That's The Way The Cookie Crumbles

This website uses cookies; its developer abuses cookies (more specifically Chocolate Hobnobs). You can do very little with both of these facts. So, when you see a website alert you that 'this website uses cookies' you are not really empowered, it has nothing to do with McVities and everything to do with Europe - the problem with cookies is not a technical problem but an EU problem.

The EU cookie law (e-Privacy Directive)

Cookies are very small packets of data left on your computer by websites - here, in the EU, it's considered best practice for a website that employs cookies to alert you to this usage the very moment of your first visit. You must then click an annoying alert box to acknowledge your implied consent in order to continue using the website. Why must you do this and why must you be prevented from accessing the website information you want? Well, because since 26th May 2011, the e-Privacy Directive says you must.

The situation with cookies is crackers!

When you come to appreciate that pretty much EVERY website uses cookies these days then you'll come to see why this cookie alert box arrangement is about as meaningful as alerting and forcing car drivers at the start of every road they drive down to accept that: This road uses tarmac. OK? The EU regs were drawn-up to safeguard citizens' privacy but this simple declaration and acceptance of cookie usage does nothing to protect your privacy. You see, cookies in themselves aren't bad but some people who use them to track where you have been might be. The problem the this EUseless legislation is that honest, good websites (which don't abuse cookies) will tell you what they do with the data their cookies collect, bad websites won't now will they?

OK. So what does a cookie look like?

At its most basic, a cookie is a long string of numbers and letters. Your browser typically stores a cookie within a database that's run by your browser somewhere on your computer somewhere behind the scenes; some of the information your browser stores is information deposited by the web server issuing the cookie and other information is stored by the browser to identify and manage the issued cookie. Here's the 13 bits of information that the Mozilla browser stores away inside your computer when accepting a cookie:
id - INTEGER PRIMARY KEY
baseDomain - TEXT
appId - INTEGER
inBrowserElement - INTEGER
name - TEXT
value - TEXT
host - TEXT
path - TEXT
expiry - INTEGER
lastAccessed - INTEGER
creationTime - INTEGER
isSecure - INTEGER
isHttpOnly - INTEGER

Maintaining state

The cookie itself is basically a long string of numbers and letters that's stored in the database under the value field. This long string of numbers and letters is unique to you and your browser and this unique reference allows the website(s) to recognise you. Now, before you gallop ahead, when I say the website can recognise you what I mean is that it merely recognises the long string of numbers and letters as a website user - there is no personal data stored in the long string which is merely a unique reference to a more detailed record held elsewhere and available to a webserver. Yet here's the big issue: you might accept a cookie to be placed on your computer but you will have no idea precisely what it's tracking.

Used appropriately (ethically) a cookie helps 'maintain state' - in other words, if you've logged-into a website upon which you hold an account then the website can and will use a cookie to remember that you've logged-in and who you are. However, if you're logged into Facebook and look at a website that has a handy Facebook 'like' button installed then Facebook can detect you and will know you've visited this website. Let's say this website was, for example, a Hobnob fan-site then Facebook could make an educated guess that you like biscuits and start showing you ads for and content related to biscuits the next time you visit Facebook. Facebook isn't the only website at it, everyone's at it.

What can a cookie track?

The cookie itself is a unique identifier that is the primary key in a database record or series of records which hold pretty much any kind of data you can think of. Cookies are the keys which unlock data that has been collated about you and your browsing habits. Do you logout of Google every time you send an email via Gmail or open a spreadsheet in Google Docs? Probably not; so right now Google knows: that you're reading this blog article; how long you've spent reading this page; what you typed into the search engine to find this page; what you clicked to get here; how far you scrolled down the page; how many pages on this website you looked at.

You see, simply accepting the placement of a cookie by a website inside your browser does nothing to protect your privacy and, therefore, the EU regulation requiring websites to alert users to the use of cookies is, in my opinion, a waste of time. The people that need protection are the web citizens who aren't aware of what a cookie can be [ab]used for; when these citizens are asked by a website if they're happy to use cookies they'll simply click 'yes' in blissful ignorance without the first idea of what they're accepting. The Government body burdened with enforcing this useless piece of legislation, the ICO, kind-of agrees with this too as it's self-assigned role is one of education and not enforcement. Our concerns about privacy online would be better tackled by EU investment in the kinds of public information film I remember as a kid that helped me cross the road safely. It's education and not legislation that'll keeps us safe.

