Jump to the millipedia homepage

Cutting cookies

Earlier this year a new law (ok, ok 'directive') came into being requiring websites to advise visitors whenever data about their visit was being saved to their computer in the form of cookies.

There was a lot of excitement among web developers about the best way to deal with this new requirement. The law itself was pretty unclear - and was changed at the last minute which didn't help matters.

A lot of developers, especially those like us that look after lots of websites for a range of organisations, were tempted by the quick and easy solution of adding a javascript pop-up to alert users that cookies were being used.

We weren't tempted by this solution... well ok, we were tempted by it, but we resisted and here's why:

I don't allow cookies ...

I've been around so long that I remember the fuss when it was revealed that Internet Explorer 4 cookies were world-readable. (If you don't remember IE4 then I am very happy for you). So my slightly 'tinfoil hat' default is not to allow cookies. These days I can use the Cookie Monster plug in for Firefox to make managing cookies for individual sites a breeze.

... so how are you going to remember that I've clicked your cookie notice?

It's often down to poor implementation, but forcing users to accept cookie notices has made some sites completely unusable. Even sites that previously didn't bat an eye at not being able to set cookies.

A case in point is British Airways (I used to look after QA for ba.com - it wouldn't have happened in my day). I went to look at some check-in information the other day and got this:

BA Screenshot showing cookie pop up.


Clicking 'continue' does nothing though - because, of course, it's trying to save the fact that I accept cookies and it can't... because I don't...

That's a particularly bad implementation but there are plenty of them out there. Take .net magazine as another example. It's a site I visit pretty frequently - but now they have an overlay that appears at the bottom of their page. It's fairly inocuous but I can't get rid of it without turning on cookies - and not just session cookies at that but I'd have to allow permanent cookies to be set to prevent it appearing every time I returned to the site.

Screenshot of .net magazine website


Now, both of these examples could be solved with better implementation. Check for cookies first and if they can't be set then don't bother asking for permission to set them.

Remember it's not just old-fashioned types like me that deny cookie use - it might be privacy-conscious corporate clients, or schools, or users who just have their browser set up that way. They still might be interested in your products or want to click on your adverts.

Everyone hates pop-ups - have you forgotten so soon?

The otherwise lovely New Philanthropy Capital website has a cookie warning that's 214px high - on a netbook that's half the available page height.

Screenshot the NPC website on a Samsung netbook

Think about how serious something else would need to be before you'd surrender half your screen real estate to warning your users about it.

It's all about the users

Even if you're sure that you really need a clear acceptance of your use of cookies, the way to do it is NOT by using a pop-up, or an overlay or any kind of interstitial. Users really, really don't like them.

Instead make it part of your page design to state clearly what your cookie policy is.

If you are collecting data that users might not expect then it's only right that you set out exactly what it is.

Explain to your users what information it is that you're collecting and why. Then they can make an informed decision. Having a pop-up that says 'We use cookies on this website' isn't going to cut it anyway - as well as annoying your user.

If all you're doing is using cookies to maintain session infomation and gather stats, then a simple explanation of which cookies are being set is really all you need.

Don't ruin the usability of your website by slapping on a cookie warning just because it's easy. Oh, and don't trust a web developer who insists that's the thing to do without examining your requirements properly.

Everyone will agree with us ... soon.

We're not the only ones to baulk against plastering our sites with unfriendly warnings. This post was prompted in part by the good folk of SilkTide who themselves provide one of the scripts that let you add pop-up warnings to your site. They've had a change of heart and have taken annoying cookie warnings off all their sites - and written about why over at nocookielaw.com

Oh, and since you ask - here's some information about our use of cookies.

Oct 17, 2012