Personal stories
Topical views
Illuminations from the throne

The problem with cookies.

Working on a laptop.
Photo Credit: Sergey Zolkin

Virtually every website you visit nowadays requires you to accept cookies. Just like the ubiquitous terms and conditions you’re supposed to carefully check before signing up to something, I wonder if anyone actually bothers to read the privacy policies before clicking on ‘I Agree’.

I suspect the people who once feared cookies were malicious little sprites, hiding on our devices, biding their time until they could fully exploit the confidential information they’ve stealthily been gathering, are the same people who now find non-stop cookie consent pop-ups kind of annoying.

If you were to visit a website I’d written in English and German, it would default to English unless your browser’s language was set to German. That’s the behaviour most users would want. If not, there’s an option to change it.

In the old days I would store this active choice in a cookie. That way you wouldn’t have to switch the language every time you came back. It only saves one click but if you were a regular visitor it would be quite irritating otherwise.

To do that now I’d first have to show a cookie consent form. My user would have to agree to the single cookie which would require at least one extra click. Most people would never need it because the site would default to their preferred language anyway but I’d still have to show them some sort of privacy policy. The cookie is now detrimental to the UX. It’s simply not worth the hassle so I got rid of it. Some of my poor users now have to share the pain and change the language every time. It's a hard life.

Cookies were meant to be useful; a convenient way to store user preferences for the websites they visit regularly. However, the internet is financed largely by advertising and advertisers are nothing if not sneaky.

Whilst idly browsing the web, people began to wonder why they were seeing links to products they’d earlier been checking out on a completely different site. What was going on here?

Cookies were the culprits. They were storing browsing history. Not necessarily a bad thing, the aim was still to provide users with relevant content, albeit with a less magnanimous purpose.

A little tugging on that thread leads to another question: What else might be stored on my device that can be accessed by a third party? The answer: potentially any of the data you’ve provided when buying something online, registering for information or signing up to a social media account: your email address, physical address, bank account details, vital statistics, medical data...

Wait a second, did you say social media? What about my photos and all the other content I’ve shared; my location data, political opinions, hobbies, favourite species of tortoise? Yup, that’s all accessible as well and, in the absence of any clear legislation, unscrupulous companies were able to gather this information right under our noses. Not for any such lofty purpose as improving user experience, but simply to sell it.

Uproar from the masses ensued. Cookies were no longer helpful, they were malware and needed to be obliterated immediately. Thankfully, those on the more rational side of the argument were able to calm things down a little by demonstrating the benefits of cookies and explaining why they are sometimes necessary.

The eventual compromise allowed for their regulated use. It had to be made completely clear to the most moronost of morons what data was being collected and what would be done with it. Crucially, the user had to actively agree to a site owner’s cookie policy before being granted full access. Effectively for every website. Every time.

So do you read these privacy policies? Do you click ‘Manage Preferences’ and decide what to allow? Admit it, you head straight to the ‘Accept All’ button while wishing the damn pop-ups would just go away.

There’s one reason in particular why I’ve come to believe no one cares about this anymore. Since the pandemic, posting pictures of our covid test results and vaccination certificates has become a popular trend. Medical data is perhaps the most private of all but there it is, willingly shared all over social media, no doubt by the same people who made such a fuss about keeping their personal details confidential in the first place.

Comment on this post