Cookie consent box strangeness

Just recently I noticed that Google has changed the way the cookie consent reminder works. In the past it used to count down and then attempt to force you into the consent process but clearing the cookies reset this. Now there is no way past. I’ve not used Google for searches for some time now but Google Maps is handy sometimes. The iPhone app does not do this so presumably that has some other consent mechanism.

Dilbert, which I always visit daily has also started now to throw up a consent screen that one cannot get past. I wonder if these are both as a result of Schrems II. I have not checked what Google set but the Dilbert website sets 17 cookies while asking for consent to set cookies. As I use a cookie cruncher on the Mac that deletes cookies that I have not flagged as wanted every minute this is a minor issue and I always now clear cookies before visiting other websites to avoid them tracking me across sites.

On the iPhone I have all cookies blocked and so clicking on any ‘accept’ button makes no difference but does usually get past the screens. Google is interesting though because here, Google pops up the consent screen and it them immediately vanishes. I expect that will be ‘fixed’ soon though.

OneDrive and ADSL

We had a few broadband issues here over a couple of days with download speeds dropping to a few k at times. Given the recent issues caused by the phone line this one was odd because the modem was holding up nicely at 16Mb / 1.2Mb. So, peering at the switch and unplugging anything that might be connecting to the outside world (really must get my own router so I can monitor the traffic!) it came down to one of the Windows PCs. Unplug that and the broadband quickly returned to normal.

Virus? Malware? (always the first thoughts when Windows is involved!) No, OneDrive. It turned out that the issue were caused by uploading a load of files to OneDrive for safe keeping given said PC has gone a bit daft recently. 5Gb of them! OneDrive was maxing out the upload bandwidth and the issues there in relation to ADSL and TCP/IP are well known.

So I paused it – at least OneDrive is well thought out and you can pause it for a set period. I’d expected the PC to finish up overnight but it shut itself down and still had 3.5Gb to go this morning. Turning OneDrive back on of course zapped the ADSL again.

Nice having 4G on the phone and unlimited data (though not unlimited for tethering or I could have used it to sort OneDrive out here). DuckDuckGo to the ready, it turns out that OneDrive is actually very well thought out and you can limit the upload and download bandwidth. Limiting upload to 50kB (big B) has sorted things here, OneDrive can still get on with things without trashing our broadband. I’m guessing it was seen as an issue and someone actually thought it through at Microsoft.

The trouble with web searches

These days finding information on the web is tedious at best. You almost need to go in knowing the answers in order to judge whether the information revealed by your search is even close to the mark.

For example, searching for “west yorkshire lockdown” on Duckduckgo finds a piece from the Yorkshire Post which immediately throws up a cookie screen and is, of course laden with adverts. I have no issue with a newspaper site having adverts, my issue is why isn’t there de facto information available via the government and if it is, why isn’t that ranked higher up? Search engines throw you to the wolves aka the advertising media for any information on just about any subject, certainly anything general in nature.

Another search, something I never expected to need to know, is to find out if one can drive through a locked down area where your start and end points are both outside said area. Again, lots of media sites, none of which come anywhere close to answering the question.

gov.uk does have information, but even here it’s not as clear as it might be. For example, I know there are current local lockdowns in effect including Bradford but gov.uk offers only “Find out what restrictions are in place if you live, work or travel in the north-west area and other affected areas.” I presume here that West Yorkshire is ‘other’ – why not spell it out to make it obvious? Are they charged per word like old telegrams were? The resultant page does list Bradford but does not mention Ilkley and yet I gathered from Facebook that it is included.  Back to Duckduckgo and a search for “ilkley lockdown” brings up a newspaper site which immediately throws up a cookie page with non-functional option links! Reloading that cured the issue and then deleting the 30 cookies it set even after I rejected them all gave some solace. Finally, that website tells me that anywhere that pays council tax to Bradford is included, specifically adding that Ilkley and Keighley are locked down. That nugget is missing from gov.uk. I did check Bradford council’s website but gave up when it shoved some survey popup at me.

