DEV Community

Cover image for Your website does not need cookies
Malte Riechmann for visuellverstehen

Posted on • Edited on • Originally published at happy-coding.visuellverstehen.de

Your website does not need cookies

GDPR and respect

The regulation in EU law on data protection and privacy called »General Data Protection Regulation GDPR« is generally a good thing, but unfortunately it makes browsing the web way worse.

Instead of respecting the users privacy I see a lot of websites and web applications which display annoying cookie overlays, force the user accept incomprehensible privacy disclaimers, slow everything down by loading a ton of unneeded JavaScript and still integrate third party tracking software.

Let's face it: we failed. Thanks to GDPR the user is disrespected even more by most of the websites out there.

The obvious solution

Of course there is another way. Your website does not need cookies. Recently we removed all of the cookies on our website and you can do it too. It is not so difficult.

  • Remove all third party tracking software.
  • If you need website analytics, use a privacy friendly alternative (e. g. Plausible).
  • Do not blindly install fancy marketing plugins from a marketplace. Instead understand how a website works and build things yourself.
  • Do not use similar techniques as an alternative. By cookies I mean all kind of stored client data. Using local storage instead of cookies will not help you.

I do not really see a good reason to use cookies except for storing user sessions to enable authentication. If you need this functionality, please explain it to the user in your login and register forms.

By the way, I am neither the first nor the only one talking about this (e. g. GitHub).

Not convinced yet?

There is a nice little game out there which will help you understand.

Top comments (7)

Collapse
 
moopet profile image
Ben Sinclair

Getting clients on board is next to impossible.

They want the tracking, and they want it from every third-party app they associate with in another part of their business. For example, if they have a Facebook page, they want to integrate it with Facebook tracking.

Saying, "why don't we just... not?" doesn't get very far in my experience.

SessionStorage is kind of important for anything approaching a web app. And "first-party" cookies are fine, too. Even though you don't need to for GDPR compliance, I think the way to go there is to inform users that when they click "view as a grid" on your product page, that you can remember that setting on this particular browser.

Other than that lot, I totally agree.

Collapse
 
malteriechmann profile image
Malte Riechmann

Thanks for commenting.

Explaining those things to clients is part of being a professional web developer. I agree this is hard and sometimes impossible, but I will not just resign.

I linked to the GitHub statement, because I also think first party cookies are sometimes okay. GitHub is explaining this well.

Collapse
 
moopet profile image
Ben Sinclair

Also, I got 52 seconds on that game, which is a totally cool way of demoing things to people!

Collapse
 
ppfeiler profile image
Patrick • Edited

storing user sessions to enable authentication. If you need this functionality, please explain it to the user in your login and register forms.

Do you have an example how you solved that?

Collapse
 
malteriechmann profile image
Malte Riechmann

Do you mean the technical part about setting session cookies for authentication? Or do you mean the explanation inside of login and register forms?

Collapse
 
ppfeiler profile image
Patrick

The explanation inside of the login and register forms.

The technical part is straigthforward.

Thread Thread
 
malteriechmann profile image
Malte Riechmann

See the Airbnb sign up form for example:
dev-to-uploads.s3.amazonaws.com/up...