674
submitted 3 months ago by vk6flab@lemmy.radio to c/privacy@lemmy.ml

A cookie notice that seeks permission to share your details with "848 of our partners" and "actively scan device details for identification".

you are viewing a single comment's thread
view the rest of the comments
[-] unwarlikeExtortion@lemmy.ml 10 points 3 months ago

A question: What is preventing the site using one huge cookie for all purposes, thus preventing fully functional use of the site without also enabling all other forms of tracking?

[-] prof_wafflez@lemmy.world 7 points 3 months ago* (last edited 3 months ago)

Cookies are very small snippets of code that have a specific purpose. Making a one-size-fits-all cookie would make them complicated and much harder to track - which goes against the point of a cookie. Also, cookies are often independent of each other because they are from different providers/different tools. Having a one-size-fits-all cookie would also present a security hazard and make laws similar to GDPR about cookie tracking difficult to implement. An example of a tool that actually does use one cookie is Adobe's Marketo. You can read some more about them here. https://termly.io/resources/articles/types-of-internet-cookies/

[-] Buddahriffic@lemmy.world 2 points 3 months ago* (last edited 3 months ago)

Same thing that's preventing them from ignoring your choices or not offering them in the first place: nothing technical; it's all up to the legal system.

I'm not sure how sites generally do it, but from my web dev experience in the past, I wouldn't be surprised if it is actually implemented as one giant cookie. Iirc cookies are attached to domains and one domain can't access another's cookies. So if they are sharing the data on their end, I'd guess it is one big cookie. If they have their site set up to make the clients share the data themselves, I'd guess there's a cookie for each partner's domain.

It's even possible that the information is shared without using actual cookies at all, since data can be sent to servers using the http get request. If you see ? in the url, everything after that is a list of arguments and values... Though the entire URL (after the domain, which maps it to that server) is data and doesn't have to map to a directory structure and file on a server. Maybe this falls under the umbrella of "cookie" despite technically not being a cookie.

Or maybe it's a loophole where the legislation focused on just cookies and falls back to these methods. Probably not, because if it's done on the client side, it would be easy to detect by anyone who knows how to look. But who knows what's going on on the server side of things?

Edit: my knowledge here is dated and outside of my specializations, so consider this more technically informed speculation than necessarily applicable to how things generally work. I say this because I see another comment came in while I was writing this that contradicts mine about a giant cookie being technically possible. My own use of cookies was to store a session id so that php could find the data that was being stored server side that was necessary for site functionality (like storing logged in state, user id, and other internal stuff we don't want users being able to change by editing a cookie). They worked like maps iirc where you just give them key:value pairs, thus could store an arbitrary amount of data.

this post was submitted on 14 Aug 2024
674 points (98.7% liked)

Privacy

32177 readers
962 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS