TECH NEWS – An analysis suggests that many major companies do not actually honor cookie rejection properly when users visit their websites…
If you visit almost any major website, you have almost certainly noticed that it asks about the use of cookies. These files store our preferences and help companies track our data. What has now become clear, however, is that even if we reject them, there is still a very good chance we continue to be tracked anyway. A recent study by webXray found that major tech firms simply ignore globally defined opt-out signals.
The study found that 194 online advertising services ignore standard opt-out mechanisms, along with Google-certified cookie banners that supposedly still do not stop Google from dropping cookies after users have opted out through a globally standardized signal. In total, webXray looked at 242 advertising technology providers, which means the failure rate for properly respecting user opt-outs stands at 80%.
The analysis shows that 55% of websites still place advertising cookies even after users opt out, and that 78% of cookie banners failed to protect users. Company liability exposure is estimated at $5.8 billion. webXray examined Google’s own cookie system and believes that when it receives an encoded cookie signal, it allegedly responds by creating a new advertising cookie called IDE. The report says this violation is easy to detect and plainly visible, and that it supports the argument that Google should instead respond to such encoded cookies with a 451 status, indicating that the resource is unavailable for legal reasons. According to webXray, Google failed to provide users with a proper opt-out in 86% of cookie cases and still set more than 11,000 cookies in defiance of user preferences.
Microsoft and Meta also received special attention. Both companies allegedly fail to properly respect requests to disable cookies. Microsoft is said to create a new MUID cookie even when it receives an encoded opt-out request, and it failed to disable cookies in 50% of the tests. That resulted in more than 7,500 cookies being sent despite users opting out. Meta Pixel’s tracking code reportedly does not check opt-out signals at all and recorded a 59% opt-out failure rate in testing. That means more than 1,200 cookies were still set despite rejection signals.
webXray concludes that cookies have effectively become a legal minefield that puts users at risk, and hopes that fear of legal costs and other penalties will eventually force the issue to be fixed.
