Yes, This Site Uses Cookies, Because Nearly All Sites Use Cookies, And We're Notifying You Because We're Told We Have To

from the even-though-it's-silly dept

If you’re visiting our site today (and I guess, forever into the future if you don’t click “got it”) you will now see a notification at the bottom of the site saying that this site uses cookies. Of course, this site uses cookies. Basically any site uses cookies for all sorts of useful non-awful, non-invasive purposes. We use cookies, for example, to track your preferences (including when you turn off ads on the site, which we let you do for free). In order to make sure those ads are gone, or whatever other preferences stay in place, we use cookies.

For the last few years, of course, you’ve probably seen a bunch of sites pop up boxes “notifying” you that they use cookies. For the most part, this has to do with various completely pointless EU laws and regulations that probably make regulators feel good, but do literally nothing to protect your privacy. Worst are the ones that suggest that by continuing on the site you’ve made some sort of legal agreement with the site (come on…). These cookie notification pop ups do not help anyone. They don’t provide you particularly useful information, and they don’t lead you to a place that is more protective of your actual privacy. They just annoy people, and so people ignore them, leave the site, or (most commonly) just “click ok” to get the annoying bar or box out of the way to get to the content they wanted to see in the first place.

Here’s the stupendously stupid thing about all of this: you are already in control. If you don’t like cookies, your browser gives you quite a lot of control over which ones you keep, and how (and how often) you get rid of them. Some browsers, like Mozilla’s Firefox Focus browser, automatically discard cookies as soon as you close a page (it’s great for mobile browsing, by the way). Of course, that leads to some issues if you want to remain logged in on certain pages, or to have them remember preferences, but for those you can use a different browser or change various settings. It’s nice that the power to handle cookies is very much up to you. We here at Techdirt like it when the control is pushed out to the ends of the network, rather than controlled in the middle.

But, because it makes some privacy regulators feel like they’ve “done something”, they require such a pointless “cookie notification” on sites. Recently, one of our ad providers told us that we, too, needed to include such a cookie notification, or else we’d lose the ability to serve any ads from Google, who (for better or for worse) is one of the major ad providers out there. We did not get a clear explanation for why we absolutely needed to add this annoying notification that doesn’t really help anyone, but the pleas were getting more and more desperate, with all sorts of warnings. We even asked if we could just turn off the ads entirely (which would, of course, represent something of a financial hit) and they seemed to indicate that because we still use other types of cookies (again, including cookies to say “don’t show this person any ads”), we had to put up the notification anyway.

The last thing we were told is that if we didn’t put up a cookie notification within a day, Google would “block us globally.” I’m honestly not even sure what this means. But, either way, we’re now showing you a cookie notification. It’s silly and annoying and I don’t think it serves your interests at all. It serves our interests only inasmuch as it gets our partner to stop bugging us. Don’t you feel better?

You can click “got it” and make it go away. You can not click it and it will stay. You can block cookies in your browser, or you can leave them. You can toss out your cookies every day or every week (not necessarily a bad practice sometimes). You’re in control. But we have to show you the notification, and so we are.

Filed Under: , , , , , , , , ,
Companies: techdirt

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Yes, This Site Uses Cookies, Because Nearly All Sites Use Cookies, And We're Notifying You Because We're Told We Have To”

Subscribe: RSS Leave a comment
78 Comments
Anonymous Coward says:

No Javascript browsing

So… question.

Do your cookies land on my computer even when I am using NoScript to block all JavaScript (on virtually ALL sites, so don’t feel singled out)?

If the answer is no, could I ask a modification of your cookie notice? … that it require JavaScript to cause it to be displayed?

Or are Google’s robots just stupid enough not to be able to make that leap?

This comment has been deemed insightful by the community.
Mike Read (profile) says:

Re: No Javascript browsing

Cookies do not require JavaScript to be set. In fact it’s even something of a headache to set a cookie via JavaScript, whereas many server-side languages it’s a one-liner.

So… Your Noscript is almost certainly not blocking cookies.

Source: Web developer for 10+ years.

This comment has been deemed insightful by the community.
Anonymous Coward says:

As a webmaster and web user it’s a pointless legislation. As a webmaster I add a bit of code and extend the privacy policy some what. I make sure the consent is placed on the screen in such a way that you can still read the content whether you consent or not.

As a web user it’s a damn pain in the arse (I’m from the UK, so arse). No one looks at the policy that each website has implemented. It just slows my pace around the web and does nothing more. End of.

