Disclaimer: I actually click through the "do not consent" procedure, which tells a lot about what I'm about to say.
When the EU regulation came up, I was shocked that a single article was being shared with 100+ "partners". I knew it was bad, but I didn't know it was that bad. At least now I get the choice to opt-out. Sidenote: Google got fined for that pop-up because it should have a "do not accept" option [1].
Companies know they don't need those pop-ups. They are putting them there to anger you and demand for things to go back. Do you want to blame the EU for not anticipating that companies would act maliciously? Sounds fair to me. But don't let the companies off the hook for acting maliciously!
Exactly, I always click the 'do not accept/consent' or 'manage my preferences' button. There are a surprising number of sites that use dark patterns.
Whoever made the initial video must be a shill for the tracking companies because they didn't click on the 'do not accept' options, otherwise people would see how pervasive and thoroughly ridiculous the trackers are.
> Companies know they don't need those pop-ups. They are putting them there to anger you and demand for things to go back.
You're giving these companies much more credit than they deserve. They're just going through the motions in an attempt to avoid lawsuits, but clearly not even Google can get it right 100%.
Hanlon's razor:
"Never attribute to malice that which is adequately explained by stupidity."
>Companies know they don't need those pop-ups. They are putting them there to anger you and demand for things to go back. Do you want to blame the EU for not anticipating that companies would act maliciously? Sounds fair to me. But don't let the companies off the hook for acting maliciously!
This gets repeated a lot. However, even one of the pages on the official site of the EU has a cookie banner:
I would like an option for those of us who don’t care and click whatever button have brighter color. Like a default consent to sharing all data. This don’t have to be on by default. This would improve my browsing experience tremendously.
Instead of hating the EU, how about directing your hate towards the bad players of the web? Cookie banners are not the fault of the EU, but the fault of companies disrespecting privacy rights and pushing data collection, ads and all possible shady growth hacking strategies towards the user. I am glad that a government body actually made this possible and made visible how horrible the internet is.
Cookie banners are absolutely the fault of the EU.
Users have always been in control of whether they accept cookies. There have been settings in your browser since (at least) Netscape 3.0. It's only because of dumb EU laws that cookie control has been pushed up into "user space" with these idiotic banners that no one reads.
A bad bandaid is still a bad thing, regardless of what it is covering up. Cookies are table stakes on the internet. This is the wrong solution to a completely different problem.
Enforcement is part of regulation. If the policymakers of the EU put regulation in place without enforcing it promptly and consistently, then it is indeed fair to blame them for this mess.
It's not like this is limited to "bad players." It's standard procedure for almost every website. Whether that's good or bad is a separate topic - the point it's not just nefarious people using cookies to watch user behavior. Normal people use this information to make their websites better and create more effective products for people. Which is exactly what people said when this legislation was introduced. So instead of actually fixing anything, they made it worse. Now we're being tracked _and_ we have annoying nags that block content show up on every website, exactly like people said would happen when this legislation was introduced.
It's the same tired nonsense as when regulators try to tax a business that's already operating on thin margins and act surprised when the business passes the cost to their customers instead of eating it.
I'm not upset with the intent of what they were trying to do, which was noble; the upsetting thing is that it was patently obvious their hamfisted implementation would lead to this outcome, and they did it anyway, knowing they could count on people to deflect blame away from them.
It's not as if these companies are kicking in your door and violating your right to privacy. You're accessing their site with a device that is configured to transmit whatever you have it set to.
If you don't want cookies, disable cookies. If you want greater control, go and configure it yourself. Stop forcing your preferences on everyone.
The reality is that outside of a vocal contingent on HN, most people simply do not care. They won't pay a cent for their ad supported services. And I for one hate the endless consent popups and GDPR hoops I have to jump through. As an expat in London, I can't read many local news stories in the US because those sites simply block the traffic instead of trying to comply with a foreign law.
And think, if website operators chose to actually use the DoNotTrack signal from your browser, you wouldn't have such a terrible experience on their websites.
Just a guess, but even people that don't want to be tracked choose the easy "accept everything" button than spending the time to customize the tracking.
If companies DoNotTrack, they will have fewer people opting-in for tracking.
