back to article Embattled users worn down by privacy options? Let them eat code

The people are defeated. Worn out, deflated, and apathetic about the barrage of banners and pop-ups about cookies and permissions. Illustration of someone shrugging while looking uncertain and a question mark over their head Brits hate how big tech handles their data, but can't be bothered to do much about it READ MORE …

  1. Headley_Grange Silver badge

    It's a great idea but here are already browser add-ons that deal with the majority of cookie-consent pop-ups that I get and a box to tick if they don't so they can update their database. I use Consent-O-Matic (recommended by a denizen of this forum who's name I can't remember, but thanks) but others are available.

    1. Anonymous Coward
      Anonymous Coward

      GDPR etc is a joke and an opportunity for governments to "create (useless) jobs".

      The law should FORBID ANY TRACKING and data sharing with 3rd parties, UNLESS YOU ARE LOGGED IN and agreed to specific data processing. Otherwise anonymity must be respected unconditionally. Stop bothering people with cookie nonsense and device settings.

      Maybe 20 years ago this was OK, but now it is time to cut off the big-tech tentacles and let them innovate without the surveillance shortcut.

      The moment data is shared with a 3rd party, a user must be informed by their (shared anyway) email: who got access to the data and why.

    2. StewartWhite Bronze badge
      Big Brother

      That's fine but most people outside techiedom will not do this or anything like it and Big Tech will in any case be snooping on you by whatever other means they can, e.g. LinkedIn having a default opt-in for AI scraping until enough people complained - they're likely still scraping it whether you do or don't tick/untick the relevant box and woe betide you if you ever forget to tick a new box that they add at 3am on Xmas Day for an hour hidden behind a section in their Anti-Slavery Statement labelled "Beware of the leopard!" as they'll take that to be your implied consent to donate your liver whilst still alive.

      It's a fundamental industry problem with the attitude of "The regulators are toothless and don't really care so we must get as much info as we can ASAP then pretend to change our behaviour if/when somebody notices".

    3. cookiecutter

      we should not need to go through the hassle of having these extra controls on our browsers; OR even worse..trying to explain them to older relatives.

      We need to see some good HARD slaps of companies and tech. firms. Especially non tech firms who didn't bother hiring the right people and decided to make stuff up as they went along.

      If your business model is so crap that you have to subsidise it with selling customer data , then no sympathy. you deserve the slapping, the fines and the potential going to the wall.

      I can't remember the site, but one of the sites I browsed had nearly 1500 "partners"...that kind of fuckwittery is inexcusable

  2. Korev Silver badge

    The user gets to configure their own default responses in the browser's privacy settings, and the cookie law option box disappears. Sites and services can ask to have their special cookies opted in, but the price to the users for not thinking about such options is zero.

    I already have "Do not track" enabled on every device I own/use, it's a shame that honouring this is not mandated by law.

    1. Anonymous Coward
      Anonymous Coward

      "I already have "Do not track" enabled on every device I own/use, it's a shame that honouring this is not mandated by law."

      The "industry" ignored DNT because they claimed as (some) browser enabled it by default then it did not "reflect" individuals' intentions

      1. Headley_Grange Silver badge

        That could easily be fixed by making tracking an opt-in service, which others have suggested. The law should be changed such that tracking is traceably opt in so when I complain to the ICO* about being tracked they just contact google/meta/etc and request proof that I have actively opted in and in the absence of proof someone goes to prision.

        *I know from experience that the ICO never do anything, but eh.

  3. ChoHag Silver badge

    > it's hard to construct a logical reason why it's a bad idea

    Neither google nor apple will implement it. Mozilla lacks the teeth to make their implementation matter.

    1. DailyLlama

      If it's a law, it doesn't matter if Google or Apple don't like it...

      1. Richard 12 Silver badge

        Only if the ICO actually deigns to enforce it.

        The real problem is that enforcement isn't happening. Every single one of the "annoying" cookie popups is flat illegal. Every single one of the "pay or track" demands is illegal.

