back to article That's the way the cookies crumble: Consent banners up 16% since GDPR

IT consultants, software firms and campaigners spent months touting 25 May 2018 as the dawning of a new era – for better or worse, depending on who was selling the snake oil – but research published this month indicates minor changes in reality. The General Data Protection Regulation, which came into force on Towel Day, …

  1. ratfox
    Windows

    As far as I can tell from my experience, the net result is a massive increase in "We use cookies [blah blah blah] OK" popups that users click on without reading. I think the one time I decided to check what choices I had, I found a list of hundreds of tracking options which I was supposed to turn off one by one.

    I think a lot of the websites are probably illegal because they bar access to people who don't accept the tracking, but there's so little chance of people complaining that they do it all the same. Maybe we'll eventually get to a more private internet, one lawsuit at a time, but it's going to get decades if we ever get there before the laws are changed,

    1. VinceH

      "As far as I can tell from my experience, the net result is a massive increase in "We use cookies [blah blah blah] OK" popups that users click on without reading."

      ^This.

      On my desktop, they're easy to ignore because they don't take up a huge amount of space - and I could safely click "Ok" on the basis that as soon as I close the browser, they'll be gone.

      On my phone, though, they take up a ridiculous amount of space - so now I find I'm using the browser less and less for anything other than the basic set of tabs of a few regularly visited sites.

      1. wolfetone Silver badge

        It really has become a pain in the arse to do anything on these sites that demand you accept. And when you say no, I've had one site direct me to their privacy policy. Just don't track me, alright? Not much to ask for is it?

        1. Anonymous Coward
          Anonymous Coward

          It gets more difficult when they list all 7000 third party cookie providers for you to select each and everyone, one a time.

          1. JetSetJim
            Mushroom

            >It gets more difficult when they list all 7000 third party cookie providers for you to select each and everyone, one a time.

            I usually browse to the Dilbert website for a daily dose of corporate vs engineering irony and clicked on their "configure" to be prompted with a similar set of options, all with one-by-one selection. Additionally, the list seems to change between visits, naturally with all the new one's being set to "on" by default.

            Can't tell if it's Scott Adams being more satirical of the situation or not, but I now have mixed feelings about browsing.

            If only the "do not track" option in the headers was legally binding

            1. King Jack
              Headmaster

              Dilbert

              Just get them to email you the comic or go to a comics web site and read it peace.

              1. Crisp

                Re: Dilbert

                Don't read Scott Adams blog. It will only drain away any hope for humanity you may have had left.

    2. shd

      +1

      Might be coincidence, but since the GPDR I've also noticed an increasing number of web sites which are totally non-functional unless you have cookies enabled (as well as Javascript), whereas before they used to work well enough for my purposes without. And there's one where some kinds of search don't work any more.

      Their loss, usually - because I go somewhere else first.

    3. Tigra 07
      Coat

      RE: ratfox

      I had one site last weekend that gave a massively inconvenient and time consuming loading screen after unticking about 100 data collection options. It then failed for 80+ of the domains and asked me to try again. So, i left the site and read a similar news story on another site. Absolute shit lords.

    4. Shadow Systems

      At RatFox...

      I am aware that desktop users have a different web experience than smartphone users, so my comment only applies to the desktop.

      I've got my browser configured to reject all third party cookies out of hand. Do not ask, do not allow, they can fuck right off. Even first party cookie requests must be allowed on a case by case basis, & 99% of the time I refuse those as well. About the only time I let a site set one is if I'm going to register an account there, especially if I'm intending on buying something. Those I allow because I want them to remember my account settings. Everyone else can get bent.

      I also have my browser set to ignore pop ups, so any attempt by a site to drop a pop up in my face to whine about a cookie policy never gets shown at all. There's a soft chime in the background letting me know a pop up was blocked, but it doesn't even change focus from what I'm doing at the time.

      All this means is that sites don't get to annoy me with pop ups whining to let them set a cookie, their third party affiliates don't get to set cookies, & they have to use other, less honest methods by which to track me.

