Here's an idea for the EU: mandate that all major browsers ship with third-party cookies disabled by default and drop the whole cookie-banner nonsense.
Other idea: make browsers have a proper cookie banner and not one that tricks me into selling my soul, I never got why pages would need individual banners.
Evil sites will use localStorage or some third party API and continue tracking you.
I am sure people here will find at least 20 solutions on the problem on "how can a group of evil websites track a user across if cookies do not work but JS is On", the solution would involve something like drop this lines in your html page and the js code there will connect to some server and store some fingerprint there, Google might decide to give your browser a fingerprint to help with their ad business.
As long as the most widely used browser is owned by Google? No way that could possibly end up being intentionally broken and misleading. The law would have to specify the exact shape of the cookie dialogue down to the pixel and I still would expect Google to find a way to fuck it up.
That is... doubling down on a bad idea. Moving the stupid cookie banners to the browser itself so we can not block them. It's so idiotic, the EU bureaucrats will probably consider it.
Cookies, including first-party ones, that are not "strictly necessary in order to provide an information society service explicitly requested by the subscriber or user" still require banners under the ePrivacy Directive [1]. Ex: if you're counting unique visitors with a first-party cookie, you need to gather consent.
Browsers do, it's the do-not-track header. It's on by default, as it should be. Websites just refuse to honour the header.
Not all, websites, though; I believe medium, of all websites, will actually not embed some content if you sent it a DNT header. Not sure if they still do that, though, because their UX for readers has become absolute trash.
The do-not-track header is just another bit for fingerprinting you, I don't believe any ad-company actually honors it. Also, why trust that they do, when there's a solution that doesn't need trust?
Sounds simple. Could you elaborate? Among all of the problems that this legislation aims to solve, what problems can be solved by simply blocking third-party cookies? And what can not?
That kind of technical countermeasure only works when you're a statistical minority and adtech doesn't care enough to chase after you. If everyone were to block 3p cookies, the adversary would create new ways to share data on the backend, without clientside involvement, and we'd be right back where we started (other a small increase in friction).
The cookie-banner simply means that there's no enough competitive advantage in improved UX over tracking the user.
We don't see many websites who opt out out of the "track the users all across the web" scheme in order to remove the cookie banners altogether.
On the other hand, thanks to the banner everyone has become aware that the are being tracked. This is good because it brings people into the discussion, so that when EU says "stop tracking" people are not puzzled about what tracking those Eurocrats are talking about. How people are supposed to know if they should support the actions of their government if they don't know what's happening behind the scenes?
Funny thing is that Internet Explorer used to have these banners. But users started disabling them and accepting the cookies when they got too annoying.
That wouldn't accomplish anything, as cookie banners have to do with tracking and not inherently with third-party cookies. Tracking via first-party cookies is still illegal and would require consent.
This would work if cookies was the only way to track people. There is also localStorage, ETag (and other cache-oriendted methods), fingerprinting, owning a browser, etc.
What we need is a low that forces websites to obey the "do not track" header.
zeepzeep|4 years ago
simion314|4 years ago
I am sure people here will find at least 20 solutions on the problem on "how can a group of evil websites track a user across if cookies do not work but JS is On", the solution would involve something like drop this lines in your html page and the js code there will connect to some server and store some fingerprint there, Google might decide to give your browser a fingerprint to help with their ad business.
IMTDb|4 years ago
Browser can choose to respect the cookies (first, or third parties), but ultimately don't force them to do or not do anything.
xxs|4 years ago
josefx|4 years ago
najqh|4 years ago
jefftk|4 years ago
[1] https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CEL...
(Not a lawyer)
jeroenhd|4 years ago
Not all, websites, though; I believe medium, of all websites, will actually not embed some content if you sent it a DNT header. Not sure if they still do that, though, because their UX for readers has become absolute trash.
zeepzeep|4 years ago
jefftk|4 years ago
The DNT header isn't on by default in any major browser.
(Additionally, the spec was abandoned for a bunch of reasons including not being able to agree what constitutes tracking)
kulikalov|4 years ago
zeepzeep|4 years ago
perihelions|4 years ago
mrtksn|4 years ago
We don't see many websites who opt out out of the "track the users all across the web" scheme in order to remove the cookie banners altogether.
On the other hand, thanks to the banner everyone has become aware that the are being tracked. This is good because it brings people into the discussion, so that when EU says "stop tracking" people are not puzzled about what tracking those Eurocrats are talking about. How people are supposed to know if they should support the actions of their government if they don't know what's happening behind the scenes?
dijit|4 years ago
Cookies are entirely on the client side anyway: trusting every website to do the right thing is obviously not going to work.
ratww|4 years ago
tpush|4 years ago
fooyc|4 years ago
What we need is a low that forces websites to obey the "do not track" header.
selfhoster11|4 years ago
1_player|4 years ago
KZerda|4 years ago
jefftk|4 years ago
kkdaemas|4 years ago