        There are any number of mid-sized targets, prosecute them. Then prosecute the big ones, and the small ones will fall into line of their own accord.

        And yet, it took how many years for Ireland to ask for the tax they're due, and they even fought against it - presumably because certain high-up politicians and civil servants wanted the revolving door to keep revolving.

        1. Anonymous Coward
          Anonymous Coward

          Wouldn't it be interesting if there were a site that listed every non-compliance within the EU jurisdiction automatically to the regulator.

          Also interesting -> https://www.cookieyes.com/blog/cookie-consent-fines/

      2. OhForF' Silver badge

        It is hard to write a law in unambigious words so it does not allow someone to either dodge it entirely or comply with it in some very malicious way - like was done with those cookie banners.

        In other words: it does matter if Google and/or Apple and the the entire ad industry do not like it and start the next round of malicious compliance.

    2. Dan 55 Silver badge

      Just like PICS, only IE implemented it and website owners couldn't be bothered to categorise their sites.

      And this is even more doomed to failure because the whole of the advertising industrial complex is propped up on cookies and won't do anything that could prejudice its own profits (certainly not the "right thing"), unless it's written in law* and in that case it'll lobby, scream, and shout, and implement it in bad faith.

      * By the EU of course.

    3. ComputerSays_noAbsolutelyNo Silver badge

      It will harm innovation, yada yada yada

      We all know the excuses the tech industry makes, when something is proposed that benefits the cattleusers and not them.

  4. NohSpam

    yes, yes and thrice, yes!

    which is why I've suggested (for ages and ineffectually) that we should lobby EU legislators to standardise the form, which should incorporate mandatory easy (one click) opt-out of all cookies and a separate but mandatory (one click) opt out of all 'legitimate' interest options. Being a standard specification it should also allow sites to silently take your preference and go with that. Sites should also have to display a menu option in a top level menu for adjusting privacy choices either after their default has been silently adopted by the site or they have made an explicit choice they'd like to adjust.

    I like the API twist mentioned in the article though.

    1. Marcel

      Re: yes, yes and thrice, yes!

      Of course this should have been standardized in a protocol like HTTP, TLS, HTML, CSS, etc. It should be a browser setting and websites can dump 90% of their javascript that is dealing with ads, consent, and other legal crap. What I hope though is that if this is legislated, it will not legislate cookies, but legislate banning tracking and selling your data, which is the real problem. Cookies are just one of the many technical means to track you. We would not like ad companies in use other sneaky ways that are not cookies, but still track you and sell your data without you knowing.

      1. OhForF' Silver badge

        Re: yes, yes and thrice, yes!

        There are at least two standard implementations to refuse tracking (Globaly Privacy Control and Do Not Track). All that is missing is a law saying those have to be treated as a legally binding instruction with meaningful fines if ignored and more fines for those that are meant to enforce it if they do not do their jobs.

    2. Andy The Hat Silver badge

      Re: yes, yes and thrice, yes!

      but I think you'll find that all 138 companies listed will have "legitimate interest" - they are all making money out of you - so all need to be individually listed in a helpful, easy to click series of check buttons for the user to consent to individually ... GDPR was never about actual user control, it was only about the appearance of user control because data makes money, money makes tax ... so there is no interest to actually stop that data flow.

      1. Anonymous Coward
        Anonymous Coward

        Re: yes, yes and thrice, yes!

        "...money makes tax..."

        I'm not sure that link in your chain of reasoning holds up, to be honest. If the big boys paid a decent share of revenue as tax, then I might agree with you (and it might justify letting them get away with it).

        In other news, Max Schrems won another case against Meta:

        https://www.rte.ie/news/business/2024/1004/1473586-schrems-privacy-dispute-with-meta/

        1. Andy The Hat Silver badge

          Re: yes, yes and thrice, yes!

