Blog

More than you expected?

You're reading everything on Dan's blog - including notes, reposts, checkins, videos and comics.
That might be more than you wanted to see, if you're only interested in blog posts (articles) Dan has written.

WCEU23 – Contributor Day

Among the many perks of working for a company with a history so tightly-intertwined with that of the open-source WordPress project is that license to attend WordCamps – the biggest WordPress conferences – is basically a given.

Dan, wearing an Automattic "Let's make the Web a better place" t-shirt, stands in front of a banner welcoming attendees to WordCamp Europe Athens 2023.
So yeah, right now I’m in Athens for WordCamp Europe 2023.

It’s frankly a wonder that this is, somehow, my first WordCamp. As well as using it1 and developing atop it2, of course, I’ve been contributing to WordPress since 2004 (albeit only in a tiny way, and not at all for most of the last decade!).

A table placeholder labelled "WP-CLI". It and s handful of Coke cans and disposable coffee cups are picked-out in colour on an otherwise monochrome and blurred picture.
If you already know what WP-CLI is… let’s be friends.

Today is Contributor Day, a pre-conference day in which folks new and old get together in person to hack on WordPress and WordPress-adjacent projects. So I met up with Cem, my Level 4 Dragonslayer friend, and we took an ultra-brief induction into WP-CLI3 before diving in to try to help write some code.

Dan takes a selfie from a round table covered in laptops, with people hacking at them.
Contributor Days are about many things, but perhaps their biggest value comes from lowering the barrier to becoming a new contributor to an open-source project by sitting you right next to somebody who already knows it well.

So today, as well as meeting some awesome folks, I got to write an overly-verbose justification for a bug report being invalid and implement my first PR for WP-CLI: a bugfix for a strange quirk in output formatting.

Screenshot showing a user running `wp plugin update --all --no-color` but the output putting the word "Success" in green.
The bug I fixed is slightly hard to describe (and even harder to explain why it matters), but here’s a summary: when you run a WP-CLI command that first displays a table and then the result, the result is likely to always appear in colour even if you specify --no-color.

I hope to be able to continue contributing to WP-CLI. I learned a lot about it today, and while I don’t use it as much as I used to in my multisite-management days, I still really respect its power as a tool.

MacBook showing an Automattic "Work For Us" web page, alongside a bottle of Corona Extra. A rooftop terrace garden and swimming pool can be seen in the background.
Did I mention lately how awesome my employers are? I promise my blog’s not always gonna be me shilling for them… but today it is.

Footnotes

1 Even with the monumental stack of custom code woven into DanQ.me, a keen eye will probably spot that it’s WordPress-powered.

2 Perhaps my proudest “built on WordPress” moment was my original implementation of OpenID for WordPress, back in 2005, which is completely obsolete now. But I’ve done plenty of other things, both useful (like the multisite installation used by the University of Oxford) and pointless (like making WordPress a CMS for Gemini, Gopher, and Finger) too over the last 20 years.

3 WP-CLI is… it’s like Drush but for WordPress, if that makes sense to you? If not: it’s a multifaceted command-line tool for installing, configuring, maintaining, and managing WordPress installations, and I’ve been in love with it for years.

Dan Q found GC1B0P5 The Runner

This checkin to GC1B0P5 The Runner reflects a geocaching.com log entry. See more of Dan's cache logs.

What a great statue! Cache was very easy to find; despite its camo it was very visible as I walked along the adjacent path. Thanks for bringing me out of my way on my walk from my hotel to the conference I’m attending, and TFTC. Greetings from Oxfordshire, UK!

Dan, in a green park with water fountains, waves at the camera.

Map of 37.97675,23.749767

Dan Q found GC9WD6N Peter’s

This checkin to GC9WD6N Peter's reflects a geocaching.com log entry. See more of Dan's cache logs.

Saw the notification when this cache appeared near my house, which would normally be the point at which a race was kicked off between me and Go Catch for the FTF, before he inevitably got there first!

