HACKER Q&A
📣 kelnos

What's up with sites that don't allow any cookies to be disabled?


I'm sure most of us have seen websites using "One Trust" or other services to give a standard cookie disclosure and even allow visitors to enable or disable certain cookie "classes".

I've been reading MIT Tech Review's coronavirus coverage, and clicked on the "Cookie Information" link in their page banner, and was dismayed to see that all cookie classes, even the "targeting" (aka tracking) cookies are shown as "Always Active", without the ability to disable them. (Granted, I have several browser extensions that should be blocking these regardless.)

Out of the sites I've visited that use this sort of cookie disclosure style, this is the first one I've noticed that doesn't allow any cookies to be disabled at all. I'm a bit dismayed that a publication put out by an institution like MIT is engaging in a practice like this.

How common is this? Are there many other sites that do this that people have seen? Is there any avenue where we can evangelize to orgs that they shouldn't do this?

(Example article page: https://www.technologyreview.com/s/615436/the-coronavirus-test-that-might-exempt-you-from-social-distancingif-you-pass/)

  👤 zzo38computer Accepted Answer ✓
It works OK if cookies are disabled or if cookies are prevented with moz-rewrite. I should think it is the web browser which would have the functions for configuring cookies, anyways. But, that is a valid point about the classes of cookies; if the web page lists the names of all cookies in each class, and what they mean, then this gives the user the information they will need to configure it. (Otherwise, if it is the server which handles this configuration, then a cookie will be needed to store this configuration too, and that makes it impossible to disable all of them.)