                Anonymous Coward

                Re: You need AI/ML for that?

                Quote, "The UK benefits calculator is only available online and there's no government help for those who can't/don't/won't use computers"

                That is just wrong.When I claimed my state pension, and I have claimed a couple of other benefits since, they all offered me a choice of claiming via the post or doing it all over the telephone. I do it all via post.

                You can also do the "benefits calculator thing" over the telephone.

              5. Anonymous Coward
                Anonymous Coward

                Re: You need AI/ML for that?

                'the ministry of farming, fisheries and food'.

                Where have you been for the last 21 years? It's been Department for Environment, Food and Rural Affairs since 2001! But yes, everything that can be automated and outsourced to the 'customer' has been, and they don't even have dedicated offices now, tending to share them with other government departments and agencies. Because of the reduction in units of human resource required after the automation and outsourcing.

                Been there, done that, thankfully retired.

            2. Pascal

              Re: You need AI/ML for that?

              It sounds exhausting to hate javascript that much.

            3. ShadowSystems Silver badge

              At Eldakka.

              Thank you for pointing out that fact before I could return to do it myself. Enjoy a pint in thanks.

              To the AC that asked about non-accessible sites, the responce is simple. I call up that department & inform them that the site fails the Americans with Disabilities Act requirements that all government services be equally accessible to the disabled as they are to the able.

              Like Eldakka mentioned, they often try to get me to log in via a terminal in their lobby. I sit down, put my fingers on the keyboard, & wait for their computer to begin speaking. What's that, no screen reader? Well, thank you for proving my point. Even better is if it's a touch screen & there's not even a keyboard for me to use. A flat slab of featureless glass with no haptic feedback, oh yes that's _oh_so_ accessible... Not.

              I then make them get up off their lazy ass & assist the disabled to do what the site won't allow me to do. Yes it annoys them, but not as much as it annoys ME for having to navigate the artificial obstacle course in my path.

              JS isn't needed for, and is actually counter-productive for, accessibility; it's absolutely not in the best interests for security.

            4. very angry man

              Re: You need AI/ML for that?

              this sounds like Australia, all i can say is try that now?

              it wont work.

              they will refer you to a telephone.

          2. Ramis101

            Re: You need AI/ML for that?

            Personally i use a sandboxed portable browser. which then gets rinsed before use again.

        2. myhandler

          Re: You need AI/ML for that?

          It's hilarious how the JS haters here think they have *the* answer.

          It's become a cult here.

          They fail to grasp they are a tiny percentage of the population.

          Might they consider this extension is not built with them in mind?

          Yes, yes, downvote away.

          1. Disgusted Of Tunbridge Wells Silver badge
            Paris Hilton

            Re: You need AI/ML for that?

            It's like they want to use a can on a string to phone HMRC because they perceive it to be more secure and having a hissy fit because the government insists that they use a telephone.

            It's so bizarre that these cultists think they have a legitimate grievance. If you're that paranoid then either open your browser in a VM or cut down on the cocaine.

      2. Version 1.0 Silver badge

        Re: You need AI/ML for that?

        disabling JS on web pages now days will give you a completely empty page at best. - FTFY

        1. Disgusted Of Tunbridge Wells Silver badge
          Paris Hilton

          Re: You need AI/ML for that?

          Just like requesting web pages using GOPHER will result in nothing more than funny looks from the web server.

          Why go out of your way to be difficult and then complain that others are the problem?

          1. Cuddles Silver badge

            Re: You need AI/ML for that?

            Because others actually are the problem. Just because many people have been conditioned into accepting an abusive situation, or simply don't understand the matter at all, that does not mean everyone should just roll over and blindly accept it. Websites that insist on loading giant piles of unnecessary scripts are a real problem in terms of usability, accessibility, and security. Pointing this out is not "going out of our way to be difficult" it's just, you know, pointing out the problem.

            1. Anonymous Coward
              Anonymous Coward

              Re: You need AI/ML for that?

              But if "others" outnumber you, they could just employ the equivalent of an SEP field and write you off. They'll figure, what are you to them anyway?