But this time around I was overseas when the listing went live and only found time to cycle out here from Stanton Harcourt this evening, after work. I’d visited the church here once before in service of the nearby multi, but it was nice to see a different side of it as well as an excellent hiding place.

TFTC!

Dan, wearing a cycle helmet, stands in front of a church steeple under a bright blue sky, waving.

Map of 51.79219,-1.342211

Have Fun with Missions, Visions, and Values

I just spent a lightweight week in Rome with fellow members of Automattic‘s Team Fire.

Among our goals for the week was an attempt to strengthen the definition of who are team are, what we work on, and how and why we do so. That’s basically a team-level identity, mission, vision, and values, right?

In front of the Colosseum in Rome, Dan - wearing a rainbow-striped bandana atop which his sunglasses are perched - takes a selfie. Behind him stand a man with dark hair and a closely-trimmed beard wearing a purple "woo" t-shirt, a woman with long brown hair wearing beads and a multicoloured dress, a man wearing spectacles and a dark t-shirt on which the number "23" can be made out, and a man in sunglasses with a ginger beard, wearing an open blue shirt.
We were missing two members of our team, but one was able to remote-in (the other’s on parental leave!).

Fellow Automattician Ben Dwyer recently wrote about his experience of using a deck of Dixit cards to help his team refine their values in a fun and engaging way. I own a Dixit set, so we decided to give it a go too.

A deck of Dixit cards, bound by a twisted elastic band, sits on a flight itinerary for the journey "LGW to FCO" taking place on May 21, 2023 and costing $367.60.
The cards sat on my ‘plane tickets for a fortnight because it was just about the only way I’d remember to pack them.

Normally when you play Dixit, you select a card from your hand – each shows a unique piece of artwork – and try to describe it in a way that’s precise enough that some of the other players will later be able to pick it out of a line-up, but ambiguous enough that not all the other players will. It’s a delicate balancing act. Even when our old Geek Night was in full swing we didn’t used to play it often because our well-established group’s cornucopia of  in-jokes and references  made it trivially easy to “target” your descriptions at specific players1, but it’s still a solid icebreaker activity.

A trio of Dixit cards within a grid of nine. From left to right, they show: a heart, on fire, beneath a glass jar; a cubbyhole containing childrens' toys; a fairy leaping from a book towards a small person atop a stack of books.
Can you see your team’s values symbolised in any Dixit cards?

Perhaps it was the fantasy artwork that inspired us or maybe it just says something about how my team sees themselves, but what we came up with had a certain… swords-and-sorcery… even Dungeons & Dragons… feel to it.

Partial screenshot from a document entitled "Team Fire". The visible part is titled "Who we are (identity)" and reads:We are a band of brave adventurers who bring light into the wild forests of Extend. We tame the monsters who lurk in the dungeons beneath the Castle of Vendor Experience. The beasts we keep at bay include: PBS, which helps ensure code quality and extension standards compliance; the Vendor Dashboard, haunt of third-party developers, as well as their documentation and analytics platforms; Integrations with Payments Admin, to ensure that treasure is shared, and other tools.
The projects my team are responsible for aren’t actually monsters, but they can be complex, multifaceted, and unintuitive. And have a high AC.

Ou team’s new identity isn’t finalised, but I love the fact that we’ve been able to inject a bit of fun and whimsy into it. At our last draft, my team looks to be defined as comprising:

  • Gareth, level 62 Pathfinder, leading the way through the wilds
  • Bero, Level 5 Battlesmith, currently lost in the void
  • Dan (me!), Level 5 Arcane Trickster, breaking locks and stealing treasure
  • Cem, Level 4 Dragonslayer, smashing doors and bugs alike
  • Lae, Level 7 Pirate, seabound rogue with eyes on the horizon
  • Kyle, Level 5 Apprentice Bard, master of words and magic
  • Simran, Level 6 Apprentice Code Witch, weaving spells from nature

I think that’s pretty awesome.

