Good Cookies citizenship

This morning, I was pounding away on my keyboard attending to emails, iMessages, and blog posts arrived during the night, when the active app on my 16 GByte MacBook Pro (Safari) refused to accept any more input. Of course, I had north of 16 apps open, but I couldn’t force responsiveness from Safari just by giving it more room. but, as I Command-Q’d my way to a more organized desktop, I uncovered a “here’s how we use Cookies” dialog from the developers of PDF PenPro, promising to let me use their explanation of their purpose to decide which ones I’d allow to be active.

I soon discovered that this “dialog box” was crammed with an amount of text perhaps equal to the FREE “Take Control of…” book just released that guides users through the application’s new interface.

Am I alone in thinking that these “how we use cookies” explanations have become perverse. Can’t they at LEAST be multilayered; e.g, into explorable lists, such as:

  1. The app won’t run without them
  2. The app will interact with others much better with others if you allow them
  3. These make money for us and you can forbid them to do so

A deeper explanation for the user would be accessible by a single click.

The worst thing about the “dialog” from PDF PenPro, was that, at its end, was a single button, labeled “Accept.”

Wow, I frequently see ‘please let us put cookies in your browser’ boxes on web pages, as I use Vivaldi and have it blocking both advertising and tracking by default. But this is the first time I’ve heard of such a box appearing in a Mac app. Personally, I feel that the user should only be presented with this when necessary, such as if they’re enabling functionality that requires use of online services. Doing so at startup or after an update seems to me like a CYA (Cover You A**) by the developer rather than a genuine attempt to give the user an informed choice, particularly if the only option is to accept the cookies.

My belief is that this is the result of an unfettered explosion of available information.

I’m in the process of selling one house and buying another. The boiler plate text lathered on me via DocuSign, allegedly designed to protect me, actually OVERWHELMS me, and I would challenge anyone who counters that it’s in my best interest to read it all. It belies common sense. Now, what I saw (perhaps it was from the publisher’s website rather than from PDF PenPro the app itself) might have been an excellent treatise on the issue of cookies, but even the cookie monster could never have ingested, let alone digested all that information if his purpose was to begin using the application!

Of course, far more sinister are the many, many “please let us have your permission to track you” cookie “warning” popups in which it’s impossible to tell whether you’re granting or denying the presenter the right to share/steal your private information and/or shopping habits.

If you run an ad blocker, there are filter lists to block these notifications :smiley:

I run the Fanboy’s Annoyance List via Adblock Plus. I still see some cookie notifications, but not nearly as many as I get without the block list.

As I understand it, the GDPR law requires any web site to notify you before sending you a cookie. Since virtually all web sites use cookies (some for legitimate purposes, some for spamming), you are pretty much required by law to see these aggravating popups everywhere you go.

Which is why there are apps that exist for the purpose of blocking them.

1 Like

Yes, here’s a good overview of the situation.

In short, it sucks. Cookie banners are the modern-day shrink-wrap licenses, where no one reads them, very few people care, and they just present yet another roadblock to getting your stuff done. What’s troubling is that they’re far more prevalent than shrink-wrap licenses or end-user licensing agreement dialogs in apps.

We have one that’s undoubtedly not fully compliant (load the TidBITS site in a private browsing window to see it at the bottom in tiny text) but hopefully results in a better user experience.

The best cookie banner I’ve seen is created by Cookiebot. You can see an example here:

But that would cost us $41 per month, over a third of what we pay for our Web hosting in general, and it would create a far worse user experience for every single person who visits our site. And we don’t even do any tracking! (Other than Google Analytics for basic Web stats, and I’m this close to turning that off.) But WordPress and Paid Memberships Pro and Discourse require some cookies, so we can’t just turn them off.

The entire situation is maddening.

1 Like

What’s especially insane – and ironic – is that apparently the sites can’t save a cookie to remember your preference to not show the banner.

I keep seeing the same cookie warning on sites I visit regularly, even though I repeatedly tell them it’s fine. It’s especially annoying on small screen devices where between the ads and the cookie warning, you can only see a few lines of content!

Indeed. I don’t understand what’s going on technically. On our site, when you dismiss the cookie banner, it stays gone for 180 days, but various actions can bring it back sooner, I think. So something must be storing its state. We use WordPress and Jetpack, and it’s a Jetpack widget.

I have always assumed that the cookie banner is driven by a cross-site cookie, and that having cross-site cookies disabled prevents it from knowing that you’ve already seen and clicked through the banner. What I’m not clear about is whether clicking through on the cookie banner enables cross-site cookies as well as the site-specific cookies, or whether the cross-site setting is still honored.

I’m currently frustrated because the payment web site for my kid’s day care requires cross-site cookies to function, so I have to turn them on and off every week in order to make my payment. Since the start of the pandemic, they’ve stopped accepting paper checks.


Does your browser require an all-or-nothing approach to third-party cookies? Firefox’s “enhanced tracking protection” feature can be disabled on a per-site basis. So you can disable it for your kid’s day care site and leave it enabled everywhere else.

Similarly AdBlock Plus lets you disable ad blocking on a per-site basis.