Why don't UK cookie pop-ups have a clear "Reject all" option?
Posted by FutilePenguins@reddit | AskUK | View on Reddit | 244 comments
With the Online Safety Act now in place, I've been thinking about how ideas like consent and user control actually show up in everyday things, not just policy.
One small example is cookie pop-ups. Most UK sites still put "Accept all" front and centre, with "Customise" hidden away - and often no obvious "Reject all".
Given how much people here tend to dislike being nudged or pushed into things, wouldn't a clear "Reject all" option make more sense?
Or do most people just not care enough for it to matter?
ChangingMonkfish@reddit
They are supposed to, the ICO has made it clear that an “Accept All” option must be accompanied by an equally prominent “Reject All” button. A lot of websites have now done this as a result of ICO work in this area.
But there’s thousands and thousands of websites and plenty are still not compliant.
DigitalStefan@reddit
Almost right. You need an opt-out button but it doesn’t exactly have to say “reject all”. Ours for instance says “Accept Essential Only”, which passed muster just fine.
Worth a mention that potentially in spring this year this could quite legally become something like “Accept Analytics Only”, because the UK laws on privacy have changed and we are to be allowed to collect user data for the purposes of analytics by default.
Sad-Ear230@reddit
If that indeed passed muster, then your law is flawed. That is willfully deceptive.
ChangingMonkfish@reddit
Yes sorry, it doesn’t have to say “Accept All” or “Reject All” literally. It has to be as easy to reject non-essential cookies as it is to accept them would be the better way of putting it.
Vegetable_Brief_4509@reddit
Sometimes you have to click customise and turn off EVERY SINGLE preference
smeghead9916@reddit
And the fact that some sites make you pay to reject them...
cgknight1@reddit
So they expectly virtually nobody to pay but they provide it to indicate the option exists.
Antergaton@reddit
Recently found out this includes Good Food. No more recipes from there for me, it seems.
fgalv@reddit
Can’t you just block the cookies at a browser level? So even if you click accept it won’t allow cookies?
sheepandlambs@reddit
Blanket blocking all cookies is a really bad idea. And doing it manually for every website takes ages.
TurbulentDivide4542@reddit
It's a bad idea if you don't know what you're doing. Right now I'd rather whitelist cookies rather than have to deal with websites forcing me to accept them.
TurbulentDivide4542@reddit
You used to be able to block all cookies (rather than just 3rd party ones), but this option has vanished from Chrome.
tcpukl@reddit
Like incognito?
DigitalStefan@reddit
Incognito famously does not block cookies.
Nor should it. Some of us have to actually debug all the nonsense surrounding cookies and user data collection and that can only really be achieved sometimes in an incognito session.
Antergaton@reddit
Multiple devices, multiple browsers. I'm just lazy. I mean I know how to get around it at a HTML level by pressing F12 on desktop, I'd rather just go somewhere else.
SubArcticTundra@reddit
Use ChatGPT for recipes. It cuts out all the babble and will eradocate these kind of sites eventually.
tcpukl@reddit
Yeah I recently discovered Good Food has done that as well. I fucking hate that policy so will also never be visiting it again.
On the mobile app I've also left a scarring review to tell them as well.
mizzamoo@reddit
They did an AMA on a sub Reddit and I asked this question.... Not only did I receive a 90 day ban for the question, I got piled on for it, like I was absolutely wrong to ask it!
thehatteryone@reddit
Very weird - it would have been much more useful to explain that content costs money, writers don't write for free, editors don't edit for free, systems don't run by magic, that also costs money. If people aren't paying for content, the web no longer really allows sites to self support by ads or tracking data. Unfortunately we've trained people to just expect everything in their digital world to be free or somehow "ad supported" even though that was always a bit of a scam and now mostly nonsense.
TL;DR Pay for content you like, else you'll find the only content available will be whatever makes someone else money, rather than stuff that actually makes you happy.
tcpukl@reddit
Wow, where was the AMA?
mizzamoo@reddit
It was on UKFood
SeoulGalmegi@reddit
Ask Me Anything!
No, not that.....
im_a_spacecowboy@reddit
You can prevent it coming up if you are quick enough at stopping the page loading.
littlenymphy@reddit
Use BBC Food instead, no ads or anything and has most of the Good Food recipes anyway.
savagelysideways101@reddit
Wait until they start asking for a tv lisence for it though!
elevated-pixel@reddit
Different part of the BBC - it’s not funded by the TV License.
AndrewPSSP@reddit
It most certainly is! BBC Food (bbc.co.uk/food) is part of the corporation's PSB offering, and is one of the many things funded by the TV Licence.
flalex05@reddit
Copy the good food link into cooked.wiki
It'll rip the recipe right out of it, and you can save it to an account there for future use. Avoids all the forced cookies, and still gets you the full recipe you want
ParticularSuite@reddit
use Brave browser - it blocks a LOT of that stuff
Unfair_Sundae1056@reddit
Try the app Mealime, the free versions decent
pwx456k@reddit
Cutting off your nose to spite your face there - from the iOS App Store privacy notice:
nat_urally@reddit
This just means data you choose to put into the app. iOS apps can’t scan your phone or access photos, files, messages, etc without explicit permission. Apple enforces that at OS level.
pwx456k@reddit
Neither can the web site the OP is referring to without permission; the point is that switching to a free app because it is more privacy-friendly is potentially counterproductive (we've all switched off allow requests to track in tracking transparency and/or would never thoughtlessly click on allow, right? right?). Even in supposedly high trust environments, expect apps to push the boundaries of sneaky - like making sure you open links in their in-app browsers, or (in the past) abusing canOpenURL. And that's on iOS, let alone Android...
nat_urally@reddit
You’re talking about a different layer. OP’s question is about cookie consent on websites, not app behaviour or OS permissions. “Reject all cookies” and iOS app privacy labels aren’t equivalent and don’t solve the same problem.
pwx456k@reddit
Different of course, but equivalent in the overall context - it's quite legitimate to point out that a suggested solution is not a panacea when it is touted as the answer to a problem.
