#Gastbeitrag – Warum Startups nicht mehr auf Cookies setzen sollten


Wenn man über den Erfolg von E-Commerce Startups wie Everdrop oder HelloBody nachdenkt, dann wird eines recht schnell klar: Cookies haben einen wesentlich Anteil am Erfolg der Startups. Der Grund ist recht simpel: je besser ich meine Kund:innen kenne, desto zielgenauer kann ich ihnen anbieten, was sie sich wünschen und desto erfolgreicher meine Marketingmaßnahmen und größer mein Umsatz. Die mit Online-Marketing-Aktivitäten einhergehenden Themen wie Kundennähe, Datenzugang und datengetriebene Optimierung der Kundenerfahrung sind der Schlüssel für ein erfolgreiches E-Commerce-Startup.

Problematisch wird es allerdings, wenn dieser Schlüssel auf einmal nicht mehr passt. Und genau das könnte vielen E-Commerce-Startups nun leider bevorstehen. Aus gleich drei Gründen:

Immer mehr Browser wie beispielsweise Safari, Firefox und bald auch Google Chrome blockieren Tracking-Cookies von Drittanbietern, wodurch das websiteübergreifende Tracking unmöglich wird. (2) Hinzu kommt das Problem, dass Nutzer:innen das Tracking auf den einzelnen Seiten zunehmend ablehnen. Und schließlich (3) hat Google außerdem vor kurzem angekündigt, dass GA4 Universal Analytics im Juli 2023 ersetzen wird, um Tracking ohne Cookies zu ermöglichen. Für Startups wird das künftig zu einem tiefgreifendem Problem, weil ihre Marketing- und Sales-Maßnahmen dadurch erstmal an Effizienz verlieren. Und das Problem könnte Startups früher erreichen, als sie denken: Mit der Umstellung entfällt nämlich von einem Tag auf den anderen auch die Vergleichbarkeit der Daten, weshalb es sehr sinnvoll ist, dass Startups frühzeitig darüber nachdenken, die Daten anders zu erheben als bisher, um nach der Umstellung überhaupt noch eine Vergleichbarkeit sicherstellen zu können.

Was die Umstellung für Startups bedeutet und wie sie reagieren sollten

Tracking wird – wenn auch sehr eingeschränkt – nach wie vor möglich Mehr noch, ohne Tracking werden E-Commerce-Startups es extrem schwer haben, zu wachsen. Der Einsatz von schlanken DSGVO-konformen No Code / Low Codes Tools könnte daher den Analytics Tech Stack sinnvoll ergänzen.

Startups müssen sich frühzeitig darauf vorbereiten, dass neue Arbeitsweisen und Skills im Umgang mit Daten erlernt werden müssen, um auf die veränderten Bedingungen adäquat reagieren zu können. Vollständige Transparenz und Messbarkeit wird abgelöst durch “Datensignale” oder einfach Anhaltspunkte, die mithilfe von Datenmodellierungen interpretiert werden können, um so Hypothesen aufzustellen.

First Party Daten – das sind die Daten, die Kunden freiwillig teilen – sind der neue Schlüssel, weil das website- und plattformübergreifende Tracking (Third-Party-Data) nicht mehr möglich sein wird. Umso mehr gewinnen die eigenen Plattformen an Bedeutung, weil mit ihnen die First-Party-Daten erhoben werden können. Entsprechend sollten Startups darauf fokussiert sein, dass sie ihren Kund:innen einen solchen Mehrwert auf den eigenen Plattformen bieten, dass Kund:innen bereit sind, diese Daten zur Verfügung zu

Welche Tools Startups jetzt einsetzen können

Zunächst einmal sollten Tools für Startups gewissen Anforderungen erfüllen: Sie sollen sich allen voran durch geringe Fixkosten, einen geringen bis mittleren Implementierungsaufwand und bestenfalls ein variables Preismodell in Abhängigkeit von der Nutzung auszeichnen.

Und natürlich sollten all diese Tools die Möglichkeit der Echtzeitdatenanalyse bieten. Mit Blick auf die Umstellung ist es außerdem essentiell, dass Startups die Hoheit über die Daten besitzen und es sich um sogenannte First-Party-Daten handelt, weil sie die besten Insights ermöglichen.

Snowplow

Insbesondere Daten-Influencer:innen feiern dieses Tool. Es braucht zwar im Vergleich zu den anderen beiden Tools verhältnismäßig viele Ressourcen bis es vollständig implementiert ist, aber dafür dafür bietet es maximale Flexibilität in der Erhebung, Speicherung, Strukturierung, Modellierung und Verteilung der Rohdaten des Nutzerverhaltens.

Segment

Segment ist eine Customer Data Platform, die Nutzerdaten über eine Vielzahl an Touchpoints einsammelt und nutzbar machen kann. Der große Vorteil dieses Tools liegt in der Vielzahl an Destinationen, in die die Daten verteilt werden können. Segment gehört zu Customer Engagement Platform twilio, weshalb die Plattform auch durch Customer Engagement Funktionen wie bspw. Messaging erweitert werden kann.

Elbwalker

Elbwalker Ist ebenfalls ein Open Source Code, um eigenes Event-Tracking abzubilden und in verschiedenste Tools zu verteilen. Insbesondere für E-Commerce-Geschäftsmodelle gibt es bereits eine große Auswahl an Event-Triggern, die man per Drag & Drop in sein Tracking-Set-Up integrieren kann, um sie dann ins eigene Data Warehouse oder Analystics-Tool zu verteilen.

Insgesamt stellt die Umstellung auf GA4 E-Commerce-Startups damit vor eine immense Herausforderung. Wenn Startups diese Umstellung allerdings frühzeitig berücksichtigen und sich darauf vorbereiten, könnten sie als Gewinner aus dieser Umstellung hervorgehen – und so ihr Wachstum nochmal steigern.

Über die Autorin
Karo Junker de Neui ist Managing Director bei Etribes, einer der führenden Digitalberatungen Deutschlands, und Expertin für E-Commerce und digitales Marketing. Zuvor hat sie das Re-Commerce-Geschäftsmodell Vite Envogue als CEO aufgebaut. Sie ist im E-Commerce Beirat der Parfümerie Schuback sowie Mitglied des Boards und Business Angel beim Daten-Startup Elbwalker.

Startup-Jobs: Auf der Suche nach einer neuen Herausforderung? In der unserer Jobbörse findet Ihr Stellenanzeigen von Startups und Unternehmen.

Foto (oben):  Shutterstock

#aktuell, #cookies, #elbwalker, #gastbeitrag, #segment, #snowplow, #universal-analytics

Mistakes Happen. In the Kitchen, That Can Be the Best Thing.

For her final column, Dorie Greenspan shares how a recipe misstep led to perfectly imperfect chocolate thumbprint cookies.

