Far be it for me to continue pointing out the inevitable results of legislating front-end code without no regard to UX or the social dynamics of technology use.
After all, you don’t have to write about it for a living to know it’s a problem:
The European "cookie" law appears to have been created entirely to train people to click OK on random pop ups on web sites.
— John Graham-Cumming (@jgrahamc) August 18, 2015
Is there anything more irritating and less effective than the EU cookie law? All it's done is train me to blindly click OK to anything
— Rosie Campbell (@RosieCampbell) July 28, 2015
Within months of implementation across Europe, consent fatigue had clearly set in and no discernible improvement in privacy – oh for those innocent pre-Snowden days – had resulted. Yet the law is the law. What could possibly go wrong?
So here we have MalwareBytes reporting on a clickjacking campaign payloading in cookie compliance popup windows. The trick is working because people have spent four years clicking those windows out of the way. Thankfully at the moment all it is accomplishing is PPC fraud. Of course, it would only take seconds to payload something worse.
The long-term implication is that web users already annoyed by the popups and consent mechanisms will now associate them with outright malicious acts. You can’t legislate, sell, or blame your way out of that.
— Bhaskar Karambelkar (@bhaskar_vk) January 13, 2016
About the author
Heather Burns is a digital law specialist in Glasgow, Scotland. She researches, writes, publishes, consults, and speaks extensively on internet laws and policies which affect the crafts of web design and development. She has been designing and developing web sites since 1997 and has been a professional web site designer since 2007. She holds a postgraduate certification in internet law and policy from the University of Strathclyde. Learn about hiring Heather to write, speak, or consult.