            2. Disgusted Of Tunbridge Wells Silver badge
              Paris Hilton

              Re: You need AI/ML for that?

              Requiring Javascript isn't an abusive situation. For Christ's sake, get a grip.

              "Abusive situation". How sheltered is your life that you think that is remotely appropriate?

    2. This post has been deleted by its author

    3. Mike 137 Silver badge

      Re: You need AI/ML for that?

      @ShadowSystems

      I'm 100% with you on this.

      I've recently noticed an increasingly common pernicious habit in 'cookie permissions' pop-ups. At first sight, all appears legal - the essential cookies box appears ticked and the non-essential cookies boxes appear unticked. However, when you turn the style sheet off, they all show as ticked. A prime offender is a third party 'cookie permissions' service that serves the pop-up to web sites. A result of auto click through would be to break the law by enforcing consent.

      However, as to the 'ancient browser', quite apart from the browser nagging for updates all the time, an increasing number of sites (goooooooogle drive for one) complain that one's browser is 'not supported' now. I supposed we're expected to keep the churn turning regardless of any other considerations (including security, performance and convenience).

      1. bigtimehustler

        Re: You need AI/ML for that?

        I'm sure someone will say in a minute that they disable css while browsing.

        1. Ian Johnston Silver badge

          Re: You need AI/ML for that?

          The hardliners here all use Lynx, I imagine. In monochrome, just in case.

          1. Disgusted Of Tunbridge Wells Silver badge
            Holmes

            Re: You need AI/ML for that?

            You use a display?

            What if the CIA are looking at your screen?

            ( Mines the one with the crackpipe. I'm not paranoid, you're paranoid. )

  2. Adrian 4 Silver badge

    essential ?

    How do we know they're telling the truth when they say a cookie is 'essential' ?

    1. W.S.Gosset Silver badge

      Re: essential ?

      They have an honest face.

      1. b0llchit Silver badge
        Joke

        Re: essential ?

        And that face is of course checked by the AI.

      2. Anonymous Coward
        Anonymous Coward

        Re: essential ?

        It's just as Burns said: "Fair fa your honest, sonsie face, great chieftain o' the biscuit race"

      3. ske1fr

        Re: essential ?

        Deep faked!

    2. Neil Barnes Silver badge

      Re: essential ?

      Exactly the question I came here to ask. It seems to rely on the provider correctly labeling the 'essential' cookies, and also on the hidden question of 'essential to whom?'

      Perhaps a simpler approach might be a browser which simply deletes cookies when the tab containing the page is closed, rather than waiting until the browser is closed? (Yes, I know there are add-ons, but they damn well shouldn't need to be.) Or better yet, sandbox cookies so they are visible only within the tab which sets then and then only until the domain viewed changes?

      1. W.S.Gosset Silver badge

        Re: essential ?

        Big tick on the sandbox cookies. Great idea.

      2. Mike 137 Silver badge

        Re: essential ?

        'essential to whom?'

        The European law is explicit on that point. 'Essential' means strictly necessary for delivery of the service to the customer - i.e. the service could not be provided without the cookie for a specific technical reason - e.g. a shopping cart cookie or a site access credential. 'Required for our [or your] convenience' is explicitly excluded from 'essential'.

        The big problem is that almost all businesses simply ignore the law, and get away with it because it's not policed other than via complaints (and the abuse is very hard for the customer to find out about in order to complain). The entire failure of the GDPR (and it's a huge failure) is that it's ineffective because it's not enforced except in the most egregious instances of breach. So the cultural position of business (and not just businesses outside the EEA) is that compliance is unnecessary.

    3. Alumoi Silver badge
      Joke

      Re: essential ?

      If it's tracking you it's essential.

  3. Anonymous Coward
    Anonymous Coward

    If a site makes rejection of cookies difficult….

    … I file it under “exit stage right”

    - Snagglepuss

  4. Tim 11

    Who could possibly have predicted...

    ...that forcing every web site to put up a dialog which you need to click "accept" before you can use it would have the "unexpected" effect of training users that whenever a web site puts up a dialog the easiest way to get on with your life is to click "accept" without reading it

    Congratulations EU wonks, you just made the problem a whole lot worse.

