Once in a while I’m asked why Citationsy.com doesn’t have one of these:
To understand why we don’t have one it’s useful to know why they exist in the first place.
EU law states that the operator of a website “must adequately inform users and obtain their consent before setting cookies […] By default, none of those cookies must be set.“
Yes, that means you can’t set cookies without explicit consent. What is explicit consent? It means the user has to click on something to consent.
What is definitely not explicit consent is this:
The law continues: “If a website uses site-specific cookies, it requires a dedicated cookie notice page (it must not simply link to the general cookie notice page), listing all first- and third-party cookies with information on their purpose, type of data collected, stored or transmitted by cookies, data retention period, and their legal basis.“
But some cookies are exempt from this warning: Cookies that are “strictly necessary for the delivery of a service requested by the user“.
This includes cookies for storing what you have placed in your shopping cart for example, or cookies used to log you in to a website.
What cookies does Citationsy use?
Exactly one. It’s the cookie that is set when you log in to Citationsy. It contains no personal information. If you delete it, you will be logged out of Citationsy.
Here is what Citationsy does not use:
- The very popular (amongst startups) software that records what everyone does on your website and lets the company making the website watch the replays, with information about the users location and computer
- The kind of plugin used to track what you do and send that information to Facebook, where it can then be used to show you ads for the same sweater you looked at on a different website
- Google Analytics, a bit of software used by millions of websites that stores everything you do on Google’s server in the US and gives the operator of the website extremely detailed statistics on every user of the service
- The little chat boxes that many website have nowadays, that not only provide a useful function but also track what you do and can then trigger specific things based on what you do
- The plugin that sends any information the app maker wants to Facebook, where they can then use it to target ads at you. For example, my shopping list app tells Facebook every time I open it.
So do I not use any analytics? I use an open source analytics software that does not set cookies. I still see how many people use Citationsy, and what pages they visit. I just can’t see which person visits which page and clicks which button, or if they previously visited on their phone, or wether Google thinks they are a man or a woman (*gender is a construct), or hundreds of other things that more invasive analytics software tracks.
Other things that I can read directly from the database. I know how many people per day sign up, because I see it in the database. I know when someone last logged in, because I save all login attempts in order to block fraudulent ones.
I get all the information I need without setting cookies, so why does everyone else need to track every single interaction any user makes? Why does Spotify save a record of every click you make, and send the brand of headphones you use back to their server?
Because they can. Because adding these surveillance scripts is very fast, very easy, and you don’t want to not add them and miss out on data that might be important one day. Watching little movies of people using your website is fun, and can definitely help with designing it. But is it worth the trade-off, namely being a bit creepy and having to display a cookie banner? For me, it is not.