#child-julia, #cookies, #cooking-and-cookbooks, #recipes

Why It’s Better to Bake With Chocolate Chips

It’s not just nostalgia. Those bagged chips can lead to better-tasting desserts, Genevieve Ko explains.

#chocolate, #content-type-service, #cookies, #cooking-and-cookbooks, #guittard-chocolate-co, #nestle-sa, #wakefield-ruth-1903-2018

Elmo’s Unhinged Rant About a Pet Rock Resonates With the Exasperated

A 2004 clip from “Sesame Street” surfaced on social media this week, drawing thousands of responses from viewers expressing that they could relate to Elmo’s sense of frustration.

#cookies, #elmo-fictional-character, #pet-rocks, #rocco, #rock-and-stone, #sesame-street-tv-program, #social-media, #zoe

France orders Google and Facebook to offer one-click cookie rejection

A computer cursor hovering over an

Enlarge (credit: Getty Images | Sean Gladwell)

French regulators today ordered Google and Facebook to make rejecting cookies as simple as accepting them and fined the companies a total of €210 million for failing to comply with France’s Data Protection Act.

The CNIL (Commission Nationale de l’Informatique et des Libertés) said that “facebook.com, google.fr and youtube.com offer a button allowing the user to immediately accept cookies” but “do not provide an equivalent solution (button or other) enabling the Internet user to easily refuse the deposit of these cookies. Several clicks are required to refuse all cookies, against a single one to accept them.”

The process making it harder to reject cookies than to accept them “affects the freedom of consent of Internet users and constitutes an infringement of Article 82 of the French Data Protection Act,” the CNIL said. The agency announced fines of €150 million for Google and €60 million for Facebook and said it “ordered the companies to provide Internet users located in France with a means of refusing cookies as simple as the existing means of accepting them, in order to guarantee their freedom of consent, within three months. If they fail to do so, the companies will have to pay a penalty of 100,000 euros per day of delay.”

Read 5 remaining paragraphs | Comments

#cookies, #facebook, #google, #policy

This Cake Is a Taste of a Vanishing New York

Dorie Greenspan’s poppy-seed cake is a call back to her childhood and shops that are mostly gone.

#bakeries-and-baked-products, #cakes, #cookies, #cooking-and-cookbooks, #poppies, #recipes

What to Bake on Christmas Morning

Big brunch dishes and holiday-spiced small treats capture the spirit of sharing and can be prepared ahead for effortless snacks.

#bakeries-and-baked-products, #christmas, #content-type-service, #cookies, #cooking-and-cookbooks, #gifts, #holidays-and-special-occasions, #popcorn

A Cookie as Big as the Ritz

This festive cookie cake is a cross between an American chocolate-chip cookie and an elegant Parisian treat.

#bakeries-and-baked-products, #cookies, #cooking-and-cookbooks, #france, #hotel-ritz-paris, #recipes

Easy Delicious Desserts That Don’t Require a Mixer

In her new monthly column, Genevieve Ko shares easy, streamlined recipes, like handmade crisps and cookies, so you can feed your loved ones (and yourself) effortlessly.

#apples, #bakeries-and-baked-products, #content-type-service, #cookies, #cooking-and-cookbooks

After years of inaction against adtech, UK’s ICO calls for browser-level controls to fix ‘cookie fatigue’

In the latest quasi-throwback toward ‘do not track‘, the UK’s data protection chief has come out in favor of a browser- and/or device-level setting to allow Internet users to set “lasting” cookie preferences — suggesting this as a fix for the barrage of consent pop-ups that continues to infest websites in the region.

European web users digesting this development in an otherwise monotonously unchanging regulatory saga, should be forgiven — not only for any sense of déjà vu they may experience — but also for wondering if they haven’t been mocked/gaslit quite enough already where cookie consent is concerned.

Last month, UK digital minister Oliver Dowden took aim at what he dubbed an “endless” parade of cookie pop-ups — suggesting the government is eyeing watering down consent requirements around web tracking as ministers consider how to diverge from European Union data protection standards, post-Brexit. (He’s slated to present the full sweep of the government’s data ‘reform’ plans later this month so watch this space.)

Today the UK’s outgoing information commissioner, Elizabeth Denham, stepped into the fray to urge her counterparts in G7 countries to knock heads together and coalesce around the idea of letting web users express generic privacy preferences at the browser/app/device level, rather than having to do it through pop-ups every time they visit a website.

In a statement announcing “an idea” she will present this week during a virtual meeting of fellow G7 data protection and privacy authorities — less pithily described in the press release as being “on how to improve the current cookie consent mechanism, making web browsing smoother and more business friendly while better protecting personal data” — Denham said: “I often hear people say they are tired of having to engage with so many cookie pop-ups. That fatigue is leading to people giving more personal data than they would like.

“The cookie mechanism is also far from ideal for businesses and other organisations running websites, as it is costly and it can lead to poor user experience. While I expect businesses to comply with current laws, my office is encouraging international collaboration to bring practical solutions in this area.”

“There are nearly two billion websites out there taking account of the world’s privacy preferences. No single country can tackle this issue alone. That is why I am calling on my G7 colleagues to use our convening power. Together we can engage with technology firms and standards organisations to develop a coordinated approach to this challenge,” she added.

Contacted for more on this “idea”, an ICO spokeswoman reshuffled the words thusly: “Instead of trying to effect change through nearly 2 billion websites, the idea is that legislators and regulators could shift their attention to the browsers, applications and devices through which users access the web.

“In place of click-through consent at a website level, users could express lasting, generic privacy preferences through browsers, software applications and device settings – enabling them to set and update preferences at a frequency of their choosing rather than on each website they visit.”

Of course a browser-baked ‘Do not track’ (DNT) signal is not a new idea. It’s around a decade old at this point. Indeed, it could be called the idea that can’t die because it’s never truly lived — as earlier attempts at embedding user privacy preferences into browser settings were scuppered by lack of industry support.

However the approach Denham is advocating, vis-a-vis “lasting” preferences, may in fact be rather different to DNT — given her call for fellow regulators to engage with the tech industry, and its “standards organizations”, and come up with “practical” and “business friendly” solutions to the regional Internet’s cookie pop-up problem.

It’s not clear what consensus — practical or, er, simply pro-industry — might result from this call. If anything.

Indeed, today’s press release may be nothing more than Denham trying to raise her own profile since she’s on the cusp of stepping out of the information commissioner’s chair. (Never waste a good international networking opportunity and all that — her counterparts in the US, Canada, Japan, France, Germany and Italy are scheduled for a virtual natter today and tomorrow where she implies she’ll try to engage them with her big idea).