Unfair_Sundae1056@reddit
The answer to the ‘problem’ would be pay to reject. They don’t want to. So as an adult they can check the app I’ve said and choose whether they want to download it or not.
If you’re scared of being tracked because you visit dodgey sites then that’s your problem, not mine.
pwx456k@reddit
Without truly disappearing way OT, healthy concern over illegitimate tracking has nothing to do with whatever your browsing proclivities are, whichever definition of BBC you might regularly visit.
nat_urally@reddit
I don’t think anyone was presenting this as a solution to OP’s question. It was just a personal response to a specific practice, not a claim to have solved the broader issue.
pwx456k@reddit
I read the thread as 'not using a web site because tracking => try this app instead', but I think we are just talking at cross purposes now, so - Happy New Year!
Unfair_Sundae1056@reddit
If only I cared.
tcpukl@reddit
Thanks, just installed it.
apokrif1@reddit
F9 in Firefox often works wonders 🤗
ARobertNotABob@reddit
Just get a cookie-accepter, eg : https://chromewebstore.google.com/detail/accept-all-cookies/ofpnikijgfhlmmjlpkfaifhhdonchhoi
Lj101@reddit
This is the opposite of what everyone is complaining about
ARobertNotABob@reddit
Then you don't understand cookies. If you reject them all, your shopping basket empties at each page refresh, for example.
AnnieByniaeth@reddit
I think you're the one who doesn't understand cookies.
Certain cookies (session cookies for example) are genuinely necessary for the site to work. Other cookies, and in particular tracking cookies (they're called that for a reason) are not necessary.
If you are just looking at a recipe, there is no need for a session cookie because there is no need for a session. The site might offer certain customisations which you might miss out on, but it should not affect your ability to access the site.
bobbypuk@reddit
Just open a private session for each website and close it after you're done. Hopefully should be no cookie leakage to/from that session
DigitalStefan@reddit
This wouldn’t work. Not for everything.
Doing this does not mask your IP address, so now you have to use a VPN as well.
Google and the rest will be collecting your IP address as you move between sites. They all also still collect things like screen resolution and the somewhat more identifiable “viewport size”, so now you also need to make sure you always run your browser window maximised otherwise it becomes an identifiable data point.
The short story is you need to use several mechanisms and be consistent and vigilant if you are aiming for true privacy. It is not an easy task.
bacon_cake@reddit
Lemme boot up the Linux distro and fire up the VPN - I'm making "10 protein-packed winter dishes to fuel your body and keep you going" tonight!
bobbypuk@reddit
It gives me enough sense of privacy for the ads that Good Food is serving. I use the same procedure for Guardian and local news sites. VPN for anything I'm bothered about.
Khaleesi1536@reddit
Yep this is what I do. Most of my phone browsing is in private windows for this reason
MagicBez@reddit
I just run them through an archive website that strips everything else out of principle
Vegan_Coffee_Addict@reddit
Bbc has a food recipe site that is my go to, no ads, no life story and all in UK measurements.
ChangingMonkfish@reddit
This isn’t fundamentally illegal or wrong.
The content has to be monetised somehow.
The reason so many sites do it now is because they now have to be up-front about the choice. Before you were just paying with your data without being told about it.
Now you have the choice.
WordsUnthought@reddit
To be honest, it probably is illegal. GDPR requires that unnecessary personal data is not mandated for provision of a service and that users of a service should not be disadvantaged by a refusal to provide personal data.
Making the whole thing paywalled to access is totally legal, but providing a service in which there is a financial disadvantage to refusing to provide that data is pretty evidently not compliant.
It's just too ubiquitous and small fry for the ICO to have clamped down on yet. If you really care, reporting sites that do it to the ICO might move that needle eventually.
ChangingMonkfish@reddit
You do have a free choice to just not use the service. The ICO and I think EU position is essentially that “consent or pay” is not enough, but “consent or pay or just don’t use that service” is ok. So for most websites there’s no issue.
It becomes more complicated when the service in question is effectively unavoidable (such as certain very big technology companies) where you don’t have an effective way of avoiding them. That’s where it gets messy because the American government (mostly seeing as these companies are mostly American) sees that applying a different set of rules to their companies and therefore unfair, but the problem is they’re so dominant that you can’t effectively choose not to use them.
WordsUnthought@reddit
The laws are pretty clear that the "just don't use the service" alternative doesn't constitute freely given consent.
To your example around the Times, yes, this is pretty clear in any reading of the regulations: "this service has a fee" is legal; "this service is free of charge but only if you provide your data" is not.
thehatteryone@reddit
I would say they're making the "cookies are the fee you pay if you don't want to spend actual money" far clearer now - just that people don't like hearing it as they got used to their data bejng monetised as the way that content is paid for, while avoiding thinking about how it works.
ChangingMonkfish@reddit
The law isn’t clear on that at all. As the ICO guidance says, “without detriment” means people shouldn’t be unfairly penalised. It doesn’t mean that any level of negative consequences makes consent not freely given.
If you have a free choice to read the news on another website, for example, the fact that you can’t access the particular website you want to without paying or accepting advertising cookies doesn’t mean you’re being unfairly penalised.
And as I say, from an outcomes focussed perspective, if the Times added a free tier that was supported by agreeing to cookies for targeted advertising, why is that any worse than it just being begin a paywall full stop? Nothing has changed other than there’s now an option that wasn’t there before, which is ultimate what this is all about. It’s not about stopping ad-tech supported businesses models, it’s just about making sure those models are transparent and people have a genuine alternative.
WordsUnthought@reddit
Also, to speak to your point about the Times paywall - the point of GDPR isn't to mandate free services, it's to mitigate against coercive consent for processing, nullify perverse incentives to seek/provide consent, and avoid personal data being used as a currency.
Without a doubt it is better to have a service that is paywalled than one which has an optional paywall which can be avoided by providing data. Data is not a legitimate currency.
APiousCultist@reddit
The point isn't for data to be the currency in abstract but that you viewing and clicking adverts is. The data guarantees you saw, were served, or interacted with them. Though the degree to which they track uses seems excessive.
WordsUnthought@reddit
Point 4 Article 7, requires that for consent to be freely given "provision of a service is [not] conditional on consent to the processing of personal data that is not necessary".
Service: free access to article Condition: provide consent to process personal data
Not compliant. Unambiguously.
asoplu@reddit
Free access isn’t the service, free is just the cost of the service.
Access to the article is the service being provided and it’s not conditional on providing consent, because you have the option to pay for access instead.
This is all covered under the equivalence section of the guidance and I have this funny feeling the ICO have put a lot more thought into it than anybody in the thread.
WordsUnthought@reddit
Freely given consent requires the capacity to "refuse or withdraw consent without detriment".
If refusing consent requires me to pay to access the service, where granting consent would enable me not to pay, that means refusal of consent is to my financial detriment.
apokrif1@reddit
False dilemma: You can also browse the website without handling a cookiewall and without agreeing to anything.
Ok-Salary3550@reddit
OK, but that is clearly not the intended use of the site.
And it also doesn't solve the issue of how the free thing you want actually gets funded so it continues to exist.
apokrif1@reddit
User ≠ developer.
asoplu@reddit
The ICO have already come out and issued explicit guidance that it’s totally legal as long as they do it properly.
I would assume the guidance, from the beginning of last year, is why so many sites have started to operate on pay or consent models recently.
WordsUnthought@reddit
I'd be astonished if that guidance stood up to a legal challenge, especially in the way that the sites exploiting it are interpreting it. It just hasn't happened yet.
TheNutsMutts@reddit
The law states clearly that it should be just as easy to reject optional cookies as it is to accept them. I was working on a website for a promotional project a few years back I'm 99% sure you've heard of, and even the suggestion of making the "accept all" button slightly brighter was pushed back against for that very reason.
It's up to the Government to enforce their own laws, and to date they've seemingly not bothered.
ChangingMonkfish@reddit
Charging a fee if you refuse to accept cookies isn’t fundamentally illegal or wrong.
Making the choice to accept cookies easier than the choice to reject them is considered a contravention of data protection law by the ICO.
caniuserealname@reddit
That's a pretty pedantic argument.
Being charged a fee for one option and not the other will always make the option not being charged easier.
Fundamentally, that makes it illegal and wrong.
APiousCultist@reddit
You're really degenerating the argument down to "an organisation that has pointedly never specifically used ad-supported "free" online content in any of its illustrative content says that anything that isn't 100% free and ad-free on the internet is illegal and that companies are legally required to take a loss serving me content".
Maybe you'll bring up "well the internet could all just be behind paywalls with no ads" but we know you won't pay that or you'd just be paying instead of complaining, we also know that would ruin the internet experience in general.
caniuserealname@reddit
What the fuck are you even talking about mate.
AskUK-ModTeam@reddit
Don't be a dick to each other, or other subreddits, places, or people.
Don't be a dick to each other, or other subreddits, places, or people. AskUK contains a variety of ages, experiences, and backgrounds - consider not everyone is operating on the same level or background as you. Listen to others before you respond, and be courteous when doing so.
APiousCultist@reddit
That the law exists only to restrain companies that don't need to use targetted advertising (and the corresponding collection of data or use of cookies) to operate. Like storefronts or websites for bricklayers, not to mandate that every website that depends on targetted advertising as its primary source of revenue to allow you to opt out while still gaining free access.
If everyone wants to have a discussion on limiting the amount of data collection or cross-site tracking allowed when serving ads, that's another matter. But the idea that the EU is going to step in and mandate that companies can't paywall people they don't make any money off of through ads are living in a fantasy land. The only reason we're even seeing as few sites do this will just be the amount of sites that are subtly ignoring the consent options or skirting the law by making it a minefield of 'legitimate consent' checkboxes, as well as the time and cost of creating a subscribe-or-pay option. No one in this thread actually has any intention to ever pay for any of these sites - anyone that did would simply choose that option instead of coming here to complain - so bemoaning that you have to agree to ads and cookies just feels like a "I want everything to be free" fantasy to me.
ChangingMonkfish@reddit
It’s not a pedantic argument, my point is it’s two separate issues.
The first is about the business models of companies providing content online and whether the targeted advertising funded business model is legal or not. That business model is not fundamentally illegal. Companies have no obligation to provide content for nothing, and individuals are allowed to make that value exchange if they wish to do so.
The second is about how choices are presented to people and whether the interface is designed in a way to try and steer them down a certain path. A
The stricter enforcement of the “Accept All/Reject All” choice design issue is what’s made companies go down the “consent or pay” route because they can no longer rely on a majorly of people just agreeing to cookies being set (because why would you if given the choice?).
Pretty much all the GDPR regulators have made it clear that a consent or pay model CAN be done compliantly if certain conditions are met.
maddieduck@reddit
You can use CeresCart to strip the ads from sites. https://cerescart.com/
khatchadourian1@reddit
I use RemovePaywalls.
www[.]removepaywalls[.]com[/]www[.]google[.]com
Just replace 'www[.]Google[.]com' with the web address you're trying to access. It bypasses the paid ones
ParkingAnxious2811@reddit
Both of which are against the wording of the GDPR. These sites are not following the law correctly.
