What is The Non-Consensual Cookie Bandit?

A satirical web experience that parodies cookie consent popups by "auditing your life" instead of tracking your data. It's a humorous exploration of digital consent culture.

Is this actually tracking my cookies?

No. Despite the name, we don't actually track cookies in the traditional sense. This is a parody project that uses "cookies" as a metaphor for life decisions.

Is the life audit real?

The audit is generated for entertainment purposes only. Results are satirical and should not be taken as genuine life advice.

Can I play games on this site?

Yes! We have several mini-games including the Reject Button Game and Cookie Clicker. More games are being added regularly.

← The Blug™

Investigative Report7 min read

A Complete History of the "Reject All" Button That Has Never Actually Worked

From GDPR 2018 to the present day, the most important button on the internet has been systematically undermined.

Filed 1 April 2026·Non-Consensual Cookie Bandit / Bureau of Digital Documentation

The "Reject All" button was born in 2018 as a gesture of goodwill. Someone, somewhere, looked at the incoming GDPR legislation and thought: "We should probably let people say no." They built the button. They put it on the page. And then, quietly, inexorably, over the following eight years, the internet did everything in its power to ensure it never actually worked.

Phase 1: The Early Idealist Period (2018–2019)

In the beginning, some reject buttons worked. You clicked them. Things were rejected. It was, briefly, a functional piece of software. This period is now studied as the Edenic phase of cookie consent UX. There are no surviving examples. Researchers have theorised about their existence.

The problem was that "Reject All" was placed next to "Accept All" in equal typography at equal size with equal prominence, and A/B testing immediately discovered that people who could easily say no frequently said no. This was considered an acceptable problem until it affected the revenue line, at which point it became an emergency.

Phase 2: The Strategic Greyout (2019–2021)

The second phase introduced the innovation of making the reject button grey. Not invisible — that would be too obvious — just visually lighter, smaller, slightly further away, rendered in a font weight that the human visual system interprets as "inactive." The button still technically existed. It was simply exhausted-looking.

Alongside the greying came the architectural decision to bury the "Reject" option inside a second screen. "Accept All" remained on the first screen, prominent and cheerful. "Reject All" required clicking "Manage Preferences," locating the reject option among a table of toggles each defaulted to ON, toggling them individually, and clicking Save. This was not illegal. This was design.

"We did not hide the reject button. We organised the interface to surface the most popular options first." — Quote from a privacy settings redesign document, paraphrased from memory by a product manager who asked not to be named.

Phase 3: The Consent Management Platform Era (2021–2023)

The Consent Management Platform (CMP) industry grew up around the problem of consent. This was, generously, an industry built to help companies comply with privacy regulations. It was, less generously, an industry that became extremely good at building consent UIs that produced the legally minimum required documentation of non-consent while functionally maximising consent rates.

The CMP era introduced: timers that showed the banner for exactly as long as needed to comply with dwell-time requirements; the "Continue Without Accepting" link rendered in 9px grey text in the footer area of the modal; and the architectural innovation of the banner that reappeared on every page because the rejection had not propagated correctly across subdomains.

▸ Bureau Finding

In a 2022 analysis of 500 major websites, researchers found that completing a full cookie rejection took an average of 4.7 clicks and 34 seconds on desktop, and was technically impossible on mobile for 23% of sites due to the close button being obscured by the chat widget.

Phase 4: The Reject Button That Resets On Return (2023–Present)

The current era has produced perhaps the most philosophically interesting form of rejection failure: the consent system that correctly processes a rejection, stores the preference, and then forgets it. You return to the site. The banner appears. You reject again. You return. The banner appears. You wonder if you have lost your mind. You have not. The subdomain remembers. The main domain does not.

The modern reject button exists in a state of quantum uncertainty. Whether it works depends on: which browser you are using, whether you cleared cookies at any point (ironic), whether the site has recently redeployed their CMP (which resets consent records), whether the site has acquired a new advertising partner (which requires fresh consent), and approximately twelve other factors none of which are disclosed.

What The Button Meant

The reject button was supposed to mean something. It was supposed to represent the portion of the internet user population that had preferences and wanted them honoured. It was supposed to be the functional expression of informed consent — the part where "consent" is not just a word in a platform's privacy policy but a real capability extended to real people.

It is now a small grey word in the bottom-left corner of a modal that loads after 2 seconds and can be dismissed by clicking anywhere on the overlay, which counts as acceptance. We have documented this. The Bureau files are open. The button remains, grey and patient, waiting for the day someone builds something around it that actually works.

▸ NCCB Status

Our own Reject button has been under maintenance since 2014. We apologise for the inconvenience. We do not expect to resolve this.