Her UK replacement, meanwhile, is already lined up. So anything Denham personally champions right now, at the end of her ICO chapter, may have a very brief shelf life — unless she’s set to parachute into a comparable role at another G7 caliber data protection authority.

Nor is Denham the first person to make a revived pitch for a rethink on cookie consent mechanisms — even in recent years.

Last October, for example, a US-centric tech-publisher coalition came out with what they called a Global Privacy Standard (GPC) — aiming to build momentum for a browser-level pro-privacy signal to stop the sale of personal data, geared toward California’s Consumer Privacy Act (CCPA), though pitched as something that could have wider utility for Internet users.

By January this year they announced 40M+ users were making use of a browser or extension that supports GPC — along with a clutch of big name publishers signed up to honor it. But it’s fair to say its global impact so far remains limited. 

More recently, European privacy group noyb published a technical proposal for a European-centric automated browser-level signal that would let regional users configure advanced consent choices — enabling the more granular controls it said would be needed to fully mesh with the EU’s more comprehensive (vs CCPA) legal framework around data protection.

The proposal, for which noyb worked with the Sustainable Computing Lab at the Vienna University of Economics and Business, is called Advanced Data Protection Control (ADPC). And noyb has called on the EU to legislate for such a mechanism — suggesting there’s a window of opportunity as lawmakers there are also keen to find ways to reduce cookie fatigue (a stated aim for the still-in-train reform of the ePrivacy rules, for example).

So there are some concrete examples of what practical, less fatiguing yet still pro-privacy consent mechanisms might look like to lend a little more color to Denham’s ‘idea’ — although her remarks today don’t reference any such existing mechanisms or proposals.

(When we asked the ICO for more details on what she’s advocating for, its spokeswoman didn’t cite any specific technical proposals or implementations, historical or contemporary, either, saying only: “By working together, the G7 data protection authorities could have an outsized impact in stimulating the development of technological solutions to the cookie consent problem.”)

So Denham’s call to the G7 does seem rather low on substance vs profile-raising noise.

In any case, the really big elephant in the room here is the lack of enforcement around cookie consent breaches — including by the ICO.

Add to that, there’s the now very pressing question of how exactly the UK will ‘reform’ domestic law in this area (post-Brexit) — which makes the timing of Denham’s call look, well, interestingly opportune. (And difficult to interpret as anything other than opportunistically opaque at this point.)

The adtech industry will of course be watching developments in the UK with interest — and would surely be cheering from the rooftops if domestic data protection ‘reform’ results in amendments to UK rules that allow the vast majority of websites to avoid having to ask Brits for permission to process their personal data, say by opting them into tracking by default (under the guise of ‘fixing’ cookie friction and cookie fatigue for them).

That would certainly be mission accomplished after all these years of cookie-fatigue-generating-cookie-consent-non-compliance by surveillance capitalism’s industrial data complex.

It’s not yet clear which way the UK government will jump — but eyebrows should raise to read the ICO writing today that it expects compliance with (current) UK law when it has so roundly failed to tackle the adtech industry’s role in cynically sicking up said cookie fatigue by failing to take any action against such systemic breaches.

The bald fact is that the ICO has — for years — avoided tackling adtech abuse of data protection, despite acknowledging publicly that the sector is wildly out of control.

Instead, it has opted for a cringing ‘process of engagement’ (read: appeasement) that has condemned UK Internet users to cookie pop-up hell.

This is why the regulator is being sued for inaction — after it closed a long-standing complaint against the security abuse of people’s data in real-time bidding ad auctions with nothing to show for it… So, yes, you can be forgiven for feeling gaslit by Denham’s call for action on cookie fatigue following the ICO’s repeat inaction on the causes of cookie fatigue…

Not that the ICO is alone on that front, however.

There has been a fairly widespread failure by EU regulators to tackle systematic abuse of the bloc’s data protection rules by the adtech sector — with a number of complaints (such as this one against the IAB Europe’s self-styled ‘transparency and consent framework’) still working, painstakingly, through the various labyrinthine regulatory processes.

France’s CNIL has probably been the most active in this area — last year slapping Amazon and Google with fines of $42M and $120M for dropping tracking cookies without consent, for example. (And before you accuse CNIL of being ‘anti-American’, it has also gone after domestic adtech.)

But elsewhere — notably Ireland, where many adtech giants are regionally headquartered — the lack of enforcement against the sector has allowed for cynical, manipulative and/or meaningless consent pop-ups to proliferate as the dysfunctional ‘norm’, while investigations have failed to progress and EU citizens have been forced to become accustomed, not to regulatory closure (or indeed rapture), but to an existentially endless consent experience that’s now being (re)branded as ‘cookie fatigue’.

Yes, even with the EU’s General Data Protection Regulation (GDPR) coming into application in 2018 and beefing up (in theory) consent standards.

This is why the privacy campaign group noyb is now lodging scores of complaints against cookie consent breaches — to try to force EU regulators to actually enforce the law in this area, even as it also finds time to put up a practical technical proposal that could help shrink cookie fatigue without undermining data protection standards. 

It’s a shining example of action that has yet to inspire the lion’s share of the EU’s actual regulators to act on cookies. The tl;dr is that EU citizens are still waiting for the cookie consent reckoning — even if there is now a bit of high level talk about the need for ‘something to be done’ about all these tedious pop-ups.

The problem is that while GDPR certainly cranked up the legal risk on paper, without proper enforcement it’s just a paper tiger. And the pushing around of lots of paper is very tedious, clearly. 

Most cookie pop-ups you’ll see in the EU are thus essentially privacy theatre; at the very least they’re unnecessarily irritating because they create ongoing friction for web users who must constantly respond to nags for their data (typically to repeatedly try to deny access if they can actually find a ‘reject all’ setting).

But — even worse — many of these pervasive pop-ups are actively undermining the law (as a number of studies have shown) because the vast majority do not meet the legal standard for consent.

So the cookie consent/fatigue narrative is actually a story of faux compliance enabled by an enforcement vacuum that’s now also encouraging the watering down of privacy standards as a result of such much unpunished flouting of the law.

There is a lesson here, surely.

‘Faux consent’ pop-ups that you can easily stumble across when surfing the ‘ad-supported’ Internet in Europe include those failing to provide users with clear information about how their data will be used; or not offering people a free choice to reject tracking without being penalized (such as with no/limited access to the content they’re trying to access), or at least giving the impression that accepting is a requirement to access said content (dark pattern!); and/or otherwise manipulating a person’s choice by making it super simple to accept tracking and far, far, far more tedious to deny.

You can also still sometimes find cookie notices that don’t offer users any choice at all — and just pop up to inform that ‘by continuing to browse you consent to your data being processed’ — which, unless the cookies in question are literally essential for provision of the webpage, is basically illegal. (Europe’s top court made it abundantly clear in 2019 that active consent is a requirement for non-essential cookies.)