Wasn't there an incident where a browser shipped with DoNotTrack enabled by default, and thus the signal didn't actually mean the user explicitly enabled DNT themselves?
It's a real pity. Part of the issue is on browsers at the time were competing for developers, not users. So this feature was largely buried in UIs, its treatment was inconsistent, and browsers never bothered to enforce it.
That ship has sailed. It is now on the end user to protect themselves. These banners are just plain noise. No one is reading them. People will click whatever they need to click to dismiss the dialog. The general computing population does not give a shit, and the ones who do will use privacy-oriented browsers and platforms.
It's a deeply stupid local minimum that the EU has ended up in because they were afraid to mandate details, and also afraid to just ban tracking for advertising purposes altogether. So you end up with a situation where:
- most people are tracked on almost all websites by a small number of US megacorps (e.g. google analytics could probably reproduce complete browser histories for most Europeans, and most likely does for some intelligence agency)
- AND most people have their time wasted by consent banners
- AND small companies worry about compliance costs (my least favourite aspect of EU law is it doesn't understand the need to exclude small companies from complex requirements)
It's non-confrontational to a fault and therefore ineffective.
This is one of the reasons why Social Networks are eating websites. Most people get a bad experience browsing the internet. Yeah, I get it, we know Hacker News, and other good websites. But my dad just want to read news about sports and politics, it's much easier to do it through Facebook posts than to open a browser and get annoyed by ads, popups, etc. Same for young people: I can get fun with TikTok and YouTube, why should I go into that maze of websites that do not provide anything worth it?
Even despite the fact that Amazon is a pile of crappy knock-offs and astroturfed reviews, it still manages to be better than the UX nightmare of actually trying to go through the companies' own websites directly to figure out what they're selling and how much they cost.
Lately, I've been having developers and designers on my team install each of the three major browsers without plugins and visit five of the "top 10 media sites" (https://www.similarweb.com/top-websites/news-and-media/), plus twitter, facebook and linkedin for a total of two hours so they see what the web looks like for regular users. It doesn't take long for people to realize just how terrible 25 years of accumulated surveillance, advertising and front-end cruft has made the web.
I think most of the comments here right now are missing the point of OP's post. It's not about one thing in particular (cookie consent), just that the whole ordeal is full of ads and popups (one of which is the cookie consent popup).
Most of this crap is the same everywhere, not just in the EU.
Thanks, that was my intention (back when I posted it). I added "from EU" just to make it clear—since people would have otherwise said "that's not how it works in the US :p"
Remember the horse meat scandal, when horse meat showed up unexpectedly in food in Europe? The ceo of one British supermarket chain blamed the Irish food safety authority, who’d detected the contamination due to routine DNA testing (the British FSA had at the time recently ended such testing due to Tories, iirc). His logic was more or less that the FSAI, by detecting the problem, had created the problem; if no-one had known there would be no problem. Pretty much everyone at the time thought this was a bizarre take.
I find it interesting that, in the cookie case, people blame the EU for making the problem visible, rather than blaming the people who created the problem. The cookies are the horseburger, in this instance.
It just ended up feeling like a half measure that did nothing but make the internet more tedious for something most people who know anything about the web already knew was a problem. Now it just adds this group of people who have no idea what the popup means who likely just click on the "Accept All" without having any idea what it means.
If they really wanted to do something successful they should've been more strict on the situation. "Accept or Decline front and center" "No tracking cookies without specific UNFORCED opt in" "No annoying popups"
Like I don't know what they added to my experience. I already knew cookies existed and what they were used for. I guess now I can at least opt out in some cases. But who knows what is classified as a "strictly necessary cookie" which is the lowest amount of cookie tracking you can get on most of those sites.
We have been able to happily side-step this entire conversation in our new web properties.
We literally use zero cookies (local storage, et. al.) in our latest products. The user's state is entirely managed on the server, and we pass their session identifier forward through hidden form fields or URL query parameter as appropriate. The only way this works is to go all-in on SSR-style web applications. 100% of user interactions must be satisfied with boring-ass form get/post. The microsecond you start thinking about SPA or holding onto even the merest of boolean facts between page loads, the whole magic experience vanishes in an instant. That isn't to say you can't use javascript, but you certainly don't start with it.
