The Naked Website

Cookie banners – we’ve all seen them: you visit a website and some sort pop-up grabs your attention and wants to bug you about cookies & some such.

I hate them.

Hate is a strong word but as I run a WordPress web design business, I take a very active interest in how websites are designed & work.

I like my job – it’s not curing cancer, or putting a person on the Moon (I wish!) but creating websites is positive & rewarding. The dream of the web is ease of access to information for all; freeing us from the tyranny of geography. So when I see something that gets in the way of that, I’ll speak up.

A brief history of cookie banners

I’m going to save you the full history lesson here in terms of electronic legislation and simply say this: websites that do any kind of ‘tracking’ etc (which is often invisible to users) are increasingly becoming frowned upon in legal circles. Put another way, websites can no longer assume that anything goes with their website visitors – they need to be more honest and upfront about what data is being collected, and why.

And this may well mean the website needs to ask for consent from the website visitor before it does certain things.

The Invisible Cookie

To address this visibility issue, legislation increasingly means that websites need to tell visitors what they are doing via “cookie banners” – e.g.

When we visit a site we’ll often see a pop-up similar to Fig 1 telling us about “cookies” etc.

It’s been good form to warn people about what cookies a website issues for a while. And more recent legislation such as GDPR takes this a step further & says that certain cookies need consent from the website visitor before you can set them.

To enforce that, you’ll also see more complex cookie banners like this:

Services like Google Analytics, Facebook Pixel etc all fall into the category of requiring consent under GDPR (& others) – which means we have to get EU website visitors to actively agree to their usage. As these services are used by a lot of websites, this goes towards explaining the ubiquity of cookie banners.

Head in the Sand

Some websites stick their heads in the sand and carry on regardless – ignoring GDPR/CCPA etc, ignoring asking for consent etc. And I do sympathize a little with this ‘approach’ as the legal landscape is hugely complex here, & ever-changing.

It’s almost as if some businesses are waiting to see how things pan out, what fines are handed out etc, before making moves.

The Henry Ford version of a Cookie Banner

I’ve also seen consent type cookie banners which don’t actually do anything. Click YES, or click NO – it doesn’t matter! Google Analytics & Facebook Pixel etc will keep running regardless!

Why does this happen? I honestly think in many cases this is not a deliberate attempt to deceive website visitors. It’s more a case of:

“hey! Do we need one of those cookie banner things on our site?
“Maybe! I’m sure there is a WordPress plugin for this – shall I install it?”
“Sure!”
“Ok, installed – there it is on the website! We rule!”
“Go us!”

The thing is, compliance is much more complex than simply installing a cookie banner. To ensure compliance, you need a deeper assessment of all the services your website uses (which will always be more than you initially think), and how it stores personal information etc. You also need to consider your overall business practices as well – compliance is not just restricted to your website.

Legal Eagles

In many cases, legal advice needs to be sought to clarify how GDPR/CCPR etc affect your website (& business).

For many websites, this will ultimately mean:

• Which services need to be reported and documented on your website
• Which services need explicit consent from visitors before they can be used.

As you see, this is a lot more work than just installing a cookie banner plugin.

…there is an alternative to this though:

Behold! The Naked Website!

I struggled with how I wanted to handle cookies etc on this website.

I tried out a few services (partially as part of investigations into what may be applicable for other clients), but I wasn’t particularly happy with any of them.

In short: I simply did NOT want Glass Mountains website visitors having to interact with such a cookie banner; being distracted & confused by them. A core principle of Glass Mountains is trying to guide clients through the highly complex & jargon-laden website world – so cookie banners etc were at odds with our values here.

And, at this point, I had an epiphany:

Ditch it all

I decided to be brutal with any service running on our site, and if it potentially needed a cookie banner (or worse, ‘consent‘!), it was going to be removed from the site.

No tracking services – no problem!

Removed from the site include:

• Google analytics
• Facebook pixel
• Active Campaign
• ….and more

In fairness, I’d forgotten some of those were running (ahem!) and I’m sure this happens to a lot of business: you install something on your website, and then promptly forget about it.

Some of the services I’d played with – eg Facebook Pixel. Now, this would require consent, but as I don’t really advertise on Facebook etc, this was not massively important to me.

Google Analytics was a slightly different story

Google Analytics

I’m pretty sure I’ve been running Google Analytics on our websites for 15 years. It always felt comforting to have it in the background: silently making notes on all website visits.

I would go in occasionally & examine big picture trends of traffic: especially top content, and landing pages. But was my business steered by it day by day? No.

The issue for me was twofold:

1. By default, Google Analytics requires consent under GDPR.
2. It issues cookies.

Whilst there are supposedly methods you avoid the consent issue with Google Analytics, I felt it was time we parted company.

This is a tough decision as it’s very much the end of an era, and it’s a definitive decision – once you switch it off; it’s off. You get a hole in your Google Analytics data which you can’t backfill.

However, when I weighed the reality that I did not religiously monitor GA (for good or for bad!), and that my business was obviously thriving quite happily without it, I realised I could make the break.

Alternative Analytics

Instead of Google Analytics, we are now running two things:

1. Jetpack
2. Plausible

Jetpack is the swiss army knife WordPress.com plugin which has a treasure trove of features for your website. It has built into basic analytics, so that is useul.

However, I wanted something a little bit more featured, so I turned to Plausible.io – it’s a paid product (good, it’s important they have a business model!). And yes, it’s nowhere near as complex and featured as Google Analytics, but that suited me down to the ground.

The End

Well, no, it’s not the end, Keeping a close eye on your website and making sure it’s compliant etc is an ongoing task.

Should I be showing a cookie banner anyway? Maybe. Because we use CloudFlare and they issue a CFID cookie. However, that is not for tracking purposes – and CloudFlare are deprecating it soon anyway. So I’m going to turn a blind eye as I think we are actually doing the right thing. I think there may be a TypeKit plugin lurking somewhere as well, I’ll find that and remove it.

I’m not saying what I’m doing here is 100% right or 100% bulletproof – but it works for me. And it’s a step in the direction I want to (and want the web to go).

Joel

p.s. the featured image is courtesy of Hannah Postova – in truth, I was looking for something which was less primarily female focussed as the theme of naked should not be a shorthand for a brazen display of female flesh. However, after looking on Unsplash there was something  about the image – it also reminded me of American Beauty; a fantastic movie (with a fantastic score as well).

1 Comment »