top | item 30438663

Ask HN: GDPR pop-ups are getting so annying, what should we do about it?

17 points| smoqadam | 4 years ago | reply

Lately, I close every website that shows me a big, junky, stupid GPDR cookie consent (e.g. https://www.runnersworld.com/), but honestly I don't find many websites that has a reasonably small and well-designed cookie consent (e.g. https://www.rei.com/).

It seems that these pop-ups are designed to annoy users to force them to click on the Accept button right away, and most of them hide the rejection button somewhere, or make it difficult to find.

The reader mode on the browser works well sometimes, but it's not a permanent way to get rid of those pop-ups.

These pop-ups are making it hard to enjoy the Internet, what do you suggest to do to get rid of these pop-ups?

Thank you.

49 comments

[+] onion2k|4 years ago|reply

These pop-ups are making it hard to enjoy the Internet, what do you suggest to do to get rid of these pop-ups?

Embrace them. Learn to love them. They're a good feature. Making websites explicitly require permission to do (subjectively) negative things like tracking users is a massively positive step in the right direction towards us all having ownership and agency over of our lives as we spend time online. Sure, it means we have to do a little work to say yes or no when a site wants to do something, but that's the cost of privacy. It's not very high.

There could be technical solutions (eg browsers could sent a header to automatically consent with the initial request) or you could use a plugin (eg consent-o-matic), but really, this stuff is important enough that "Eurgh! I had to click a button again! I'd sacrifice my privacy not to have to do that any more!" is a really bad take in my opinion.

[+] cinntaile|4 years ago|reply

> "Eurgh! I had to click a button again! I'd sacrifice my privacy not to have to do that any more!" is a really bad take in my opinion.

I assume you don't surf in incognito mode. The collective amount of hours wasted clicking those popups must be enormous.

[+] Aerroon|4 years ago|reply

>Making websites explicitly require permission to do (subjectively)

But that's already happening. Your browser just sends the data automatically. Putting this burden on the website just means that an actual nefarious actor will track you anyway. After all, how are you going to check that they actually don't save all that data your browser vomits at them?

If you want privacy then you have to make sure your browser doesn't send out that information in the first place. Once you've done that then GDPR is useful for plugging the holes for the non-bad actors.

[+] Xelbair|4 years ago|reply

Comply with the law, don't gather unnecessary PII and poof - no need for popups.

[+] ID1452319|4 years ago|reply

My understanding is that you must tell people if you set cookies for any purpose, regardless of whether they are collecting personal data. Therefore, pretty much any content management solution, Wordpress site etc. will need to display a cookie consent banner.

[+] Aerroon|4 years ago|reply

It's so 'simple' to do that even the EU's own website has the pop up:

https://www.europa.eu

[+] ssss11|4 years ago|reply

But but but …every company needs all possible data about you because of “legitimate business interests”!

[+] bwb|4 years ago|reply

I use a chrome extension to auto accept everything. They are incredibly annoying. I wish i could do that on my phone.

I do not know any non techy who gives them more than 1 second of thought. They annoy everyone without doing anything good. My hope is the EU passes real privacy regulation at the company level. This cookie popup accomplishes nothing beyond annoying everyone.

[+] drakonka|4 years ago|reply

I think what we can do about it is exactly what you've been doing: close the sites that purposefully make them obnoxious. The GDPR does not require these consent prompts to be this horrible. Websites make them that way to annoy users into getting mad at the privacy legislation _and_ also just click "Allow" by default to get to the content. Any website that uses such tactics is not a website I'm interested in using.

[+] ssss11|4 years ago|reply

Bingo. Well said

[+] mgbmtl|4 years ago|reply

I use the uBlock Origin filters for "annoyances" on Firefox, both desktop and mobile, and I don't ever see them. The filter is not enabled by default.

[+] d13|4 years ago|reply

They’re not necessary unless you’re doing non-annoymised tracking, like, for example, using the Devil’s Spawn that is Facebook Pixel. If websites are doing this, and asking you to consent they need to be punished - hit the back button and boycott them forever. It’s completely unnecessary - the web would be a so much better place is we all did this.

[+] systemvoltage|4 years ago|reply

How are you going to boycott the entire internet? Most websites I visit show this pop up and it’s more convenient to just click ok than to move to 5 different screens and waste another 30 seconds. This is what happens when you don’t address every aspect of side effects when making the law.

People get accustomed to it just like those California cancer warning labels that are basically useless and nothing but a waste.

[+] BugWatch|4 years ago|reply

We all know of SponsorBlock and its user-submitted segments for the YouTube videos, right?

Well, can't we build the similar addon and the crowd-sourced database, but one that would submit specific rule (page elements, and click order) to block everything - incl. "legitimate interest" bullshitery- except the barest of essential cookies?

[+] jbjbjbjb|4 years ago|reply

Why haven’t they been implemented as a browser feature? And how comes the larger websites don’t seem to need the banners?

[+] ianpurton|4 years ago|reply

We need Google to stop showing sites like these in their results.

The user experience is shit so don't send them any traffic.

