I'm getting tired of feeding the Cookie Monster... 🍪 💻️ 🐷

thunderdragon

Hi all! 😇
As someone who uses a non-persistent operating system I start each session with a totally clean browser - No cookies, no settings, and no data is preserved from any previous session. This is fantastic for security, but ever since the introduction of the Cookie Law this means that every time I visit a website I have to configure and set my cookie preferences and permissions.
For sites like giffgaff - Where the cookie window pops up and blocks doing anything else until the user has given it attention - This is a pig of the highest order, and has become even more of a problem ever since a recent update meant the login form (Unlawfully) no longer works if JS is disabled. 🐷 👎️

Now I don’t mind the cookie modal itself, but being forced to attend to it before I can use any other function (Including logging-in) is not at all ideal. In forcing the user to both enable JS and interact with a specific item of code it might also contravene the Computer Misuse Act in that it forces the user to perform a process on their computer which they might not necessarily want to perform. 👩‍⚖️

Surely there are ways around this sort of thing that giffgaff could easily implement, and my suggestions for this would have to be via User-declared preferences which could be provided by querystring parameters or values presented via the browser user-agent string. 💡
If this was provided all I’d need to do is add ?cookie_perfs=on&cookie_prefs=on&cookie_targeting=off to the URLs I’m typing when I come to the giffgaff site (Typing that is much quicker for me than the cookie menu) and not have to work through that blasted modal every single time. 🏄️

In declaring my cookie preferences in this way I’d also be overtly declaring these to the site from my end, which’d satisfy the law in this respect - My deliberate declaration of those parameters/preferences would constitute wilful opt-in under those laws. 👍️

Is there any possibility giffgaff could consider supporting this - And removing the JS requirement for the login page - Please? 😇
+++ 🚄 ThunderDragon 🤘 +++

frenchielove

thunderdragon oh, this wasn’t what I expected, trust me, all I think about is food 😂

z201205

thunderdragon even with a normal browser, I keep getting prompted to accept cookies when I log in to giffgaff website. I wish that I could set up a bookmark so that I didn’t have to interrupt my browsing experience with these pointless cookie prompts.

blackfive460

thunderdragon Is there any possibility giffgaff could consider supporting this - And removing the JS requirement for the login page - Please?

+1 on that.
Particularly the JS requirement.

muddycalhoun

thunderdragon I do wholeheartedly agree!
I operate various privacy controls and virtually every webpage throws up its cookies policy to accept.
Generally I would continue using those that don’t obstruct the whole view of the webpage but unless it is vital I just dump any that fully block the view of the contents.
If everyone did this the websites would soon change their cookie policies, people refusing to visit your site means less advertising revenue means the cookies policy would be revised.
The cookies law is a perfect example of a good intention paving the road to you know where.

If you want to see a cyber hissy fit and you use an Android device deny all permissions for microphone access and camera location etc to the messages app. You will be staggered at the persistence used to try and badger you into restoring the permissions

peterdbsc

thunderdragon

I also am fed up of having to set cookie preferences on virtually every site I visit.
Many of these preference menus are deliberately misleading in the way they are set out.
IMO the default should be functional cookies only perhaps with a tick box (not pop up) on the home page where you can choose to allow all and sundry to have access, if you’re that daft.

egglassa

z201205 great point

thunderdragon

z201205 I wish that I could set up a bookmark so that I didn’t have to interrupt my browsing experience with these pointless cookie prompts.

That’s one reason for why I’m requesting the ability to declare these by querystring or similar method that’s easy for the user to present to the site on first access. If the user were to openly declare their cookie preferences on first access this’d stand compliant with the cookie laws (It both proves the user is aware of cookies, and has expressed their preferences for them) and no modals would need to be presented. 👍️

Indeed, I’m quite surprised browser user groups havn’t already proposed standards for expressing those preferences in-browser for that purpose! 🤯

skier Totally agree about the intrusive modal cookie nonsense, but trust me, having already answered doesn’t stop them asking again next time.

If the user has already expressed their cookie preferences in the past - Whether on a prior visit, or by using in-browser declaration - I’d sooner see persistent Cookie badgering outlawed as being intrusive and defiant of the users’ right to not have their privacy or activity disturbed. I’d also view periodic review (Once per year or longer) acceptable, though. 👍️

blackfive460 +1 on that. Particularly the JS requirement.

Glad to see I’m not the only person who finds Any enforcement to have JS enabled offensive! I’ve long been of the mind that forcing the user to have JS turned on (Which is entirely the users prerogative, not that of the website operator) might well contravene the Computer Misuse Act - It forces the user to execute code on their computer that they have every right to choose not to execute on their system! 👩‍⚖️ 📜 ⚠️

It needs to be noted that JS and other technologies can - Potentially - Download anything to the users device and also store it on that device, often without the users knowledge. In theory one could use this to cause the storage of photos of TGVs on everybody’s devices…And if one can exploit this to cause the local storage of photos showing high-speed trains, they can use it to cause the storage of photos (and other media) showing literally anything! ⚠️ 🤯 🚫