Nonetheless, to the untrained eye — and sadly there are a lot of them where cookie consent notices are concerned — it can look like it’s Europe’s data protection law that’s the ass because it seemingly demands all these meaningless ‘consent’ pop-ups, which just gloss over an ongoing background data grab anyway.

The truth is regulators should have slapped down these manipulative dark patterns years ago.

The problem now is that regulatory failure is encouraging political posturing — and, in a twisting double-back throw by the ICO! — regulatory thrusting around the idea that some newfangled mechanism is what’s really needed to remove all this universally inconvenient ‘friction’.

An idea like noyb’s ADPC does indeed look very useful in ironing out the widespread operational wrinkles wrapping the EU’s cookie consent rules. But when it’s the ICO suggesting a quick fix after the regulatory authority has failed so spectacularly over the long duration of complaints around this issue you’ll have to forgive us for being sceptical.

In such a context the notion of ‘cookie fatigue’ looks like it’s being suspiciously trumped up; fixed on as a convenient scapegoat to rechannel consumer frustration with hated online tracking toward high privacy standards — and away from the commercial data-pipes that demand all these intrusive, tedious cookie pop-ups in the first place — whilst neatly aligning with the UK government’s post-Brexit political priorities on ‘data’.

Worse still: The whole farcical consent pantomime — which the adtech industry has aggressively engaged in to try to sustain a privacy-hostile business model in spite of beefed up European privacy laws — could be set to end in genuine tragedy for user rights if standards end up being slashed to appease the law mockers.

The target of regulatory ire and political anger should really be the systematic law-breaking that’s held back privacy-respecting innovation and non-tracking business models — by making it harder for businesses that don’t abuse people’s data to compete.

Governments and regulators should not be trying to dismantle the principle of consent itself. Yet — at least in the UK — that does now look horribly possible.

Laws like GDPR set high standards for consent which — if they were but robustly enforced — could lead to reform of highly problematic practices like behavorial advertising combined with the out-of-control scale of programmatic advertising.

Indeed, we should already be seeing privacy-respecting forms of advertising being the norm, not the alternative — free to scale.

Instead, thanks to widespread inaction against systematic adtech breaches, there has been little incentive for publishers to reform bad practices and end the irritating ‘consent charade’ — which keeps cookie pop-ups mushrooming forth, oftentimes with ridiculously lengthy lists of data-sharing ‘partners’ (i.e. if you do actually click through the dark patterns to try to understand what is this claimed ‘choice’ you’re being offered).

As well as being a criminal waste of web users’ time, we now have the prospect of attention-seeking, politically charged regulators deciding that all this ‘friction’ justifies giving data-mining giants carte blanche to torch user rights — if the intention is to fire up the G7 to send a collect invite to the tech industry to come up with “practical” alternatives to asking people for their consent to track them — and all because authorities like the ICO have been too risk averse to actually defend users’ rights in the first place.

Dowden’s remarks last month suggest the UK government may be preparing to use cookie consent fatigue as convenient cover for watering down domestic data protection standards — at least if it can get away with the switcheroo.

Nothing in the ICO’s statement today suggests it would stand in the way of such a move.

Now that the UK is outside the EU, the UK government has said it believes it has an opportunity to deregulate domestic data protection — although it may find there are legal consequences for domestic businesses if it diverges too far from EU standards.

Denham’s call to the G7 naturally includes a few EU countries (the biggest economies in the bloc) but by targeting this group she’s also seeking to engage regulators further afield — in jurisdictions that currently lack a comprehensive data protection framework. So if the UK moves, cloaked in rhetoric of ‘Global Britain’, to water down its (EU-based) high domestic data protection standards it will be placing downward pressure on international aspirations in this area — as a counterweight to the EU’s geopolitical ambitions to drive global standards up to its level.

The risk, then, is a race to the bottom on privacy standards among Western democracies — at a time when awareness about the importance of online privacy, data protection and information security has actually never been higher.

Furthermore, any UK move to weaken data protection also risks putting pressure on the EU’s own high standards in this area — as the regional trajectory would be down not up. And that could, ultimately, give succour to forces inside the EU that lobby against its commitment to a charter of fundamental rights — by arguing such standards undermine the global competitiveness of European businesses.

So while cookies themselves — or indeed ‘cookie fatigue’ — may seem an irritatingly small concern, the stakes attached to this tug of war around people’s rights over what can happen to their personal data are very high indeed.

#advertising-tech, #amazon, #california, #canada, #cookie-consent-notices, #cookie-fatigue, #cookies, #data-protection, #data-protection-law, #data-security, #do-not-track, #elizabeth-denham, #europe, #european-union, #france, #g7, #general-data-protection-regulation, #germany, #google, #ireland, #italy, #japan, #noyb, #oliver-dowden, #online-privacy, #online-tracking, #privacy, #tc, #tracking, #uk-government, #united-kingdom, #united-states, #web-tracking

Today’s Firefox 91 release adds new site-wide cookie-clearing action

This menacing firefox seems to be on the prowl for unwanted third-party cookies.

Enlarge / This menacing firefox seems to be on the prowl for unwanted third-party cookies. (credit: Hung Chung Chih via Getty Images)

Mozilla’s Firefox 91, released this morning, includes a new privacy management feature called Enhanced Cookie Clearing. The new feature allows users to manage all cookies and locally stored data generated by a particular website—regardless of whether they’re cookies tagged to that site’s domain or cookies placed from that site but belonging to a third-party domain, eg Facebook or Google.

Building on Total Cookie Protection

The new feature builds and depends upon Total Cookie Protection, introduced in February with Firefox 86. Total Cookie Protection partitions cookies by the site that placed them, rather than the domain that owns them—which means that if a hypothetical third party we’ll call “Forkbook” places tracking (or authentication) cookies on both momscookies.com and grandmascookies.com, it can’t reliably tie the two together.

Without cookie partitioning, a single Forkbook cookie would contain the site data for both momscookies.com and grandmascookies.com. With cookie partitioning, Forkbook must set two separate cookies—one for each site—and can’t necessarily relate one to the other.

Read 8 remaining paragraphs | Comments

#browsers, #cookies, #firefox, #mozilla, #privacy, #tech

Easy Pie Crust Recipes for Summer Desserts

The perfect pies for lazy days combine buttery press-in crumb shells with no-bake fillings and piles of fresh fruit.

#content-type-service, #cookies, #cooking-and-cookbooks, #crackers, #fruit, #pies, #summer-season

Moving Back to Brooklyn and Upgrading

After a year in Florida with his parents, he missed New York and he needed a place big enough to launch a vegan cookie business.

