Can “Accept cookie” button in a website be malicious?

Clash Royale CLAN TAG#URR8PPP

up vote
1
down vote

favorite

1

I don't remember when this "accept/cancel cookie" button started to be used in websites. Why do they insist on getting users to click on this button?

Can it do any harm to user's PC or to collect any private and sensitive data? Their reason for this mostly is "For better browsing experience on the website".

Is it possible to use this as a trick for a possible hack? Also my knowledge of cookies and web hacking is not good enough.

web-browser javascript cookies websites

share|improve this question

edited 38 mins ago

schroeder♦

67.3k25141178

asked 56 mins ago

Aiden Stewart

185

add a comment | 

up vote
1
down vote

favorite

1

I don't remember when this "accept/cancel cookie" button started to be used in websites. Why do they insist on getting users to click on this button?

Can it do any harm to user's PC or to collect any private and sensitive data? Their reason for this mostly is "For better browsing experience on the website".

Is it possible to use this as a trick for a possible hack? Also my knowledge of cookies and web hacking is not good enough.

web-browser javascript cookies websites

share|improve this question

edited 38 mins ago

schroeder♦

67.3k25141178

asked 56 mins ago

Aiden Stewart

185

add a comment | 

up vote
1
down vote

favorite

1

up vote
1
down vote

favorite

1

1

I don't remember when this "accept/cancel cookie" button started to be used in websites. Why do they insist on getting users to click on this button?

Can it do any harm to user's PC or to collect any private and sensitive data? Their reason for this mostly is "For better browsing experience on the website".

Is it possible to use this as a trick for a possible hack? Also my knowledge of cookies and web hacking is not good enough.

web-browser javascript cookies websites

share|improve this question

edited 38 mins ago

schroeder♦

67.3k25141178

asked 56 mins ago

Aiden Stewart

185

I don't remember when this "accept/cancel cookie" button started to be used in websites. Why do they insist on getting users to click on this button?

Can it do any harm to user's PC or to collect any private and sensitive data? Their reason for this mostly is "For better browsing experience on the website".

Is it possible to use this as a trick for a possible hack? Also my knowledge of cookies and web hacking is not good enough.

web-browser javascript cookies websites

web-browser javascript cookies websites

share|improve this question

edited 38 mins ago

schroeder♦

67.3k25141178

asked 56 mins ago

Aiden Stewart

185

share|improve this question

edited 38 mins ago

schroeder♦

67.3k25141178

asked 56 mins ago

Aiden Stewart

185

share|improve this question

share|improve this question

edited 38 mins ago

schroeder♦

67.3k25141178

edited 38 mins ago

schroeder♦

67.3k25141178

edited 38 mins ago

schroeder♦

67.3k25141178

67.3k25141178

asked 56 mins ago

Aiden Stewart

185

asked 56 mins ago

Aiden Stewart

185

asked 56 mins ago

Aiden Stewart

185

185

add a comment | 

add a comment | 

2 Answers
2

active

oldest

votes

up vote
3
down vote



accepted

Technically, browser do not have to ask the user a question in order to use cookies. Furthermore, they are not technically bound to the answer given by the user.

Legally, that is another matter. In the European Union, the websites are now required to ask the user for their consent before using tracking cookies or other means to collect personal data about the user. However, they do not have to ask for the consent of the user to use cookies necessary to provide their service (such as session cookies). Thus, if websites asks to allow cookies, it is in order to legally collect personal data about the user. This data can be considered private or sensitive, depending on the appreciation of the users.

The formulation “For better browsing experience” usually means “In order for us to provide you targeted advertisement, that will earn us more money to make better content.” or “In order for us to provide you targeted advertisement, so you will have (in theory) less irrelevant advertisement”.

A malicious website might not honor their legal obligations. They could ask for the consent and not honor the answer, or they could dispense with asking the question in the first place.

For more information on the law: GDPR on Wikipedia

share|improve this answer

edited 30 mins ago

answered 36 mins ago

A. Hersean

3,3652518

• 
  
  
  

  
  

  
  
  
  
  
  

  
  So we have to trust, And if we don't accpect still they can do what they want. Thank you for the answer btw.
  – Aiden Stewart
  26 mins ago
  
  

  
  
  
  

add a comment | 

up vote
3
down vote

With recent regulations around data privacy, websites are asking for express permission from users to collect their info from cookies.