Pocket_Aces1@reddit
Basically every single news website too. Stupid ofcom didn't shut it down when one website tried to do it, and so now every one and their mother is trying to either literally cash in, or you pay via your data.
Interest-Desk@reddit
Cookie consent is the ICO’s territory tbf, but Ofcom is unfit for purpose, so are all the Of— regulators
marsman@reddit
I'm not sure how Ofcom would have shut it down, its not unlawful, and isn't it arguably understandable that businesses who essentially just provide news/content are trying to either have you pay, or pay for content via your data through advertising? That's essentially the models they have to pay for the service they provide.
Dazz316@reddit
This one is fair IMO. They aren't forcing you to have cookies, it's pay to access to don't get in. Which, while maybe not a sensible tactic is a fair one. The website doesn't have to let you in, we aren't entitled to their content.
SilyLavage@reddit
It's a fair trade, though. Content isn't free, so you either pay directly or through your data.
Skymningen@reddit
It were if the payment would also remove ads. It usually doesn’t, just can’t make them as targeted
humanswithnohumanity@reddit
Considering how unreadable some of these sites are just because they're more than two thirds ad space, I disagree.
First-Lengthiness-16@reddit
The ad space is a big reason cookies are collected
SilyLavage@reddit
That's a separate issue, really.
gogybo@reddit
You can sometimes get around this by disabling JavaScript for that particular site.
DigitalStefan@reddit
The ICO only goes after the most popular websites.
Everyone else gets a free pass because you can’t currently succeed in bringing private prosecution against non-compliant sites.
This may change of course, but the reality is most sites don’t know what they should do.
None of what you’ve mentioned matters though, because for every site you find that has a non-compliant banner design I can show you two sites that have a banner that doesn’t do anything even if you do find a way to opt out.
Source: Implementing effective consent management is my special skill.
Disgruntled__Goat@reddit
Why aren’t they going after the big sites that require payment to reject tracking? As comments elsewhere say this is against the rules.
pandamarshmallows@reddit
The ICO have issued guidance in the last couple of years to say that it isn't against the rules. Which is why those sites have started doing it.
St2Crank@reddit
It’s not against the rules.
apokrif1@reddit
Please explain?
DigitalStefan@reddit
Most websites that show a cookie banner with an option to opt out will ignore your request to opt out.
930913@reddit
This is the answer, it's a question of the ICO's finite resources.
Go on any of the UK's largest websites and you'll see they comply, because the ICO have tapped them on the shoulder and politely "suggested" they comply. Smaller websites that have not had the tap are getting away with not complying.
tcpukl@reddit
I wish they banned pay to reject cookies. It's getting common on large sites.
shiveringcactusAE@reddit
Sites are allowed this option, which is pretty bad in itself:
https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/online-tracking/consent-or-pay/about-this-guidance/#law
tcpukl@reddit
I know and it should be illegal.
DigitalStefan@reddit
It may yet get challenged and be found to be illegal, although this may happen on a site by site basis and honestly I don’t know if anyone other than the ICO could challenge it, which means they would have to want to challenge it and find budget to pay all the legal folks who would end up working on it.
tl;dr it might be illegal but it also might never be tested in court.
shiveringcactusAE@reddit
Trouble is, if that advice is on the ICO website, I can’t imagine what a challenge could be.
DigitalStefan@reddit
Have you read the advice? It’s a fecking word salad that is purposefully open to enormous and wide interpretation. It’s a response that can be used by the ICO to say “well, look. We have published our guidance on it so now you don’t have to ask us any other questions. OK? Thanks. Bye”.
shiveringcactusAE@reddit
I hate that the unintended (?) consequence is that small websites shit down an move to social media as the regulations are either too confusing or too expensive to comply with.
DigitalStefan@reddit
Small websites don’t care. They are effectively exempt anyway.
If you’ve seen a website move to social media it’s because they are making more money that way.
shiveringcactusAE@reddit
I thought we were agreeing but you seem to be taking an opposite stance to each post I make. The regs and advice in that page are word salad. I think makes it confusing for small businesses.
DigitalStefan@reddit
You’re right. I think where I’m coming from is small biz likely aren’t even trying to read the ICO guidance. If they even bother to reach out for advice they might ask either a genuine professional or someone who claims to be a professional in order to sell them the services of someone like me who can come in and make everything work the way the ICO would be happy with.
DigitalStefan@reddit
A large UK flights and holidays provider with a recognisable ad jingle complied with the ICO’s “demand”after initially not listening to me.
giffgaff already were compliant.
The ICO dive pretty deep into the sites they choose to investigate.
mutexsprinkles@reddit
Just PCNs that increase every day until they fix it.
One case officer with a screen recorder could fix the national budget black hole in 6 weeks.
I mean, they can just Google it, it's been like 10 years.
I can't claim "I don't know" I need a driving license and get away with it.
DigitalStefan@reddit
Never underestimate the power of someone misunderstanding something they don’t want to do.
mutexsprinkles@reddit
I mean the may claim to misunderstand, but somehow they never misunderstand such that the "don't pillage the data" option is bolder.
prankishink@reddit
Because they prefer you didn't 'reject all'
BathFullOfDucks@reddit
And are paid to encourage you to say "accept all". The sites now saying "reject and pay" are media groups who can afford to push to the absolute edge of the law.
NoEstate1459@reddit
It's not illegal and nor should it be, it's no different from Channel 4, or ITV who offer ad free versions at a cost or ad versions for free
BathFullOfDucks@reddit
Itv and channel 4 have never required my "precise geolocation" just to open their page.
thehatteryone@reddit
These sites don't require your geolocation to let you view them. You can just pay to access them if your data is worth more to you than their subscription fee.
