<<< Monday, January 16, 2023 10:32 PM


Happy Rabbit Year! >>>


Monday,  01/16/23  10:52 PM


So, cookies.  Since the dawn of Internet time, websites have been able to work around the inherently stateless mode of web browsing by sending small bits of information called "cookies" to web browsers.  Later, when the browser returns to the site (could be 1s later), the cookies are sent back to the site, enabling state to be maintained.  A good solution.

Later, people began exploiting cookies in bad ways.  A second website belonging to, say, an advertising company, could send cookies, then later have them sent back, and this allows them to track you.  And/or, in a variation, the first website could share your information with the second website, as part of presenting ads, or for any other reason.  A bad problem.

And so this somewhat arcane technical issue hit the radar of regulators, and they passed laws: now, in order for a website to send you a cookie, you have to agree to it first.  And so now every website asks you, annoyingly, if you're okay with cookies, and you say "yes" and life goes on.  After you say "yes" all the tracking/sharing stuff that could happen before can still happen.  If you say "no", the website probably won't work and you can't use it.  So this is a terrible non-solution to the problem.

What can be done?  Well first, we shouldn't ask legislators to solve this kind of problem.  They don't understand it, and they pass dumb laws which make life more difficult but don't solve the problem.  We need a simple technical solution to a simple technical problem.

What if browsers had a global option to accept cookies?  You could turn it on or off, depending on your preference.  Oh wait - they already had that option.  So no laws were actually needed.  But yeah if you said "no" to cookies, the website probably didn't work.

What we really want is an option that says, "don't send cookies from anyone else, and don't share my information with anyone".  That would be an easy option to set, it would be sent to every website in the HTTP header, and then it would be on the website to accede to your request.  This is what has happened on phones, for example; you are asked whether it's okay to share your information (once!), and if you say no, then it's no.  Every phone app doesn't have to ask every time.  No new laws needed.

In the meantime, we all have to say "yes" every time we visit a website.  How great is that?  And it doesn't solve the problem, because we always say "yes".  Well it isn't our biggest problem, but it's another example of a dumb law that makes our lives worse.  Onward!