undefined | Better HN

0 pointsdx0344y ago0 comments

Saving the decision is an example of a cookie which is technically necessary, you can have those without consent. Consent and the option for opt-out is only needed for cookies that are not needed to run the page. You also don't need permission for session cookies.

0 comments

acer46664y ago

The problem is that, even though they're not obliged to, they give the option to opt out of necessary cookies alongside the tracking ones, and I guess people de-select necessary cookies because they think all cookies are bad.

Then the site has no memory of the user, displays another pop-up, and people complain about constant pop-ups.

In a sense, StackOverflow are giving users too much control over the cookies being set!

sam_goody4y ago

Yes, they are giving users too much control over the cookies being set.

Same as a site that sends you spam, and one of the opt-out options includes ALL emails, including password reset, etc. Users get scared that they don't know what they will miss, and don't opt out.

It gives them plausible deniability for the wrong, while pretending to look good. The result is commonly as OP described - users eventually opting in.

But I don't believe it is innocent, nor do I believe that they somehow have convinced themselves that this is good for the user.

Perhaps I am just cynical, but I think that there exists reasonable doubt.

jeroenhd4y ago

> You also don't need permission for session cookies.

Not usually, but if you use session cookies to do tracking you still need consent for the tracking itself. You can set the session cookie by default, but before you do any extensive tracking (more than technically necessary) you still need a consent dialog.

Of course this is exactly how most websites use session cookies, but I've also seen server side tracking frameworks that abuse session cookies necessary for operation.

j / k navigate · click thread line to collapse