NoEstate1459@reddit
Both of them use geolocation to guarantee you're in the UK to access their content
BathFullOfDucks@reddit
False equivalence- knowing which country i am in is vastly different to precise geolocation, and those sites use it for the provision of service not to sell that data to advertising companies.
Silvagadron@reddit
We left the EU who care a lot more about enforcing privacy laws that affect individual citizens than the UK's current government appears to given they're all up for selling everything to private overseas companies. It's more harshly enforced in the EU and I believe websites aren't allowed to hide the reject button.
First-Lengthiness-16@reddit
Is it more harshly enforced?
I’ve not seen any evidence to support that
StrongDorothy@reddit
As someone who's actively working on a website under the scrutiny of the Information Commissioner's Office, it is most definitely enforced for UK websites.
And, yes, it is a requirement to have a Reject button on the same level as Accept All.
Saw_Boss@reddit
The problem with this is that I can without issue find an example where it's not. I end up googling excel tutorials quite often and so many have "accept all", "accept recommended" and then a massive list of interested parties and you have to until them individually.
I get that it's hard, with the internet as large as it is. But I wouldn't call it enforced when so many ignore it.
E.g Datacamp.com - the accept button is always visible. There's a small link to "learn more and configure" and only right at the bottom of that page is there a reject button.
StrongDorothy@reddit
Yeah the ICO only audits high-traffic websites. Datacamp.com won’t be one of them.
mutexsprinkles@reddit
Looking at 100 website is madness. Is that just one guy doing a half shift a week or something?
Silvagadron@reddit
I've noticed all those shit newspapers that are owned by Reach have more convoluted opt-outs, and all are at least one click further away than the "accept all". Is there just very little being done to penalise them so they don't care?
First-Lengthiness-16@reddit
Indeed.
I work as a product manager for a series of websites and I know this requirement well.
FutilePenguins@reddit (OP)
Yeah, that's kind of my point really.
If we're not tied to the EU framework anymore, I don't get why we wouldn't just copy what clearly works elsewhere.
If another system already does a better job of protecting users, it seems odd not to just align with it anyway.
ClacksInTheSky@reddit
We need to tackle the "accept cookies or pay" pages as well. They're bullshit and not in the spirit of the law.
The whole point is that advertisers and website owners shouldn't be tracking you outside their website. It's absolutely no business of Amazon's if you visit a website selling light bulbs.
DigitalStefan@reddit
This brings up the perpetual issue where users hate ads (rightly so, they get in the way of content), but users vehemently hate irrelevant ads.
Users aware of how any of online advertising works hate being tracked, but the solution they call for is “stop tracking me” and “stop showing me irrelevant ads”. Only a small subset say “just stop showing me ads at all”.
ClacksInTheSky@reddit
I just hate all ads and don't want to see any. They get in the way of the content and slow down the page. They're a waste of resources. I block mine at a DNS level and use browser extensions otherwise. The internet without that is unusable.
Ok-Salary3550@reddit
They're how the "content" you want gets paid for.
ClacksInTheSky@reddit
I don't know if I want the content, though. You click a link on Google and you're taken to the page. It's hard to tell if this is something worth paying for without seeing the page.
Most of the time it's some total gash designed to get clicks and impressions.
I'm not paying for that brief visit by letting all and sundry put tracking cookies on my devices.
Ok-Salary3550@reddit
OK, well they've still provided it to you, because that's how the Internet works.
ClacksInTheSky@reddit
It's been entirely on the ad networks terms for too long.
Clearly the value proposition of "load ads to get content" isn't working for some people. They slow your device and page loads, waste battery and bandwidth and ultimately exist to spy on you and report back your usage to anonymous buyers.
I'd argue it's already ended badly and that blocking ads and trackers is the way forward but ultimately it needs legislating for. It's possible to run ads on a website that don't steal your data. It isn't required. It only needs to be a JPG or video.
matthewlai@reddit
The problem then is that there would be no way to do targeted advertising. Generic ads perform much worse than targeted ads, which means to generate the same funding, they would need to have much more, or more intrusive ads, and they will be for things that you have no interest in most of the time.
I thought "accept cookies or pay" is actually quite reasonable. If you reject cookies and targeted advertising, you are basically cutting out most of their income source. Why would they spend all the time and money giving you a free service then? At least there is an option to pay them directly instead, that often wasn't an option before.
ClacksInTheSky@reddit
I don't want ads at all. Let alone creepy targeted ads.
matthewlai@reddit
And you also don't want to pay? You just want people to spend money to build free services for you to use with nothing in return?
ClacksInTheSky@reddit
Did I ask them to set up a website that bases its revenue on infecting their users with spyware and tracking?
The idea that a site visitor owes you a small piece of their soul is preposterous.
The wild west era of the internet is over and users expect more privacy.
matthewlai@reddit
But you do want to use the website now that they have built it? And you don't want to have to pay for it?
What spyware?
Yes the wild west is over. The wild west was when it was just a few hackers building simple sites for fun. Now they cost hundreds of millions to build and millions annually to run. And people don't want to pay. What do you expect they do?
ClacksInTheSky@reddit
No.
Let's just be clear. Infecting your computer/device with spyware and tracking cookies isn't "paying".
Tracking cookies and scripts injected by ads.
Put up a pay wall or make something worth paying for.
They nearly figured it out, except they're flaunting the spirit of the law by strong arming people into tracking cookies so it's business as usual.
matthewlai@reddit
Ok, so this doesn't actually affect you because you don't want to use those websites anyways?
>> Put up a pay wall or make something worth paying for.
So a pay wall is fine, but giving you an alternative free access option with ads isn't? Everyone must be forced to pay, even if, unlike you, they are happy with getting a free service with ads?
ClacksInTheSky@reddit
They can give the free service without ads that track your behaviour.
This is my sticking point.
matthewlai@reddit
Yes, it would be great if people can all just build things, run things, and give them away without any expectation of return.