Little wonder then that the masses only work on mis- or poor information from media websites whose sole aim is to push their version of reality and make money out of it. Perhaps they need to start writing this on the side of a big red bus rather than the lies of the past!

Do website owners ever look for errors?

Many websites nowadays have grown into enormously complex beasts with multiple bits and quite often bits that do not work. Other websites now make the journey into the site so horrendous, what with cookie popups and the occasional ‘please turn off your ad blocker’ popups that one cannot get past. I come across these almost daily when performing seemingly routine tasks or looking for information.

Where there is an error but one still needs to interact to gain something, perhaps modification to a service or to purchase something, you are then left with a struggle to find out what to do next. In some cases it is simple, go elsewhere. But in others, say, your energy provider while you are still in contract, one must persevere.

As an example, one energy provider makes the point that, in order to cancel a particular part of the service you can phone or go online.  They explain that should you phone you will be waiting in a queue so why not do it online? Oh but if so, you need to cancel before the renewal date whereas if you phone you can cancel up to 14 days after renewal. Ok, but the relevant section of the website simply never works and gives an error page saying you need to phone. The online chat also has a queueing system of course so no help there.

So, do website owners or whoever does their marketing actually look at errors? There is an issue here if they rely on external analytics providers such as Google Analytics because the analytics cookie may not be set at the point of error and may only be set at the actual generic error page. That may give a trail where someone clicks on a link on the main website which then errors, but not so if one follows the published direct URL. The web server log itself would be saviour here but I suspect that marketers neither know about them nor have access anyway.

Errors aside, I also wonder how many look into their analytics to see the number of people that failed to get any further into the site than the home page. This may be people like me that, when faced with an armoury of popups simply go elsewhere after killing all the cookies the site has set, usually without consent. Or again, people like me that persevere and choose ‘deny all’ to the cookie popup only to be presented with a popup asking me to kill my ad blocker. Again, I click away as must others. You would think that such information would be useful in order to shape the future of their website and maybe do away with the privacy invasive bits so they do not need to gain consent anyway… but I suspect that such statistics are ignored, or not available anyway.

Meanwhile, this rant has left me still needing to cancel a part of my energy contract and deciding whether to phone or wait and try online tomorrow, or apply a sledgehammer solution and cancel the direct debit with the bank and let them sort it out!

Broadband blues…

(updated) We had a problem with the broadband. I know exactly when because when the storms of 26th June hit the broadband went down and came back at a very slow rate. It went from 15Mb connected (12Mb or so usable) to just 700k, then bounced about and eventually settled at around 2Mb. A line test via the NowTV website told us what we knew – the broadband was slow. Too late by then for their customer services I rang the next day which was a Saturday. They ran a test which actually got us back to 8Mb or so but that didn’t last. Anyway, they arranged for OpenReach to come and check the line. Clearly storm related I had wondered if water had got at the terminals on the pole outside or a duct had flooded somewhere and water had got into the cable, but if the latter you’d expect many customers to be affected.

OpenReach came two days later and discovered that our wire pair had been trapped by the junction box lid. That was fixed and we then got a 16Mb connection, the best it had ever been. That lasted a couple of days.

Then, oddly at around 2.45 each morning the router would reset and the line would come back 2Mb slower. It went from 16Mb to 14, 10, 12 and now 8Mb. Rebooting the router had no effect. And now the line test via NowTV’s website does not even work. After saving the router settings to file I did a full router reboot in case something had gone funny. Bad move! First, I forgot that the router comes back as 192.168.0.0 and our LAN is not 0. When I figured that out I tried to access via the Mac and wifi but the server would not stop sending the wrong IP address (or, rather the correct one which now had no chance of working). Of course I have another wifi hub and it was getting the IP that way. Shutting that down and toggling wifi got me back in so I could change the subnet address and get back in via the wired PC that had the saved router settings file. Ok… so simple, right? Reload the settings and all will be well. No. The router will NOT reload the file! Fortunately there are not many settings so I put those back in by hand. 

