this post was submitted on 14 Aug 2024
669 points (98.5% liked)
Privacy
31975 readers
230 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
As someone who works in tech, I can confidently say that many people plainly do not understand what cookies do and why they exist. There are plenty of cookies that are good and useful, but third party advertising tracking cookies are the devil folks don't like. Necessary, performance and functional cookies are all chill.
A question: What is preventing the site using one huge cookie for all purposes, thus preventing fully functional use of the site without also enabling all other forms of tracking?
Cookies are very small snippets of code that have a specific purpose. Making a one-size-fits-all cookie would make them complicated and much harder to track - which goes against the point of a cookie. Also, cookies are often independent of each other because they are from different providers/different tools. Having a one-size-fits-all cookie would also present a security hazard and make laws similar to GDPR about cookie tracking difficult to implement. An example of a tool that actually does use one cookie is Adobe's Marketo. You can read some more about them here. https://termly.io/resources/articles/types-of-internet-cookies/
Same thing that's preventing them from ignoring your choices or not offering them in the first place: nothing technical; it's all up to the legal system.
I'm not sure how sites generally do it, but from my web dev experience in the past, I wouldn't be surprised if it is actually implemented as one giant cookie. Iirc cookies are attached to domains and one domain can't access another's cookies. So if they are sharing the data on their end, I'd guess it is one big cookie. If they have their site set up to make the clients share the data themselves, I'd guess there's a cookie for each partner's domain.
It's even possible that the information is shared without using actual cookies at all, since data can be sent to servers using the http get request. If you see ? in the url, everything after that is a list of arguments and values... Though the entire URL (after the domain, which maps it to that server) is data and doesn't have to map to a directory structure and file on a server. Maybe this falls under the umbrella of "cookie" despite technically not being a cookie.
Or maybe it's a loophole where the legislation focused on just cookies and falls back to these methods. Probably not, because if it's done on the client side, it would be easy to detect by anyone who knows how to look. But who knows what's going on on the server side of things?
Edit: my knowledge here is dated and outside of my specializations, so consider this more technically informed speculation than necessarily applicable to how things generally work. I say this because I see another comment came in while I was writing this that contradicts mine about a giant cookie being technically possible. My own use of cookies was to store a session id so that php could find the data that was being stored server side that was necessary for site functionality (like storing logged in state, user id, and other internal stuff we don't want users being able to change by editing a cookie). They worked like maps iirc where you just give them key:value pairs, thus could store an arbitrary amount of data.