Footnotes

1 Also: I don’t own any of the expansion packs and playing with the same cards over and over again gets a bit samey.

2 The “levels” are simply the number of years each teammate has been an Automattician, plus one.

Dan Q found GC7FB9H From Canterbury to the cache

This checkin to GC7FB9H From Canterbury to the cache reflects a geocaching.com log entry. See more of Dan's cache logs.

Well that was quite the adventure!

The first wayoint is right across the road from where some work colleagues and I are staying for an “away week”. I decided to dash out during a break in the weather to try and solve this multi between meetings. But I was quickly confused because… this isn’t the way I was taught to do Roman numerals. I’d always been told that you should never have four of the same letter in a row, e.g. you should say XIV, not XIIII. Once I’d worked out what I was doing wrong, though, I was okay!

The second and third waypoints had me braving some frankly scary roads. The drivers here just don’t seem to stop unless you’re super assertive when you step out!

Once I had the final numbers and ran it through geochecker I realised that the cache must be very close to where I’d had lunch earlier today! Once I got there it took me a while to get to the right floor, after which the hint made things pretty obvious.

Great trail, really loved it. And just barely made it back before the rain really started hammering down. TFTC, FP awarded, and greetings from Oxford, UK!

Dan holding an orange mint tin in a city centre.

Map of 41.911567,12.451867

Travelling light

Now that travel for work is back on the menu, I’ve been trying to upgrade my “pack light” game.

I’ve been inspired in part by Beau, who I first met during my trip to South Africa in 2019 during my Automattic onboarding. Beau travelled from the US for a two week jaunt with nothing but hand luggage, and it blew my mind.

A modest-sized backpack in blue and yellow, with a WordPress logo stiched on, sits on an airport departure lounge bench. Alongside it is a burgundy-coloured British passport.
Gotta flight? Pack light, pack tight. That’s right! Corporate branding is just a bonus.

For my trip to Vienna earlier this year for a divisional meetup, I got by with just a backpack and a laptop bag. Right now, I’m waiting to fly to Rome for a week, and I’ve ditched the laptop bag in favour of just a single carry-on backpack. About 7kg of luggage, and well within the overhead locker size limit.

I’m absolutely sold on this approach. I get to:

  • walk past the queues for luggage drop (having checked-in online),
  • keep the entirety of my luggage with me at all times (which ensures it goes where I do),
  • breeze through security1, thanks to smart packing2
  • walk right out of the airport at the other end without having to wait for the flingers to finish smashing everybody’s luggage into the carousels.
Minimalist carbon fibre wallet, balanced on two fingertips, with parts of a Halifax Mastercard credit card showing from behind an elasticated band.
I’ve been working on simplifying my everyday carry, too. My wallet is the Carbon Fibre Liquid Wallet, which is about the size of a deck of playing cards (something I also often carry!) and holds a handful of cards, a bundle of cash, a bottle opener, and all my regular keys. The hook on the end is for attaching the pendrive with my password safe for travel.

As somebody who’s travelled “heavy” for most of my life – and especially since the children came along – it’s liberating to migrate to a “pick up a bag and go” mindset. To begin with, the nagging thought that I must’ve forgotten something essential was challenging, but I think I’ve gotten past that stage now.

Travelling light feels like carefree: like being a kid again, when all you needed was the back on your back and you were ready for an adventure. Once again, I’ve got a bag on my back3 and I know that everything I need for an adventure is right here with me4.

Footnotes

1 If you’ve travelled with me before, you might have noticed that I sometimes have trouble at borders on account of my damn stupid name, as predicted by the Passport Office. I’ve since learned all the requisite tricks to sidestep these problems, but that’s probably worthy of a post in its own right.

2 A little smart packing goes a long way. In the photo above, you might see my pre-prepared liquids bag in a side pocket, my laptop slides right out for separate scanning, my wallet and phone just dump out of my pockets, and I’m done.

3 I don’t really have a bag on my back right now. I’m sat in a depature lounge at Gatwick Airport. But you get the idea.

4 Do I really have everything I need? I’ve not brought a waterproof coat and, looking at the weather forecast at my destination, this might have been a mistake. But worst case I can buy a cheap poncho at the other end. That’s the kind of freedom that being an adult gets you, replacing the childlike freedom to get soaked and not care.

