This Post Does Not Ask About Cookies

Cyber Security, Identity and Access Management 2 Minutes

Whenever I visit a web site these days I get asked about cookies.
A quick survey around a family dinner table at Christmas revealed only 2 out of 10 people knew what the question was really asking (and we both work in the industry).

This reminded me of the question web browsers used to pop up about security certificates:

A CRL is not available for this X.509 certificate, do you want to continue?

fortunately, browsers have now moved on realising that apart from people working on PKI, in some form, no-one had the faintest idea what the question meant (perversely, even in the industry there was not agreement of what the full implication of a CRL failure is/was).
In security this was a big deal – essentially the technology was abdicating, ‘I can’t tell if this is secure or not, so I’ll ask a user who won’t know either’.

Are the cookie messages achieving anything?
Does anyone really click no?
One person around my dinner table did, but I was not sure if this is a statistical anomaly, or a general trend. My concern is, has this simply put a fake layer of justification around the sharing of private information between service providers.

Recognising that the dinner table was not a truly scientific poll, I ran a poll on the LinkedIn Chartered Directors Group – on the premise they were a reasonably savvy group of people, but not necessarily technically literate. The results are below:

Cookie Poll

This does show a different result (the sample size is still small). Here the majority appeared to make an informed view – on reflection they fact that they are using LinkedIn polls shows a level of technical awareness, so perhaps not surprising.

The only conclusion I can draw is different audiences interpret the question in different way, and far more scientific research is needed.

I am certain this would all have been debated in great length when the legislation was drafted. However I wonder if the way it has been implemented (‘please click OK together rid of this annoying message’) is having the effect the legislators hoped for?

There is hope on the horizon…

Lets hope common sense prevails, as it did eventually with the PKI question, and we start to ask users questions they will understand the full implications of.

See Also

Advertisement
Published