top | item 45668002

(no title)

vmaurin | 4 months ago

Same goes for age verification.

There was the DNT header, that was a bit to simplistic, but was never implemented https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/...

The thing people need to understand here is that the annoyance is not due to lack of technical solutions, or regulations forcing something. It is explicitly wanted by the industry so they can maximize the consent rate. The browser solution is probably the best technical/user friendly one, but ad tech/data gathering industry won't have any consent. As they control most of the web, they will never do that

discuss

Animats|4 months ago

It was implemented in browsers and ignored by sites. Chrome help says:

Turn "Do Not Track" on or off

When you browse the web on computers or Android devices, you can send a request to websites not to collect or track your browsing data. It's turned off by default.

However, what happens to your data depends on how a website responds to the request. Many websites will still collect and use your browsing data to improve security, provide content, services, ads and recommendations on their websites, and generate reporting statistics.

Most websites and web services, including Google's, don't change their behavior when they receive a Do Not Track request. Chrome doesn't provide details of which websites and web services respect Do Not Track requests and how websites interpret them.[1]

About the best we have browser side is a mode where all cookies are cleared at browser exit.

[1] https://support.google.com/chrome/answer/2790761

djoldman|4 months ago

In chrome, saving anything to your device can be blocked completely:

chrome://settings/content/siteData

Here's an extension to block at a per-site granularity (despite it saying cookies, it blocks it all including local storage):

https://chromewebstore.google.com/detail/disable-cookies/lkm...

pessimizer|4 months ago

That's not an implementation. That's a request to sites that you visit to comply willingly. An implementation would be defensive.

It's what you would do if you had the crazy idea that a browser should be a client for the user, and only a client for the user. It should do nothing that a user wouldn't want done. The measure of a client's functionality is indistinguishable from the ability of the user to make it conform to the their desires.

Semaphor|4 months ago

> About the best we have browser side is a mode where all cookies are cleared at browser exit.

No. The best we have are adblockers and scripts like consent-o-matic.

Clearing cookies does mostly clear cookies, tracking goes far beyond that. Clearing cookies has always been a red herring enabling adtech submarines like "I don’t care about cookies".

disruptiveink|4 months ago

Correct. Age verification and privacy consents belong on the browser. The issue is that on the browser, things work a bit too well (remember https://en.wikipedia.org/wiki/P3P ?), so the big players are incentivized to ignore completely the browser-based mechanisms and say/do nothing whenever they see lawmakers going on a dumb direction (risking fines is a reasonable price to pay in order to kill adoption of an actual browser/OS based control that would cause a dent to their tracking operations) that puts the onus on individual website operators.

p_l|4 months ago

Fun fact - if you handle DNT properly, you don't need to show the consent screen... because you're not doing anything requiring said consent.

jeroenhd|4 months ago

I believe Medium's DNT implementation showed a little confirmation button on embedded Youtube players. That's the kind of consent screen you may still need with proper DNT handling.

None of those cookie popups, though. That's all malicious compliance.

voxic11|4 months ago

I don't think this is true. DNT being absent or set to consenting is not enough to infer the user has given specific and informed consent under the GDPR.

> Explicit consent: Under the GDPR and similar laws, consent must be specific, informed, and an unambiguous, affirmative action from the user. Consent cannot be assumed by a user's continued browsing or inaction, which is what DNT would require.

cyanydeez|4 months ago

At this point browsers should become publicly owned. Theres zero benefit in private ownership. Its a utility and nows the time to accept that.

LunaSea|4 months ago

Utilities are not public either anymore in most western countries.

ants_everywhere|4 months ago

[flagged]