Our initial reasoning for going to this extent was due to weird behavior around cookie lifetime we were seeing on iOS/safari devices as of iOS13. If you don't use any client-side state, other than what is loaded into the current window/document/URL, who could ever ruin your day? They'd literally have to cripple 100% of the internet to start causing trouble for our newest approach. Over time, it became obvious this style also provides a better user & development experience. For instance, I no longer have to put the Apple WWDC event on my work calendar in anticipation of a refactoring effort. Pending legislation is also something I do not worry about anymore.
I find it interesting that the most compliant web experience is also the easiest (aka most boring) to develop and also usually provides the best end user experience. To me, cookie banners ultimately seem to be a higher order consequence of splitting the product into front-end/back-end and farming out every possible consideration to a 3rd party.
This is not an EU problem. This is a web problem. Companies have assumed they have a right to all of your personal information and so they build their sites and services around that.
The EU does it's best to at least let you know what's happening. What I would like is for browsers out of the box to auto reject cookies and tracking behavior. But that is probably the reason all the prompts are not standardized.
I like it, and Everytime I will go through and reject all of them. If the extension doesn't catch them already.
What could you possibly mean? Government made it so much better. How else would you know that the cookies (you're going to consent to anyway) are being put on your computer?
And it’s so easy, with the choice of one button to make things work like they always did, or a quick sixteen-part questionnaire and identity verification process if you want to submit a request to be considered for an alternative cookie delivery experience.
It may be annoying, but just the possibility of opting out of some of them is already something against the rising tide of taking control away from the user.
Is it the perfect system? No. Is it better than no system at all. I think so.
And it is not like companies could have chosen a better approach.. like default opt-out, or remember that one thing, or respect a DNT. There would have been some options to comply with the law, but there was only one that still allows companies to grab most of the data and at the same time get people annoyed about the attempt to reasonable legislation (which certainly could be improved, like just go a DNT approach, but companies went immediately rampant on that for the same reasons..)
But big corps know what they wanted and do and lead the rest of the pack..
People with anti-GDPR views appear to assume that like them, everybody else also just wants to accept every cookie. But that is not true. And the interface affects how users respond, too. For example:
Given a binary choice, more users are willing to accept tracking compared to mechanisms that require them to allow cookie use for each category or company individually
I don't consent to them. If websites are making it hard not to consent, then they are in violation of the GDPR.
Stop blaming the government for something private companies are doing to you. All the government did was require them to be honest about it.
Maybe the EU should be more aggressive with GDPR, and start fining these companies out of existence for not being 100% compliant. That would put a stop to the maze of dark patterns pretty quickly. Either every shitty company would go bankrupt overnight, or they would learn how to make very simple "yes cookies" and "no cookies" buttons.
In my personal experience, people who hate the GDPR are typically not EU citizens. I am an EU citizen and I strongly approve of GDPR. Is it perfect? No. Is it a step in the right direction? Yes.
But you know that the problem are we operators - right?
There could be browser configuration for the cookie consent popup (accept, essential, reject all) that websites could follow but now - they prefer to be obnoxious about it hoping that everyone will click "allow" pit of boredom (not to mention that at the beginning it was only visible option and reject was hidden, which was illegal)...
This. It boggles the mind that browser vendors (and standards committee) haven‘t come up with a preferences page for cookie consent. Expose that through JS and/or send it to the server via a HTTP header.
Don't shoot the messenger. 99% of cookie/tracking dialogues are illegal, and are only there as a fig leaf because the website itself is engaged in illegal data processing in the first place.
i liked how the reddit popup had nothing to do with cookie consent and the second site didnt have any popups at all - author could have cherry picked a bad example but for some reason gave us this?
Well, it‘s fairer than cherry picking the most outrageous examples. Though I wonder if he didn‘t get any Reddit cookie banners because he had already accepted them at some point in the past.
No mention of the dramatic difference between certain news websites not having intrusive pop ups due to GDPR. Which should be mentioned any time this debate pops up.
I recently started using Artifact on iOS as a news aggregator, and... wow. It uses a standard customized WebView and not a SafariViewController or whatever, meaning that it doesn't support any of the system-wide content blockers that I'm used to.