NowTV customer service are good at arranging things. They organised Openreach to re-visit. The speed had dropped to 4Mb when they arrived. After a lot of testing they found that the wires were ok and to giving errors and a new router was sent by NowTV. They said that if there are errors the exchange equipment falls back progressively to compensate and it was our router at the source of the issue, well that and the original line fault. So far, so good, and we’re back to a 15Mb connection which gives 12Mb+ usable bandwidth.

Cookies – the good, the bad and the mouldy…

We are now several years into the changes in law which became known as the cookie law. Since then, the EU has enacted the GDPR which has added some urgency to ensuring that websites are compliant in the area of cookies and other stored information such as pixel trackers. The GDPR confirmed the consent requirements and national data protection organisations are taking an increasing interest in this area.

The basic requirements are that websites gain informed consent before storing cookies unless those cookies are what is termed ‘strictly necessary’. These strictly necessary cookies include those set in order to provide a service that the user specifically requested, for example to log into a website or carry out functions associated with shopping carts. It clearly does not include analytics cookies or the plethora of advertising and marketing cookies. Website designers may argue that their website will not function without cookies and where that functionality is a shopping cart I would agree. However, if the functionality in question is so the website can remember my shoe size this is not strictly necessary and I would expect to have to give my informed consent before such a cookie is stored.

Informed consent is key. It means that the user must be informed of why a cookie is being set and must then consent to it being set. And there’s the thing – I can permit the website to set cookies and consent to those cookies being set by advertisers such that they are also accessible to other websites, but I should not be forced to do so, I should understand what it means, and it should not be automatic. One may argue here that five pages of legalese indicating why a cookie is set is not a particularly valid way to inform the user.

There is also the issue of pre-checked options although this is lessened if there is a ‘reject all’ button as some websites have. Websites should not use pre-checked consent boxes but there is give and take here, in particular where the user can actively refuse cookies. However, to take the letter of the law the practice is not legal and you must not use pre-checked boxes in this way.

Cookies in the real world?

If I look at a product in a shop and an assistant comes to me and tells me there is an alternative, or better product then that presents me with no issue. However, if I then go to a different shop I do not expect someone to then show me products like the ones I just viewed in the first shop unless I specifically ask. And there is the difference, I can chose to ask or not. So why are tracking cookies any different?

And I certainly do not expect to go into a newsagents and pick up a paper only to have 33 sticky notes stuck on me from 33 other papers, each saying I do not want them to send me anything. Mind you, I don’t buy newspapers…

You must comply

This brings us to the question of cookie walls. Here, a website forces you to agree to their cookie policy before you can even see the website. In my opinion any such website should simply be ignored. Why, for example should I need to consent to it storing cookies just so I can see their email address or other contact details?

And I do object when I find a website that offers me a choice of some 400 advertising partners and lets me deselect each one, one by one. It’s far easier to just visit some other website. And let’s not get into discussion over the numerous websites which have a privacy and cookie notice hosted on some other website at a completely different URL which also sets its own cookies! One particularly famous website gave me a large privacy notice that I could not get past without either accepting or drilling down through layers of options. It was somewhat amusing to count over 400 partner sites that may get my data, and also drilling down further I got to a different, presumably parent website at a completely different URL. Needless to say this was an example of a US website.

Obfuscated messages

It is not always obvious how one even deselects cookies when consenting. The use of graphical sliders to allow or refuse cookies may be obvious when it is visually clear that green is go and red is not. So why do some websites chose shades of grey, and others just have a black slider with no indication of which way is off? This is not rocket science. Some websites use a simple tick box – surely that is sufficient? Can you imagine the problems in a fast food outlet where you end up with a spicy burger and a sugar laden drink because the options for ‘not spicy’ and ‘diet free’ were just black balls on a grey background?