#cookies, #gowanus-brooklyn-ny, #quarantine-life-and-culture, #real-estate-and-housing-residential, #renting-and-leasing-real-estate

Tired of accepting/rejecting cookies? ADPC wants to automate the process

The European Union’s General Data Protection Regulation (GDPR), passed in 2018, requires websites to ask visitors for consent prior to placing cookies. As any Internet user is now aware, this means an extra step required when visiting nearly any website for the first time—or potentially every time, if you choose not to accept cookies. A new proposed HTTP standard from None of Your Business and the Sustainable Computing Lab would allow the user to set their privacy preferences once, inside the browser itself, and have the browser communicate those preferences invisibly with any website the user visits.

Advanced Data Protection Control

The proposed standard enables two methods of automated preference delivery—one which communicates directly with the web server hosting a site being visited, and another which communicates with the website itself.

When ADPC communicates directly with the web server, it does so via HTTP headers—a Link header pointing to a JSON file on the server, and the ADPC header emitted by the user’s browser. When communicating with the website itself, the mechanism is via JavaScript— configuration is passed as an object to the DOM interface, e.g., navigator.dataProtectionControl.request(...).

Read 12 remaining paragraphs | Comments

#cookies, #european-union, #http, #https, #internet, #tech

Girl Scouts Stuck With Over 15 Million Boxes of Unsold Cookies

The Girl Scouts faced two major problems during the last year: diminished membership and a pandemic that made in-person cookie selling a risky proposition.

#bakeries-and-baked-products, #cookies, #girl-scouts, #women-and-girls

Our 11 Best Chocolate Chip Cookie Recipes

We’ve published many takes on the classic treat over the years, but these are the ones our readers return to again and again.

#chocolate, #cookies, #cooking-and-cookbooks, #recipes

Your Morning Granola Just Got an Upgrade

Filled with coconut and dried cherries, these breakfast treats from Frenchette Bakery are wholesome enough for breakfast, and sweet enough for dessert.

#bakeries-and-baked-products, #cookies, #cooking-and-cookbooks, #frenchette-manhattan-ny-restaurant

Google says it won’t adopt new tracking tech after phasing out cookies

While we’ve written about attempts to build alternatives to cookies that track users across websites, Google says it won’t be going down that route.

The search giant had already announced that it will be phasing out support for third-party cookies in its Chrome browser, but today it went further, with David Temkin (Google’s director of product management for ads privacy and trust) writing in a blog post that “once third-party cookies are phased out, we will not build alternate identifiers to track individuals as they browse across the web, nor will we use them in our products.”

“We realize this means other providers may offer a level of user identity for ad tracking across the web that we will not — like [personally identifiable information] graphs based on people’s email addresses,” Temkin continued. “We don’t believe these solutions will meet rising consumer expectations for privacy, nor will they stand up to rapidly evolving regulatory restrictions, and therefore aren’t a sustainable long term investment.”

This doesn’t mean ads won’t be targeted at all. Instead, he argued that thanks to “advances in aggregation, anonymization, on-device processing and other privacy-preserving technologies,” it’s no longer necessary to “track individual consumers across the web to get the performance benefits of digital advertising.”

As an example, Temkin pointed to a new approach being tested by Google called Federated Learning of Cohorts (FLoC), which allows ads to be targeted at large groups of users based on common interests. He said Google will begin testing FLoCs with advertisers in the second quarter of this year.

Temkin pointed out that these changes are focused on third-party data and don’t affect the ability of publishers to track and target their own visitors: “We will continue to support first-party relationships on our ad platforms for partners, in which they have direct connections with their own customers.”

It’s worth noting, however, that the Electronic Frontier Foundation has described FLoCs as “the opposite of privacy-preserving technology” and compared them to a “behavioral credit score.”

And while cookies seem to be on the way out across the industry, the U.K.’s Competition and Markets Authority is currently investigating Google’s cookie plan over antitrust concerns, with critics suggesting that Google is using privacy as an excuse to increase its market power. (A similar criticism has been leveled against Apple over upcoming privacy changes in iOS.)

#advertising-tech, #alphabet, #cookies, #google, #policy

Chef’s Choice: A Dreamy Menu, Inspired by Italy

Sometimes, indulging a whim results in the finest of dinners. For David Tanis, that means a luxurious baked pasta and cookies for dessert.

#content-type-service, #cookies, #cooking-and-cookbooks, #italian-food-cuisine, #pasta

Mozilla beefs up anti-cross-site tracking in Firefox, as Chrome still lags on privacy

Mozilla has further beefed up anti-tracking measures in its Firefox browser. In a blog post yesterday it announced that Firefox 86 has an extra layer of anti-cookie tracking built into the enhanced tracking protection (ETP) strict mode — which it’s calling ‘Total Cookie Protection’.

This “major privacy advance”, as it bills it, prevents cross-site tracking by siloing third party cookies per website.

Mozilla likens this to having a separate cookie jar for each site — so, for e.g., Facebook cookies aren’t stored in the same tub as cookies for that sneaker website where you bought your latest kicks and so on.

The new layer of privacy wrapping “provides comprehensive partitioning of cookies and other site data between websites in Firefox”, explains Mozilla.

Along with another anti-tracking feature it announced last month — targeting so called ‘supercookies’ — aka sneaky trackers that store user IDs in “increasingly obscure” parts of the browser (like Flash storageETags, and HSTS flags), i.e. where it’s difficult for users to delete or block them — the features combine to “prevent websites from being able to ‘tag’ your browser, thereby eliminating the most pervasive cross-site tracking technique”, per Mozilla.

There’s a “limited exception” for cross-site cookies when they are needed for non-tracking purposes — Mozilla gives the example of popular third-party login providers.

“Only when Total Cookie Protection detects that you intend to use a provider, will it give that provider permission to use a cross-site cookie specifically for the site you’re currently visiting. Such momentary exceptions allow for strong privacy protection without affecting your browsing experience,” it adds.

Tracker blocking has long been an arms race against the adtech industry’s determination to keep surveilling web users — and thumbing its nose at the notion of consent to spy on people’s online business — pouring resource into devising fiendish new techniques to try to keep watching what Internet users are doing. But this battle has stepped up in recent years as browser makers have been taking a tougher pro-privacy/anti-tracker stance.

Mozilla, for example, started making tracker blocking the default back in 2018 — going on make ETP the default in Firefox in 2019, blocking cookies from companies identified as trackers by its partner, Disconnect.

While Apple’s Safari browser added an ‘Intelligent Tracking Prevention’ (ITP) feature in 2017 — applying machine learning to identify trackers and segregate the cross-site scripting data to protect users’ browsing history from third party eyes.

Google has also put the cat among the adtech pigeons by announcing a planned phasing out of support for third party cookies in Chrome — which it said would be coming within two years back in January 2020 — although it’s still working on this ‘privacy sandbox’ project, as it calls it (now under the watchful eye of UK antitrust regulators).

