When building Datelist, there is one thing I was sure of: to build great software, you need great UX. Software should be focused on bringing the most value possible to our users, with the less friction possible. And, when I talk about friction, there is one thing that always hurts: cookie consent banners.
I'll not try making a UX/UI lesson about them: first of all because I wouldn't be able to do so, but you don't need to be an expert to understand why they're bad.
Nobody reads them, it just interrupts the user flow
According to studies "You're not alone, no one reads terms of service agreements". That's the same for the cookie policy.
When building my app, I didn't want to find the best way to make it as hidden as possible or finding the best copy to force the users to accept something they wouldn't even read.
If you think more carefully about that, there is something deeply wrong with the way we force people to accept cookies on websites.
The solution was simple: Just get rid of cookies.
Despite anyone could find it, there is probably a mental shift to do when building apps these days. Third party cookies are not there for a long time anymore, so, when building an app, let's forget the classical "include those many scripts in your header" pattern, and let's build apps that don't use marketing cookies. That's not that hard, and it will save you problems later.
Bonus point: If you still need google analytics for your website, but don't want to use it for retargeting, you can keep doing it using the Cookieless Google Analytics Setup ;)
Top comments (2)
For those of us who work in agencies, this is often not possible, since the clients have certain requirements. We can disagree about whether they're good requirements or not, but we are employed to provide a product to spec.
Yes, not having third-party cookies on your site is a perfectly reasonable approach. In fact, it's the default approach. You only add the banner if you add cookies, and you should be able to explain to your team or client why you're adding those cookies.
That said,
The letter of the law for cookie consent may be poorly-formed, but the spirit isn't. What we should be doing for our users is not tracking them, whether it's with cookies or any other tech. If it potentially abuses someone's expectation of privacy, then it's a bad thing.
Thanks a lot for the comment :)
Of course, I wanted to be intentionally a bit provocative here, but you're right, this mostly applies when you build for yourself, and, if you don't have specific marketing requirements (which doesn't hold anymore in agencies). Third-party cookies still have a place, but I really love your sentence: "no third party cookies should be the default approach". That's really what I wanted to share here.
The same goes for the Google Analytics trick: we should not shift cookies to local storage, then, local storage to fingerprinting, then using some obscure privacy-invasive solution (who said FLOC) to track users. My intent is mainly to show that you don't need cookies to be able to perform analytics. You don't need user consent to analyze your HTTP logs to measure the amount of traffic by user referrer. That's basically what a google analytics without third party becomes (and, as it's anonymous, it's not really tracking).