          As I see it, the judgement says old data can't be used - 10 days, 10 weeks, 10 years ... what is old? I believe the GDPR only refers to outdated data. In the UK version the ICO guidelines state

          "The UK GDPR does not dictate how long you should keep personal data. It is up to you to justify this, based on your purposes for processing. You are in the best position to judge how long you need it." so plenty of holes to wander through there ...

          And then there's the use of restricted data sets. Does the GDPR define those data sets? Again the ICO states

          " If you do not need to identify individuals, you should anonymise the data so that identification is no longer possible."

          Unless meta are supplying raw data to advertisers what data is actually allowed when consented under GDPR? Having said that the article sort of suggests the passing of identifiable data as Meta is reported as saying "it's the advertisers responsibility ..." at one point)

  5. Mark White

    What really annoys me...

    Sites claiming Google Analytics is a necessary cookie.

    Legitimate interest options you have to scroll and unselect every single one of them.

    Sites where opting out is required on every visit (or for a few, every page) but opting in is once and done. Can we have a cookie for tracking our cookie choices we can opt into (or is designated necessary)?

    1. Anna Nymous
      Holmes

      Re: What really annoys me...

      That would require a cookie, which wouldn't be allowed to be set if you decline setting cookies.

      However, the point is not to get your informed consent. The point is specifically to wear you down so that you allow them to set cookies. Some of the evidence for this assertion is that it's easier to let them set all cookies than it is to decline them.

      If one really wanted a solution: wouldn't it be much easier to just respect Do-Not-Track? Because that signal is pretty easy and pretty much covered everything needed. I don't think I know anyone who can or would make an informed decision on "Sure, I want to be tracked by X and Y but not by A and B, oh, and C is fine as well, but only for purpose D". DNT is simple enough.

      Even if that setting comes with a default value of 'on' (indicating "I wish to not be tracked"), it's still a default and should be respected. Note that it was argued that "because firefox sets Do-Not-Track to true by default, it's not what the visitor 'really' wants, thus we can and will ignore it" but that's just plain BS. If advertisers really cared about explicit user intention, they'd opt for the more certain "a user who switched it from 'Do-No-Track' to 'Track-me-please' has given explicit consent to be tracked and so is fair game".

      This quote by Frank Bitterlich comes to mind on the tracking that we are subjected to:

      I'm sick and tired of the constant "... but we need the advertising revenue" whining. You're not making any advertising revenue. You're making tracking revenue. ... Who on this planet would accept someone ringing your door bell and going, "Excuse me, sir, we need to make sure the junk mail we fill your mailbox with is relevant, so I just need to have a quick look at your book shelves and the products in your fridge. If you could just step aside for a second..."

  6. Brewster's Angle Grinder Silver badge

    I don't worry about cookies. Because they are all reset when the browser exits. Maybe legislate to make that the default.

    1. collinsl Silver badge

      Well you should because:

      1. How often do you restart your browser?

      2. What data is being fed back to the placers of those cookies whilst your session is still active?

      1. Doctor Syntax Silver badge

        "How often do you restart your browser?"

        Frequently. For that reason.

        1. Richard 12 Silver badge

          But not often enough.

          There's a reason Firefox has "Facebook jail", and it's because restarting the browser to nuke all cookies has a cost - you lose at least some general context, so as a user, you only do it a few times a day.

          1. DoctorPaul Bronze badge

            And that in itself is enough of a reason for me to use Firefox for many years.

    2. RobLang

      On session cookies are removed, there are plenty of long-expiration cookies that remain. Such as the cookie that's stored when you tell the cookie popup to go away.

  7. anthonyhegedus Silver badge

    Unfortunately for me, and luckily for the websites, I'm usually in a bit of a hurry to find information, and didn't want to consent to anything first. So when I get the cookie popup (and I don't always, because I use Consent-o-matic too), I worry that if I click Don't Accept, it won't remember that I said no, and will ask me permission next time I go to that site, so I often click 'Accept'. And yet I still get the popup.