One of the main reasons for my use of non-persistent OS’s is to prevent persistence of anything which is sneakily downloaded to the browser in that fashion with the intention of exploiting the user at a later date. If a malicious website were to cause the download of a strongly protected work of copyright^ to my PC with the intention of leveraging that against my legal reputation in the future (i.e: You pay us, or we tell the copyright holder that you have an illegal copy of work on your PC) the fact that work ended up on a RAMdisk - The contents of which became irretrievably lost when the PC was turned off - Means no evidence of this could be recovered from the user end, and no claim for theft of work or other copyright infringement would stand up in court. 👍️
(^ - I use strongly protected work of copyright here as an example, but there are other types of content that could be fed to a users browser which would lay them open to charges for far worse offences than just copyright infringement… ⚠️ 🚫 🤯 )

inspiron42 You can thank the EU for all those pointless cookie prompts. A complete waste of time and encourages automatic clicks on pop ups, increasing the risk of activating viruses, Trojans etc.

I don’t think this is just an EU ruling, although I’m aware it’s one of the many things the EU mandates - It’s the way this sort of thing works that appears to be (V..e..r..y s..l..o..w..l..y 😉 ) bringing me around to accepting Brexit💩 for what it is. 👍️

That said; Leaving the EU doesn’t necessarily mean we’ll see an end to the cookie modals. Aside from the fact EU law will still apply on day one after we’ve left the CU due to the working of the Great Repeal Bill (Which I have to concede I think is a good way of going about it) there’s every likelihood HM Government might choose not to change the law in that regard, or could potentially change it to something worse! 🤯

muddycalhoun I operate various privacy controls and virtually every webpage throws up its cookies policy to accept. Generally I would continue using those that don’t obstruct the whole view of the webpage but unless it is vital I just dump any that fully block the view of the contents.

That’s one of the best things about knowing how to use the Developer Tools! Annoying full-page cookie modal? Just delete it from the DOM! 😃

The only thing is that websites are increasingly becoming aware of this and are using more convoluted techniques to try to work around it. Where having JS off used to simply mean a page with no active content (And often no ads) it now tends to result in an apparently empty page until you find some deeply buried element whose CSS parameters are somehow forced to apply to the entire page. 💻️ 🔀 🤯

I’d so love to see laws bought in which oblige the display of basic content to all browsers by default and without any JS or cookie support, but the likelihood of that happening whilst we have a Conservative government in place is probably quite remote… 🇬🇧 💰️ 😉
+++ 🚄 ThunderDragon 🤘 +++

inspiron42

You can thank the EU for all those pointless cookie prompts. A complete waste of time and encourages automatic clicks on pop ups, increasing the risk of activating viruses, Trojans etc.

skier

Totally agree about the intrusive modal cookie nonsense, but trust me, having already answered doesn’t stop them asking again next time. I’ve lost count of the number of sites that badger me to accept all cookies, but when I open the ‘manage’ page they’re all still set to ‘Off’ from last time I visited. Come on, I’ve already chosen & allowed that decision to be persisted. Play fair. (As it happens I do allow cookies from giffgaff so that doesn’t apply to this site)

muddycalhoun

thunderdragon the likelihood of that happening whilst we have a Conservative government in place is probably quite remote…
(Even the right wing media call the outrageous handing out of multimillion contracts to pals of boris without any tender process especially during the pandemic is just given s soft term like “chumocracy” when it was a labour government, I think no better of any politician without their actions being taken into account, the media chose the more negative “cronieism”)
Remote, like rural Mongolia! when most of our ruling chumocracy either own or are deeply invested in these companies

harrrrrry

thunderdragon Indeed, I’m quite surprised browser user groups havn’t already proposed standards for expressing those preferences in-browser for that purpose!

This could and should have been a requirement imposed by most governments to make the DNT1 (Do not track) header legally binding. Sadly, governments failed to do that and instead brought in unhelpful cookie rules that do little to solve the problem.

There’s a newer proposal
https://arstechnica.com/tech-policy/2020/10/coming-to-a-browser-near-you-a-new-way-to-keep-sites-from-selling-your-data/ but unless it is mandated by the major governments, it’s doubtful if google and other companies that exist wholly or mainly to spy on you will take any notice.

thunderdragon I’d sooner see persistent Cookie badgering outlawed

Agreed, but a header similar to DNT1 (maybe DNT2 😮 ) is needed to announce the requirement to the site. Otherwise, the site has to perform some kind of tracking to identify the user has opted out of tracking, and that’s self-contradictory.

The opt out has to be performed by a mechanism that prohibits tracking. Any mechanism that requires compulsory tracking in order to implement the opt out from tracking is inherently providing a tracking mechanism. This can only be achieved by a header that announces anonymously that the site must not track, not may it prompt for permission to track. And then, because many sites would defeat that by requiring compulsory login, there needs to be a legally imposed requirement that most sites must provide at least read-only access to public areas without a login – in the same way that giffgaff currently does.

Yes, there has to be an exception for sites with subscription-only content. But equally, there needs to be a legally imposed requirement that search engines provide an option to show only non-subscription results and sites with only non-intrusive advertising (ie, nothing worse than a traditional printed newspaper)

None of this is something that companies like google are likely to implement voluntarily, because they’re in business primarily to spy on you and they only earn money if they can rely on sites displaying intrusive advertising.