Today’s users are concerned about the privacy of their personal or sensitive information on the Web because of the different techniques being employed to track their activities and behavior online. Privacy laws like the GDPR, CCPA, etc., provide some control to the user to decide whether they would like to share their personal data online and what and how much they are willing to share. These laws require the websites to be transparent to the users about what information they are collecting and how that information shall be used, and insist that the websites obtain explicit consent from the users before collecting this information. Recent studies in the area show that websites often utilize dark patterns to affect the consent choices of the users, thereby tricking them into consenting to share more information than what they actually intend. To counter this, researchers have proposed various tools and extensions to automate the task of consent management by selecting default options for the user. However, these tools are not always accurate and are often bypassable by the websites.

We propose an alternate consent management system that shifts the trust from the web servers to browsers, i.e., instead of relying on servers to obtain and comply to the consent provided by the user, we delegate this task to the web browser. In our approach, the browser obtains and stores the consent of the user for the visited websites. The cookies set by the websites are then subject to this consent provided by the user, as each of the cookies carries an additional attribute that identifies their category. This approach provides an easier way for the users to manage consent for different websites without having to search for the policies and their compliance by the websites while also solving the language barrier. We modified the Nightly Firefox build to add an additional cookie attribute that stores the purpose of every cookie, and have included an consent preference option in the browser settings to provide a means for the user to specify their consent. We believe that this approach would provide a cleaner methodology for consent management.