Cerberus says:

Re: Re:

What it does do is make everyone aware of how pervasive the use of cookies is, and of privacy as an issue in general. It makes people have a negative association with cookies (cookies = annoying pop-ups). That is the only good thing. Otherwise I agree with you. A new European law is coming that forbids sites from forcing users to accept cookies in order to view the site (except truly functional/necessary cookies, which concept is defined in detail in the regulations). This should help a bit more.

Jamie says:

You know what? Fuck a bunch of Google and other sites that make arbitrary demands on short time frames.

I mean, it doesn’t cost me anything because I tell Google to go away in my robot.txt already. But these "dance, monkey, dance" demands drive me nuts.

To the PM who is worried about getting this done by whatever deadline you’re afraid will hurt your bonus: I hope you stub your toe.

Jamie says:

Re: Re: Re:

I’m aware of the legal pressures. But no court in the EU told Google to give small sites 24-hours-or-else-notices.

See, responsible adults deal with unreasonable demands by sorting things out and trying to do the right thing. And then there’s people like this, who make it someone else’s problem.

Anonymous Coward says:

Re: Re: Re: Re:

The US seems to think their jurisdiction extends worldwide. FATCA is one prime, steaming example… their abuse of trade pacts to dictate copyright law to other countries is another. I doubt that you’ll get much sympathy abroad by claiming US sovereignty is in some way being infringed if the US has zero respect for the sovereignty of anyone else.

Anonymous Coward says:

Re: Re: Re:2 Re:

If you or your company benefits from the infrastructure of this country including the postal service, you are expected to pay a percent of your income back to the country to help keep it going for next year. By hiding part of your income in offshore accounts, you are trying to have your cake and eat it too.

Anonymous Coward says:

Re: Re: Re:3 Re:

You’re missing the point. FATCA is being applied to dual citizens of other countries while they’re living in those other countries. For instance, Canada’s leader of Her Majesty’s Official Loyal Opposition would be one of many directly in FATCA’s crosshairs. Who delivers his mail? CanadaPost.ca – not USPS – so why should he be part of your tax base when he does not live in your country and your government provides him nothing?

Anonymous Coward says:

Re: Re: Re:4 BECAUSE! -- WE CAN!

BECAUSE!

WE CAN!

The basic psychology of several major different (meaning not connected) groups is world hate, world dominance, world control, and world slavery under their elitist guidance. The belief that they are exceptional which means that the world should bow down to their expertise.

The problem comes about just as the German / Russian problem came about in who is going to be in control and whose psychology is going to dominate. The groups violently do not agree on who is going to be in control while they have a confluence of interest in maintaining the (social, financial, political) system.

For the past 100 years eugenics in one form of another has been the guiding thought pattern of the elitist. Do, believe, and say what we, your superiors, say or OFF with your head. Combine this with the elitist control of government and you have a perfect fascist thought and agenda.

For a good description read "1984".

As in "1984" fascist masquerade as communists which leads the unenlightened to believe that the US is a democracy where individual thought counts not realizing the very platforms such as Google, Facebook, Amazon, et are are owned and controlled by the fascists elitist who are screaming that they are communists the loudest.

When you have a $100 billion(US billion) you have to have this someplace. You can own property – land and money (gold, silver) but they do not produce wealth. You produce wealth by controlling companies.

Note the word control. Here is an example. The Big W a company (now defunct) once had three classes of stock: Class A and Class B Preferred and Class C Common. Each class of stock elected 1/3 of the board of directors. There was 100,000 class A shares; 10 million class B shares, and 200 million class C shares. Total control equal ownership of 50,001 of class A plus 5 million and 1 shares of class B. This was owned by one individual. And! As far as what the owners of the 200 million shares thought – How was that relevant?

With 100 Billion multiplied in such a fashion over a number of major companies and their shares owned by foundation and non government agencies you have world control and the New World Order of facist complete total control of the world elitist.

And as far as the socialist and communists go who cares they have no real power. If they had real power they would be fascists.

Anonymous Coward says:

Re: Re:

The webmaster helpfully gave the annoying position:fixed (ewww!) bar an id of "cookienotice", so you could permanently hide it with a stylesheet. This would work regardless of any cookies you stored, since it would be a purely client side fix to this bit of obnoxiousness.

I think this should work:

#cookienotice{ display: none }

In the meantime, a request to the site master: mind naming and shaming the idiots who pushed you to do this? I find the banners annoying on principle, and I especially hate position:fixed banners because most browsers seem to get stupid when trying to use a full-page scroll jump in conjunction with fixed banners.