      I have to take your word on the pop ups appearing everywhere, but I can confirm that they have started to embed such notices *without* using pop ups to display them. I don't hit ok, I don't click deny, I don't interact with the notices at all. I just keep reading the page to find what I came for, then leave without ever letting them get an answer at all. Some of them try to stop me from accessing the site until/unless I click the notice, but then I get around THAT by hitting up DuckDuckGo for a plain text cache of the site & skip all their crap.

      Are smartphone browsers so lacking in user options that you can't turn off JavaScript, third party cookies, & crank up the security to "Fuck off!" levels of paranoia?

  2. Joe W Silver badge

    I think a lot of the websites are probably illegal because they bar access to people who don't accept the tracking

    As I understand it: consent is not a prerequisite for usage of the service, so: yes. The amount of data they are allowed to gather and store is limited to that needed for running the offered service. These cookie notices are really pointless...

    Oh, and if I understand correctly "opt-out" of data gathering is a no-no under the GDPR as well, it has to be "opt-in" and "informed consent" or whatever the phrase was.

    1. ratfox

      Oh, and if I understand correctly "opt-out" of data gathering is a no-no under the GDPR as well, it has to be "opt-in"

      I think that websites get around this by putting one big OK button for opt-in, and otherwise present you with the list of thousand cookies they intend to give you, all checked. Basically, you cannot access the website until you tell them which cookies you want to accept, but since they are all prechecked on the form it takes you an hour to say you don't accept any.

      I'm sure this will eventually ruled to be illegal (at least it should), but in the meantime they get to keep tracking you.

      1. Anonymous Coward
        Anonymous Coward

        "I think that websites get around this by ... present you with the list of thousand cookies they intend to give you, all checked."

        Default checked = forbidden, though.

      2. Anonymous Coward
        Anonymous Coward

        > I think that websites get around this by putting one big OK button for opt-in, and otherwise present you with the list of thousand cookies they intend to give you, all checked.

        You are correct and so is the gentleman who says that is not allowed because, well, the default option should not be an opt-in.

        What I do when I have time to spare is I send those sites a quick note to let them know they're in the wrong (most of them seem to use a widget sold by the same company, Quantcast).

        Then in a couple months I'll gather all those emails and I'll send them to the data protection agency. >:)

        1. ratfox
          Paris Hilton

          Some sites simply refuse to work if you don't accept their cookies

          "Our sites need to collect and process data to deliver a compelling user experience and to support our business. Since you’ve withheld your consent for those activities, we can't provide you the full Healthline experience."

          In my understanding, this is completely illegal under the GDPR, but if they don't have an office in the EU, I guess they don't have to care?

    2. Loyal Commenter Silver badge

      I had one this morning that wouldn't load at all

      It just put up a big banner telling me that since I was using ad-blocking software, it wasn't able to ask for my consent to being tracked.

      I'm not sure how not allowing myself to be spammed with adverts prevents their ability to place a cookie in my browser's cache, or indeed how it prevents them from asking for my consent to do so.

      FWIW, it was the landing page of a well-known supplier of CRM software. This sort of mixed-up pseudo-logical marketing-led drivel doesn't exactly inspire me to confidence in their product. I went elsewhere...

  3. Anonymous Coward
    Anonymous Coward

    Apps

    Just a thought, I've not delved deeply into this, reply gently!

    I have not used many (any?) apps that ask for tracking consent. We're all familiar with apps asking for permission to track you via location, access media etc, but any app that 'phones home' will have some sort of telemetry that tracks you. No app / mobile game that display banner ads has ever asked for cookie / tracking consent, and I'd bet that EVERY app available tracks the user in some sort of capacity, informed or not, visible, invisible, discretely, in depth or just to track number of installs.

    And in the past, I've worked for companies that develop catalog apps that are really just a browser control with no address bar and a hardwired start URL. No cookie consent banner there, either.

    Personally, I fscking hate these cookie consent banners / modals, especially full page, in your face implementations . They don't really serve any purpose except to makes sites less usable. The ignorati click on them blindly, the well informed click on them because they know they have little choice if they want to access the site, and the better informed probably access them through a personal VPN or TOR anyway,

    The reg comments is the closest I get to using social media (apart from trolling Daily Mail readers), I don't use any of my PC's to plan illegal activities, so I don't really care if I have tracking cookies on my machine or not - the worst I've seen happen is I get adverts for lingerie after buying some for the missus. I'd rather have the cookies and live without the banners.