It's truly amazing that websites are so insanely difficult to just... read, these days. Ads that pop up covering the screen, videos (irrelevant to the article) which I scroll past, and which then suddenly decide to pin themselves to cover the top 1/3 of the screen and autoplay, along with ads covering the bottom 1/4 of the screen, while cookie reminders pop up and the page keeps jumping around because ads take so long to load... It's truly astonishing how bad of an experience I was missing out on.
Artifact is a pretty nice app, all in all, but the browsing experience without content blockers is so terrible that I just can't bring myself to use it anymore.
That's only for websites that insist on tracking users first thing before hello. Nothing stops 99% of the sites from having an opt-in link somewhere in the footer, and minimal defaults, other than that they insist on convoluted metrics for their little brochure thingy. It's only really necessary to sell impressions or worse, not to make functional or even beautiful sites.
Sure, I know there's counter-examples, there are sites that do interesting things with personal data, even. But I know the vast, vast majority of sites that have these banners are not those sites, and I don't accept these corner cases as a fig leaf for this elephant (whose name is incompetence and greed) sitting on the couch, moaning about this law, since day one.
"this is what someone who considers themselves a webmaster, or even a web developer, writes nowadays (2021)"
I no longer stay on websites that require consent, show overlays, demand subscriptions and signups or do any other funky anti-user maneuvers. Just let this part of the web die.
Web is already hostile enough nowadays with all the tracking, scams, abuses of consent and bad ux designed to sell shit nobody needs.
EU politicians are dumbest beings on Earth. Dumbness of US politicians pales in comparison. They pretend like they care for citizens privacy, while simultaneously pushing for an end to encryption. States like Germany, which is at the helm of these policies, has fucking SCHUFA. It’s so hypocritical.
Sure. When they charge a reasonable price for occasional visitors, not the "just the price of a Starbucks coffee per month" subscription that's the SaaS wet dream.
Edit: also, non targeted NON INTRUSIVE ads will do too. Or would have done. If the ad industry wouldn't have burned any shred of credibility they ever had.
That's a pretty good point. If you want to be critical of the cookie/GDPR popup that's really the route to take. HN, Wikipedia and Github doesn't have any of this non-sense, because they have no incentive to track their users.
I do question the incentive of a number of sites. Reddit technically don't need to track you, they know all they need to based on which subreddit you're currently on. It's mainly sites that have no context to your activities that really need the tracking to attempt to provide ads that makes sense. Maybe having these sites should be financed differently?
Those cookie consent banners have to be one of the most obnoxious things to affect the web in recent history, only outmeasured by how useless and pointless they are.
Consent-O-Matic helps a lot with not having to see this nonsense though.
2016 was a weird time. When this legislation came down we literally had no idea what to do. We were a US company and didn't run any ads or broker data, so we thought at first that we were exempt.
After consulting with a legal team they made it clear this was not the case. And for the next 2 years there was a lot of pain.
We had too many cookies that were important to UX and analytics. If you don't understand why, imagine trying to run a store but not be allowed to look at your customers. We were fine not chasing them into the parking lot with a Polaroid camera, but GDPR didn't make a distinction really invasive tracking and "normal" un-creepy QOL cookies.
Before tools like OneTrust or Trustarc were available, it was also not even clear how you actually handle consent. TL:DR; you basically have to set a semi-anonymous cookie that tells you it's okay to load other cookies. But at the time it was not even clear if this was legal (since there are somewhat conflicting advice as to what could constitute PII in this situation).
To this day, we still deal with a lot of GDPR edge cases. Specifically what constitutes PII at a technical level when you are talking about session IDs, users IDs, or client addresses. It's still really tricky and we're always afraid the rug will be pulled out from under us. And even the most expensive lawyers will be experts in the law but need constant hand-holding through even the most basic technology.
