Cookie Banners Have Broken the Web Beyond Recognition

May 8, 2022 opinion
Share on:

You Should Be Very, Very Upset

Everyone hates cookie banners. I get that. But people would be much angrier if they could fully grasp the gravity of the situation. My objective is exactly that, to make you feel a hell of a lot angrier.

My own blog, garba.org, does not display cookie banners and is 100% compliant across all jurisdictions on planet Earth. The solution is obvious, as you will learn next.

Cookies 101

How Cookies Normally Work

Cookies, in and of themselves, are not evil. They are simply the mechanism that web browsers use to save data across disconnected browser sessions or even web pages within the same site.

Suppose that you did a google search, landed on deals.com/deals_of_the_day, and started to add items to a virtual shopping cart. In the absence of cookies, the only way to accomplish this would be by adding the items (or a some sort of identifier to the URL) such as deals.com/deals_of_the_day/basket?item1=Blender&item2=CoffeeMaker. Naturally, your shopping basket would be lost if you were to exit and re-enter the site. In short, cookies are simply your web browser’s database.

Cookie Banners 101

Source: defense-update.com

Cookie banners have nothing to do with the technical nature of cookies, but with their semantics—the kind of data that is stored in cookies. When you click ‘Accept’, you are not enabling cookies per se—this can be accomplished through your web browser’s settings—but consenting the use of cookies for specific purposes, including, in most cases, the purpose of tracking you.

While cookie banners started as a result of EU privacy laws, namely GDPR, more and more jurisdictions are starting to emulate the EU, so many websites torment their users with cookie banners despite not being actually subjected to said legislation, to avoid issues in the future.

In summary, cookie banners are, in most cases, tracking consent banners. However, many sites excuse themselves under the pretext “Sorry for the interruption, it is because of cookies”.

On the Web, You Are Not ‘Entering’ a Site

The Web in the 90s. Source: https://thedayintech.wordpress.com/tag/mosaic-web-browser/

In the early beginning, HTML did not allow for much in the way of advanced layout, including tables, fonts, and so on. Given that the web started as a means to share scientific information, the aim was to allow different researchers to pool together resources so that they could be browsed in a seamless way.

So, in the early 90s, you would not tell sites apart from their presentation, but you had to look at the URL to say, “aha, this comes from mit.edu as opposed to caltech.edu”. The situation rapidly changed when Netscape introduced its web browser along with the dreadful <font> tag, but the spirit of the web, in terms of one experience achieved by hyperlinking resources from various sites, remained.

Until a few years past the millennium, most of what we call ‘web content’ was addressable by a URL such as heated_debates.com/left_vs_right_opinion.html. However, this changed with the rise of walled garden platforms such as Facebook which broke the relationship between content and URLs. In walled garden platforms, content is shared from within the platform, often necessitating registration with the platform. As such, the notion of ’entering’ a website emerged.

A Broken Web

The Guardian&rsquo;s Cookie Banner

The way that the web was conceived is that I would find the first ‘Left vs Right’ article, check it out, find out that it was—perhaps—biassed, and move onto the next one, until striking gold. But this is not how it works today.

Before I can access the content, it turns out that “I’m entering The Guardian” or “I’m entering Medium”, and I can’t even see if the article is what I was looking for without first dealing with the “entering the site” formalities, including, of course, cookie banners.

The web was meant to be one resource supplied by different hosts, rather than a collection of islands, each with their own barbed wire fencing.

Finding a good ‘Left vs Right’ article may take checking out 15 different sites or so. It should not be the case that I need to deal with the cookie banner nonsense 15 different times, each time having to figure out where the reject button is.

In summary, the web was meant to be one resource in which the likes of theguardian.com and medium.com are simply URL prefixes, rather than places I’m ’entering’. I’m entering the web, not a specific site!

99% of the Time, Cookie Banners are the Site Owner’s Will

Liar, Liar

“We have to present you with this banner to comply with regulations”

—The biggest lie ever told to a web user.

I said in the beginning that cookies are not evil, and that they are, in layman-speak, the web browser’s database, like in the case of saving the contents of a shopping cart.

“Aha, it’s all the EU’s fault and the sites don’t know how to comply without displaying a banner”.

No, it’s not that either.

