

CookiesOK browser plugin - jaap_w
http://cookiesok.com/

======
watt
Why can't sites just provide simple cookie-less browsing experience, turning
off their cookie-based features? Instead of forcing this click-through just to
show the article, they should just show what they can in read-only mode
(without sending the cookie). This is such a misguided knee-jerk campaign from
developers.

Cookies are NOT OK, I don't want to see them, and just show me the article (or
page I originally came to view), thanks. And after I have viewed it, and if I
decide to become a user of your site - then you will have my permission to use
cookies.

The click through pages are the worst (like what www.games-workshop.com has).
The pop-up/notification bar some news sites have (like bbc.co.uk) is somewhat
acceptable, while obnoxious, as it allows you to read the content without
accepting the cookies, and just go your merry way when your're done.

So this plug-in is going to auto-accept the cookies on your behalf. But why
would you want to do this?

~~~
jonknee
If you don't want my cookie, feel free to not use my website which is provided
to you free of charge (and ironically, if it was not free you would definitely
need to accept the cookie). It does me no good to provide you a service when I
can't monetize it.

I don't understand the sense of entitlement. The result is annoying, but
that's because of the poorly thought out law. If you don't want annoyed, use
this extension.

~~~
watt
I guess if you are putting some service out there, you actually WANT people
viewing your content/using the service. Way to antagonize your potential
customers which such "my way or the highway" attitude!

And how do you feel about the 'Do not track' header?

~~~
jonknee
What if the service comes with accepting a cookie? A potential "customer" that
does not accept cookies is simply a waste of bandwidth.

Not a big fan of DNT, it relies on trust which prevents it from working when
you want it to most. If you don't want tracked, don't accept cookies. If you
can't use a service without cookies and are not happy using something like
Incognito mode, stop using that service.

------
maqr
Perhaps web browsers should just include an option to disable cookies. That
way, websites wouldn't have to display these kind of alerts, and users
wouldn't have to trust that all sites will actually display these warnings
before setting a cookie. One could even imagine an advanced web browser
feature which would allow users to allow or deny cookies on a per-site basis.

~~~
gavinpc
Sarcasm aside, it's curious that lawmakers (even in Europe) thought it better
to make a requirement of O(N^N) site owners rather than "require" that O(5)
browsers implement a feature which they all do already.

I always use cookies on a whitelist-only basis, and it is quite common to find
web sites that require cookies for no good reason -- sometimes, I suspect,
without even realizing it -- and then fail with no message when cookies are
disabled.

I believe that cookies should be regarded as a progressive enhancement. If
your web site requires cookies to implement a paywall, then detect when they
are disabled and say so. If you can add features when cookies are available,
great; if they're not, let me know what I'm missing. But don't tell me that "a
browser error is preventing me from logging in," as many sites do. Once again,
I'm sure this is boilerplate code that the actual site owner isn't even aware
of.

------
digitalengineer
"CookiesOK searches for the accept buttons and triggers the click event" So
what happens when someone injects something other than just the cookie code?
My browser will auto-accept that as well?

~~~
r4vik
that's why I didn't go down this route; most sites keep serving cookies until
you tell them not to so I've found that an adblock filterlist works very well:
<https://github.com/r4vi/block-the-eu-cookie-shit-list> where we just hide the
entire cookie cruft every time or block the cookie prompt script if it's a
widely deployed plugin

------
jiggy2011
Does anybody know if this is actually being enforced in any way? (The cookie
law that is?)

I'm in the UK so use a bunch of sites here. What I have noticed is that only
large active sites by big companies and orgs actually have cookie notices.

None of the other countless sites actually have it at all. So I'm wondering
how long it will be before people just stop putting these things up at all?

~~~
digitalengineer
It's not (yet). Typical 'Big Gov' solution. Extra dumb are websites that force
you to accept the cookies _each and every time_ you visit them. Oh yeah, even
the government's own sites are not all up to date.

~~~
robotmay
Not really our government's fault though; to their credit they did actually
try and fight it a bit. IIRC our regulation (in the UK) has a few differences
from the EU one.