    Especially in Facebook on my mobile, where facebook's own browser is awful, and it asks me every time anyway.

    I don't see what good any of this does. My browsing history is still tracked.

    1. druck Silver badge
      Facepalm

      You are concerned about cookies, but you use Facebook? --->

      1. Anonymous Coward
        Anonymous Coward

        Lot of people do, Meta-owned properties have far more than critical mass, so avoiding them adds friction to interacting with friends, including IRL friends

        Having the browser remember your 3rd party & not required for function 1st party opt outs, but also retain your login/cart would be ideal

        1. Doctor Syntax Silver badge

          "avoiding them adds friction to interacting with friends"

          Your friends, possibly. But your friends clearly aren't my friends.

  8. BinkyTheMagicPaperclip Silver badge

    Tie it to domain renewal - APIs are utterly useless

    It's exactly the same as a cookie - the decent companies will spend money and effort catering for it.

    The companies who deliberately don't conform, or can't be bothered, will continue not to comply or bother. This also provides them a competitive advantage.

    Nothing will happen until there is enforcement. Fairly large to very large websites have been failing to comply for *years* so forgive me if I think the ICO will ever actually do anything.

    A thought. Tie it to domain renewal. Starting on the next domain renewal for everyone, if your domain is marked as being non GDPR compliant the owner has until the next renewal year to fix this[1], otherwise the renewal does not occur and their domain becomes unreachable. If the customer complies just before renewal, and then breaks compliance they face fines or a shortening of their registration.

    [1] yes, I'm aware this causes issues with everyone bulk purchasing multiple years. Given many large companies will comply, the float necessary to e.g. potentially refund a customer any years booked beyond year+1 might not have to be that large.

    1. Anonymous Coward
      Anonymous Coward

      Re: Tie it to domain renewal - APIs are utterly useless

      "Starting on the next domain renewal for everyone, if your domain is marked as being non GDPR compliant the owner has until the next renewal year to fix this[1], otherwise the renewal does not occur and their domain becomes unreachable."

      How can a domain be compliant/non-compliant with GDPR?

      You mean the service(s) hosted via that domain and its sub-domains? Such as websites, services/applications? Email servers? other HTTP/HTTPS end-points? SIP/XMPP servers? etc

      How exactly is a domain registrar going to determine compliance? Are they going to have to hire GDPR-experienced staff and be somehow legally empowered to force the domain "owners" to provide whatever docs etc that the registrar demands to "prove" GDPR compliance?

      1. BinkyTheMagicPaperclip Silver badge

        Re: Tie it to domain renewal - APIs are utterly useless

        To Be Decided is the answer - likely to be a mixture of regulatory and other bodies, and end user reporting. I don't claim to have worked out all the answers for a general idea in a couple of minutes. The point is for not meeting GDPR to stop being toothless.

        A lot of the lack of compliance is very obvious, it's just no-one is enforcing it. From the egregious (refusing to disable tracking) to the irritating but still illegal (restricting certain functionality to tracking being enabled). That would resolve 95% of issues, leaving only the 5% of arguing if not entirely straight forward data collection and usage are appropriate.

        Obviously if it's a hosting service with subdomains owned by multiple customers that complicates things slightly, but on the whole I'm concentrating on a company offering services on a domain name.

        If they're not compliant, they get an extended warning (a year to start with, less time after that, progressively less if they keep 'complying' and then immediately reverting to become non compliant).

        If they don't meet the warning the entire domain gets turned off, as that's under control of the registrars. Harsh, yes, but they've had *a year to comply with something they should have complied with anyway*.

        I mean, it will never happen. Companies gaining revenue from abusing GDPR to various degrees will kick and moan, and the regulatory bodies will back down because it generates money, despite the fact it's a law and they're in direct violation of it.

        1. Anonymous Coward
          Anonymous Coward

          Re: Tie it to domain renewal - APIs are utterly useless

          "A lot of the lack of compliance is very obvious, it's just no-one is enforcing it."