    1. Zack Mollusc

      Re: Who could possibly have predicted...

      The website designers are the ones who put up the dialog which you need to click 'accept' to use the site.They could design the website without tracking cookies, but they choose to indulge in shitty practices.

      The EU wonks are just raising awareness of the shitty practices of the website designers.

      1. Headley_Grange Silver badge

        Re: Who could possibly have predicted...

        Or -- the legislators could have written the law so that the default was to reject non-essential cookies and the positive consent was required for them.

        1. Ian Johnston Silver badge

          Re: Who could possibly have predicted...

          That seems to be increasingly the default position.

          1. Headley_Grange Silver badge

            Re: Who could possibly have predicted...

            True, but you still have to click through on many sites to confirm it.

  5. Ordinary Donkey

    Researchers are already looking for a workaround no doubt.

    If the AI assures them it has disabled all the non-essential cookies then most users will let their guard down so all the website needs to do is find a trick that fools the AI but not a human and loads of people will accept cookies they would manually reject. Then the developers of the AI will be looking for a way around that...

    I think Douglas Adams described the phenonomon with regards to his Thumb device, no?

    1. Anonymous Coward Silver badge
      Big Brother

      Re: Researchers are already looking for a workaround no doubt.

      Or redesign their tracking system to not use cookies at all. I could probably do that in less time than legal take to approve new wording (but I wouldn't, because I have ethics)

      1. Version 1.0 Silver badge

        Re: Researchers are already looking for a workaround no doubt.

        It's illegal to walk out of a pub after a few hours and piss on the street ... so maybe we should just make cookies illegal - it's not that different. Yes, it would change the web environment but stopping people pissing on the street helped make the world a better place.

        1. Jan 0

          Re: Researchers are already looking for a workaround no doubt.

          Civilised countries put drains in the streets so that you don't need to piss on peoples' doors.

    2. elwe

      Re: Researchers are already looking for a workaround no doubt.

      Doesn't the website's data controller need to have the informed consent of the end user to collect their PII?

      It seems to me these shady pop ups put the data controller in breach of GPDR, and liable to the fines that result.

      The existence of an AI pop up clicker removes the validity of the assumption that the end user must have given consent via the pop up. I could see a court fining a data controller because they didn't apply a captcha to the pop up, but assumed it must be the user.

      Are we seeing the tech companies walking into an EU government trap to 'tax' them by lulling them into a false sense of security, then applying GPDR fines for these transgressions? I hope so, but I doubt it. As Hanlon's razor says: never ascribe to malice that which is adequately explained by incompetence.

      The EU should really legislate that accepting only essential cookies must be at least as easy as any other option. But it would be much more fun to back the websites into it by fining them repeatedly, forcing them to add captchas to the pop ups etc. until they get the idea...

  6. anthonyhegedus Silver badge

    Can't open this page in Safari on my mac, ironically

    It says this page was blocked by a content blocker. FFS!

  7. nematoad Silver badge
    Stop

    Fox guarding the hen-house.

    "Some of the organizations forced to implement these pop-ups have designed them specifically to be tricky to navigate, or use dark patterns to fool someone into selecting the opposite desired option,"

    Right, I see that from time to time and wish it would go away, but;

    "A team of researchers at University of Wisconsin-Madison and Google..."

    Right there is the problem.

    If you have ever had to click through the Youtube cookie dialog you will know what I mean. Who in their right mind has boxes that allow you to switch off cookies showing the palest of pale blue change when you decline a load of data that Google wants to take for itself? And then goes back to the white original colour after you have chosen?

    Aesthetics? I don't think so. It's just one example of Google desperately trying to grab anything they can get about your internet habits.

    And they then expect us to believe that this project is for our benefit?

    Pull the other one, it has got bells on.

  8. Smeagolberg

    Required by law?

    "When confronted with cookie popups, which are required by European law and other legislation"

    Please! This is not true!