Normal for Children

Lacking a basis for comparison, children accept their particular upbringing as normal and representative.

Close-up showing tentacles of a sundew plant.
“Feed me, Seymour!”

Kit was telling me about how his daughter considers it absolutely normal to live in a house full of insectivorous plants1, and it got me thinking about our kids, and then about myself:

I remember once overhearing our eldest, then at nursery, talking to her friend. Our kid had mentioned doing something with her “mummy, daddy, and Uncle Dan” and was incredulous that her friend didn’t have an Uncle Dan that they lived with! Isn’t having three parents… just what a family looks like?

Dan, wearing a black jumper, sits on a green chair in a brightly-decorated bedroom. On his chest, a 2-year-old girl has fallen asleep, clutching a woolen yellow blanket and with her thumb in her mouth.
You don’t have an Uncle Dan? Then where do you nap‽

By the time she was at primary school, she’d learned that her family wasn’t the same shape as most other families, and she could code-switch with incredible ease. While picking her up from school, I overheard her talking to a friend about a fair that was coming to town. She told the friend that she’d “ask her dad if she could go”, then turned to me and said “Uncle Dan: can we go to the fair?”; when I replied in the affirmitive, she turned back and said “my dad says it’s okay”. By the age of 5 she was perfectly capable of translating on-the-fly2 in order to simultaneously carry out intelligble conversations with her family and with her friends. Magical.

When I started driving, and in particular my first few times on multi-lane carriageways, something felt “off” and it took me a little while to work out what it was. It turns out that I’d internalised a particular part of the motorway journey experience from years of riding in cars driven by my father, who was an unrepentant3 and perpetual breaker of speed limits.4 I’d come to associate motorway driving with overtaking others, but almost never being overtaken, but that wasn’t what I saw when I drove for myself.5 It took a little thinking before I realised the cause of this false picture of “what driving looks like”.

A boxy 1979 white Ford car, number plate DSS 657T with a badly dented and somewhat corroded front wheel arch on the drivers' side, sits empty and parked at the side of an otherwise empty asphalt strreet. In the background, under grey skies, a city skyline can be made out with houses, tower blocks, and a church steeple, on the other side of an arched river bridge. The leaves are early-autumn coloured: mostly greem, but with some brown appearing and a handful of bare branches exposed.
How my dad ever managed to speed in this old rustbucket I’ll never know.

The thing is: you only ever notice the “this is normal” definitions that you’ve internalised… when they’re challenged!

It follows that there are things you learned from the quirks of your upbringing that you still think of as normal. There might even be things you’ll never un-learn. And you’ll never know how many false-normals you still carry around with you, or whether you’ve ever found them all, exept to say that you probably haven’t yet.

A small child, sitting on the floor, uses a mobile phone to watch a cartoon of two people struggling to pull a fishing rod. A feminine hand with brown-painted nails and rings on two fingers reaches in to offer the child a minature model of a human brain.
I wanted a stock image that expressed the concept of how children conceptualise ideas in their mind, but I ended up with this picture of a women offering her kid a tiny human brain in exchange for her mobile phone back. That’s a normal thing that all families do, right?

It’s amazing and weird to think that there might be objective truths you’re perpetually unable to see as a restult of how, or where, or by whom you were brought up, or by what your school or community was like, or by the things you’ve witnessed or experienced over your life. I guess that all we can all do is keep questioning everything, and work to help the next generation see what’s unusual and uncommon in their own lives.

Footnotes

1 It’s a whole thing. If you know Kit, you’re probably completely unsurprised, but spare a thought for the poor randoms who sometimes turn up and read my blog.

2 Fully billingual children who typically speak a different language at home than they do at school do this too, and it’s even-more amazing to watch.

3 I can’t recall whether his license was confiscated on two or three separate ocassions, in the end, but it was definitely more than one. Having a six month period where you and your siblings have to help collect the weekly shop from the supermarket by loading up your bikes with shopping bags is a totally normal part of everybody’s upbringing, isn’t it?

