• 01 Mar 2024, 16:27
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  
Pages: [1]   Go Down

Author Topic: A dream for a post-GDPR internet: Skeleton Cookies  (Read 13524 times)


  • Methuselah's mentor
  • *****
  • Offline Offline
  • Posts: 5,009

I've been thinking about the ever-increasing pain in the ass that cookie permissions and tracking preferences are becoming for those of us who prefer not to be tracked online. Some places make it easy and just let you click 'Reject' and be done with it, but in the vast majority of cases you have to click through a few prompts to get to the 'Reject All', if that option is even there. If you're lucky, all tracking options will be disabled by default and clicking 'Accept All' enables them all, while 'Save and Exit' leaves them disabled. If you're unlucky, every option that is disabled by default also has a 'Legitimate Interest' tickbox that is enabled by default which they add to exploit an apparent loophole in the GDPR saying they can track you if it's in your interest that they do so, so you end up having to untick a bunch of stuff manually anyway.

It makes me wish for a big "NO!" button that I can hit on every website that turns off tracking in every way. I could, of course, achieve this by blocking cookies entirely and always keep my browser in privacy mode, but that means that I still have to click away the cookie permissions window every time I visit a website, so that doesn't solve the problem at all. I just want to stop websites from asking me about cookies and assume that my answer is always no to everything, unless I specify otherwise. Ideally, there would be a file on my computer that, when the website looks for a cookie, tells it to stick its cookies and permission popups where the sun don't shine, and stop asking. A Skeleton Cookie, I'd call it.

Now, given the heterogeneity of modern web infrastructure, this probably isn't possible with a single file that every website is able to interpret. Instead of a single, all-encompassing skeleton cookie, it might be feasible to have a collection of them: a cookie from every website, 'skeletonized' to contain the minimum information possible for the website to know not to track you and not to ask you about permissions. Since most major companies outsource their site's GDPR compliance, most of their cookies work the same too, so if you know what a cookie looks like for the most common tracking services you can automatically adapt those to whatever website using them to visit.

But that's not going to work for everything, there are probably websites that do their cookies in a way that no one else does, so you couldn't just use a rubber-stamp-skeleton-cookie (I know, mixing a lot of metaphors here) for them. For all other cookies, you could probably maintain an online repository that contains skeleton cookies for every website that has tracking pop-ups. By having this as a browser extension, it would download the skeleton cookie whenever you visit a website you haven't visited before, and serve that up before it manages to hit you with the popup.

Obtaining a skeleton cookie for every website in existence would be challenging, but it could be easily crowdsourced through the same browser extension. Whenever a user visits a website that the repository doesn't have a skeleton cookie for, they could go through the process of unticking all the permission boxes, upload the resulting cookie to the repository, and have that available for any future visitors. (With a few submissions extra to add redundancy and make sure no one accidentally submitted an 'accept all tracking' cookie.)

So, that's my dream. Is it completely infeasible? If not, who do I pay to make this happen?
Quote from: snalin
I just got the image of a midwife and a woman giving birth swinging towards each other on a trapeze - when they meet, the midwife pulls the baby out. The knife juggler is standing on the floor and cuts the umbilical cord with a a knifethrow.
Pages: [1]   Go Up