          Not necessarily obvious - you appear to be focusing on one specific point - a website using a domain name.

          Domain names can be used for various purposes, I could set up a business that uses a certain domain name only for email or for SIP or something else and either not have any website at all, or have a website on a completely different domain name.

          So how is determining GDPR compliance / non compliance of email or SIP or other service(s) "obvious" then?

          You're just assuming "domain name" == "website"

          1. BinkyTheMagicPaperclip Silver badge

            Re: Tie it to domain renewal - APIs are utterly useless

            I'm well aware domains are used for many purposes. I am not about to go writing a specification in five minutes, out of necessity not all detail are included.

            Companies are already prosecuted for GDPR violations from e-mail, post (probably fairly rarely these days), SIP or actual POTS calls. The mechanisms exist.

            This Register article is specifically targeting websites, proposing solutions for websites ('Web APIs'), and it's generally what most end users will encounter in terms of requesting permissions, cookies, and suchlike.

  9. cc201516

    Irony

    The irony of reading such an article on this site, which uses one of the worst cookie notice providers there is

    Battling through a multitude of primary and legitimate notice options on its first page only to find an option at the bottom for vendor preferences, where every single vendor needs declining individually, scrolling through what seems like thousands

    It's easier just to not bother going to these sites anymore

    1. Norfolk N Chance

      Re: Irony

      The other irony is reading this article here.

      Anyone employed in an industry connected to the web (physically or by market) probably relies upon data harvesting revenue to a greater or lesser extent - ask yourself would your job exist without it? I suspect for many readers the answer is uncertain.

      Personally I think data harvesting is a disease - is it really the best we can do with interconnected computers?

      Then I look at Snaptwit and Instaface and now I'm uncertain...

      1. Anna Nymous
        Coat

        Re: Irony

        > Anyone employed in an industry connected to the web (physically or by market) probably relies upon data harvesting revenue to a greater or lesser extent.

        Probably, and I think it's pretty telling w.r.t. the actual main product-facade that is being peddled by those organizations.

        If your revenue model is coming from providing a no-cost-to-end-users service/content and subsidizing this via advertisement, you are explicitly stating that "no-one thinks what I provide is valuable enough to give me real money, no-one would give me money for what it is that I do, so I have to forcibly extract it from them in another way by selling their information and eyeballs". You're literally stating that what you "sell" is not worth money.

        I am aware that this site here gets by via advertising. I would actually pay real money for access to El Reg.

        Icon is me rummaging in my jacket pocket, finding the random coins that always get lost in there...

      2. BinkyTheMagicPaperclip Silver badge

        Re: Irony

        Yes. Work is absolutely bound to the web, we're services and saas.

        There is *zero* reliance on data harvesting because we're boring, business to business, and regulated in various areas. We take a lot of care to comply with GDPR and data security.

        I'd also note when I was involved with certain American companies they were considerably less compliant than the EU companies I've dealt with.

        1. jlturriff

          Re: Irony

          Re American companies, of course! Aside from a handful of states, there is no regulation of online privacy here at all.

      3. teebie

        Re: Irony

        "ask yourself would your job exist without it?"

        Yes, I work for a real company that provides users with a service they want, not a pack of bandits using underhand tricks to try to exploit their users.

    2. ChoHag Silver badge
      Stop

      Re: Irony

      I have two register cookies, in order to use this forum, and I have never accepted or declined anything in a cookie tracking dialog on this site nor has one ever got in my way.

      There are certainly things one could pull up the register for, but its approach to cookies it not one of them.

      I have met their developers and they are quite serious about that.

      1. jlturriff

        Re: Irony

        Yes. TheRegister is definitely in the minority, though.

  10. Anonymous Coward
    Anonymous Coward

    Toyota

    Remind me never to buy a Toyota! If they'd sent a letter like that to me, I'd ... don't know what but something nasty.