Cookies do not harm PCs. The data collected from cookies could conceivably be used in ways that users do not like (Cambridge Analytica comes to mind). Those interested in more private and more anonymous browsing would want to reject cookies (but they tend to do this with browser plug-ins anyway).

Could a malicious website use a button on the site to do malicious things? Yes. But that is true for any link on any website, so this button does not increase your risk.

share|improve this answer

answered 39 mins ago

schroeder♦

67.3k25141178

• 
  
  
  

  
  

  
  
  
  
  
  

  
  So if we are browsing 100's of websites everyday, How can we be sure about keeping our cookies safe? Because basically we are grant them access to our info.
  – Aiden Stewart
  33 mins ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  You do not keep cookies safe. You allow their usage or not. Cookies are a mean for websites to store data on the user's web browser, in a way that will persist across restarts and across websites that use the same tracking services (such as advertisement provider or Facebook "like" buttons).
  – A. Hersean
  26 mins ago
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f195805%2fcan-accept-cookie-button-in-a-website-be-malicious%23new-answer', 'question_page');

);

Post as a guest

Name Email

2 Answers
2

active

oldest

votes

2 Answers
2

active

oldest

votes

active

oldest

votes

active

oldest

votes

up vote
3
down vote



accepted

Technically, browser do not have to ask the user a question in order to use cookies. Furthermore, they are not technically bound to the answer given by the user.

Legally, that is another matter. In the European Union, the websites are now required to ask the user for their consent before using tracking cookies or other means to collect personal data about the user. However, they do not have to ask for the consent of the user to use cookies necessary to provide their service (such as session cookies). Thus, if websites asks to allow cookies, it is in order to legally collect personal data about the user. This data can be considered private or sensitive, depending on the appreciation of the users.

The formulation “For better browsing experience” usually means “In order for us to provide you targeted advertisement, that will earn us more money to make better content.” or “In order for us to provide you targeted advertisement, so you will have (in theory) less irrelevant advertisement”.

A malicious website might not honor their legal obligations. They could ask for the consent and not honor the answer, or they could dispense with asking the question in the first place.

For more information on the law: GDPR on Wikipedia

share|improve this answer

edited 30 mins ago

answered 36 mins ago

A. Hersean

3,3652518

• 
  
  
  

  
  

  
  
  
  
  
  

  
  So we have to trust, And if we don't accpect still they can do what they want. Thank you for the answer btw.
  – Aiden Stewart
  26 mins ago
  
  

  
  
  
  

add a comment | 

up vote
3
down vote



accepted

Technically, browser do not have to ask the user a question in order to use cookies. Furthermore, they are not technically bound to the answer given by the user.

Legally, that is another matter. In the European Union, the websites are now required to ask the user for their consent before using tracking cookies or other means to collect personal data about the user. However, they do not have to ask for the consent of the user to use cookies necessary to provide their service (such as session cookies). Thus, if websites asks to allow cookies, it is in order to legally collect personal data about the user. This data can be considered private or sensitive, depending on the appreciation of the users.

The formulation “For better browsing experience” usually means “In order for us to provide you targeted advertisement, that will earn us more money to make better content.” or “In order for us to provide you targeted advertisement, so you will have (in theory) less irrelevant advertisement”.

A malicious website might not honor their legal obligations. They could ask for the consent and not honor the answer, or they could dispense with asking the question in the first place.

For more information on the law: GDPR on Wikipedia

share|improve this answer

edited 30 mins ago

answered 36 mins ago

A. Hersean

3,3652518

• 
  
  
  

  
  

  
  
  
  
  
  

  
  So we have to trust, And if we don't accpect still they can do what they want. Thank you for the answer btw.
  – Aiden Stewart
  26 mins ago
  
  

  
  
  
  

add a comment | 

up vote
3
down vote



accepted

up vote
3
down vote



accepted

Technically, browser do not have to ask the user a question in order to use cookies. Furthermore, they are not technically bound to the answer given by the user.