(Data removal requests are another story - if people only knew, man)
The lesson I have learned:
- Anyone who says GDPR is simple has no real experience
- Do exactly what other companies are doing - do not try to stand out
I'm using auto-accept all cookies, and after I leave auto-delete all cookies. Then white-list only the cookies I actually need. That and use Firefox containers.
yes, it is a terrible experience...I personally think GDPR and thinking about user data is a great thing to have. But, the actual implementation is terribe. Like consent banner etc... I can tell 100% that whoever made this law is not a techie person. They wanted to solve a technical problem, like sharing user data without consent, through the law system that we used to...It would be a lot better if they forced this as a part of http protocol...So that we could have our pre-defined consent answers...I mean right now, we have no standart way to say no to any consent banner. You have to understand the consent banner, understand the options, evaluate them, and then process the outcome...You have to do this for all websites that you are visiting...
Yes, please fork http...EU, you can do that...I know it...
The consent banners you complain about are not due to GDPR it is a different law plus a compliant website makes it as easy to reject cookies as it does to accept them.
The "consent" popup is not GDPR conform. Rejection should not take more effort than accepting. That said, of course you should never trust Google, simply clicking "accept". Especially when they make it take more effort to reject, you need to reject.
That's what the companies make browsing the web in the EU look like nowadays. It's their decision to abuse us - and the law - and it is on them to fix it. If you check the enforcement tracker you can get an idea of what the tip of the iceberg looks like, the data that's lost/sold/leaked. Then take into account that just like with a real iceberg the bulk of the leaks and breaches goes unreported (and probably a large fraction of them goes undetected until the data shows up on some marketplace).
Until the GDPR a lot of this went on anyway, but totally invisible, now at least we have some idea of the magnitude of the problem and companies have an incentive to at least try to get it right. Not that many of them do. People that are categorically against government regulation tend to point at this and say 'see: that's what you get'. But they forget that in the relationship between companies and individuals it is the companies that on balance have the most power and there is ample evidence that this power then gets abused. Hence regulation. I'm all for tightening the rules another notch or two and adding a zero to the average fine. Because there is still a lot of room for improvement.
> That's what the companies make browsing the web in the EU look like nowadays. It's their decision to abuse us - and the law - and it is on them to fix it.
No, it's the EU that mandated those popups - an asinine solution to the tracking problem. The EU gets the blame.
I feel like a reasonable tweak to GDPR is to require that if a site has an "accept all" button, it needs an equally (or more) prominent "reject non-essential" button.
GDPR regs in fact already require exactly this, and all "consent" acquired without one has no legal basis. One or two national regulators have belatedly started to pursue it.
It's pretty much a requirement already. The website can't make it hard to reject or make it seem like accepting is the only way ahead. Many popular sites had made rejection easier after GDPR complaints (smaller ones often still didn't because nobody cared enough to complain, I guess).
Your beef is misplaced, madam/sir. EU does not mandate any website to store on your computer cookies that require consent. The companies (and individuals, hah) that choose to track you, do so of their own volition.
As an EU citizen, I am actually somewhat delighted that our legislation that attempts to improve privacy is being successfully exported. But similarly to how I find the US exporting their legislation quite loathsome---at least at times---I understand your beef.
They can't really export it, it's just most big companies have a presence in the EU and don't want to risk it. Plenty of other websites just blacklisted EU IP address space.
People are fucking babies. They're lobbying for deceptive marketing tactics to avoid the fraction of a second that it takes once in order to agree to be subjected to deceptive marketing tactics (although they have to disable their plugins and ad blockers to complain about it.) I couldn't even understand what I was supposed to see; people in the US also get cookie popups the first time they go to a site that is gathering a dossier about them.
probably_wrong|2 years ago
When the EU regulation came up, I was shocked that a single article was being shared with 100+ "partners". I knew it was bad, but I didn't know it was that bad. At least now I get the choice to opt-out. Sidenote: Google got fined for that pop-up because it should have a "do not accept" option [1].
Companies know they don't need those pop-ups. They are putting them there to anger you and demand for things to go back. Do you want to blame the EU for not anticipating that companies would act maliciously? Sounds fair to me. But don't let the companies off the hook for acting maliciously!
[1] https://www.taylorwessing.com/en/insights-and-events/insight...
itronitron|2 years ago
Whoever made the initial video must be a shill for the tracking companies because they didn't click on the 'do not accept' options, otherwise people would see how pervasive and thoroughly ridiculous the trackers are.
sublinear|2 years ago
You're giving these companies much more credit than they deserve. They're just going through the motions in an attempt to avoid lawsuits, but clearly not even Google can get it right 100%.