ClacksInTheSky@reddit
Again, tracking.
caketreesmoothie@reddit
my method is disabling java script when I come across this. some websites require it to function so it's not perfect, but feels like less steps to me than going to a remove paywall site
Admirable_Bag8004@reddit
There are solutions for this. You can use RemovePaywall or as I often do - use DuckDuckGo and block the offending website from all future searches.
OhGodNotHimAgain@reddit
Most websites don't want you to disable cookies, so they don't implement it. Also some cookies are allowed because they're essential so sometimes it's not possible to have a reject all.
neityght@reddit
I'm surprised no one has developed a browser plugin that automatically selects reject all non essential cookies.
Grimdotdotdot@reddit
On Chrome there's a plugin called "I don't care about cookies", but it's more about just getting rid of the popups than it is rejecting them.
ExecutiveChimp@reddit
Legally you need to actively accept the cookies, so just hiding the popups should be the same as rejecting them.
piracy_sex_and_arson@reddit
uBlock Origin has an option in the settings for this
neityght@reddit
Oh good to know 👍
DigitalStefan@reddit
There is one. I don’t recall the name because it’s pointless. Most banners are ineffective when you opt out.
Not through malicious action, but because implementing consent management is hard.
I get paid a lot to do it because AI can’t and it’s difficult to learn how to.
citizen-kong@reddit
It's called Consent-O-Matic
neityght@reddit
Pointless how? It would save me having to negotiate annoying menus to reject what I can.
DigitalStefan@reddit
Pointless because I can guarantee to you that given a selection of 100 random websites with a cookie banner, probably 80 of them ignore your “deny all” selection and will act just the same as if you clicked “accept all”
This_Suit8791@reddit
DuckDuckGo browser does it automatically for you and it is a lot more privacy focused.
glasgowgeg@reddit
"Accept All"/"Essential Only"
Problem solved.
Haunting-Reward4580@reddit
Also users are retards, they'll reject cookies, while whining that they have to log in every time
DigitalStefan@reddit
This is not a cause and effect situation. You can class login / session cookies as essential because from the user’s perspective they would expect to have their login credentials remembered.
Haunting-Reward4580@reddit
Yes, but users are retards, hence why a blanket "ZERO COOKIES!" wouldn't work
JustAnotherFEDev@reddit
"Essential cookies only"
n0d3N1AL@reddit
I use an anonymous browser that clears all session, cookies and site data upon exit for anything that doesn't need me to be logged in, such as searches. DuckDuckGo works well for this. And then use my main browser to do anything meaningful. That way accepting cookies becomes irrelevant because you're using a different browser.
Ok_Option_3@reddit
There's a cookie auto delete plugin for Firefox etc.
If you have that and a password manager that fills in your login details, it's amazing how few websites you actually want to turn on cookies for!
Zubi_Q@reddit
I wish I could set accept or reject as default, rather than me clicking a fucking button every goddamn time
Shitelark@reddit
"Pay to Reject"
Nope. Back.
Bitter-Policy4645@reddit
If only there was a way on every single browser to delete cookies this wouldnt be a problem /s
nonsequitur__@reddit
Cookies are unrelated to the OSA. The cookie pop ups relate to GDPR etc
Some are allowed so I suppose a Reject All doesn’t really work. Probably why most have Accept Essential Only.
annedroiid@reddit
You're assuming that they want to make it easy for you to reject the cookies. They want to make it as hard as possible so you'll just click accept all to get on with it.
Mid-Pri6170@reddit
me i just like to enjoy the free news at Stokeontrentonline.com and promise to allow cookies and then delete my cookies afterwards.
like a digital one night stand.
'sure babe, i will allow cookies... you can trust me....' hhehehe sucka!!!
Mr_Coa@reddit
Just eat all the cookies
IdioticMutterings@reddit
They are technically meant to.
Problem is, the UK doesn't allocate any funds to their enforecement, so they get away with it.
kylehyde84@reddit
There's one that's really bad but i can't remembet the name currently. It has all slider buttons and no way to turn them all off without sliding each. Then you click legitimate interest button and there's hundreds more.
Winter-Childhood5914@reddit
Came here to say this ‘legitimate interest’ bs and then having to spend time scrolling down hitting all the sliders, which I’m convinced are deliberately spread out down the whole list so you think you’ve got them all, but they’ve just lured you into a false sense of security with a few toggled off ones before you get hit with another 5 right at the bottom.
Reasonable-Tie3028@reddit
I'm petty and refuse to use any site that uses this type of cookies options and make it really difficult to reject. It's quite worrying when you go through each one and seeing where your data is going to.
Winter-Childhood5914@reddit
Yup same.
apokrif1@reddit
Did you try F9 in Firefox?
kylehyde84@reddit
And how long they keep active for. Over 2 years in some instances!
TellMeItsN0tTrue@reddit
I've come across as high as five years!
Disgruntled__Goat@reddit
So terrible. What does “legitimate interest” even mean and why is it selected by default?
Citizen_DerptyDerp@reddit
I don't care about these pop ups or storing cookies... Because uMatrix (and probably uBlockOrigin, but I never tried swapping to it) will block all the ads and most of the paywalls anyway... And if I do click accept, any cookies are getting flushed out as soon as I close the browser anyway.
Ok_Cow_3431@reddit
You cant reject all, some cookies are essential for the site to actually work
AhoyWilliam@reddit
Legally they are meant to present both options with equal prominence. A law that isn't enforced, though..
Schnapper94@reddit
It's all about making it easier to say yes than no, so websites can keep collecting data without much hassle.
