Cookies and Do Not Track

As an internet user, you of course have seen more of these cookie banners than you had liked to. They are on virtually all sites that I browse and they totally annoy me. A decade ago websites had those pesky adversisement pop-ups, now they have those banners that show up seconds after the site has loaded enough to see the content.

There is quite the spectrum. Some sites will just notify that they are using cookies and by using the website you agree. They offer a link to a page where you can learn more. You can ignore the notification at the bottom of the screen and just go on reading the actual content. Other pages have a blocking modal dialog where you have to first take care of the cookies.

Taking a random site that I recently browsed, it gives you this dialog window which takes control over the whole site:

It is a dark UI pattern. They want you to click on “Agree” such that they can stuff you with tracking cookies. So they make this button more visible with the blue background. This also makes it appear like the default option that just does what one wants in most cases. And there is no equal “Decline” button, but “More Options”. The screen is big enough, these options could have fittet there. But they made an active choice not to. If you click on “Agree”, you can directly browse. But if you don't, you get a second dialog.

The text is repeated, but looks slightly different. You spend more time reading that “we value your privacy, but actually value tracking even more” stuff. And then you have to switch all the things off. On this page they are already turned off, so it could be worse. Now there is a default button “Agree to All”. So even if one sees that they are switched to “off”, they would be switched on right after your click to that. So in order to confirm that selection, one has to use the less visible “Agree to Selected”. It basically is a minefield that you are set up to fail.

Of course this is a legal problem. The technical solution has already been implemented. There is the “Do Not Track” header that automatically sends the user's preference about being tracked to the server. There is absolutely no need to ask the user again. But the industry did not accept the “Do Not Track” header because business would not work when not knowing about the users. Fine.

The EU absolutely made the problem worse by making it a legal requirement to give users an opt-in. It is not that they offer the service and timidly ask whether you would perhaps agree to get tracked to improve their product. No, you either have to opt-in or not use the service at all. Since that was not what was legally intended, they now offer for you to basically opt-out. I call this “opt-out” as the dark UI patterns give the default to agreement and disagreement needs more steps.

At this point I would really with for one of two things. And as it is unrealistic that companies stop their tracking, they should just go ahead with it and not bother me with it. The EU should rather make privacy laws for companies such that the collected data is processed in a sensible way. Then all those pesky banners could go away, the companies could still learn about their customers in a reasonable way and everybody would be happy.