Hanlon's razor: "Never attribute to malice that which is adequately explained by stupidity."
legitster|2 years ago
Yes, I think we should clearly hold legislators accountable for unintended consequences. And I think it would be crazy not to.
If the law didn't have the desired effect, and makes everyone miserable, we should fix or amend it.
iamacyborg|2 years ago
A simple page request results in almost a thousand requests being made to third parties, just to show you some bad ads.
[1] https://pagexray.fouanalytics.com/q/pathofexile.fandom.com?f...
RcouF1uZ4gsC|2 years ago
This gets repeated a lot. However, even one of the pages on the official site of the EU has a cookie banner:
https://commission.europa.eu/index_en
Is the EU itself acting maliciously in putting up that cookie banner?
zeroonetwothree|2 years ago
antonf|2 years ago
mariusor|2 years ago
rvieira|2 years ago
People will choose convenience over mostly everything else.
freetinker|2 years ago
Kovah|2 years ago
slotrans|2 years ago
Users have always been in control of whether they accept cookies. There have been settings in your browser since (at least) Netscape 3.0. It's only because of dumb EU laws that cookie control has been pushed up into "user space" with these idiotic banners that no one reads.
whalesalad|2 years ago
RcouF1uZ4gsC|2 years ago
https://commission.europa.eu/index_en
Is the EU itself acting maliciously in putting up that cookie banner?
throw10920|2 years ago
foobarian|2 years ago
That's like hating a rock for rolling downhill. Regulation is the only way.
hoorayimhelping|2 years ago
It's the same tired nonsense as when regulators try to tax a business that's already operating on thin margins and act surprised when the business passes the cost to their customers instead of eating it.
I'm not upset with the intent of what they were trying to do, which was noble; the upsetting thing is that it was patently obvious their hamfisted implementation would lead to this outcome, and they did it anyway, knowing they could count on people to deflect blame away from them.
qeternity|2 years ago
It's not as if these companies are kicking in your door and violating your right to privacy. You're accessing their site with a device that is configured to transmit whatever you have it set to.
If you don't want cookies, disable cookies. If you want greater control, go and configure it yourself. Stop forcing your preferences on everyone.
The reality is that outside of a vocal contingent on HN, most people simply do not care. They won't pay a cent for their ad supported services. And I for one hate the endless consent popups and GDPR hoops I have to jump through. As an expat in London, I can't read many local news stories in the US because those sites simply block the traffic instead of trying to comply with a foreign law.
iamacyborg|2 years ago
itake|2 years ago
If companies DoNotTrack, they will have fewer people opting-in for tracking.
judge2020|2 years ago
GuB-42|2 years ago
Unlike do-not-track to 1, as far as I know, it is never set to 0 by default. So it should represent actual consent.
Not the best for privacy, but at least, it would make the web less annoying.
legitster|2 years ago
greybox|2 years ago
It's google, facebook etc that are trying to shove these things down your throat, not the EU.
whalesalad|2 years ago
pjc50|2 years ago
- most people are tracked on almost all websites by a small number of US megacorps (e.g. google analytics could probably reproduce complete browser histories for most Europeans, and most likely does for some intelligence agency)
- AND most people have their time wasted by consent banners
- AND small companies worry about compliance costs (my least favourite aspect of EU law is it doesn't understand the need to exclude small companies from complex requirements)
It's non-confrontational to a fault and therefore ineffective.
101008|2 years ago
naravara|2 years ago
switch007|2 years ago
indymike|2 years ago
jacquesm|2 years ago
Heliosmaster|2 years ago
Most of this crap is the same everywhere, not just in the EU.
mmazzarolo|2 years ago
rsynnott|2 years ago
I find it interesting that, in the cookie case, people blame the EU for making the problem visible, rather than blaming the people who created the problem. The cookies are the horseburger, in this instance.
chankstein38|2 years ago
If they really wanted to do something successful they should've been more strict on the situation. "Accept or Decline front and center" "No tracking cookies without specific UNFORCED opt in" "No annoying popups"
Like I don't know what they added to my experience. I already knew cookies existed and what they were used for. I guess now I can at least opt out in some cases. But who knows what is classified as a "strictly necessary cookie" which is the lowest amount of cookie tracking you can get on most of those sites.