The fundamental issue is that 99% of web sites have no legitimate reason to use cookies when you first access one of their URLs. Most of the time, you are browsing ad-hoc content rather than adding items to a shopping cart, or performing an operation that requires remembering ‘past actions’.

Even in the case of shopping sites, the option to store cookies can be deferred until the first item is added to the cart, or the user logs in and is presented with the option ‘remember me on this computer’ which you had probably seen before, if you had used some decent sites in the past. All the cookie banner rituals can be deferred to this point, but this is not what sites do. You access a site you have never heard of before, and bam! cookie banner.

Sites deliberately choose the use of cookie banners because they value more the ability to track you and/or display more relevant (i.e., profitable) ads, based on the intelligence gathered by tracking you, than they value you as a person.

Why would a decent site offer you an option that is against your interests? The natural thing to do is simply to keep the visitor out of harm’s way, unless you are the product, rather than merely a visitor, of course.

Cookie Consent Should be a Browser Feature, Rather than a Site One

How it is supposed to work

“We realise there is an issue, so we will produce some legislation, to acknowledge there is an issue, but without addressing the underlying issue”.

—An EU legislator

The underlying issue is, of course, that users don’t want to be tracked by default.

Cookie consent preferences should be a simple browser setting which appears the first time you access an ‘offending’ site, with the option to apply this decision to all sites. This, in turn, would tell the browser to send a parameter such as Consent-settings: none with each further HTTP request. Note: I use Firebox in my mock screen but Firefox (as well as Safari) block third-party cookies out-of-the-box.

While this approach is broad-brush in nature, it will actually stop the sites that coerce the user into clicking ‘Accept’.

Excuse #1 Site Analytics

From the perspective of the site owners who see you as the product, one of their first excuses is that cookies are only used for analytics (e.g., Google Analytics) so that they can understand your behaviour and ‘improve your experience’. I used to run Google Analytics myself until I decided that the best way to show how much I value my visitor’s experience is by not harassing them with a pathological banner in the first place.

For the geeks: when I was a .com entrepreneur in the 90s, we used a software called webtrends that could build a decent analytical picture out of HTTP requests alone, considering IP addresses, browser agents and so on. Yes, it was a far cry from Google Analytics but it was an order of magnitude better than nothing.

Cookies help in providing more accurate analytics upon a site’s navigation patterns but it is a lie to claim that cookies are an inexorable necessity for said purpose.

Excuse #2 Relevant Ads

I get the point, if I’m a dog lover, I’d be more interested in seeing dog food ads rather than cat food ads. Except that I’m not interested in you, mr. cookie banner site (and third party tracking friends), knowing that I’m a dog lover unless it is in the confined context of searching for ‘dog food’.

In other words, users don’t want to be ‘followed’ by ads. The reality is that ‘relevant ads’ is an euphemism for spy ads, tracker ads, surveillance ads, and so on.

Back in my .com days in the 90s, the so-called “ad relevance” was derived from the content in which the ad was placed, rather than through cookies placed in third party sites other than my own. All of a sudden, privacy burglars, seeing the end of playing Peeping Tom, and as privacy laws get tighter, are rediscovering this 90s approach and calling it ‘contextual advertising’, as though it was the new black in advertising.

Ads without cookies are simply less relevant, rather than irrelevant. Would less relevance decrease click through ratios? Absolutely, but the web was meant to be hard!

Conclusion

Site Owners

The cookie banner tragedy is primarily the result of site owners’ greed, combined with a weak resolve from privacy legislators and regulatory bodies. No site has a legitimate reason to use tracking cookies when you first access one of their URLs.

A content market in which both bedroom bloggers and behemoths like the Guardian rely on the likes of Google AdSense doesn’t help either. No wonder why Google Chrome, unlike Firefox and Safari, is “struggling” to fix this.

I eat my own dog food, so I don’t display cookie banners. I refrain from invading my visitors’ privacy, let alone asking them ‘consent’ to do so.

A site that asks you for ‘consent’ is not mindful of your privacy. On the contrary, it badly wants to track you, so, if you do not mind, please do click ‘Accept’ so that both of you can get on with your respective ‘businesses’.

Before You Leave

🤘 Subscribe to my 100% spam-free newsletter!

website counters