4 Virtually all of my experience as a car passenger other than with my dad was in Wales, where narrow windy roads mean that once you get stuck behind something, that’s how you’re going to be spending your day.

5 Unlike my father, I virtually never break the speed limit, to such an extent that when I got a speeding ticket the other year (I’d gone from a 70 into a 50 zone and re-set the speed limiter accordingly, but didn’t bother to apply the brakes and just coasted down to the new speed… when the police snapped their photo!), Ruth and JTA both independently reacted to the news with great skepticism.

Dan Q found GC8B4CH Is 14 Your Lucky Number Yet?

This checkin to GC8B4CH Is 14 Your Lucky Number Yet? reflects a geocaching.com log entry. See more of Dan's cache logs.

Easy find while out for a ride, breaking in my new bike. Great ride, aside from the mayflies, which I must’ve ingested about a million of! As others have observed, the logbook has soaked to the point of disintegration and could do with replacement. Thanks though for a cache I’ve probably driven, walked out cycled past a hundred times before actually stopping to find it.

Dan, wearing a white cycle helmet and a worn block t-shirt, waves to the camera while sitting on a bench. Alongside him can be seen the racing/road-bike style handlebars of a bike.

Map of 51.772883,-1.3574

Today I learned that the quiet, high-pitched neighing sound horses sometimes make is called “nickering”.

I learned this from a subtitle which read “[horse nickers]”. Which, as a Brit, I can’t help but interpret as somebody making a misspelling while talking about equine underwear. 🤣

Screengrab from Dungeons & Dragons: Honor Among Thieves. Paladmin Xenk Yendar, played by Regé-Jean Page, rides his horse through a forest. It's subtitled with him saying "I'm sorry." and also "[horse nickers]".

Nightmares & Noggins

Last night I had a nightmare about Dungeons & Dragons. Specifically, about the group I DM for on alternate Fridays.

In their last session the party – somewhat uncharacteristically – latched onto a new primary plot hook rightaway. Instead of rushing off onto some random side quest threw themselves directly into this new mission.

Four humanoid silhouettes fling themselves off the side of a floating city, which is chained to a desert hellscape below.
They flung themselves not only figuratively but also literally into their new quest, leaping from the side of a floating city.

This effectively kicked off a new chapter of their story, so I’ve been doing some prep-work this last week or so. Y’know: making battlemaps, stocking treasure chests with mysterious and powerful magical artefacts, and inventing a plethora of characters for the party to either befriend or kill (or, knowing this party: both).

I also put together a “cut scene” video welcoming the party into this new chapter of their adventure.

Anyway: in the dream, I sat down to complete the prep-work I want to get done before this week’s play session. I re-checked my notes about what the adventurers had gotten up to last time around, and… panicked! I was wrong, they hadn’t thrown themselves off the side of a city floating above the first layer of Hell at all! I’d mis-remembered completely and they’d actually just ventured into a haunted dungeon. I’d been preparing all the wrong things and now there wasn’t time to correct my mistakes!

Screenshot from donjon's "5e Encounter Size Calculator", configured for a party of four 7th-level characters, with an "extra" checkbox (not found in the real application) for "Can the party Turn Undead?" highlighted.
Also in my dream – conveniently for my new “haunted dungeon” environment – my favourite encounter size calculator included a tool to compensate for a player character who can cast Turn Undead, when making an undead encounter.

This is, of course, an example of the “didn’t prepare for the test” trope of dreams. Clearly I’m still feeling underprepared for this week’s game! But probably a bigger reason for the dream, and remembering it, was that I’ve had a cold and kept waking up to cough.

Right, better do a little more prep work!

Max props to the developer of puppeteer-extra-plugin-stealth, who I just bought a coffee for.

The screen-scraper I wrote to bulk-export data from my Garmin sports tracker (because Garmin’s API is “only for corporate partners”, which is a magic spell you can say to make me write and open source a screen-scraper that targets your systems) stopped working today. Turns out Cloudflare could detect my automation.