  4. Graham Dawson Silver badge
    Stop

    I've noticed more than a few sites that show you a nice pop-up with all the tracking cookies turned off by default, but then present a big button saying something like "Use recommended defaults", which turns every single damn tracking cookie on, after which it's nearly impossible to turn them off again.

    They way they've designed it (which closes the pop-up) makes it look like you're accepting the existing settings.

  5. Tigra 07
    Flame

    I've noticed that declining the data collection breaks multiple sites. Are they really expecting everyone to opt in?

    Here's a fun one. PinkNews gives an accept or decline button, but then loads a wall of text and doesn't allow you to read articles if you click "decline". You can go back a page of course but it's an inconvenience they must know about and ignored just to bug people into accepting the data collection. Bastards

  6. Anonymous Coward
    Anonymous Coward

    GDP....Aaarrgggh!

    It has become a nightmare since GDPR came into effect. As other commenters here have noted, there are plenty of sites that force you to check or uncheck dozens of tracking cookies one by one.

    And because my browser is set to delete cookies automatically every time I end a session, you get the nag screen EVERY TIME you subsequently come back to these sites. This stuff is quickly making many web sites unusable (Not El Reg, I hasten to add).

    One site (which shall remain nameless) simply says "you may want to think again" (or similar) if you refuse to give it carte blanche to use trackers as it sees fit, and denies access!

    1. Anonymous Coward
      Anonymous Coward

      Re: GDP....Aaarrgggh!

      "It has become a nightmare since GDPR came into effect."

      Nightmare? You don't mean utopia? There is now a banner to tell you that those websites are not worthy of your time.

      "And because my browser is set to delete cookies automatically every time I end a session"

      It's year 2000+, website changes too much for cookies to have any meaning to be kept on disk for long term. Every user should be doing that.

      1. VinceH

        Re: GDP....Aaarrgggh!

        [Browsers set to wipe cookies at session end]

        "It's year 2000+, website changes too much for cookies to have any meaning to be kept on disk for long term. Every user should be doing that."

        Speaking as someone who also configures the browser to wipe on close, yes, I agree - browser developers should be thinking along these lines: Make this the DEFAULT behaviour if you truly value the privacy of your users.

        And as a further suggestion: Consider how to implement a UI to go hand in hand with that basic default that can be used to allow exceptions, without the user going into the settings and doing it manually - some kind of button on the toolbar, clicking on which shows the cookies in use by the currently displayed site, and an exception toggle by each one, perhaps, so it's on an individual cookie basis, not a site/domain basis.

        (Although for all I know there could be add-ons/plug-ins that offer something like that - along the same lines as Ghostery, but for adding end-of-session-wipe exceptions).

        1. Anonymous Coward
          Anonymous Coward

          Re: GDP....Aaarrgggh!

          > Make this the DEFAULT behaviour if you truly value the privacy of your users.

          > And as a further suggestion:

          Yup, fully agreed. In this day and age "private mode" is old school. That should be the default mode and then, as you suggest, you should have an "allow this site to persist data" option. Latter on we can further refine *what* data should be allowed to persist.

          Between 99 and 135 percent of sites one visits are not worth remembering about, let alone having their traces soiling one's browser's cookie store, cache store, session store, local store or indexed DB store.

    2. Anonymous Coward
      Anonymous Coward

      Re: It has become a nightmare since GDPR came into effect.

      It wasn't a nightmare before though, because I was being silently exploited so that was fine.

      Honestly, all the bitching on here sounds like you'd rather be tracked round the internet because "clicking is hard".

      The people who make sites unusable are the dicks. They've done it to try and get a backlash against GDPR because they want to make money off your data. The angry posts complaining about change are just what they need, "See, punters don't like having control of their data!".

      Sometimes you have to put up with a bit of shit to get where you need to be. Suck it up.

  7. Anonymous Coward
    Anonymous Coward

    Banner Opt-in = GDPR compliance?

