You won’t visit any web page today without having cookies being involved, literally making you leaving a trail of crumbs for all kinds of third parties to track your whereabouts and activities in the web. Cookies get a lot of attention, you are constantly creating and updating them by accepting or consenting to the privacy and cookie usage terms on many websites, but most internet users don’t really know what cookies are or how they work. They were created back in 1994 by Lou Montulli, working at Netscape, with a legitimate reason, storing a file in your local browser storage as a reference to inform a server if the user has visited the site previously. It was patented in 1995:
US5774670A Persistent client state in a hypertext transfer protocol based client-server system
About Cookies
Cookies are served by either the website you visit (First-Party-Cookie) or as a Third-Party-Cookie of a service embedded into the website you visit, e.g. ad companies. The browser creates a local cookie file with some unique ID to check on the server side during the next visit or visit to another site using the same cookie. The primary purpose is session management, personalization and tracking. Technically, it is a text file with key-value combinations, in the modern browser it is stored in a database, e.g. Firefox uses a SQLite DB. Unlike common understanding there is no encrypted information and there is no personal information such as your name or similar. The power is the creation of a digital fingerprints by combining with other information, e.g. the IP address, the agent-string send by the browser and information about other sites visited to perform profiling of the user.
You like to observe the creation of cookies and their content when opening a website? Start the developer tools of Firefox or Chrome first. I randomly choose cnn.com, you can do with any commercial website.
Take note of cnn.com placing a cookie before you consent.
Earlier, if you want to protect yourself from third party tracking, you had to install additional add-ons for your browser, now Firefox becomes smarter and comes with an onboard protection. If you like to see the blocked cookies, disable the feature. I recommend doing this in a private window session (which deletes all cookies after closing).
Cookies and Privacy Consent Pop-Ups
Hidden Options
Very common to all websites, they try to keep you away from not consenting. The ACCEPT button is very prominent but there is no I DO NOT ACCEPT, the options are alway hidden behind a link with different label. They rely on our laziness to go to an extra page to disable the cookies.
eBay makes you accept by pressing the button Accept or clicking on any item on the website. To disable cookies you have to go to More Information and scroll to the end to confirm by pressing Continue. At least all cookies are disabled in this screen by default.
Some other samples:
A sample for proper implementation: One click to reject all or limit cookies.
Overwhelming Number of Players
This marketing landscape behind the scenes can be breathtaking, let’s look at the website wired.co.uk.
Have you ever clicked on the List of Partners (vendors) ?
There are not less than 500 companies listed, each one comes with its own privacy policy.
The different Strategies
Today cookies (or the pop-ups) become an annoyance, it disturbs any user experience in the web because the cookie consent pop-up is first representative of a company or service you will when visiting a site. Sometimes followed by the pop-up asking if it can alert you for any news or a bot assistant asking to give (not so) smart answers. Let’s have a look at the different ways of obstructing content with consent pop-ups.
The Obfuscator Entrance Website
The first thing you see is nothing but the pop-up over a blurred background. You literally can’t read a line without consenting to all or going through the options.
The ‘Not-so-obfuscated-but-no-control” Websites
Same as the previous type, a prominent pop-up, but you can see the landing page content, though you cannot click anything.
The ‘There-are-no-Options” Websites
You land on the page, you can access all links and pages, but you cannot opt-out of anything. There is a permanent display of the pop-up until you finally Accept.
Tools
The different browser offer different add-ons to manage cookies or look at their content. One is Cookiebro, there are many similar ones.
Conclusion
With the current laws and regulations (GDPR, 2009/136/EC) all of these samples are in line with legislation (to be proved).
Basically, you cannot escape completely from cookies. If you disable them completely you won’t be able to read your (web-)emails, manage your shopping-cart and do other essential functions. We can rely to some extent to Firefox to block the worse tracking cookies and we can wipe out all cookies after closing the browser, which requires you to enter passwords every time you visit the same site (or use the password manager in Firefox).