    Law only comes into play when a site tries to set up a surveillance environment. I estimate that 95% of my web use can be achieved to my full satisfaction and with full functionality by clicking links and using sites' search facilities, with no need for cookies whatsoever. As for 'essential' cookies, from a user's point of view they are very rarely essential except when buying, selling, commenting, etc.

    That the words 'required' and 'essential' are routinely taken at face value and not questioned shows the extent to which surveillance is widely assumed or not well understood.

  9. Anonymous Coward
    Anonymous Coward

    Google is involved, hmmm

    Google is involved, so I think I'll give this a very wide berth, no thank you. What's the bets that the machine learning takes place on Google servers "to enhance your experience" and that in doing so Google sets up a little shadow profile of all the sites the user visits as part of that learning process and, oh, yes, very definitely doesn't try to tie that data to you in as many ways as it can. If anything, Google are only doing this so that they get the data and at the same time locking out other ad/tracking platforms from doing so (not that I shed any tears for any of them).

  10. Marjolica

    Anyone else tried CookieBlock?

    There is already an extension available for most browsers, CookieBlock (see https://karelkubicek.github.io/post/cookieblock and https://www.ghacks.net/2022/03/24/cookie-block-corrects-gdpr-violations-in-the-browser/), that uses ML to try and eliminate non-essential cookies.

    Rather than simulate clicks it bypasses that stage and just deletes the non-GDPR compliant cookies you don't want.

    To make it work you do also have to use something else to auto click through the consent dialogue (e.g. uBlock Origin / Dashboard / Filter lists / Custom / Import ADD : https://www.i-dont-care-about-cookies.eu/abp/).

    This extension is also developed by academic researchers but without Google involvement.

    Anyone else tried it?

  11. marcellothearcane

    Prior art

    https://github.com/cavi-au/Consent-O-Matic

    No AI involved!

  12. Fonant

    I use Vivaldi, with trackers and adverts blocked by default, and no third party cookies saved. I also have uBlock Origin installed, which handles some more stuff that Vivaldi misses. And the "I don't care about cookies" plugin that removes most popups.

    Global (works for all sites not white-listed by me) and fully under my control.

    The EU cookie legislation is pointless, extremely annoying, and most probably makes the problem worse by people actively "accepting" dodgy cookies without thought.

    1. Mike 137 Silver badge

      "The EU cookie legislation is pointless, extremely annoying ..."

      .The legislation is not pointless at all. The problem is not with it but with the implementation of 'consent' adopted by most sites.

      It would be perfectly possible to make the default 'essential cookies only' (for which no consent is required) and have a simple link to a page containing explanation and reject-by-default selectors for other cookies. Then the user would by default not have to do anything at all to use the site, but could voluntarily choose to follow the link and make choices to accept further cookies if they wanted to.

      However, as the publisher's purpose is typically to obtain 'consent' for all cookies by fair means or foul, they make it annoying or impossible to proceed to the content without being forced to make cookie acceptance decisions. A perfect example is Amazon, that superimposes a full screen overlay over the page content that only goes away if you make cookie choices and have javascript enabled. And of course the legislation is not just about cookies as a specific technology but refers to all kinds of tracking entities, and who knows what that javascript is doing?

      I've recently noted an increasing prevalence of a very naughty trick whereby with CSS enabled the non-essential cookie choice selectors appear unticked by default, but if you disable CSS they are shown to be ticked. That's not the fault of the legislation - it's the fault of the site publisher and actually contravenes the legislation.

  13. Binraider Silver badge

    So how do you detect and avoid clicking the popups that sign you up to being part of the Human centipede?

  14. ICam

    I think I prefer the ICO's idea...

    This is an interesting solution and could be a reasonable stop-gap measure, but I think in general I prefer the idea the ICO have proposed in the past and covered by El Reg at: https://www.theregister.com/2021/09/07/ico_cookies_g7/

    If you can't be bothered to read that; TLDR: develop and implement standards to set your cookie preferences locally and signal them to the site when you visit it, eliminating the need to interact with manual cookie preference dialogues when you visit a site for the first time or have since deleted its cookies.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022