Installed puppeteer-extra-plugin-stealth. Fixed instantly. Awesome.

How a 2002 standard made 2022 bearable

This is an alternate history of the Web. The premise is true, but the story diverges from our timeline and looks at an alternative “Web that might have been”.

Prehistory

This is the story of P3P, one of the greatest Web standards whose history has been forgotten1, and how the abject failure of its first versions paved the way for its bright future decades later. But I’m getting ahead of myself…

Drafted in 2002 in the wake of growing concern about the death of privacy on the Internet, P3P 1.0 aimed to make the collection of personally-identifiable data online transparent. Hurrah, right?

Not so much. Its immediate impact was lukewarm to negative: developers couldn’t understand why their cookies were no longer being accepted by Internet Explorer 6, the first browser to implement the standard, and the whole exercise was slated as providing a false sense of security, not stopping actual bad guys, and an attempt to apply a technical solution to a political problem.2

Flowchart showing the negotiation process between a user, browser, and server as the user browses an ecommerce site. The homepage's P3P policy states that it collects IP addresses, which is compatible with the user's preferences. Later, at checkout, the P3P policy states that the user's address will be collected and shared with a courier. The collection is fine according to the user's preferences, but she's asked to be notified if it'll be shared, so the browser notifies the user. The user approves of the policy and asks that this approval is remembered for this site, and the checkout process continues.
Initially, the principle was sound. The specification was weak. The implementation was apalling. But P3P 1.1 could have worked well.

Developers are lazy3 and soon converged on the simplest possible solution: add a garbage HTTP header like P3P: CP="See our website for our privacy policy." and your cookies work just fine! Ignore the problem, ignore the proposed solution, just do what gets the project shipped.

Without any meaningful enforcement it also perfectly feasible to, y’know, just lie about how well you treat user data. Seeing the way the wind was blowing, Mozilla dropped support for P3P, and Microsoft’s support – which had always been half-baked and lacked even the most basic user-facing controls or customisation options – languished in obscurity.

For a while, it seemed like P3P was dying. Maybe, in some alternate timeline, it did die: vanishing into nothing like VRML, WAP, and XBAP.

But fortunately for us, we don’t live in that timeline.

Revival

In 2009, the European Union revisited the Privacy and Electronic Communications Directive. The initial regulations, published in 2002, required that Web users be able to opt-out of tracking cookies, but the amendment required that sites ensure that users opted-in.

As-written, this confusing new regulation posed an immediate problem: if a user clicked the button to say “no, I don’t want cookies”, and you didn’t want to ask for their consent again on every page load… you had to give them a cookie (or use some other technique legally-indistinguishable from cookies). Now you’re stuck in an endless cookie-circle.4

This, and other factors of informed consent, quickly introduced a new pattern among those websites that were fastest to react to the legislative change:

Screenshot from how-i-experience-web-today.com showing an article mostly-covered by a cookie privacy statement and configuration options, utilising dark patterns to try to discourage users from opting-out of cookies.
The cookie consent banner, with all its confusing language and dark patterns, looked like it was going to become the new normal for web users in the early 2010s. But thankfully, our saviour had been waiting in the wings all along.

Web users rebelled. These ugly overlays felt like a regresssion to a time when popup ads and splash pages were commonplace. “If only,” people cried out, “There were a better way to do this!”

It was Professor Lorie Cranor, one of the original authors of the underloved P3P specification and a respected champion of usable privacy and security, whose rallying cry gave us hope. Her CNET article, “Why the EU Cookie Directive is a solved problem”5, inspired a new generation of development on what would become known as P3P 2.0.

While maintaining backwards compatibility, this new standard:

  • deprecated those horrible XML documents in favour of HTTP headers and <link> tags alone,
  • removing support for Set-Cookie2: headers, which nobody used anyway, and
  • added features by which the provenance and purpose of cookies could be stated in a way that dramatically simplified adoption in browsers

Internet Explorer at this point was still used by a majority of Web users. It still supported the older version of the standard, and – as perhaps the greatest gift that the much-maligned browser ever gave us – provided a reference implementation as well as a stepping-stone to wider adoption.