Anonymous Coward says:

Recently, one of our ad providers told us that we, too, needed to include such a cookie notification, or else we’d lose the ability to serve any ads from Google, who (for better or for worse) is one of the major ad providers out there. We did not get a clear explanation for why we absolutely needed to add this annoying notification that doesn’t really help anyone, but the pleas were getting more and more desperate, with all sorts of warnings. We even asked if we could just turn off the ads entirely (which would, of course, represent something of a financial hit) and they seemed to indicate that because we still use other types of cookies (again, including cookies to say "don’t show this person any ads"), we had to put up the notification anyway.

Your ad provider told you that their policy requires you to show a cookie notice, even if you cease to do business with them? I guess I haven’t "got it".

Can you stop trying to set cookies until someone tries to customize the site? My browser shows a "set-cookie" header when just opening the Techdirt home page. I hadn’t tried to do any of the stuff you said you use cookies for.

Anonymous Coward says:

I almost exclusively interpret those cookie notifications as malicious and hide them every time I visit a website instead of click them. I don’t understand the legalese but I do understand that I lessen the likelihood of unknowingly entering into a contract adverse to my interests if I NEVER click okay.

Anonymous Coward says:

Re: Re:

A few sites (though increasingly many) do what the Commission originally intended, giving the choice to accept or reject each cookie along with an explanation of what it is used for (so you can reject everything except session login cookies, for example). The GDPR also requires personal data to be used only for the purpose for which it was ostensibly collected. The guardian was one of the first to do the specific purpose notices as intended, and IEEE does it as well.

The commission put a requirement to do that in the first draft, but lobbyists got at the bill and watered it down to the pointless notices.

What would help is putting a requirement to use fixed IDs within a domain so your browser can remember which ones you rejected and automatically reject them in future.

TKnarr (profile) says:

It’s fallout from the abuses. So many entities abused cookies for so many bad things and refused to do anything about user anger or even admit they were doing it that the response turned from "Please stop the abuse." to "We find your terms acceptable." (in response to the abusers’ position that allowing even benign cookies without restrictions means having to allow any and all cookies without restriction).

Ehud Gavron (profile) says:

Cookie?

Mike, what kind of cookies does your writing staff prefer? I’m assuming you’re working from home… if so I’ll need that address… but if there’s a group of you in an office we’re good there.

Chocolate chip?
Peanut butter?
Oatmeal raisin?
Please don’t say M&Ms… those don’t ship well in this heat.

Also how many staffers? I can have those cookies to you on Tuesday.

Also if you DO NOT WANT THESE COOKIES click "GOT IT".
🙂

E
P.S. Can I claim I’m a proud supporter of TechDirt Cookies if you take me up on it?

Federico (profile) says:

Misreading of the law on essential cookies

We use cookies, for example, to track your preferences (including when you turn off ads on the site, which we let you do for free). In order to make sure those ads are gone, or whatever other preferences stay in place, we use cookies.

This is a bad representation. EU privacy laws do not require a cookie warning for essential cookies, only for the inessential ones.
https://gdpr.eu/cookies/

See also the legal basis of processing under GDPR (consent is one out of 6 and tehre are various ways to gain consent):
https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/legal-grounds-processing-data/grounds-processing/when-can-personal-data-be-processed_en
https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/legal-grounds-processing-data/grounds-processing/when-consent-valid_en

Techdirt sets a number of cookies for unregistered users, few if any of which appear to be necessary to serve the content:
https://i.stack.imgur.com/joXty.png

Practically speaking, if you removed Google Analytics you would have done most of the work. (Or do you also show ads from Google? I’m happy to pay a subscription largely because I refuse to load ads. At the moment you don’t seem to be loading any ads but maybe it’s just you being suspended by Google Ads.)

Some passages of the Techdirt privacy policy are a bit dubious:

Floor64 does not share your personally identifiable information with other organizations for their marketing or promotional uses without your prior express consent. Please be aware, however, that any personally identifiable information that you voluntarily choose to display on Techdirt – such as when you publish attribution credits for your submissions – becomes publicly available and may be collected and used by others without restriction.

This seems to imply you don’t share IP addresses with third parties, which is incorrect because Techdirt loads resources from Automattic, Google, FontAwesome, CloudFlare, Soundcloud, StackCommerce, Amazon, RawGit, Akamai and ChartBeat. Some of these are definitely superfluous, for instance fonts and static JS could be easily stored on your server.

People like to blame the EU law but the responsibility rests squarely with the laziness of the website admins and developers who failed to reconsider their usage of cookies. I’m happy to help with patches if there’s a git repository you can share somewhere.