Legally, that is another matter. In the European Union, the websites are now required to ask the user for their consent before using tracking cookies or other means to collect personal data about the user. However, they do not have to ask for the consent of the user to use cookies necessary to provide their service (such as session cookies). Thus, if websites asks to allow cookies, it is in order to legally collect personal data about the user. This data can be considered private or sensitive, depending on the appreciation of the users.

The formulation “For better browsing experience” usually means “In order for us to provide you targeted advertisement, that will earn us more money to make better content.” or “In order for us to provide you targeted advertisement, so you will have (in theory) less irrelevant advertisement”.

A malicious website might not honor their legal obligations. They could ask for the consent and not honor the answer, or they could dispense with asking the question in the first place.

For more information on the law: GDPR on Wikipedia

share|improve this answer

edited 30 mins ago

answered 36 mins ago

A. Hersean

3,3652518

Technically, browser do not have to ask the user a question in order to use cookies. Furthermore, they are not technically bound to the answer given by the user.

Legally, that is another matter. In the European Union, the websites are now required to ask the user for their consent before using tracking cookies or other means to collect personal data about the user. However, they do not have to ask for the consent of the user to use cookies necessary to provide their service (such as session cookies). Thus, if websites asks to allow cookies, it is in order to legally collect personal data about the user. This data can be considered private or sensitive, depending on the appreciation of the users.

The formulation “For better browsing experience” usually means “In order for us to provide you targeted advertisement, that will earn us more money to make better content.” or “In order for us to provide you targeted advertisement, so you will have (in theory) less irrelevant advertisement”.

A malicious website might not honor their legal obligations. They could ask for the consent and not honor the answer, or they could dispense with asking the question in the first place.

For more information on the law: GDPR on Wikipedia

share|improve this answer

edited 30 mins ago

answered 36 mins ago

A. Hersean

3,3652518

share|improve this answer

share|improve this answer

edited 30 mins ago

edited 30 mins ago

edited 30 mins ago

answered 36 mins ago

A. Hersean

3,3652518

answered 36 mins ago

A. Hersean

3,3652518

answered 36 mins ago

A. Hersean

3,3652518

3,3652518

• 
  
  
  

  
  

  
  
  
  
  
  

  
  So we have to trust, And if we don't accpect still they can do what they want. Thank you for the answer btw.
  – Aiden Stewart
  26 mins ago
  
  

  
  
  
  

add a comment | 

• 
  
  
  

  
  

  
  
  
  
  
  

  
  So we have to trust, And if we don't accpect still they can do what they want. Thank you for the answer btw.
  – Aiden Stewart
  26 mins ago
  
  

  
  
  
  

So we have to trust, And if we don't accpect still they can do what they want. Thank you for the answer btw.
– Aiden Stewart
26 mins ago

So we have to trust, And if we don't accpect still they can do what they want. Thank you for the answer btw.
– Aiden Stewart
26 mins ago

add a comment | 

up vote
3
down vote

With recent regulations around data privacy, websites are asking for express permission from users to collect their info from cookies.

Cookies do not harm PCs. The data collected from cookies could conceivably be used in ways that users do not like (Cambridge Analytica comes to mind). Those interested in more private and more anonymous browsing would want to reject cookies (but they tend to do this with browser plug-ins anyway).

Could a malicious website use a button on the site to do malicious things? Yes. But that is true for any link on any website, so this button does not increase your risk.

share|improve this answer

answered 39 mins ago

schroeder♦

67.3k25141178

• 
  
  
  

  
  

  
  
  
  
  
  

  
  So if we are browsing 100's of websites everyday, How can we be sure about keeping our cookies safe? Because basically we are grant them access to our info.
  – Aiden Stewart
  33 mins ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  You do not keep cookies safe. You allow their usage or not. Cookies are a mean for websites to store data on the user's web browser, in a way that will persist across restarts and across websites that use the same tracking services (such as advertisement provider or Facebook "like" buttons).
  – A. Hersean
  26 mins ago
  

  
  
  
  

add a comment | 

up vote
3
down vote

With recent regulations around data privacy, websites are asking for express permission from users to collect their info from cookies.

Cookies do not harm PCs. The data collected from cookies could conceivably be used in ways that users do not like (Cambridge Analytica comes to mind). Those interested in more private and more anonymous browsing would want to reject cookies (but they tend to do this with browser plug-ins anyway).

