Far be it for me to continue pointing out the inevitable results of legislating front-end code without no regard to UX or the social dynamics of technology use.
After all, you don’t have to write about it for a living to know it’s a problem:
The European "cookie" law appears to have been created entirely to train people to click OK on random pop ups on web sites.
— John Graham-Cumming (@jgrahamc) August 18, 2015
Is there anything more irritating and less effective than the EU cookie law? All it's done is train me to blindly click OK to anything
— Rosie Campbell (@RosieCampbell) July 28, 2015
If only the EU was as zealous in dealing with pop-ups asking for cookie consent as it is in requiring cookie consent.
— David Allen Green (@davidallengreen) September 25, 2015
Within months of implementation across Europe, consent fatigue had clearly set in and no discernible improvement in privacy – oh for those innocent pre-Snowden days – had resulted. Yet the law is the law. What could possibly go wrong?
So here we have MalwareBytes reporting on a clickjacking campaign payloading in cookie compliance popup windows. The trick is working because people have spent four years clicking those windows out of the way. Thankfully at the moment all it is accomplishing is PPC fraud. Of course, it would only take seconds to payload something worse.
The long-term implication is that web users already annoyed by the popups and consent mechanisms will now associate them with outright malicious acts. You can’t legislate, sell, or blame your way out of that.
— Bhaskar K (@bhaskar_vk) January 13, 2016