Javascript is not enabled.

Javascript must be enabled to use this site. Please enable Javascript in your browser and try again.

Skip to content

Where you live can impact your health and happiness. See how your community measures up.

Content starts here
CLOSE ×
Search
Popular Searches

Games

Car rental

AARP daily Crossword Puzzle

Hotels with AARP discounts

Life Insurance

AARP Dental Insurance Plans

Travel

Suggested Links
Help Show me my account info Change my Address How do I contact AARP? Where is my membership card? How do I get a digital card?
Red Membership Card

AARP MEMBERSHIP 

AARP Membership — $12 for your first year when you sign up for Automatic Renewal

Get instant access to members-only products, hundreds of discounts, a free second membership, and a subscription to AARP the Magazine. 

 

120x30-AARP-logo-red
Join
Renew
Enroll
Rejoin

AARP en Español

Join
Renew
Enroll
Rejoin
Leaving AARP.org Website

You are now leaving AARP.org and going to a website that is not operated by AARP. A different privacy policy and terms of service will apply.

Continue Cancel

A Lot of Websites Ask You About Cookies. How Should You Answer?

Why so many sites ask for your permission, and what you need to know about granting it

By

Rob Pegoraro,

 
AARP
Comments
Published May 28, 2024
Video: What are Website Cookies?

In this story

A tracking questionWhy ask?Your choicesWhat to click •  Browsers can chooseOther tracking methods

Those web banners that want your input on cookies use varying verbs — accept, agree, allow, confirm and continue, among others — to ask what’s often the same request: Please let us track your visit to our site.

“A lot of these consent dialogs look pretty familiar,” says Aaron Massey, technologist and senior policy analyst for advertising technologies and platforms at the Future of Privacy Forum think tank in Washington.

Why do sites keep asking this question?

These queries have become common for one shared reason: data privacy laws in other parts of the world. The European Union’s General Data Protection Regulation imposed privacy rules on companies doing business in the EU in 2018, and many sites haven’t looked the same since.

“GDPR was kind of the initial prompt for this,” says Angelina Eng, vice president of measurement and addressability at the New York-based Interactive Advertising Bureau industry group. “If there is anything from the EU coming to your website, then you need to be compliant.”

That’s why you may find some U.S. news sites are inaccessible while you are vacationing in Europe. Instead of complying with the EU’s regulation, those sites block all traffic from there.

More recently, the California Consumer Privacy Act has added rules, such as giving Californians the right to opt out of sales of their personal information.

As Massey puts it, these pop-up boxes aren’t a case of “the industry doing something just to make it more difficult for you.”

cookies coming out of a laptop
Photo Collage: AARP; (Source: Getty Images (2), Alamy)

How your choices usually break down

The decisions that sites ask you to make about cookies — tiny text files saved in your browser — often involve picking from a menu of flavors. Some are necessary cookies that websites use for basic visit management, Massey says.

“These are first-party cookies used to maintain really basic details about the session, like whether somebody’s logged in [or] not,” he says. Other first-party cookies can save your choices for options like your preferred language. Still more allow a site’s operators to monitor how different parts perform.

The controversial cookies are third-party cookies that other sites, usually advertising networks and social platforms, set to track your habits across the web to determine your interests.

At some sites — the Future of Privacy Forum’s website is a good example — the dialog box of choices comes preset to block nonessential cookies. At other sites the choice is up to you.

When to click yes or no

“I don’t have any concerns accepting the dialog,” Eng says, explaining she’s seen members of her trade group use this data only to find broad groups of people. “They never specifically home in on a particular user. They use that data to create what we call cohorts in different marketing segments.”

But companies aspiring to reach customers this way should avoid being too creepy or leaving people feeling powerless, she says.

“I think we probably as an industry need to do better in terms of providing full transparency and control for consumers.”

Tip: You can see the profile Google has built of your interests at myadcenter.google.com.

Sites that offer rewards for clicking through to a shopping site, such as shopping portals that airlines maintain to help people build their miles balance, represent a special case for allowing those cookies.

Tiffany Funk, managing editor of the travel blog One Mile at a Time, says companies have been developing ways to track these click-through transactions without needing cookies. One example is the browser extensions many shopping portals offer.

But she’s not ready to rely on those workarounds, so she enables all cookies in those cases as a matter of self-interest.

“You’re benefiting from the transaction being tracked correctly between the publisher and the advertiser,” she says.

Massey concurs that this scenario represents a different bargain: “You, the consumer, by participating in this, can get some remuneration.”

Your browser can choose for you

Instead of clicking endlessly to deny third-party cookies, your browser can do that work for you automatically. Apple’s Safari, Microsoft’s Edge and Mozilla Firefox all block tracking and marketing cookies by default and will also report how many of these third-party cookies they blocked.

For instance, AARP’s website employs third-party cookies. Safari lists 15 as being “trackers prevented from profiling you.”

Meanwhile, Google’s Chrome allows third-party cookies by default. Google is planning changes to ensure that advertisers can still model the interests of large groups of people without using cookies, but it has repeatedly postponed those plans.

So making a non-Google browser your default can let you ignore the cookie questions at sites if you’re looking for more privacy across the web. It can also defend your privacy if a site tries to place tracking cookies even after you decline them.

But sites have other ways to track you

Researchers at the Swiss university ETH Zurich conducted an automated analysis that estimated 65 percent of sites studied likely did not honor cookie rejections. The team did not respond to questions about the research it plans to present at a security conference in August.

Massey warns that sites can use other techniques, such as “browser fingerprinting,” to track people who don’t use cookies. Your browser’s fingerprint includes such information as the device it’s on, installed extensions, keyboard layout, languages, operating system, time zone and version number. Alone, the information doesn’t mean much, but amassed it allows a website to figure out that you’re not your neighbor.

Apple has upgraded Safari’s defenses against those alternate sorts of tracking in recent releases.

Advertisers already collect less data because of the browser defaults and the limits that Apple and Google now place on mobile apps in iOS and on Android devices, says Eng of the Interactive Advertising Bureau.

“About 60 percent of data signals have been lost [in] the past five years,” she says.

Massey suggests that finding a post-cookie standard that expands people’s privacy and allows advertising to keep most sites free to read won’t be easy.

“It’s a hard problem to solve,” he says. “You still need to have some mechanism for a robust advertising ecosystem.”

Rob Pegoraro is a contributing writer who covers technology. His work also has appeared in Fast Company, PC Magazine, U.S. News & World Report and USA Today.

Unlock Access to AARP Members Edition

Join AARP to Continue

Already a Member?

Benefits Recommended For You

See All