this post was submitted on 31 Oct 2023
932 points (99.9% liked)
Technology
58303 readers
12 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
There are certain things you are allowed to use cookies for even without asking for permission (i.e. they wouldn't even need to tell you about them). These are effectively the kinds of things that are necessary for your website to work in the first place: For instance if you have a dark and a light mode and you want people to change this even without logging in, another example is language settings (this is why sites like e.g. duckduckgo can have a "settings" tab despite the fact you are not logged into anything).
The rule-of-thumb is that everything that is directly related to the functionality of your website is fair even without asking (they are "essential").
Of course the specifics are a little more tricky: For instance you could have a shop in which you can put things into your "shopping basket" without being logged in. This is fine since it's core functionality. However, if you use that same cookie to also inform your recommendation algorithm, you could get into trouble. Another aspect is 3rd party cookies: These, while not theoretically always requiring permissions, in practice do need expressed permission since you, as the website host, cannot guarantee what happens with these cookies (and 3rd party cookies are, in general, an easy way to track users, which isn't core functionality for most websites).
Thank you for the thorough response. Personally, I would like to reject absolutely everything and then have the website tell me which functionality won't work without a cookie as I try to use it.
It would quickly get very annoying because one of those essential cookies is remembering that you rejected the rest.
The law doesn't actually mention cookies at all. Its about tracking users, they need your explicit consent to track you or to share data about you with third parties. Cookies are the primary way of doing this but there are others and they need your consent too.
This is really excessive - the fear of cookies in general is vastly overblown. The only issue is whether cookies are being used for "site functionality" or for "3rd party tracking" purposes. The latter can be achieved through other means as well (a website could simply track your usage if you login and sell that info).
It's not the cookies that are the problem, it's the tracking and the data sharing that are the problem.
If you're really that concerned you can browse in "incognito" mode, use the "Tor Browser" or just disable cookies entirely.