What can you do?

If you're worried about the placement of cookies on your computer then, although the legislative burden concerning cookies falls upon the website, you can modify how your browser handles cookies within the settings of your browser. It is possible to block cookies right across the board or to single-out the blocking of cookies from certain websites. It is also possible to delete all cookies currently stored by your browser (at the time of writing, my browser has stored 3,158) and if you use more than one browser be aware that each browser will be assigned and store its own cookies so clear-out and reset each and every browser you use. However, once you put the lid on the cookie jar you should be aware that blocking cookies will cause certain websites to malfunction.

Given that the major problem with cookies and your privacy is not 1st party cookies but 3rd party cookies then perhaps all you can do is to click banner ads with care and to ensure that you logout of cloud-based services, social networking sites, web portals and search engines when you're done.

What's our cookie policy?

Here at Sub@omic our cookie policy is to encourage website owners/operators to openly declare precisely what they really do with the information they collect. It's possible to state this information using a simple text file that each and every one of us can insert into our websites - a file called /cookies.txt

This comment's written post-brexit. For the record, I voted in. Despite my defiance in the face of a silly EU diktat on cookies, I don't have a 'thing' about the EU and neither do I have a thing about cyber security; I'm all for it.

I only had one active grumble about EU policy and now, equipped with hindsight, I'm rather glad that, thanks to the out vote, we have the chance to lose this whole silly business with cookie acceptance.

I'd like to say that the potential of repealing this silly EU diktat will change the way I work but it won't. To date, I've never encoded a cookie management script into any of our customers' websites, I never saw the point and, instead, believed that the responsible thing to do was to deliver the best possible UX for visitors to customers' websites.

As design professionals we spend our time trying to make online experiences as intuitive (as cognitive) as possible yet silly little warnings about cookies only serve to niggle and get in the way.

Post-brexit, the United Kingdom will need to demonstrate strong leadership across so many walks of life. I'm pleased that, from the point of view of cookie acceptance, Sub@omic continues to demonstrate this notion of strong leadership and takes a certain delight in watching this particular cookie crumble.

Steve Whiting, Sub@omic Ltd30th November 1999Author of 'The Art of Search' - the SEO strategy book 2,500 years in the making.https://www.theartofsearch.co.uk

Insightful words as usual Steve. Firstly thanks for explaining what a "cookie" is. Being a mere technophobe mortal I had no idea! Secondly, I agree it does seem a little strange that I need approve these things, is this the nanny (EU) state at work again? or is this just another Brussels waste of bureaucratic time?
Thirdly, and most importantly I am sure you will agree, I am a little concerned that you chose Chocolate Hobnobs as your biscuit of choice over and above the legendary Jammy Dodger!

guy10th January 2014Whether you're looking for print and copy; worldwide parcel delivery, courier or postal services; mailbox rental or a virtual office package, you can trust the experts at Mail Boxes Etc.

Thanks Guy. And, in answer to your questions: is this the nanny (EU) state at work again? or is this just another Brussels waste of bureaucratic time - it's both I'm afraid. Your experience only goes to illustrate, I'm afraid, just how useless and flawed this EU diktat is - not knowing what cookies are you'd have accepted them from each and every website handing them out. Though none of this is your fault and the finger of blame points to the Regs and the way the web development community has elected to tackle them. Let me know if you find yourself in or around Batford some time soon, I'd be delighted to serve a cookie on you along with a cuppa. I'll need a little notice if your acceptance policy will be for Jammie Dodgers though.

Steve Whiting, Sub@omic Ltd10th January 2014Author of 'The Art of Search' - the SEO strategy book 2,500 years in the making.https://www.theartofsearch.co.uk

Finally! Some common sense prevails. The EU cookie finally crumbles. http://www.bbc.co.uk/news/business-38583001

Steve Whiting, Sub@omic Ltd1st November 2017Author of 'The Art of Search' - the SEO strategy book 2,500 years in the making.https://www.theartofsearch.co.uk

Links

This website and your privacy Cookies and the legal position of the ICO A free resource website all about cookies