Google has been making privacy strengthening noises since 2019, in response to the rest of the browser market responding to concern about online privacy.

In April last year it rolled back a change that had made it harder for sites to access third-party cookies, citing concerns that sites were able to perform essential functions during the pandemic — though this was resumed in July. But it’s fair to say that the adtech giant remains the laggard when it comes to executing on its claimed plan to beef up privacy.

Given Chrome’s marketshare, that leaves most of the world’s web users exposed to more tracking than they otherwise would be by using a different, more privacy-pro-active browser.

And as Mozilla’s latest anti-cookie tracking feature shows the race to outwit adtech’s allergy to privacy (and consent) also isn’t the sort that has a finish line. So being slow to do privacy protection arguably isn’t very different to not offering much privacy protection at all.

To wit: One worrying development — on the non-cookie based tracking front — is detailed in this new paper by a group of privacy researchers who conducted an analysis of CNAME tracking (aka a DNS-based anti-tracking evasion technique) and found that use of the sneaky anti-tracking evasion method had grown by around a fifth in just under two years.

The technique has been raising mainstream concerns about ‘unblockable’ web tracking since around 2019 — when developers spotted the technique being used in the wild by a French newspaper website. Since then use has been rising, per the research.

In a nutshell the CNAME tracking technique cloaks the tracker by injecting it into the first-party context of the visited website — via the content being embedded through a subdomain of the site which is actually an alias for the tracker domain.

“This scheme works thanks to a DNS delegation. Most often it is a DNS CNAME record,” writes one of the paper authors, privacy and security researcher Lukasz Olejnik, in a blog post about the research. “The tracker technically is hosted in a subdomain of the visited website.

“Employment of such a scheme has certain consequences. It kind of fools the fundamental web security and privacy protections — to think that the user is wilfully browsing the tracker website. When a web browser sees such a scheme, some security and privacy protections are relaxed.”

Don’t be fooled by the use of the word ‘relaxed’ — as Olejnik goes on to emphasize that the CNAME tracking technique has “substantial implications for web security and privacy”. Such as browsers being tricked into treating a tracker as legitimate first-party content of the visited website (which, in turn, unlocks “many benefits”, such as access to first-party cookies — which can then be sent on to remote, third-party servers controlled by the trackers so the surveilling entity can have its wicked way with the personal data).

So the risk is that a chunk of the clever engineering work being done to protect privacy by blocking trackers can be sidelined by getting under the anti-trackers’ radar.

The researchers found one (infamous) tracker provider, Criteo, reverting its tracking scripts to the custom CNAME cloak scheme when it detected the Safari web browser in use — as, presumably, a way to circumvent Apple’s ITP.

There are further concerns over CNAME tracking too: The paper details how, as a consequence of current web architecture, the scheme “unlocks a way for broad cookie leaks”, as Olejnik puts it — explaining how the upshot of the technique being deployed can be “many unrelated, legitimate cookies” being sent to the tracker subdomain.

Olejnik documented this concern in a study back in 2014 — but he writes that the problem has now exploded: “As the tip of the iceberg, we found broad data leaks on 7,377 websites. Some data leaks happen on almost every website using the CNAME scheme (analytics cookies commonly leak). This suggests that this scheme is actively dangerous. It is harmful to web security and privacy.”

The researchers found cookies leaking on 95% of the studies websites.

They also report finding leaks of cookies set by other third-party scripts, suggesting leaked cookies would in those instances allow the CNAME tracker to track users across websites.

In some instances they found that leaked information contained private or sensitive information — such as a user’s full name, location, email address and (in an additional security concern) authentication cookie.

The paper goes on to raise a number of web security concerns, such as when CNAME trackers are served over HTTP not HTTPS, which they found happened often, and could facilitate man-in-the-middle attacks.

Defending against the CNAME cloaking scheme will require some major browsers to adopt new tricks, per the researchers — who note that while Firefox (global marketshare circa 4%) does offer a defence against the technique Chrome does not.

Engineers on the WebKit engine that underpins Apple’s Safari browser have also been working on making enhancements to ITP aimed at counteracting CNAME tracking.

In a blog post last November, IPT engineer John Wilander wrote that as defence against the sneaky technique “ITP now detects third-party CNAME cloaking requests and caps the expiry of any cookies set in the HTTP response to 7 days. This cap is aligned with ITP’s expiry cap on all cookies created through JavaScript.”

The Brave browser also announced changes last fall aimed at combating CNAME cloaking.

“In version 1.25.0, uBlock Origin gained the ability to detect and block CNAME-cloaked requests using Mozilla’s terrific browser.dns API. However, this solution only works in Firefox, as Chromium does not provide the browser.dns API. To some extent, these requests can be blocked using custom DNS servers. However, no browsers have shipped with CNAME-based adblocking protection capabilities available and on by default,” it wrote.

“In Brave 1.17, Brave Shields will now recursively check the canonical name records for any network request that isn’t otherwise blocked using an embedded DNS resolver. If the request has a CNAME record, and the same request under the canonical domain would be blocked, then the request is blocked. This solution is on by default, bringing enhanced privacy protections to millions of users.”

But the browser with the largest marketshare, Chrome, has work to do, per the researchers, who write:

Because Chrome does not support a DNS resolution API for extensions, the [uBlock version 1.25 under Firefox] defense could not be applied to this browser. Consequently, we find that four of the CNAME-based trackers (Oracle Eloqua, Eulerian, Criteo, and Keyade) are blocked by uBlock Origin on Firefox but not on the Chrome version.

#anti-tracking, #chrome, #cookies, #firefox, #mozilla, #privacy, #tracker-blockers

Grubhub Will Deliver Girl Scout Cookies Amid the Pandemic

The Girl Scouts are also using virtual cookie booths and drive-through pickup sites to promote social distancing.

#cookies, #corporate-social-responsibility, #girl-scouts, #grubhub-inc, #mobile-applications, #restaurants

Holiday Cookie Baking to Connect With Those We Miss

At the darkest time of year, we bake our pain and loss into something to pass to others when it becomes too much to carry.

#cookies, #cooking-and-cookbooks, #funerals-and-memorials, #grief-emotion, #knitting-and-knit-goods, #quarantine-life-and-culture

GitHub says goodbye to cookie banners

Microsoft -owned GitHub today announced that it is doing away with all non-essential cookies on its platform. Thanks to this, starting today, GitHub .com and its subdomains will not feature a cookie banner anymore, either. That’s one less cookie banner you’ll have to click away to get your work done.

“No one likes cookie banners,” GitHub CEO Nat Friedman writes in today’s announcement. “But cookie banners are everywhere!”