Strong_Neck8236@reddit
They don't want you to reject cookies. So they make it more difficult hoping you'll just click accept (or in the case of many news webshites they don't even given you the option!).
ilove_butter89@reddit
Omg I thought this was about pop-up cookie shops and was so confused about why they'd want to reject customers. Need coffee 🙃
slimboyslim9@reddit
One of my favourite low-stakes conspiracies is that they call them ‘cookies’ to dupe people into accepting them without realising you’re actually saying yes to some web dev knowing a bit of your browsing data.
hrvojecob_novi@reddit
This website uses UTIs
(Accept) (Essential only)
Kaiisim@reddit
You don't have the right to not be tracked. Anyone with a legitimate reason can collect and process data.
It's acceptable to say "we will collect your data to serve you ads, because that's our business model"
jimthewanderer@reddit
Well, the GDPR would beg to differ, but laws are only enforced if you rock the boat or aren't rich.
Elastichedgehog@reddit
AFAIK GDPR only covers identifiable data, no?
Elastichedgehog@reddit
Because they want your data; it makes them billions
Same reason OSA was implemented
xx123gamerxx@reddit
ive found that for the most part pressing customize and then confirm choices will often reject anything they see as "non essential"
Aaaaaaaaaaaaaaadam@reddit
I cared enough to make a Chrome extension that auto rejects all of them, makes browsing much better.
hansonhols@reddit
Any site with a 'Pay to reject' option, i immiediately leave to never return again.
Plenty of sites to choose from that don't fuck you in the arse and get you to pay for it.
lcmatt@reddit
That's fair enough. You have the right to leave the website and the owner has the right not to serve you content.
Someone has to pay for it - either it's you through a one off payment or subscription or the owner who makes that back via advertising or another method.
Southern_Share_1760@reddit
Because a lot of websites would not work properly if ‘session’ cookies were rejected by the user. Such cookies are vital to a site’s user experience, so makes no sense to reject it.
Interestingly, your permission is not legally required to plant vital session cookies on your computer.
Scarred_fish@reddit
I guess you weren't around when it was made law to give you the option.
It used to be a simple browser setting. Still is to a degree, but as with everything, in order to make it semi usable for a few paranoid idiots, it's been made annoying for everyone.
Rejecting cookies is like rejecting tyres for your car, then complaining it won't work.
SlackersClub@reddit
The question you should be asking is why websites ask you at all and whether the buttons even do anything.
ARobertNotABob@reddit
If you reject all cookies, then, for example, your shopping cart will empty each time you refresh/change page.
Just get something like this : https://chromewebstore.google.com/detail/accept-all-cookies/ofpnikijgfhlmmjlpkfaifhhdonchhoi
JoesRealAccount@reddit
I don't care about any of this I just want the popups to stop.
Dazz316@reddit
A lot of people don't care. I hit reject all or go an option or two deep. But I know my info is floating around out there anyway despite my actions.
chartupdate@reddit
I could not give a shit about cookies. I want the old internet back where you could go on a website and not have to click part stupid banners that are irrelevant to me.
Karen_Is_ASlur@reddit
Who cares, the cookie consent law is utterly pointless performative nonsense anyway. Just set your browser to delete cookies if you are bothered.
This_Suit8791@reddit
Because most people just click anything to get rid of it. I highly recommend using DuckDuckGo browser as it auto declines cookies and is privacy focused.
Pleasant-Put5305@reddit
Because the government tried to legislate but 100% failed to follow through with government websites. The legislation quietly faded away when it became obvious it was indefensible.
Caerdu@reddit
So you click accept all.......
Free-Carry2313@reddit
lol, Great tip! BBC Food's a lifesaver for guilt-free browsing. Plus, those recipes are usually top-notch.
eggard_stark@reddit
They do. Just click the drop down —> reject all. Never seen a UK site not do this.
namboozle@reddit
They're likely not compliant; 90% of sites I visit aren't when I dig deeper.
The fact is, a lot of people running websites don't know they're not compliant, or they don't care.
Haunting-Reward4580@reddit
Examples?
namboozle@reddit
Easy examples are when most sites don't give you a strict way, only to allow "necessary cookies".
I'm a web developer, so a lot of the time I have dev tools open, and you can see a lot of sites start setting cookies and making requests to third-party analytics and ad platforms before you opt-in. And when you reject, nothing happens.
It's a classic case of site owners installing a "cookie banner" plugin on their CMS and expecting it to just work.
I just visited a local news website in an incognito window. I didn't interact with the page, and you can already see it's using Google Analytics and HotJar, which both record your activity/session.
You can also see in the console that they've not configured "Consent Mode" with these platforms, so they start sending to those services before you've given implicit consent.
glasgowgeg@reddit
I can imagine only having options for rejecting non-essential cookies is compliant, as the ICO website themselves have "Accept non-essential cookies" and "Reject non-essential cookies" options.
If they're essential, it means the website won't work without them.
DigitalStefan@reddit
You get it. This is what I’ve been seeing for years. Site owners generally have no clue until they either get investigated by the ICO (or other jurisdictional org around the world) or outed by national press such as what happened to a US healthcare client I worked with.
Only a few know what the deal is. Financial services people are super awesome to work with on this because they love and breathe regulatory scrutiny and understand the risks extremely well.
namboozle@reddit
Funnily enough, I worked on a contract for a large law firm, and their site was run by their marketing team, who just kept installing analytics and ad scripts. When my colleague ran an audit and presented it to them, they weren't best pleased.
He then went through and made them compliant, and they were super on it from then on.
tom-mart@reddit
Because some functionality, like being able to log in, often depends on cookies. If there was an option to reject all, some websites would stop working at all.
DigitalStefan@reddit
Login / user session control cookies can be classed as essential. Any site that forgets user logins based on lack of cookie consent was out together by an idiot.
ant682@reddit
That situation is exempt and can be used without consent
GuyOnTheInterweb@reddit
Now it is "Accept for our 973 business partners, or Pay to Reject"
DigitalStefan@reddit
This is a combination of the IAB framework and the horrendous “acknowledgement” that pay-for-privacy isn’t illegal.