Fighting back

So, to recap, cookies which are strictly necessary can be set by a website without consent when you visit it but these are a tightly defined subset of cookies which are actually necessary for a website to do what you want, not what it wants. Any other cookie must only be set once the user has given their informed consent. Cookies which store one’s choice here can be accepted as strictly necessary. Thus, a website storing a cookie to save your cookie choices for that website is ok as it is associated with you actually requesting something.

However, some websites, particularly media types take this to mean it is ok for each and every one of their partner sites to also set a cookie to save your choice. To me this is its bad programming – why are you causing my browser to visit each of your partner websites in order for each one to then store a cookie saying I do not want you to send me cookies from them? One newspaper website I visited and immediately selected ‘reject all’ on its cookie notice caused 33 individual cookies to be set.

It is sometimes amusing watching websites fail miserably when cookies are disabled in the browser. Some throw you off and demand you allow cookies, some struggle, some have no issues at all. I found one that displays nothing and constantly reloads itself trying to set a cookie. I suspect someone got their cookie sensing code a bit wrong there.

It is less amusing to struggle through a website’s cookie notice and deselect everything only then to be told I can get no further because I use an ad blocker. But wait, if the ad blocker checker is cookie based and I deselected cookies how come it even works?

Remember that tracking cookies are no use if they are not available when you visit other websites. So, for example you visit website A and you have no cookies set at all. Website A sets a tracking cookie served by website C. You then visit website B and it can read the tracking cookie set by website A and thus data about you can be transferred. But if you delete the cookie before you visit website B then that website cannot know. This is oversimplified but essentially is how you end up stalked by adverts.

Personally, I address this in a specific way. Cookies are always turned off on my phone. Yes, it means there are some things I cannot do because they require me to log in, but if I absolutely have to use the phone for those then I can quickly turn cookies back on, do the work, then delete the cookies. On the laptop I now use an app which allows me to chose what cookies I want to keep from each website I use. So, for example I can allow any login function cookies for the various web-based forums I visit. The app is set to delete any unwanted cookies after a minute or there is a button to delete immediately. Using this, I can visit a website and delete all its cookies right away. Of course, this is personal preference and suits me because I have always been security conscious. And other browsers have other mechanisms. I do recommend that you investigate something which suits you. I would also recommend that you take a look at what cookies your browser has stored, you’ll probably be amazed!

It’s not all bad news. There are some really well thought out websites out there. An example is where a website has a very simple line at the bottom, with cooke options not pre-checked and a button to accept or otherwise. Many, many websites run by organisations with insane amounts of money (and therefore buying power when it comes to website design) could learn from this.

Chocolate chip anyone?

MacOS disappearing Desktop oddment

Had a weird one today. When I opened the MacBook first think there were no desktop icons at all. I checked in Finder and the folder was empty. I looked through the Time Machine backup and the files had all gone some time this morning before 9am. The Mac had not been touched since last night and all was definitely there then.

 Nothing in the waste – I wondered if I’d somehow deleted them all. Nope.

Googling (or, rather duckduckgo’ing – is that a thing?) threw up nothing spectacular so I restored everything from Time Machine. A little further investigation and heavier searching led me to find that there is an option to turn off and on the synchronisation of files between the Mac and iCloud and I guess I turned it all on when the facility became available some time ago.

The way to turn iCloud synchronisation off for the Desktop is via Settings -> Internet Accounts -> iCloud -> iCloud Drive -> Options and uncheck Desktop & Documents Folders. Don’t try this, it’s scary! No way I did that by accident!

Anyway, I turned it back on, at which instant it renamed Desktop to a similar named folder but within Desktop, brought the Desktop folder back from iCloud (which was pretty instant so the files must have already been there anyway), and promptly started to back top the folder it created back to iCloud, all 12Gb of it. I deleted that folder having checked that everything was in place and anyway, I have the Time Machine backup on a large disk that as yet to fill.

