[Rygian]

Blaming the user-agent for accepting an abusive amount of cookies set by the website is outright bad faith.

The only entity with any real power to decide which cookies the website uses is the website itself.

Asking the user or the user agent to comb through cookies and decide, one by one, which ones seem marketing-related and which ones are technically required, and then block, is way too much to ask from a regular internet user.

I have tried, but fail to see good faith in your reply.

[grumbel]

The browser is the one who stores and sends cookies. It would be trivial to make that action explicit and only at the users request. That wouldn't even be a new feature, that used to be how things worked 20 years ago. Lynx is however the only browser left that I know that still asks you before storing cookies.

You don't even have to shift through cookies for this to work, you can just reject all by default until the user explicitly request them to be stored (or use a whitelist or wait until the users tried to login that would necessitate a cookie, etc.) Lots of possibilities.

> is way too much to ask from a regular internet user.

That's kind of the point. By making it all transparent and seamless browser makers played into the hand of marketing companies. If cookies had a cost and would degrade the user experience, they might be thinking twice before putting hundreds of them on a site.

Marketing companies are just making use of the tools they are given. And browser manufacturers gave them a lot of tools, while taking control away from the user.

[woojoo666]

There are many different yet legitimate uses for cookies. It's impractical to expect the user to sift through to find the ones that are necessary and the ones that aren't. Even if the browser requests them beforehand, how is the user supposed to know if the request is for a marketing cookie or functional cookie.

> That's kind of the point. By making it all transparent and seamless browser makers played into the hand of marketing companies. If cookies had a cost and would degrade the user experience, they might be thinking twice before putting hundreds of them on a site.

Cookies do have a cost, namely the bad PR from people complaining about the unnecessary tracking cookies. If you think that's not enough, then you are free to reject cookies as well to degrade your own experience. But they aren't mutually exclusive. Complaints and bad PR can also drive users away from the site and enact change.

[grumbel]

For cookies to have a cost they would need to be visible first. Brave does that right, by not only blocking lots of them out of the box, but also by showing you how many it blocked straight in the address bar, without any extra clicks. Firefox in contrast doesn't do that. It doesn't even give an easy way to inspect the cookies, it just has a "Clear cookies and site data" button that doesn't even tell you what it has stored or what it is going to delete.

Simply put, browser could to a lot better job at preventing this.

As for legitimate use, I don't really see much. Login handling is the obvious one, but I'd argue that login handling itself is in dire need of a rework and should be handled by a proper Web standard, not site specific hacks and "Save password" guesswork.

[woojoo666]

That's fair, I would love for browsers to give more transparency on the tracking front.

As for legitimate use cases, I think shopping carts on most online marketplaces use cookies.

[Rygian]

> The browser is the one who stores and sends cookies.

The website is the one who decides which cookies to send in the first place. The browser never invents a cookie out of thin air.

> you can just reject all by default until the user explicitly request them to be stored

Which cookies should the user "request to be stored" and which cookies can the user safely ignore? How does the user tell them apart? Why should the user have to bother?

> If cookies had a cost and would degrade the user experience

Cookies are already degrading my user experience; you may have noticed the cookie consent popups on many sites. Those popups exist because cookies were being abused (ie. non-consensually) for purposes that are not essential to the functioning of the website. Such uses are now banned in the EU.

> And browser manufacturers gave them [marketing companies] a lot of tools

Browser manufacturers did not build those tools for the sake of marketing companies.

[grumbel]

> The website is the one who decides which cookies to send in the first place.

I can't fault websites for making use of functions the browser offers them.

> Which cookies should the user "request to be stored"

Have a simple toggle button for "Save state for this website" and discard everything when that button isn't pressed. Most website I visit I don't care about and have no need to keep any state. The few that I need to log into, I can just press that button. Knit that together with the "Save Passwords" function and it might be pretty much automatic most of the time.

> Those popups exist because cookies were being abused

Those popups exist because browsers failed to do their job. If the users wants warning for cookies, that's something the browsers can do just fine by itself, yet few do (e.g. Lynx).

> Browser manufacturers did not build those tools for the sake of marketing companies.

I'd disagree on that. Google makes their money with ads, so of course they'll optimize both Chrome and Search for maximum ad friendliness. Meanwhile Firefox is also run on Google ad money, so they can't step to far out of line either. There aren't many browsers that are build for the user first. The "you are the product" quote applies to browsers just as much as it does to Facebook.

[kevin_thibedeau]

> The only entity with any real power to decide which cookies the website uses is the website itself.

I have JS locked down and third-party cookies disabled. This site only managed to set one cookie for me because of my power to decide. Despite that, all content was readable.