The security of our personal data is threatened by websites that flout our choices regarding cookies.
Greediness is an ugly flaw has never been more true than for the privacy and security of our personal data when we browse the Internet. This is what a recent study by the University of Amsterdam revealed. Analysis of 85,000 European websites showed that 90% of them violate privacy regulations.
The cause is cookies, these small files stored on our devices to facilitate our navigation. Practical for remembering our preferences, they are also the preferred tool for marketers to track us and personalize advertisements. But this study goes further. It distinguishes involuntary infringements from deliberate maneuvers, as TF1+ did by forcing its subscribers to accept cookies under penalty of not being able to benefit from the service. User rights sometimes do not seem to resonate in the same way depending on which side the cookies are on.
Unconscious violations
But because not everything is rotten in the realm of the Internet, so-called “naive” violations are surprisingly common. They appear when sites fail to offer an option to refuse cookies or neglect to ask for authorization to store them. These errors, affecting respectively 57% and 32% of the sites analyzed, are nevertheless easily identifiable. Fines have already been imposed on big names on the Web for such negligence. The most famous of them, Google, is still slow to block third-party cookies.
But these offenses are just the tip of the iceberg. Because, unfortunately, beneath the surface lies a darker reality: ignorance or disregard for the rules in force, often due to lack of technical or legal knowledge. Small sites, in particular, struggle to navigate the regulatory maze, and find themselves on the dark side of the law without even knowing it.
Deliberate manipulation
The study also reveals that 65% of sites that claim to offer visitors a choice when it comes to cookies betray them by using tracking cookies, even if they opt out. Worse still, some set these cookies before the user even has a chance to choose. Closing a notification window is often interpreted as consent, a practice adopted by more than 77% of sites.
These methods, referred to as dark patterns, are designed to subtly influence user decisions. By making the accept button visible and accessible, and the reject button discreet and complicated, websites manipulate choices, thereby depriving Internet users of their right to privacy. These tactics, far from being harmless, highlight a deliberate desire to circumvent the rules to favor commercial interests to the detriment of ethics and legality. Despite the warnings, the CNIL has adopted almost 100 corrective measures and sanctions since March 31, 2021 for non-compliance with cookie legislation by website owners.
Source : Malwarebytes, Usenix
3