The reason for that, of course, is because of regulations like GDPR in the U.S. and the EU’s directive to give users the right to refuse the use of cookies that reduce their online privacy. The result, even though these regulations have the users’ best interest in mind, is the constant barrage of cookie banners you experience today.

“At GitHub, we want to protect developer privacy, and we find cookie banners irritating, so we decided to look for a solution. After a brief search, we found one: just don’t use any non-essential cookies. Pretty simple, really,” Friedman writes.

To be fair, for a service like GitHub, it may be a bit easier to do away with cookies than for most sites — and especially content sites (and yes, I’m well aware that you probably had to click away from a cookie popup when you came to TechCrunch, too. Feel free to tell me about the irony of that in the comments). GitHub, after all, has a paid product and an audience that likely uses extensions to block trackers and unnecessary cookies anyway. Because of this, the tracking data it gathered was probably not all that useful anyway. GitHub is one of the first large sites to make this move, though, and may be able to set a bit of a trend.

#computing, #cookies, #european-union, #github, #hacking, #microsoft, #online-privacy, #privacy, #tc, #tracking, #united-states

We Asked: Why Does Oreo Keep Releasing New Flavors?

The brand’s strategy is stunning in its simplicity.

#advertising-and-marketing, #cookies, #mondelez-international-inc, #nabisco

16 Delightful Cooking Projects to Brighten Up the Holidays

If you’ve got time on your hands, these recipes are a joy to make.

#bakeries-and-baked-products, #christmas, #content-type-service, #cookies, #cooking-and-cookbooks, #pasta, #tamales

NYT Cooking’s 20 Most Popular Recipes of 2020

Caramelized shallot pasta, the perfect chocolate chip cookies, sour cream and onion chicken: These are the recipes that kept readers coming back for more.

#content-type-service, #cookies, #cooking-and-cookbooks, #king-arthur-flour, #recipes, #superiority-burger-manhattan-ny-restaurant

France fines Google $120M and Amazon $42M for dropping tracking cookies without consent

France’s data protection agency, the CNIL, has slapped Google and Amazon with fines for dropping tracking cookies without consent.

Google has been hit with a total of €100 million ($120M) for dropping cookies on Google.fr and Amazon €35M (~42M) for doing so on the Amazon .fr domain under the penalty notices issued today.

The regulator carried out investigations of the websites over the past year and found tracking cookies were automatically dropped when a user visited the domains in breach of the country’s Data Protection Act.

In Google’s case the CNIL has found three consent violations related to dropping non-essential cookies.

“As this type of cookies cannot be deposited without the user having expressed his consent, the restricted committee considered that the companies had not complied with the requirement provided for by article 82 of the Data Protection Act and the prior collection of the consent before the deposit of non-essential cookies,” it writes in the penalty notice [which we’ve translated from French].

Amazon was found to have made two violations, per the CNIL penalty notice.

CNIL also found that the information about the cookies provided to site visitors was inadequate — noting that a banner displayed by Google did not provide specific information about the tracking cookies the Google.fr site had already dropped.

Under local French (and European) law, site users should have been clearly informed before the cookies were dropped and asked for their consent.

In Amazon’s case its French site displayed a banner informing arriving visitors that they agreed to its use of cookies. CNIL said this did not comply with transparency or consent requirements — since it was not clear to users that the tech giant was using cookies for ad tracking. Nor were users given the opportunity to consent.

The law on tracking cookie consent has been clear in Europe for years. But in October 2019 a CJEU ruling further clarified that consent must be obtained prior to storing or accessing non-essential cookies. As we reported at the time sites that failed to ask for consent to track were risking a big fine under EU privacy laws.

Google and Amazon are now finding that out to their cost, it seems.

We’ve reached out to Amazon and Google for comment on the CNIL’s action.

This story is developing — refresh for updates…

#amazon, #cnil, #cookies, #europe, #google, #privacy

Reserve a Cookie Box From Some Culinary Darlings

Nina Compton, Alice Waters and Enrique Olvera are among the chefs contributing to the Resy Cookie Box.

#chefs, #cookies, #ovenly-brooklyn-ny-bakery, #resy-network-inc

Spice Up Your Holiday Cookie Decorations

Baking experts show how to transform simple sugar cookies into dazzling treats.

#content-type-service, #cookies, #food, #quarantine-life-and-culture, #recipes

How to Make the Perfect Cookie Box

For years, Melissa Clark has been on a quest to make the most delicious cookie box to gift to loved ones, logging her triumphs and failures along the way. Here’s what she’s learned.

#christmas, #content-type-service, #cookies, #gifts

How to Pack and Mail Holiday Cookies

The best holiday cookies are the ones you’ve made yourself. Here are tips for assembling gift boxes and getting them to loved ones.

#containers-and-packaging, #content-type-service, #cookies, #postal-service-and-post-offices

A Lemon Meringue Cookie Good Enough to Be Imaginary

For months, I’ve wanted to spend time with the central character of the Armand Gamache series. Since I can’t, I made these cookies for him instead.

#all-the-devils-are-here-a-novel-book, #bakeries-and-baked-products, #cookies, #penny-louise

A ‘Perfect’ Chocolate Chip Cookie, and the Chef Who Created It

The British pastry chef Ravneet Gill ran countless tests to arrive at her version of the classic recipe.

#chocolate, #cookies, #cooking-and-cookbooks, #gill-ravneet, #pastries, #the-pastry-chefs-guide-the-secret-to-successful-baking-every-time-book

The Art of the Cookie Drop

My Cookie Dealer, a bakery that delivers and ships orders placed through Instagram, has fared well in the time of socially distant dining.

#bakeries-and-baked-products, #cookies, #instagram-inc

Why Out-of-Work New Yorkers Are Starting Cooking Businesses

Restaurants might be slowly reopening, but that hasn’t stopped chefs and bakers, stuck at home, from starting their own side gigs.

#bakeries-and-baked-products, #cookies, #labor-and-jobs, #new-york-city, #pizza, #quarantine-life-and-culture, #unemployment

A Sweet-Tart Treat for Summer

These bars taste like Key lime pie but they’re so much easier to share (and easier to make).

#bakeries-and-baked-products, #cookies, #cooking-and-cookbooks, #limes

Has Pandemic Snacking Lured Us Back to Big Food and Bad Habits?

We may think that we turned a corner on healthful eating habits with all that sourdough baking we did, but the food industry isn’t about to let us off its hook that easily.

#advertising-and-marketing, #bakeries-and-baked-products, #cookies, #cooking-and-cookbooks, #coronavirus-2019-ncov, #coronavirus-reopenings, #food, #health-foods, #quarantine-life-and-culture, #quarantines, #shopping-and-retail, #snack-foods, #supermarkets-and-grocery-stores

Low on Chocolate Chips? These Cookies Love a Substitution

For a crowd-pleasing treat, pack them with dried fruit, nuts or a chopped up chocolate bar.