[+] captainbland|4 years ago|reply

To me it seems like they're usually similar enough and have broadly similar controls that it should be something that users should be able to configure from their browsers on a blanket basis, which should be provided in some standard HTTP headers/accessible through JS.

[+] baash05|4 years ago|reply

I just put an ip-address to country list in my middleware and block all the GDPR countries. Now I have no issue with popups or cookies.

Honestly, I'd like to see more people follow that. I got the idea from others and it seems like a perfect solution.

People who can't/don't want cookies cannot really use any site I've ever worked on. It makes no sense building things for people who won't ever be customers.

[+] krageon|4 years ago|reply

It must be really odious for you to respect the people that use your website. Thank you for removing yourself.

[+] detaro|4 years ago|reply

You do understand that the requirement isn't "site needs to work without any cookies"?

[+] moribunda|4 years ago|reply

You can use cookies with GDPR. Are you aware of split into 4 cookie categories? Is it surprising that people want some privacy and you can actually disagree to tracking?

Of course, people should be able to disable tracking more like: i don't want to be tracked by alphabet and Facebook, rather than turning it off for every website separately.

[+] kappuchino|4 years ago|reply

In an - at least in theory - open system some if not all players over time will maximise their gain from it. So advertisers wants your data, because the more they have, the more they can earn from specialised trageting. (This is why I believe Facebook is an advertising platform, not a social network, but I digress). So at some point you can only access information when logged in and (lets say for the sake of making a point) give your name, dob and much more. (Sounds familiar, like a paywall?). The GDPR makes it inconvenient to have and track all that data if not outright illegal for some cases. And asking for confirmation to use cookies to track a user is the neccessary evil to highlight that you are tracked. I understand the annoyance it creates for you and other users. Its still necessary.

And, if I may add that, its some kind of a new understanding I got for other systems as well. Releated example: There will - over time - no better google "competitor". Know why? Because if there is, at some point, then SEO will optimize the f** out of that competitor, too and make it maximally worse for everyone. Just like the optimization in the example above with the data. Except that the GDPR is a law for EU Citicens while google/the competitor only has to make it tolarable for them and their ad renvenue.

I find that perspective incredibly frustrating: Systems will get worse to a point of equilibrium, but its not the kind of "nice to work with" you and I have in mind. (Edit: Spelling)

[+] OhNoNotAgain_99|4 years ago|reply

advertisement as webcontent is the modern spam. I wouldn't be surpriced if this is now the majority of all internet traffic. It used to be that spam was email related and the major internet traffic.

[+] M2Ys4U|4 years ago|reply

Cookie banners have nothing to do with the GDPR.

They are a requirement of the ePrivacy Directive from 2002.

[+] trixie_|4 years ago|reply

GDPR is a preview into what a more regulated web would look like and it’s awful. What should we do? Fight it. Demonstrate the pointlessness of the regulation now that everyone has a taste of it. Complacency will lead to more regulation. Leading to regulators able to shut down your site for not following arcane rule 345 subsection A. You think it’s a joke, but this is how it starts.

[+] Proven|4 years ago|reply

[deleted]

[+] mytailorisrich|4 years ago|reply

The GDPR mandate explicit consent and websites really want your consent because they rely on those cookies. So we end up with those dark patterns pop-ups because of the usual law of incentives and self-interest.

As a consequence, IMHO the only way to get rid of those pop-ups is to change the GDPR to mandate a simpler format. But that's not straightforward when there are potentially cookies for different functions and each requires specific consent... We're touching a fundamental issue with wanting to regulate the way the GDPR do...

[+] d13|4 years ago|reply

It’s only required if you’re doing non-anonymized tracking, which websites don’t have to do at all and is completely unethical.

[+] baash05|4 years ago|reply

A few weeks back someone lost a case in Germany because they used google fonts, and forgot to tell people. After that, I say, why take the risk? I have more important things to think about.

[+] systemvoltage|4 years ago|reply

Is this an indictment and is it fair to say GDPR is a poorly implemented regulation? I am a pro-privacy advocate but like those cancer warning labels in California, I always accept cookies and move on. Billions of people spend a few seconds everyday clicking on these cookie banners. What would be the economic damage vs. privacy benefits? I appreciate what companies like Apple does with regards to privacy because it actually makes my life easier, not more difficult.

Another problem is the imprecise language of GDPR. "It's mostly not enforced for small businesses" doesn't cut it when it comes to adherence to law. Businesses need assurance, not ambiguity.

[+] ssss11|4 years ago|reply

I think they are ugly, clumsy and annoying because the companies that are forced to show them resent that and want it to fail. It feels like they’re saying to me “Look at this horrible thing I’m forced to present to you, I’m not letting you read what you’re here for until you go through the most annoying way of responding”

It should be a browser feature but chrome has dominant market share and why would they do anything in the interests of their users’ data security (which of course jeopardises their adtech empire).

We need a better browser…. Don’t say Firefox. Brave could be it I suppose.

[+] ale42|4 years ago|reply

> We need a better browser…. Don’t say Firefox. Brave could be it I suppose.

Brave is just based on Chromium... it might have lots of different features, but still Chromium it is under the hood.