Published on [Permalink]
Reading time: 3 minutes
Posted in:


How the cookie poisoned the Web

Doc Searls, in a bittersweet post:

Have you ever wondered why you have to consent to terms required by the websites of the world, rather than the other way around? Or why you have no record of your own of what you have accepted or agreed to?

Blame the cookie.

Have you wondered why you have no more privacy on the Web than what other parties grant you, which happens only by opt-in or opt-out choices that others provide—while the only controls you have over your privacy are to skulk around like a criminal (thank you, Edward Snowden and Russell Brand, for that analogy) or to stay offline completely?

Blame the cookie.

And have you paused to wonder why Europe’s GDPR regards you as a mere “data subject” while assuming that the only parties qualified to be “data controllers” and “data processors” are the sites and services of the world, leaving you with little more agency than those sites and services allow, or provide you?

Blame the cookie.

Or why California’s CCPA regards you as a mere “consumer” (not a producer, much less a complete human being), and only gives you the right to ask the sites and services of the world to give back data gathered about you, or not to “sell” that personal data, whatever the hell that means?

Blame the cookie.

There are more examples, but you get the point: this situation has become so established that it’s hard to imagine any other way for the Web to operate.

Now here’s another point: it didn’t have to be that way.

As Doc points out, the invention of HTTP cookies enabled browser state to be transferred between sessions, but in the process began the erosion of online privacy and agency. Instead of the web being peer-to-peer and mostly self-hosted, as it was in the beginning, it morphed into an asymmetric relationship between big websites / services and users.

It's unusual, but not surprising, that Doc is so pessimistic about the ability to undo the damage done without completely rearranging the web:

At this stage of the Web’s moral devolution, it is nearly impossible to think outside the cookie-based fecosystem. If it was, we would get back the agency we lost, and the regulations we’re writing would respect and encourage that agency as well.

But that’s not happening, in spite of all the positive privacy moves AppleBraveMozillaConsumer Reports, the EFF and others are making.

My hat’s off to all of them; but the poisoning is too far advanced. After fighting it for more than 22 years (dating from publishing The Cluetrain Manifesto in 1999), I’m moving on.

To here.

Reply by email