    From a certain website Banner: "We use cookies to understand how you use our site and to improve your experience. This includes personalizing content and advertising. To learn more, click here. By continuing to use our site, you accept our use of cookies, revised Privacy Policy and Terms of Use."

    And GDPR: "Silence, pre-ticked boxes or inactivity should not therefore constitute consent."

    Usually I would straight out close that website. But let say if I silently ignore the banner and continue to scroll around that website, then under GDPR it's therefore not constitute consent. Doesn't that mean the website already broke GDPR compliance?

    1. Anonymous Coward
      Anonymous Coward

      Re: Doesn't that mean the website already broke GDPR compliance?

      Yes.

  8. Anonymous Coward
    Anonymous Coward

    you have to opt-in to have a cookie stored that says you opt out!

    They set an opt out cookie, which they can easily as much track as an opt-in one.

    it's madness.

    1. Anonymous Coward
      Anonymous Coward

      Re: which they can easily as much track as an opt-in one.

      Not necessarily. If the cookie is named "Tracking opt out" and the value is "true" they don't have much tracking capability. If the cookie is named "{random user guid} opt out" then yes, they're tracking you.

    2. Arthur the cat Silver badge

      Re: you have to opt-in to have a cookie stored that says you opt out!

      I just wish you could have one master cookie to deal with the lot:

      Cookie: tracking=just-fuck-off-and-die

      1. Dan 55 Silver badge

        Re: you have to opt-in to have a cookie stored that says you opt out!

        That's called the DNT header.

  9. Anonymous Coward
    Anonymous Coward

    how long

    until the internet is completely useless?

    google isn't even a useful most of the time for a search.

    Now we have to click OK to a bunch of crap, before seeing if a page is useful.

    pages that are just text are now a Risk for not using https, while all exploited sites are https.

    censorship makes sure you only see puppies and pretends violence doesn't exist. And will lock you up for posting about it.

    Politicians ruin everything for a little bribe, and press time.

  10. SImon Hobson Bronze badge
    Big Brother

    And yet, no-one has yet mentioned the sites where they offer categories of cookies - those essential for the site to function which you can't turn off, and others that you can turn off. But, when you look at the list of "essential" cookies they are msotly anything but essential - like Google (and other) tracking cookies.

    I can understand why so many are doing this - after all, many sites are entirely funded by advertising and to actually comply with GDPR fully would significantly reduce their income (or so it's alleged by the snake oil salesmen who tell the advertisers how much more valuable is a "targeted" advert). Still doesn't make it right or legal - but I can see why they'd be trying their luck.

    1. JohnFen

      "many sites are entirely funded by advertising and to actually comply with GDPR fully would significantly reduce their income"

      I'm playing my tiny violin right now.

      1. SImon Hobson Bronze badge

        I'm playing my tiny violin right now.

        Well OK, you're posting on TheReg and (I assume since they don't have the option) not paying them a penny for the articles you read or the ability to engage in the comments. The reason you can do that for "free" is because they sell advertising space on the site.

        This is more or less the same process that allows most print magazines, newspapers, journals, etc to survive. It's certainly the way the "free" papers survive.

        Too many people forget this simple fact - the internet is only "free" if someone is paying for it for you. I have a small information site/blog which is free to users and has no adverts or tracking features - it is free to users because I pay for hosting it myself just because it's a topic I have an interest in.

  11. clyde666

    Since GDPR I've found a big increase in spam. Mainly to my business email accounts.

    Looking at these, it appears there are "single use" domains being setup for spamming, probably used only for a day or two. Many have the word mail, or email, or e , in the domain name. I can block them but the same rubbish comes through the next day "from" another domain name.

    Typically applies to first aid courses, news sites, water coolers, staffing, business finance.

    There's no doubt in my mind that this increase is a direct result of GDPR opt-ins. Somebody somewhere got my email address verified as a real live one.

  12. george1

    Cookie consent is a cookie warning that pops up on your websites whenever a user first visits the site. It's the website banner that declares the cookies and tracking present on a website and gives the users a choice of prior consent before their data is handled.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like