Cookie madness

There seems to be an increasing number of websites now that are finally coming round to the act that they should not set cookies unless the user accepts them. They do this by having an Accept / Reject button which is great and fulfils the requirement nicely. On visiting the site one can simply press Reject All or whatever and then no cookies should be set other than those classed as strictly necessary. True, there are still many websites whose designers falsely consider that advertising cookies are strictly necessary but many websites are now far more compliant than they were a few years ago. However, not being too negative on thise conforming websites but does anyone actually check the number of users clicking Accept vs Reject? That kind of information, which can of course be collected entirely anonymously (developers please note!) would be most useful. It occurs to me - and I can't be the only one - that if a website clearly gives the choice to reject all these cookies and still functions without, then if people are generally rejecting them why do they even need them. It would be far nicer if these websites simply did not use those cookies in the first place.

A well known supermarket-attached clothing website has a privacy notice apparently powered by OneTrust. It gives the usual cookie choices where one can deny certain classes of cookie. On the positive side of things the selections are off by default. Good. But that’s where the positive ends… Certain cookie classes cannot be switched off – they are ‘always active’. These include data which: Now ok I’ve lumped them all together as displayed and not all are definitely evil at first glance. But let’s tease the evil out a little… Monitoring for the prevention of fraud is fine but it is not saying how. Does it mean that my data will be sent somewhere for fraud checks? Now, that may still be acceptable but it really needs to say. Sending and receiving information for advertising purposes. Ok, this is a big no. They can’t do that with no way to switch it off, no matter how much they want to. Cookies used for this can never be classed as strictly necessary. Combining my data with offline sources – again, what on earth is their plan here, tell me. The same goes for distinguishing my device from others. Do they even know how most home broadband routers work? Are they going further than just the IP address, which would be common across a household, or are they suggesting browser profiling? If the latter, stop it. In any event I browse this particular vendor in private mode with my cookie cruncher running so good luck with that!

When browsing to a website that site may set cookies for itself or third party cookies. I am not delving into this here, suffice to say that third party cookies are generally considered the ones to avoid at all cost. But how do you know what cookies are being set? I use three different browsers across the systems I use personally. Safari on my iPhone usually has cookies disabled completely. I use Safari and Brave on the Mac. On my Linux PC I use Firefox with not specific settings but set to delete cookies on exit. And on my Windows PC I use a mixture of Firefox and Brave, but I rarely use this system to browse websites other than a select few that I use regularly. This works for me, but generally speaking is not a good solution for ‘the many’ because things will break. So… Safari on the Mac tells me what trackers have been prevented from profiling me. Brave has a similar function. A comic website that I used to browse daily sets 17 cookies regardless of whether I reject or accept them. Enter a website that I discovered today while reviewing content on the excellent noyb.eu. https://webbkoll.dataskydd.net/en The code behind this website analyses websites and shows all sorts of things including cookies set, and also requests made to other servers – when you browse to a website very often that site causes your browser to visit other sites for parts of the whole, media and imagery for example. One must remember it is not the website you visit doing this, it is that website causing your browser to do it. The webbkoll website teases all of this out and displays it for you to see. I was rather surprised to note that webbkoll finds 53 cookies at the comic website! That may in part be because Safari genuinely blocks some, but to get down to 17 from 53 this is quote a lot. Webbkoll details them all too. Webbkoll is definitely another very useful tool when trying to figure out what a given website is trying to do.