Could a malicious website use a button on the site to do malicious things? Yes. But that is true for any link on any website, so this button does not increase your risk.

share|improve this answer

answered 39 mins ago

schroeder♦

67.3k25141178

• 
  
  
  

  
  

  
  
  
  
  
  

  
  So if we are browsing 100's of websites everyday, How can we be sure about keeping our cookies safe? Because basically we are grant them access to our info.
  – Aiden Stewart
  33 mins ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  You do not keep cookies safe. You allow their usage or not. Cookies are a mean for websites to store data on the user's web browser, in a way that will persist across restarts and across websites that use the same tracking services (such as advertisement provider or Facebook "like" buttons).
  – A. Hersean
  26 mins ago
  

  
  
  
  

add a comment | 

up vote
3
down vote

up vote
3
down vote

With recent regulations around data privacy, websites are asking for express permission from users to collect their info from cookies.

Cookies do not harm PCs. The data collected from cookies could conceivably be used in ways that users do not like (Cambridge Analytica comes to mind). Those interested in more private and more anonymous browsing would want to reject cookies (but they tend to do this with browser plug-ins anyway).

Could a malicious website use a button on the site to do malicious things? Yes. But that is true for any link on any website, so this button does not increase your risk.

share|improve this answer

answered 39 mins ago

schroeder♦

67.3k25141178

With recent regulations around data privacy, websites are asking for express permission from users to collect their info from cookies.

Cookies do not harm PCs. The data collected from cookies could conceivably be used in ways that users do not like (Cambridge Analytica comes to mind). Those interested in more private and more anonymous browsing would want to reject cookies (but they tend to do this with browser plug-ins anyway).

Could a malicious website use a button on the site to do malicious things? Yes. But that is true for any link on any website, so this button does not increase your risk.

share|improve this answer

answered 39 mins ago

schroeder♦

67.3k25141178

share|improve this answer

share|improve this answer

answered 39 mins ago

schroeder♦

67.3k25141178

answered 39 mins ago

schroeder♦

67.3k25141178

answered 39 mins ago

schroeder♦

67.3k25141178

67.3k25141178

• 
  
  
  

  
  

  
  
  
  
  
  

  
  So if we are browsing 100's of websites everyday, How can we be sure about keeping our cookies safe? Because basically we are grant them access to our info.
  – Aiden Stewart
  33 mins ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  You do not keep cookies safe. You allow their usage or not. Cookies are a mean for websites to store data on the user's web browser, in a way that will persist across restarts and across websites that use the same tracking services (such as advertisement provider or Facebook "like" buttons).
  – A. Hersean
  26 mins ago
  

  
  
  
  

add a comment | 

• 
  
  
  

  
  

  
  
  
  
  
  

  
  So if we are browsing 100's of websites everyday, How can we be sure about keeping our cookies safe? Because basically we are grant them access to our info.
  – Aiden Stewart
  33 mins ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  You do not keep cookies safe. You allow their usage or not. Cookies are a mean for websites to store data on the user's web browser, in a way that will persist across restarts and across websites that use the same tracking services (such as advertisement provider or Facebook "like" buttons).
  – A. Hersean
  26 mins ago
  

  
  
  
  

So if we are browsing 100's of websites everyday, How can we be sure about keeping our cookies safe? Because basically we are grant them access to our info.
– Aiden Stewart
33 mins ago

So if we are browsing 100's of websites everyday, How can we be sure about keeping our cookies safe? Because basically we are grant them access to our info.
– Aiden Stewart
33 mins ago

1

1

You do not keep cookies safe. You allow their usage or not. Cookies are a mean for websites to store data on the user's web browser, in a way that will persist across restarts and across websites that use the same tracking services (such as advertisement provider or Facebook "like" buttons).
– A. Hersean
26 mins ago

You do not keep cookies safe. You allow their usage or not. Cookies are a mean for websites to store data on the user's web browser, in a way that will persist across restarts and across websites that use the same tracking services (such as advertisement provider or Facebook "like" buttons).
– A. Hersean
26 mins ago

add a comment | 

 

draft saved

draft discarded

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f195805%2fcan-accept-cookie-button-in-a-website-be-malicious%23new-answer', 'question_page');

);

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Name Email

Name

Email

Name Email

Name

Email