  11. Rattus
    Thumb Down

    And you are not helping....

    It doesn't help that the very 1st link in your artical is to a website with a cookie option that does NOT contain reject all, but instead makes you turn off each and every "legitimate" interest cookie option.

  12. hfo1

    Opt-in?

    It feels like the easiest option would be a to make this an opt-in process rather than an opt-out one? Then all the incentives would be on the organisations to simplify and standardise their processes. Disinterested users would be protected by default. Maybe allow essential cookies with penalties if somebody tried to stretch the definition of essential.

  13. Irongut Silver badge

    > The user gets to configure their own default responses in the browser's privacy settings, and the cookie law option box disappears

    Great idea, why don't we call it DO NOT TRACK? Oh right, we have that already and it does not work.

    Back to the drawing board Rupert, like an Apple engineer you invented something that already exists.

    1. Anna Nymous
      Big Brother

      > Great idea, why don't we call it DO NOT TRACK? Oh right, we have that already and it does not work.

      It does work, it signals your intent that you wish not to be tracked.

      However, it is being sabotaged by those who benefit from ignoring that intent, and are hell-bent on exploiting and abusing you and everything there is to you. The problem is not that "it doesn't work", the problem is that is being actively circumvented/ignored/... Your signaled intent is intentionally ignored and discarded. That is the problem.

      The argument put forth in support of DNT not working is like saying "Telling people you don't want to be murdered and then you are murdered doesn't work, so it doesn't work". The problem is not the sign, the problem is the violent actions on the part of the abuser. To take it a step further: you shouldn't even have to opt-out, you shouldn't even have to say you don't want it. The fact that someone applies it to you is wrong in the first place. If you really want to be tracked, state that. Then these abusers can have their way with you!

      1. doublelayer Silver badge

        Or in other words, it doesn't work. Its failure to work is not because the technology is wrong. It's not because people can't use it or servers can't direct it. It's because those who would have to honor it are not and those who would make them are doing nothing. If they made an API that automatically filled the cookie selection boxes, that would help, but any company that wanted could still set whatever cookies they want. They could say that collection was a strictly necessary cookie. They could say that there was a mixup in their code that ended up setting the wrong cookies. They could set a cookie which was meant to indicate that data collection isn't desired but happens to work as a fingerprint anyway. The suggested API is little different from the do not track signal in that it has no technological enforcement of compliance, if such a thing is even possible, so without strong enforcement from somewhere else, it won't make a change. If you had strong enforcement from somewhere else, you could use the DNT setting, this API, or any similar indicator.

        1. Anna Nymous
          Thumb Up

          > without strong enforcement from somewhere else, it won't make a change.

          I wholeheartedly agree that strong enforcement is needed!

      2. Anonymous Coward
        Anonymous Coward

        "It does work, it signals your intent that you wish not to be tracked."

        "Their" excuse for ignoring it is that on browsers that set DNT by default then DNT does *not* actually clearly signal *your* intent, as a browser sending DNT could be doing so because either (a) the browser defaulted to sending it, or (b) you specifically set it to be sent, and that "they" cannot distinguish between those 2 scenarios.

        I am not saying this is "correct" / "valid", I'm just pointing out their excuse for ignoring DNT.

  14. JulieM Silver badge

    Time to get spiky

    We need to start turning to more proactive forms of defence. Browsers need to have the option not just meekly to accept or reject cookies (on an individual basis, keeping logs of cookies not set in case some site functionality depends on them and using some heuristics to determine which ones might be related to broken functionality); but to return "crumbled" cookies, different from what the site tried to set, for the purpose of thwarting trackers.

    We need to be more like certain fruit stones; which are quite safe if allowed to pass through the body unaltered, but release deadly cyanide if chewed.

    1. stiine Silver badge

      Re: Time to get spiky

      That's probably against various laws. A good idea that I agree with, but still against the law.

