I flew to England last year, and boy were my arms tired! Tired of clicking through cookie pop-ups on every website I visited, that is.
Surely you know what I’m talking about: those banners or pop-ups that often appear, unbidden, when you go to a website you’ve never been to before. They’re supposed to tell you that a website is tracking you using tiny pieces of code called cookies and give you a way to refuse those cookies, as required by law in certain places (England, for instance). What the pop-ups usually do is tell you the page you’re visiting uses cookies to give you a better experience but you can — and then at this point you’ve probably stopped reading the fine print and just hit the big bright button that says “ACCEPT” because you don’t have time for this. Now you’ve done exactly what the website wants you to do: agreed to be tracked.
“You’re forced to spend excess time having to engage with this thing, to hunt and find the setting that you may wish is just readily available to you,” Jennifer King, privacy and data policy fellow at the Stanford University Institute for Human-Centered Artificial Intelligence, told Recode. “They are annoying.”
If you’re sick of it being such a chore to preserve your privacy, I have some good news for you: There are ways to reject cookies and block those pop-ups from appearing at all. A new one, called Never-Consent, was announced today. It comes to us from Ghostery, which specializes in privacy-centric web tools. If it does as Ghostery promises, it will make preserving your privacy as easy and fast as it is to click “accept” on those pop-ups now. The cost will be the “personalized” experience that marketers say their cookies provide.
While some cookies are necessary for a website to function and do, in fact, make your experience better, a lot of them are simply there to track you across the internet and collect data about you, usually by companies you had no idea were embedded in that website in the first place. The European Union’s General Data Protection Regulation (GDPR) was supposed to tell users that they were being tracked and give them a way to opt out of that tracking.
GDPR is well-meaning in theory. But in practice, many companies have perverted the rules to give us these deceivingly worded banners that no one understands and everyone hates. If you’re looking for examples of dark patterns, or designs meant to manipulate people into doing or choosing certain things, you can usually find them in your nearest cookie consent pop-up.
“They make it really super easy to click the button that says ‘Yes, I accept all forms of tracking,’ and they make it super hard to say no,” said Harry Brignull, who coined the term “dark patterns” and tracks them on his website. “For example, perhaps they’ll have a maze of menus and dozens of things to click on different pages. None of this stuff really needs to exist — its only purpose is to trick you or frustrate you into giving up and just clicking the big shiny accept button.”
You may have noticed that a lot of US-based websites have them, too. Maybe you’ve also noticed that many more of them have added banners in the last few years. That’s probably because of the California Consumer Privacy Act (CCPA), which took effect in the beginning of 2020. CCPA says websites must at least tell users that they’re being tracked. Unlike GDPR, it doesn’t require sites to give users an option to reject cookies unless the users are under 16 years old. Rather than try to figure out the relevant details — which visitors are teens and which are adults, which users are Europe-based and which aren’t, and which users are in California and which aren’t — many sites have just gone with an opt-in consent banner to cover their bases. And then most of them make rejecting cookies the path of most resistance.
That’s where Never-Consent comes in. It both blocks pop-ups and rejects cookies automatically. Never-Consent will be added to Ghostery’s browser extension in the coming weeks. All you have to do is install the extension and it will do the work for you, the company says.
Krzysztof Modras, director of engineering and product at Ghostery, said that the company basically looked at about 100 existing cookie consent frameworks and figured out a way to automatically reject and block them. The Interactive Advertising Bureau Europe’s framework, for example, is on about 80 percent of European websites, but it was also recently found to be in violation of the GDPR. (Oops!) That means there may be some sites that slip by if they’re not using a third-party cookie consent mechanism known to Ghostery. But users can report those sites to Ghostery, and those frameworks will be added.
There are a few other extensions you can try that do something similar to Never-Consent. If you don’t want to bother with finding and installing browser extensions — and Brignull points out that browser extensions and the companies that make them can also be tracking you, so be careful whom you trust — you can always use a browser that blocks tracking cookies by default. At this point, almost all of them do except Chrome, which is by far the most popular and also made by a company with a vested interest in tracking you across the internet, which is surely a coincidence.
There’s also Global Privacy Control, which automatically tells websites not to sell or share a user’s data. But GPC isn’t available on all browsers (Chrome and Safari, most notably), and websites are only compelled to respect it for California’s users, per the CCPA. The United Kingdom is working on ways to get rid of cookie pop-ups and replace them with a browser-based tool as well. Ghostery’s extension blocked third-party cookies before Never-Consent. But now you’ll also be able to actively tell those websites you don’t want to be tracked in addition to passively blocking their cookies.
“I think the big picture is that it is important to have a tool that not only blocks these things but actively sends a no consent back to the publishers,” Jean-Paul Schmetz, CEO of Ghostery, said.
How much does that really matter to websites that deploy pop-ups designed to confuse and annoy you into submission? I’m not so sure. Especially if, like me, you live in a place that doesn’t have privacy laws requiring companies to respect your preferences. But at the very least, it’ll give you a sense of advocating for yourself.
Just don’t think that your days of annoying pop-ups or being tracked are over forever. Companies are using them more and more to encourage you to sign up for newsletters and marketing emails. That’s their way of still collecting data about you now that cookies are on their way out. As we’ve seen from the proliferation of cookie pop-ups, companies are always looking for — and will likely find — a new way to track you as their current way gets shut down.