So, as I complained about on Facebook earlier today the EU Cookie Law (properly known as the Directive on Privacy and Electronic Communications) is stupid and annoying. It requires all cookie placing websites (which is basically all websites) to pester you about it. Chances are, once you say “ok, go away”, they track this by adding yet another cookie (or expanding the size of the cookie they would otherwise set).
—Oliver Emberton, Silktide
So I’ve proposed a solution. Allowing knowledgeable web browser users such as myself to “opt in” to cookies. Most of us already have. We’ve read the hype about “evil cookies,” saw past the drama, realized most of the convenience expected from the modern web depends on cookies, and reacted appropriately. We block third party cookies, we allow first party cookies, and our ad blocker does the rest (blacklisting known bad actors).
Those that aren’t so knowledgeable use their browser defaults; which are the same exact settings (at least in a reputable browser). Why? Because that’s the reasonable setup. If I wanted to be annoyed by every site that wants to set a cookie, there’s already a browser setting for that. I’ve tried it. It’s annoying.
So in the interest of ending annoyance, I’ve decided to propose a mechanism for opting in to cookies. (I don’t think we really needed one (more correctly, we already had one), but the EU obviously has some stupid lawmakers). So this is a technical hack and a political protest all in one.
I propose an extended HTTP header be added to bypass all this silliness. I nominate the name “X-Cookies-Please” as being sufficiently succinct. (I resisted the urge to suggest something more snarky.) The content of the header is irrelevant; the presence of the header is enough to opt in. For example:
GET / HTTP/1.1 Host: ico.org.uk Accept: text/html;... User-Agent: Cookie Monster 1.0 Referer: https://blog.karatorian.org/ Cookie: ... X-Cookies-Please: Yes you fools!
See, isn’t that better. I know this seems silly, but I am fairly serious. (Perhaps I should alter my tone. Or the content of the example? Nah.) I suppose I should talk to some browser developers and standards folks to get the ball rolling on this.