But how did it get switched off? I’d blame the hamsters but I know where they were…

More PC blues

I finally decided to rebuild the shack PC given that just about everything was going daft. I suspect this is a result of various software installs while testing new stuff that were not fully deinstalled. Yeah I know I should test in a VM…

Anyway, a complete fresh install of Ubuntu 18.04 with it formatting the disk has got the PC back to normality. Almost. Networking works again with the inbuild (un)helpful config rather than me setting it up by hand each boot via a script. And I remembered to sort Gnome out so I can get the classic view rather than the daft dock setup.

But there are two oddities… first off, the rather annoying way the screen layout changes (un)helpfully (!) when you touch the to left corner with the mouse. This can be disabled but when done so the Applications menu – the leftmost top bar menu – is no longer accessible. No amount of permutations of the toggles via gnome-tweaks will sort that.

But more annoying I have lost almost all decode highlights in wsjt-x. The only ones that work are CQ, tx and my call, nothing else. I’ve tried every combination. It’s not wsjt-x (I installed a previous version just to check, same result) and I am rather stuck with that now. It will be something obvious but I just can’t see it… hmmm.

Dead Pi

Well that’s a first for me. A dead Pi, or rather a dead SD card. I have a RPi 2 in the loft connected to a DVB-T dongle and ADSB antenna which sends data to FlightRadar 24. It’s been up there doing its thing for ages, but last night I received an email from FR24 that it had stopped sending data. As it turns out that was a very useful email because everything else was running fine.

It also logs temperatures from three 1Wire temperature sensors on the central heating pipes. As these are underneath the location of the Pi in the loft it was easier to run a wire down for the 1Wire sensors than cobble together another Pi and find a home for it away from the heat of the water cylinder and pipework. That logging and my network monitor indicated that all was apparently well and I had not noticed the FR24 status data indicated that the ADSB feed was down.

The Pi is fed via a PoE supply as I didn’t want a wall-wart and mains socket up there and it makes it easier to reboot. I logged into the Pi fine ad rebooted it from the command line to see if that cured the ADSB issue in case it had simply lost the USB-connected dongle. But it never came fully back and would not even open the ssh port. It did respond to ping. Power cycling made no difference and by this time it was midnight.

This morning I made a new SD card and got it all back working (actually better as the card is the latest o/s now and the FR24 feed also has the MLAT option built in). So, some interesting and annoying observations:

The Raspberry Pi website now has a download package for the Mac which makes creating a new SD card image a doddle. Simply download and run it, stuff a blank SD card in and choose the options and wait.

Don’t use the HDMI monitor, mouse and keyboard off your desktop PC when trying to get a Pi to work if you need to use said desktop PC at the same time! Yeah…

No matter how good your backups, if you cannot remember the name of an important file the backups are useless by themselves. D’oh.

But most importantly remember that you can mount a Pi SD card on a Linux box (and no doubt other systems) and access the files if the card still mostly works like mine did. Fortunately there were only two things on this Pi, the 1Wire code which is a five-line bash script and the FR24 package which basically installs itself from their download site. QED.

Cookie madness continues…

These guys are having a laugh, but not as much as similar others. This is from a newspaper website after I clicked Reject All on their cookie acceptance form…

The Yes/No column indicates if a cookie is secure. But that’s not the issue I have here, the issue is it still set 20 cookies, including Google and other trackers even though I used the reject option. And note the rather adventurous deletion date of the second cookie, the year 3019.

Their reason for so many is that they claim the following uses of cookies are ‘necessary’: ‘Information storage and access’, ‘Personalisation’, ‘Ad selection, delivery, reporting’, ‘Content selection, delivery, reporting’, and ‘Measurement’. I beg to differ! Oh, and on Google, that is specifically deselected when one presses Reject All and yet their cookies are still being set. Hmmm.