~~~
rmc
All EU countries implement all EU law slightly differently (just look the EU
Working Time Directive). EU law just gives the minimum that countries have to
do.

From looking into it myself, it looks like UK implementation is stricter than
e.g. Irish one.

------
thatcherclay
There is a pretty simple economic argument that people need to consider before
jumping into the cookies are bad camp. The market for display ad inventory
alone in the past year was to the tune of $40b in the US. There are 250m
active internet users. That $40b dollars goes into the pockets of content
producers on the internet that make it the tool it is.

Net, if you wanted to drop all of that and get rid of the advertisers, that is
a balance of $160 per person per year (and growing) that would fall to some
other solution (like increased service charges).

As others have made the case, cookies are important for advertisers. If you
want to fix the problem, need to consider another viable solution that either
does not sweep their legs out or does but provides an alternative revenue
stream to keep the internet alive.

------
doctorfoo
This is great, thought about making something like this myself for a while.

One problem I have with current cookie law, is that it pretty much _forces_
cookies upon those who actually know how to disable them. If someone browses
with cookies disabled, they get all these annoying warnings and yet no way to
turn them off - because turning them off requires a cookie! Insanity.

And the relevant governing body has pretty much admitted that you'll probably
be ok with just a clear description of cookies used. (See the response to
nocookielaw.com)

Oh AND all American websites will just continue as they were before, except
now with an extra competitive advantage.

------
jlkinsel
Does CookiesOK do any type of moderation over the cookies? Checking for domain
scope, cookie flags, reasonable expiration of the cookie?

I understand that "free" sites need advertising revenue, and unfortunately a
lot of ad networks want to track my every move - how about enforcing a
compromise where cookies are allowed for X minutes after I hit the page?

Security-wise, I'm more interested in enforcing that cookies sent over SSL are
not readable via standard HTTP. This tool is a step in the right direction,
but I think a few more features would make it pretty attractive.

~~~
csears
> Does CookiesOK do any type of moderation over the cookies? Checking for
> domain scope, cookie flags, reasonable expiration of the cookie?

Based the "how does it work" section of their site, I don't think it does any
sort of moderation/validation/inspection of cookies before trying to auto-
click the consent button. My impression is that it's strictly a DOM-level
utility and doesn't hook in at the network level where it could observe or
manipulate cookies over the wire.

------
rmc
This plugin has a way for web developers to make their website compatible with
this plugin. This seems pointless. The law is clear that, although you the
developer can rely on web browser settings, those settings must give the user
consent (default web browser 'accept all cookies' do not meet this). Using
this plugin would not meet the "give the user consent", so you cannot rely on
this plugin _and_ be inside the law.

I think making your cookie notice work with CookiesOK is about as legal as
just turning off your cookie notice.

~~~
csears
I think you are missing the point. The plugin is for end users who want
automate the process of giving consent, similar to how a password manager
plugin might help you automate the login process.

If a web developer wants to make their site compatible with CookiesOK to
improve the browsing experience for the subset of their users with the plugin,
what's the harm?

How end users indicate their consent should be entirely up to them. Would you
prefer users solve a CAPTCHA when opting-in to cookies?

~~~
rmc
_The plugin is for end users who want automate the process of giving consent,
similar to how a password manager plugin might help you automate the login
process._

The page has a section on "Making my website Compatible". The plugin
explicitly looks for the "CookiesOK" CSS class. This plugin is designed and
partially aimed at web developers.

 _If a web developer wants to make their site compatible with CookiesOK to
improve the browsing experience for the subset of their users with the plugin,
what's the harm?_

Well it's against the law. The harm depends on your country. It could be a
fine of thousands of euro, and potentially an injunction shutting down your
website.

