I feel like there are a lot of things wrong with the invention of websites showing a pop-up, modal, etc., to users asking them to accept the site’s cookie policy.

Why are the sites doing this? It seems like it is largely to meet some kind of self-imposed privacy guideline in order for the organization to protect themselves legally. If this were some kind of browser-supported technology where cookies could not be set unless some kind of sanctioned, enforced interaction were to take place then that might actually serve a purpose. In this case, though, it is too arbitrary and opaque for it to mean anything to the user, and it does allow the site’s organization to check off a box saying that they got the user’s permission to track her.

So what is bad about this for the user?

Just because a user clicks a button does not restrict in any way what the site does regarding cookies. This interaction gives the user a false sense of security in how the site is tracking her; the preference is completely unenforceable unless the browser itself blocks cookies from the site.

Is this the only way the user can be tracked? No. So why is this the method sites choose to waste the user’s mouse-clicks on? Again, this is pretense, it’s theater. This gives the impression to the user that the site has so much integrity that it is giving the user control over the interaction. This gives the user the impression that by clicking this button is doing something meaningful. In effect, however, it is a usability problem and creates more waste, waste of time, waste of clicks, waste of screen space, a waste of mental energy.

And who actually reads all of the text in that dialog and thinks about what’s happening? I feel like this situation just feeds into the tendency of users to just click on elements to get their job done, not paying adequate attention to what’s happening to the degree that they understand what’s being conveyed to them, in effect supporting reflexive clicking just like dismissing SSL warnings used to be; there were so many SSL errors due to poor certificate management by poorly managed organizations that users just dismissed them as quickly as possible in order to accomplish their task.

Probably the worst thing that it does is contribute to the clutter that has become so commonplace on websites, just one more pop-up that must be obligatorily dismissed so that the user can do what she came here to do.