      1. jlturriff

        Re: Time to get spiky

        I'm pretty sure that the law is against modifying code, not data, which is what a cookie contains.

      2. JulieM Silver badge

        Re: Time to get spiky

        What laws could it possibly be against? It's my computer. I decide what gets stored on it -- and how faithfully.

  15. Filippo Silver badge

    You're suggesting a technical solution to a social problem. It won't work.

    More details: your proposal could be implemented in a technical sense, but it can't work if the web server doesn't comply. And the web server is under the offenders' control.

    How are you going to force the offender web servers to comply? There are no technical means to do so.

    Are you going to suggest using legislation? And enforcement? Yes? How should that work, and how are you going to get it through your nearest parliament? Okay, now you're thinking about the real problem. Get back to me when you've got a solution.

  16. Persona Silver badge

    Cookie-addicted businesses will hate this idea, but it's hard to construct a logical reason why it's a bad idea.

    No, cookie-addicted businesses would love it, because > 95% users if able would configure it to accept all cookies. Thus saving them the irritation of that cookie pop up slowing them from doing what they visited the web site for.

    The only thing that will stop people from accepting all cookies is evidence of bad things happening if you do so. The author likens it to being like a house with faulty wiring or a car going wrong. We all understand those problems, and know of relevant examples, so people react to them accordingly. So where are the examples of cookies being bad? By being bad I don't mean allowing the user to be tracked and possibly presented with tailored adverts directing them to a bad web site, I mean examples that show actual real financial loss with a cookie being the root cause.

  17. andy the pessimist

    would this work?

    Since the cookes are written to a local sqlite file could you write very large variable names and invalid data. The website reading cookie process may crash.

    Little Bobby tables may cause so.e damage too.

    If they have been sloppy in the website coding bad things will happen.

    1. DoctorPaul Bronze badge

      Re: would this work?

      Loving the idea of poisoned cookies! And if some random corruption (honest guv) just happens to produce some SQL injection that would be a real bonus.

  18. ebyrob

    I keep trying to convince my boss...

    It doesn't matter what you click on the cookie popup. You have no privacy anyways and that pop-up shouldn't be there in the first place.

    If you don't want to be tracked, don't go on the internet. Especially to big sites like www.theregister.com (kidding, more like cnn.com msn.com etc). Your IP address is going to be known and they are going to "collaborate" with other sites (ad.doubleclick.net) to know absolutely everything about you just based on your IP (or any of N usernames N "web-auth-tokens" etc.)

    If we had any hope of privacy and control it would come through the security and technology of groups like the W3C and our browser vendors (one of which owns ad.doubleclick.net oddly enough). I've never in a million years expected to have a government entity protect my technological interests. The fact they try, especially outside their own jurisdiction, just tends to make things worse instead of better.

  19. Cincinnataroo

    Maybe all we need is a public list of all the people involved in creating this consent form disaster.

    Maybe also a mandatory form on all websites using these forms telling you what you consented to, with common identifiers of the miscreants involved, and a way to down it as say JSON and CSV.

  20. John Robson Silver badge

    Or have the browser ask when a cookie is read - and remember that allow/deny (by domain for a deny, by specific cookie for an allow) in the browser.

    As various people have said upthread - they have cookies reset on every browser session... that's great, but some sessions are pretty long, and that also gets rid of authentication cookies (which is less of an issue nowadays with autofill from your chosen password manager).

    I don't care if FaecesBook et al. put a cookie on my machine, I care that they don't get to read it back.

    This should all be handleable by the browser - accept all cookies and just deny reading them by default...

    1. JulieM Silver badge

      Cookies get returned to the server that set them in the headers of every HTTP request; whether that be for loading a page, one of the pictures on it or some JSON for an AJAX request.

  21. Primus Secundus Tertius

    Cookies not needed

    The original excuse for cookies was that computers were too small for the website owner to store details of 100,000 users. That is no longer the case.

    Therefore the reason for cookies has gone, and cookies should simply be banned.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like