#cookies, #cooking-and-cookbooks, #quarantine-life-and-culture

This Isn’t Strawberry Shortcake as You Know It

Serve this summery pair with crunchy cookies instead of soft biscuits.

#cookies, #cooking-and-cookbooks, #dairy-products, #fruit, #strawberries, #summer-season

German federal court squashes consent opt-outs for non-functional cookies

Yet another stake through the dark-patterned heart of consentless online tracking. Following a key cookie consent ruling by Europe’s top court last year, Germany’s Federal Court (BGH) has today handed down its own ‘Planet49’ decision — overturning an earlier appeal ruling when judges in a district court had allowed a pre-checked box to stand for consent.

That clearly now won’t wash even in Germany, where there had been confusion over the interpretation of a local law which had suggested an opt-in for non-functional cookies might be legally valid in some scenarios. Instead, the federal court ruling aligns with last October’s CJEU decision (which we reported on in detail here).

The ‘Planet49’ legal challenge was originally lodged by vzbz, a German consumer rights organization, which had complained about a lottery website, Planet49, that — back in 2013 — had required users to consent to the storage of cookies in order to play a promotional game. (Whereas EU law generally requires consent to be freely given and purpose limited if it’s to be legally valid.)

In a statement today following the BGH’s decision, board member Klaus Müller said: “This is a good judgment for consumers and their privacy. Internet users are again given more decision-making authority and transparency. So far, it has been common practice in this country for website providers to track, analyze, and market the interests and behaviors of users until they actively contradict them. This is no longer possible. If a website operator wants to screen his users, he must at least ask for permission beforehand. This clarification was long overdue.”

There is one looming wrinkle, however, in the shape of Europe’s ePrivacy reform — a piece of legislation which deals with online tracking. In recent years, European institutions have failed to reach agreement on an update to this — with negotiations ongoing and lobbyists seeking ways to dilute Europe’s strict consent standard.

Should any future reform of ePrivacy weaken the rules on tracking consent that could undo hard won progress to secure European citizens’ rights, under the General Data Protection Regulation (GDPR), which deals with personal data more broadly.

vzbz’s statement warns about this possibility, with the consumer rights group urging the EU to “ensure that the currently negotiated European ePrivacy Regulation does not weaken these strict regulations”.

“We reject the Croatian Presidency’s proposal to allow user tracking in the future on the legal basis of a balance of interests,” added Müller. “The end devices of the consumers allow a deep insight into complex emotional, political and social aspects of a person. Protecting this privacy is a great asset. We therefore require tight and clear rules for user tracking for advertising purposes. This may only be permitted with consent or under strict conditions defined in the law.”

In the meanwhile, there will be legal pressure on data controllers in German to clean up any fuzzy cookie notices to ensure they are complying with consent requirements.

“As the implementation of these new requirements are easily visible (and technically identifiable) on the website, incompliance bears a high risk of cease-and-desist and supervisory procedures,” warns law firm TaylorWessing in a blog post commenting on the BGH decision.

Separately today, another long running legal challenge brought by vzbz against the social networking giant Facebook — for allegedly failing to gain proper consent to process user data related to games hosted on its app platform, back in 2012 — is set to get even longer after the BGH sought a referral on a legal question to Europe’s top court.

The German federal court is seeking clarification on whether consumer protection organizations can bring a lawsuit before the country’s civil courts seeking redress for data protection breaches. “This question is controversial in the case law of the instance courts and the legal literature,” the court notes in a press release.

We’ve reached out to Facebook for comment on the CJEU referral.

#consent, #cookies, #eprivacy-regulation, #europe, #european-union, #facebook, #general-data-protection-regulation, #germany, #law, #online-tracking, #planet49, #privacy, #vzbz

A Special Dessert No Matter What’s in Your Pantry

This delicious and simple icebox cake uses French biscuits dipped in espresso. But you can use whatever cookies you have on hand.

#cakes, #cookies, #cooking-and-cookbooks, #france, #recipes

Introducing Rhubarb Bars, Lemon Bars’ Pinker Cousins

With a crunchy shortbread crust and tangy curd filling, this rhubarb-filled confection is perfect for spring.

#cookies, #cooking-and-cookbooks, #rhubarb, #spring-season

How to Substitute Flours

Can’t find all-purpose flour? Out of whole-wheat? Here’s what you can use instead.

#bread, #cakes, #cookies, #cooking-and-cookbooks, #flour, #grain, #muffins, #spelt-grain

Three-Ingredient Cookies, Fresh From Your Pantry

Bake your way to these sweet snacks using ingredients you’re likely to have on hand.

#cookies, #cooking-and-cookbooks, #flour, #peanut-butter, #sugar

My Grandmother’s Lost Cookie Recipe

I tried to make her cachkitas — savory cookies full of butter and cumin, and topped with sesame seeds.

#butter, #cookies, #cooking-and-cookbooks, #recipes

Google rolls back SameSite cookie changes to keep essential online services from breaking

Google today announced that it will temporarily roll back the changes it recently made to how its Chrome browser handles cookies in order to ensure that sites that perform essential services like banking, online grocery, government services and healthcare won’t become inaccessible to Chrome users during the current COVID-19 pandemic.

The new SameSite rules, which the company started rolling out to a growing number of Chrome users in recent months, are meant to make it harder for sites to access cookies from third-party sites and hence track a user’s online activity. These new rules are also meant to prevent cross-site request forgery attacks.

Under Google’s new guidance, developers must explicitly allow their cookies to be read by third-party sites, otherwise, the browser will prevent these third-party sites from accessing them.

Because this is a pretty major change, Google gave developers quite a bit of time to adapt their applications to it. Still, not every site is ready yet, so the Chrome team decided to halt the gradual rollout and stop enforcing these new rules for the time being.

“While most of the web ecosystem was prepared for this change, we want to ensure stability for websites providing essential services including banking, online groceries, government services and healthcare that facilitate our daily life during this time,” writes Google Chrome engineering director Justin Schuh. “As we roll back enforcement, organizations, users and sites should see no disruption.”

A Google spokesperson also told us that the team saw some breakage in sites “that would not normally be considered essential, but with COVID-19 having become more important, we made this decision in an effort to ensure stability during this time.”

The company says it plans to resume its SameSite enforcement over the summer, though the exact timing isn’t yet clear.

#browsers, #chrome, #cookies, #coronavirus, #covid-19, #google, #google-chrome, #privacy, #tc, #web-browsers, #world-wide-web

How to Freeze Just About Everything

Wondering how you can make the most of your freezer and your food? Melissa Clark can help.

#cheese, #cookies, #cooking-and-cookbooks, #dairy-products, #eggs, #food, #fruit, #home-appliances, #meat, #seafood, #storage, #vegetables