Anyone implementing IAB TCF who doesn’t know what they are doing will end up incorrectly listing every possible IAB TCF partner, so I’d be surprised if that number is less than 1,000 now.
Fit_Search_4751@reddit
Because the online safety act had nothing to do with online safety. It's a first step in being able to control freedom of speech online and it was kicked into high gear because of online criticism of Israel's genocide
I absolutely agree this is something so basic and we should be able to refuse cookies etc with one click.
neatcleaver@reddit
I'd have 100% loved this law if it was anything other than showboating and control
For instance, social media, particularly Facebook is littered with AI scams. Meta themselves obviously do not give a single solitary shit about that because they don't need to. It makes them money so they ignore it
You can report things for impersonating celebrities but you just get an auto reply "looks fine to us"
Alongside the droves of fake ragebait nonsense and bots infesting everything
If it was instead aimed at these companies saying you must comply and combat this or you can't operate in the UK I'd think it was a great law
Even better if they didn't and Facebook just left the UK considering how much damage it does to society
I genuinely worry about my dad sometimes, I've done everything I can to explain scams but sometimes I think he's going to fall for one especially with AI getting better and better every day
We need to hold these companies to account because they certainly don't give a jot about us individuals, we're just there to be milked for money
Ochib@reddit
The online safety act has nothing to do with cookie popups. That is all governed by the Data Protection Act 2018
Good_Lettuce_2690@reddit
"WON'T SOMEONE THINK OF THE CHILDREN!" Any time a politician goes on about protecting kids these days, I just think they are probably nonces.
Coconut681@reddit
It should be the other way round, reject all is the default and you opt in to get anything beyond the essential ones.
its_bydesign@reddit
It should be considered an illegal design practice imo. Completely agree with you.
TrashbatLondon@reddit
Compliance is coupled with enforcement. There’s no real value in enforcing stuff for the sake of it. The interpretation of directives and the way that has made its way into law regarding cookie consent is very stupid.
The ICO aren’t arsed with chasing down every business who have purchased out of the box saas to handle cookies which do no material harm to anyone.
Verdigri5@reddit
If I can't immediately see the reject all button, I close the window and look elsewhere.
Outside_Tadpole5841@reddit
It's the combination of the hidden reject button and the sites that try to charge you that really shows the intent. They're banking on user fatigue to win, not genuine consent. It feels like a deliberate design choice to make the path of least resistance the one that gives them your data. For a country that values straightforwardness, it's a surprisingly sneaky bit of digital architecture.
Haunting-Reward4580@reddit
The law was from the EU. The law has loopholes in it.
WitShortage@reddit
The guidelines are there, and our legal department enforce it, but it is up to individual organisations because there isn't any real external enforcement or application of penalties for non-compliance.
StrongDorothy@reddit
The ICO enforces it, but to be fair they are more focused on higher-trafficked websites.
rimaarts@reddit
Most of them have. Now "you don't want cookies, subscribe" start popping up.
AnythingKey@reddit
Plenty of browser extensions that deal with this for you on 99% of sites
bakedreadingclub23@reddit
Because that was an EU requirement, and we are being petty.
UsAndRufus@reddit
GDPR still applies under UK law
Marlobone@reddit
Annoying law that doesn't really do anything
DisastrousHelp8149@reddit
Because we left the supranational organisation that introduced rules that site must make rejecting cookies no more onerous than accepting them, and have not legislated to align with that.
AskUK-ModTeam@reddit
AskUK is a "catch-all" subreddit for questions about the UK life and culture, but this does not mean we accept any and all questions or answers. We are liable to remove posts or comments which are best discussed in more specialised subreddits, or are simply not desired here because of the problems they bring.
We explicitly do not allow questions or answers on or including:
politics (r/askukpolitics, r/unitedkingdom, r/ukpolitics)
technology (r/techsupport, r/technology)
relationships (r/ukrelationshipadvice, r/relationships)
DIY (r/diyuk)
university/education (r/sixthform, r/uniuk)
visas/citizenship (r/ukvisa)
medical advice (including mental health) (r/mentalhealthuk)
ranting/venting (r/britishproblems)
surveys (r/samplesize)
advertising/solicitation (including the mention of brands which could be perceived as marketing)
repetitive/seen-often (just search the sub)
"does anybody else" type vent posts (as yes, someone does, be more specific or use r/britishproblems).
questions based on protected characteristics, such as race, religion, ethnicity, sexuality, gender, etc. subject to moderator discretion.
...and we may remove others if we believe they are liable to introduce problems for the subreddit.
In some circumstances, a more appropriate subreddit may be available. Check the sidebar for other subreddits to have these discussions. Also see r/unitedkingdom's extensive list of subreddits; https://www.reddit.com/r/unitedkingdom/wiki/british_subreddits
Good_Lettuce_2690@reddit
90% of them I see do have reject all options now. If they don't, I simply don't use the site.
Kyber92@reddit
Because they don't have to and cookies make them money
CodeJunkie3001@reddit
It would makes sense to have a big reject all button, but companies like to use "dark patterns" to trick people into agreeing to cookie policies. See more info here: What are dark patterns in cookie banners?
Ambitious_Zombie667@reddit
Some do but most don't, I mean there is not anything in place to say that that they need to make it easier and they want that data so it's not in the best interest of the websites.
AutoModerator@reddit
Please help keep AskUK welcoming!
When replying to submission/post please make genuine efforts to answer the question given. Please no jokes, judgements, etc. If a post is marked 'Serious Answers Only' you may receive a ban for violating this rule.
Don't be a dick to each other. If getting heated, just block and move on.
This is a strictly no-politics subreddit!
Please help us by reporting comments that break these rules.
I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.