Opera, then Firefox, then “new kid” Chrome each adopted P3P 2.0; Microsoft finally got on board with IE 8 SP 1. Now the latest versions of all the mainstream browsers had a solid implementation6 well before the European data protection regulators began fining companies that misused tracking cookies.

Fabricated screenshot from Microsoft Edge, browsing 3r.org.uk: a "privacy" icon in the address bar has been clicked, and the resulting menu says: About 3r.org.uk. Connection is secure (with link for more info). Privacy and Cookies (with link for more info). Cookies (3 cookies in use) - Strictly necessary (2 in use), dropdown menu set to "Default (accept, delete later)"; Optional (1 in use), dropdown menu set to "Accept for this site". Checkbox for "Treat third-party cookies differently?", unchecked. Privacy (link to full policy): Legitimate interest - this site collects username, IP address, technical logs...; Consenmt - this site collects email address, phone number... Button to manage content. Button to "Exercise data rights".
Nowadays, we’ve pretty-well standardised on the address bar being the place where all cookie and privacy information and settings are stored. Can you imagine if things had gone any other way?

But where the story of P3P‘s successes shine brightest came in 2016, with the passing of the GDPR. The W3C realised that P3P could simplify both the expression and understanding of privacy policies for users, and formed a group to work on version 2.1. And that’s the version you use today.

When you launch a new service, you probably use one of the many free wizard-driven tools to express your privacy policy and the bases for your data processing, and it spits out a template privacy policy. You need the human-readable version, of course, since the 2020 German court ruling that you cannot rely on a machine-readable privacy policy alone, but the real gem is the P3P: 2.1 header version.

Assuming you don’t have any unusual quirks in your data processing (ask your lawyer!), you can just paste the relevant code into your server configuration and you’re good to go. Site users get a warning if their personal data preferences conflict with your data policies, and can choose how to act: not using your service, choosing which of your features to opt-in or out- of, or – hopefully! – granting an exception to your site (possibly with caveats, such as sandboxing your cookies or clearing them immediately after closing the browser tab).

Sure, what we’ve got isn’t perfect. Sometimes companies outright lie about their use of information or use illicit methods to track user behaviour. There’ll always be bad guys out there. That’s what laws are there to deal with.

But what we’ve got today is so seamless, it’s hard to imagine a world in which we somehow all… collectively decided that the correct solution to the privacy problem might have been to throw endless popovers into users’ faces, bury consent-based choices under dark patterns, and make humans do the work that should from the outset have been done by machines. What a strange and terrible timeline that would have been.

Footnotes

1 If you know P3P‘s history, regardless of what timeline you’re in: congratulations! You win One Internet Point.

2 Techbros have been trying to solve political problems using technology since long before the word “techbro” was used in its current context. See also: (a) there aren’t enough mental health professionals, let’s make an AI app? (b) we don’t have enough ventilators for this pandemic, let’s 3D print air pumps? (c) banks keep failing, let’s make a cryptocurrency? (d) we need less carbon in the atmosphere or we’re going to go extinct, better hope direct carbon capture tech pans out eh? (e) we have any problem at all, lets somehow shoehorn blockchain into some far-fetched idea about how to solve it without me having to get out of my chair why not?

3 Note to self: find a citation for this when you can be bothered.

4 I can’t decide whether “endless cookie circle” is the name of the New Wave band I want to form, or a description of the way I want to eventually die. Perhaps both.

5 Link missing. Did I jump timelines?

6 Implementation details varied, but that’s part of the joy of the Web. Firefox favoured “conservative” defaults; Chrome and IE had “permissive” ones; and Opera provided an ultra-configrable matrix of options by which a user could specify exactly which kinds of cookies to accept, linked to which kinds of personal data, from which sites, all somehow backed by an extended regular expression parser that was only truly understood by three people, two of whom were Opera developers.