Beatnick says:

Re: Misreading of the law on essential cookies

"Receive users’ consent before you use any cookies except strictly necessary cookies.
Provide accurate and specific information about the data each cookie tracks and its purpose in plain language before consent is received.
Document and store consent received from users.
Allow users to access your service even if they refuse to allow the use of certain cookies"

While those points don’t make it clear but they point to "the consent has to be given explicit not implicit, so "by using this site you are agreeing to" isn’t GDPR compliant there has to be an option of "fuck of with 3rd party cookies"
I think there has been a court decision making it clear, though not sure.

Federico (profile) says:

Re: Re: Misreading of the law on essential cookies

There are a few cases ongoing, maybe you mean one of these:
https://gdprhub.eu/index.php?title=CJEU_-_C-673/17_-_Planet49
https://gdprhub.eu/index.php?title=AP_-_Consent_to_place_cookies

Most interesting at the moment are Guidelines 05/2020 on consent under Regulation 2016/679 (Version 1.1, adopted on 4 May 2020):

In order for consent to be freely given, access to services and functionalities must not be made conditional on the consent of a user to the storing of information, or gaining of access to information already stored, in the terminal equipment of a user (so called cookie walls).

Also:

Without prejudice to existing (national) contract law, consent can be obtained through a recorded oral statement, although due note must be taken of the information available to the data subject, prior to the indication of consent. The use of pre-ticked opt-in boxes is invalid under the GDPR. Silence or inactivity on the part of the data subject, as well as merely proceeding with a service cannot be regarded as an active indication of choice.

And:

Therefore, merely continuing the ordinary use of a website is not conduct from which one can infer an indication of wishes by the data subject to signify his or her agreement to a proposed processing operation.

Notably, what Mike asks (consent to be given by browser settings) is explicitly allowed by the authority:

An often-mentioned example to do this in the online context is to obtain consent of Internet users via their browser settings.

But:

However, when consent is obtained via electronic means through only one mouse-click, swipe, or keystroke, data subjects must, in practice, be able to withdraw that consent equally as easily.

Many forget the general premise of all this:

Consent remains one of six lawful bases to process personal data, as listed in Article 6 of the GDPR. When initiating activities that involve processing of personal data, a controller must always take time to consider what would be the appropriate lawful ground for the envisaged processing.

ryuugami says:

Hm, I must missed the part where your ad provider and Google became EU government agencies.

Without that, it sure looks like it’s the US private corporations that are strongarming you.

Did Google not at least say why they’ll "block you globally"? Like, point to a certain clause in the regulation or a court order that would force them to do it? There’s nothing like it in the article, and if they really didn’t provide such a justification, it would mean you don’t know that it’s the GDPR’s fault.

(Relatedly: uMatrix lists, among others, 13 blocked Google cookies on this page. Since you didn’t provide an opt-out dialog, Techdirt is not actually in compliance with the GDPR, and this whole charade is a big bag of nothing. Like many before you, you’re simply inconveniencing your readers for no gain whatsoever, and pretending it’s somehow EU’s fault. If you want to blame it on EU, it would be nice if you at least implemented it properly — then the blame may be warranted…)

Max (profile) says:

Are you actually setting those cookies BEFORE anyone ever clicks on anything? Because if so, the banner will do absolutely nothing to make you more legal, or more in compliance, or whatever. If you are not, then the banner is working GREAT for me – because I never agree to any of them, I just hide them all out of existence.

And no, I’m not otherwise "in control" as you’re trying to imply – not sure what your browser lets you do, but all mine lets me do is accept or reject cookies wholesale – no such thing as "keep cookies from this site indefinitely, allow some from that one but delete them as soon as I leave the page, and refuse everything from that other one", accessible through simple means, per-site, on the UI (or anywhere else in general). Yes, I could try finding an extension that lets me do this properly. Yes, THAT would be an actual pain to find (yes, I already tried); the banner I don’t see isn’t.

Federico (profile) says:

Re: Cookies before clicks

Have you tried privacy badger? https://privacybadger.org/

Blocking third-party cookies and JavaScript is relatively easy if one accepts some inconvenience. The problem is that third parties like Google Analytics nowadays store their information in first-party cookies, so you have to do some trickery based on the entropy content of cookies to guess whether they are legitimate necessary cookies or surveillance cookies.

Publishers lie all the time and there are some legal cases ongoing:
https://noyb.eu/en/say-no-cookies-yet-see-your-privacy-crumble

That Anonymous Coward (profile) says:

From the brilliant minds that want to sue grandmothers for daring to post pictures of their grandkids showing how proud they are of them…

Perhaps they aren’t actually solving anything but trying to make people feel better without any effort on their part while trying to get paid by the deep pockets for not being able to jump when told to jump & stay in the air forever.