bob1029|2 years ago
We literally use zero cookies (local storage, et. al.) in our latest products. The user's state is entirely managed on the server, and we pass their session identifier forward through hidden form fields or URL query parameter as appropriate. The only way this works is to go all-in on SSR-style web applications. 100% of user interactions must be satisfied with boring-ass form get/post. The microsecond you start thinking about SPA or holding onto even the merest of boolean facts between page loads, the whole magic experience vanishes in an instant. That isn't to say you can't use javascript, but you certainly don't start with it.
Our initial reasoning for going to this extent was due to weird behavior around cookie lifetime we were seeing on iOS/safari devices as of iOS13. If you don't use any client-side state, other than what is loaded into the current window/document/URL, who could ever ruin your day? They'd literally have to cripple 100% of the internet to start causing trouble for our newest approach. Over time, it became obvious this style also provides a better user & development experience. For instance, I no longer have to put the Apple WWDC event on my work calendar in anticipation of a refactoring effort. Pending legislation is also something I do not worry about anymore.
I find it interesting that the most compliant web experience is also the easiest (aka most boring) to develop and also usually provides the best end user experience. To me, cookie banners ultimately seem to be a higher order consequence of splitting the product into front-end/back-end and farming out every possible consideration to a 3rd party.
orwin|2 years ago
bilekas|2 years ago
The EU does it's best to at least let you know what's happening. What I would like is for browsers out of the box to auto reject cookies and tracking behavior. But that is probably the reason all the prompts are not standardized.
I like it, and Everytime I will go through and reject all of them. If the extension doesn't catch them already.
deadeye|2 years ago
tester756|2 years ago
If website uses cookies just for legit purposes (e.g auth, language choice), then it doesn't need to show cookie consent.
Webmasters should get awarness on this or stop spying
menus|2 years ago
Speak for yourself. I never consent to marketing or analytical cookies. I appreciate the option to turn them off.
dr_dshiv|2 years ago
brookst|2 years ago
OptionX|2 years ago
Is it the perfect system? No. Is it better than no system at all. I think so.
oefnak|2 years ago
throwbadubadu|2 years ago
But big corps know what they wanted and do and lead the rest of the pack..
nequo|2 years ago
babypuncher|2 years ago
Stop blaming the government for something private companies are doing to you. All the government did was require them to be honest about it.
Maybe the EU should be more aggressive with GDPR, and start fining these companies out of existence for not being 100% compliant. That would put a stop to the maze of dark patterns pretty quickly. Either every shitty company would go bankrupt overnight, or they would learn how to make very simple "yes cookies" and "no cookies" buttons.
telmo|2 years ago
drcongo|2 years ago
ktosobcy|2 years ago
There could be browser configuration for the cookie consent popup (accept, essential, reject all) that websites could follow but now - they prefer to be obnoxious about it hoping that everyone will click "allow" pit of boredom (not to mention that at the beginning it was only visible option and reject was hidden, which was illegal)...
danhau|2 years ago
bux93|2 years ago
maaarghk|2 years ago
mmazzarolo|2 years ago
danhau|2 years ago
barbazoo|2 years ago
whimsicalism|2 years ago
s_dev|2 years ago
danudey|2 years ago
It's truly amazing that websites are so insanely difficult to just... read, these days. Ads that pop up covering the screen, videos (irrelevant to the article) which I scroll past, and which then suddenly decide to pin themselves to cover the top 1/3 of the screen and autoplay, along with ads covering the bottom 1/4 of the screen, while cookie reminders pop up and the page keeps jumping around because ads take so long to load... It's truly astonishing how bad of an experience I was missing out on.
Artifact is a pretty nice app, all in all, but the browsing experience without content blockers is so terrible that I just can't bring myself to use it anymore.
johnnyworker|2 years ago
Sure, I know there's counter-examples, there are sites that do interesting things with personal data, even. But I know the vast, vast majority of sites that have these banners are not those sites, and I don't accept these corner cases as a fig leaf for this elephant (whose name is incompetence and greed) sitting on the couch, moaning about this law, since day one.