Ehud Gavron (profile) says:

Balkanization

So… throwing it out there…

I see these pseudo press-conferences where some guy is pointedly rude to the journalists who are there to cover the event. None of them get up and leave. I, and like-minded people I talk to, think that if he starts to be rude or call someone "nasty" for asking a perfectly reasonable question, all [but two] of them should get up and leave.

Why is it, then, that a European law should apply to TechDirt? Why not just have a banner at the top that says "If you’re coming from a country that supports the GDRP you should close this browser window"?

I understand that the little countries in Europe think this is a good idea… and some parts of it are a good idea. Some are not. This is me speaking both as an IT person who implements things, and as someone who respects the rule of law as a person, and someone who thinks we should not be beholden to every jurisdiction in the world.

Here’s the Godwin angle: What if tomorrow China passes their own version of the GDPR and it says we have to call Hong Kong and Taiwan "by their proper names of Slaves-Of-China-Rule™"? Would every website in the world (including TD) now have to change all references to be that way? Would we retroactively have to go edit all references to be that way? Would wikipedia do it?

If yes, then we’ve lost.

If no, then f the GDPR and run your website the way you want to run it. Let those who live under repressive regimes enjoy their newfound "freedoms" without costing everyone else time, effort, and money.

Also the cookie offer is still open.

V/r

Ehud

Anonymous Coward says:

Why not just just place the banner in the space below where your ads go? Users that can already see the ads will likely notice the banner. For users that don’t see ads normally, make the background of the banner swap between white and blue at slow intervals (alternatively, put a slow fade effect between the two colors on the button)…

That places the banner out of the main view area (which means less user annoyance) but eventuality grabs the attention of the user by contrasting with the static nature of the rest of the rest of the site’s interface.

Anonymous Coward says:

For what it’s worth I didn’t notice the new "GOT IT" banner at the bottom of the page until I read this article. The chosen colors seem to make a very nice closing page border (javascript and cookies both turned off).

But…full disclosure…
It could be that I’ve gotten better at ignoring these. Afterall, they are everywhere now. Or, perhaps it’s the (2nd, 3rd?) T&T at my left hand clouding my visuals. Sorry, but it is after five o’clock somewhere in the pandemic.

In any case, keep up the good fight, Mike. I appreciate it (really!). There are so few out there that think about us (the end user), much less look after us.

R.H. (profile) says:

I Have Issues With How This Cookie Thing Is Implemented

Now that the EU has stepped this anti-cookie behavior up another step by saying that sites can’t block users from content if they refuse cookies I have even more issues with it.

Here’s my analogy, let’s say that a store has a sign posted saying that they use a mix of technologies (Wi-Fi beacons, using Wi-Fi as radar, etc.) to track the movement of customers through their store. If you don’t want to be tracked in that way, you can choose to not shop there. How is that different from a website saying, we pay for the content you’re here to see by serving targeted ads. To target those ads we place cookies on your computer. If you don’t want ads targeted at you then you can look for the content elsewhere.

By the way, my first case isn’t just a random hypothetical, I was at a free to the public badged event last year where anyone could come in and view the event as long as they stopped at the front desk to get a badge. Those badges contained small Bluetooth Low Energy beacons. While they were anonymous, the venue was certainly using them for traffic analysis and those of us who were working the event got our badges scanned for entry into various off-limits areas.

Anonymous Coward says:

the really stupid thing about EU cookie notifications is that some of those "notifications" are not needed at all for some sites, because purely technical cookies are extempted.

Since lawyers are sucking ass at properly defining terms such as "purely technical".. we ended up with cookie notifications for anything even when they are not needed… because lawyers.

https://wikis.ec.europa.eu/display/WEBGUIDE/04.+Cookies

Ehud Gavron (profile) says:

Cookies, stateful browsing, ecommerce

So today we use cookies.

Tomorrow the mechanism we use to have our web server track the path of browsing will be different. Should we have to recode our web servers then?

Fundamentally there is stateless browsing, where one just browses to whatever page, and there you are. There is no logging in. There is no option to log in. No login/no credit card/no auth = no ecommerce.

Then there is stateful browsing. Parameters are established, maintained, and hopefully secured throughout "a browsing session". It can be cookies… a generated custom part of the URL ("tracking URL")… or whatever clever people come up with next. Key here is "session" means it’s stateful from a "start" to an "end".

The point is that these are REQUIRED in order for ecommerce to work. Ecommerce can even be as simple as "Hey do you want to save your TechDirt settings so you don’t have to re-enter them every time? Log in here."

The GDPR is mostly out of touch with its requirements. TD should get a hiking trail map and hand it to the ICO, addressed to "Jack" with a note that says "take a hike."

E

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...