"this is what someone who considers themselves a webmaster, or even a web developer, writes nowadays (2021)"
whimsicalism|2 years ago
We might have tried similar things if Europe was as dominant in American tech markets.
unknown|2 years ago
[deleted]
crnkofe|2 years ago
Web is already hostile enough nowadays with all the tracking, scams, abuses of consent and bad ux designed to sell shit nobody needs.
0xfedbee|2 years ago
scrollinondubs|2 years ago
fleventynine|2 years ago
usrnm|2 years ago
nottorp|2 years ago
Edit: also, non targeted NON INTRUSIVE ads will do too. Or would have done. If the ad industry wouldn't have burned any shred of credibility they ever had.
mrweasel|2 years ago
I do question the incentive of a number of sites. Reddit technically don't need to track you, they know all they need to based on which subreddit you're currently on. It's mainly sites that have no context to your activities that really need the tracking to attempt to provide ads that makes sense. Maybe having these sites should be financed differently?
PrimeMcFly|2 years ago
Consent-O-Matic helps a lot with not having to see this nonsense though.
traveler01|2 years ago
legitster|2 years ago
After consulting with a legal team they made it clear this was not the case. And for the next 2 years there was a lot of pain.
We had too many cookies that were important to UX and analytics. If you don't understand why, imagine trying to run a store but not be allowed to look at your customers. We were fine not chasing them into the parking lot with a Polaroid camera, but GDPR didn't make a distinction really invasive tracking and "normal" un-creepy QOL cookies.
Before tools like OneTrust or Trustarc were available, it was also not even clear how you actually handle consent. TL:DR; you basically have to set a semi-anonymous cookie that tells you it's okay to load other cookies. But at the time it was not even clear if this was legal (since there are somewhat conflicting advice as to what could constitute PII in this situation).
To this day, we still deal with a lot of GDPR edge cases. Specifically what constitutes PII at a technical level when you are talking about session IDs, users IDs, or client addresses. It's still really tricky and we're always afraid the rug will be pulled out from under us. And even the most expensive lawyers will be experts in the law but need constant hand-holding through even the most basic technology.
(Data removal requests are another story - if people only knew, man)
The lesson I have learned:
- Anyone who says GDPR is simple has no real experience
- Do exactly what other companies are doing - do not try to stand out
- The only real winners were the lawyers
flir|2 years ago
Kind of a context-aware private browsing mode, I guess.
appplication|2 years ago
I don’t even use an adblocker normally, but the cookie banners are insanely annoying.
JacobSeated|2 years ago
127|2 years ago
m00dy|2 years ago
Yes, please fork http...EU, you can do that...I know it...
pasc1878|2 years ago
rany_|2 years ago
nathanaldensr|2 years ago
zelphirkalt|2 years ago
deafpolygon|2 years ago
jacquesm|2 years ago
Until the GDPR a lot of this went on anyway, but totally invisible, now at least we have some idea of the magnitude of the problem and companies have an incentive to at least try to get it right. Not that many of them do. People that are categorically against government regulation tend to point at this and say 'see: that's what you get'. But they forget that in the relationship between companies and individuals it is the companies that on balance have the most power and there is ample evidence that this power then gets abused. Hence regulation. I'm all for tightening the rules another notch or two and adding a zero to the average fine. Because there is still a lot of room for improvement.
PrimeMcFly|2 years ago
No, it's the EU that mandated those popups - an asinine solution to the tracking problem. The EU gets the blame.
delecti|2 years ago
handelaar|2 years ago
seba_dos1|2 years ago
pasc1878|2 years ago
Many websites seem to break this law.
thuridas|2 years ago
mnd999|2 years ago
esharte|2 years ago
bloopernova|2 years ago
senttoschool|2 years ago
taneliv|2 years ago
As an EU citizen, I am actually somewhat delighted that our legislation that attempts to improve privacy is being successfully exported. But similarly to how I find the US exporting their legislation quite loathsome---at least at times---I understand your beef.
barbazoo|2 years ago
PrimeMcFly|2 years ago
pessimizer|2 years ago
Oh, the suffering of having to click "OK."