Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
Aloisius 11 hours ago

It's gotten entirely out of hand.

Most EU national government websites have cookie banners. Even the European Commission website has a cookie banner!

This should have been implemented at the browser level. Let the browser generate a nice consistent UI to nag EU users when visiting websites about accepting cookies and let the rest of us opt out.

almostnormal 8 hours ago | parent | next [-]

The standard for cookies should be updated with a way to include or retrieve a description of each cookie separately. Then, require sites to provide that description, and let users choose per cookie in the browser.

Sander_Marechal 7 hours ago | parent | next [-]

That's nonsense. It's not about the cookies, it's about the data collection. You can use cookies without having to use a cookie banner by simply not gathering data you don't need. And if you do gather that data without using cookies you still need to ask for consent.

dcow 5 hours ago | parent [-]

I can tell you, with absolute certainty, that nobody knows how to implement the law or what it even means, legislators, lawyers, engineers alike. There was a good somewhere and now we're in hell.

Macha 5 hours ago | parent [-]

Nah, companies don't want to implement it as it's bad for their business model so they feign ignorance.

I still remember being at an all hands at a former employer where the team presenting the revised cookie banners promoted as a benefit that it had opt in rates that would make an authoritarian dictator embarrassed to claim as uninfluenced

Arch-TK 6 hours ago | parent | prev [-]

That would be horrendous and would play right into the advertiser's hands which want you to "just click accept".

Cookies should be categorised as essential and non-essential and the website should specify which laws it is considering when it categorises them as such. The GDPR definition of "legitimate interest" (which is a bit vague but it's not that hard to understand it) should be explicitly clarified so that companies can't claim that a whole swathe of shit they opted you into automatically is "legitimate interest" if they also give you the option to opt out.

At this point they can still attach descriptions to each cookie (hopefully using some standardised interface so you don't have to literally send these with every cookie, localized) and then your browser can still present you with the idiotic: "here's what we would like you to use" interface, but streamline the process with the ability to just opt out of anything which won't outright break the website.

Although this still opens it up for abuse by companies putting things like: "your preference for us not popping up an annoying full-page message every time you visit a new page" into a "non-essential" cookie to incentivise you to just accept them all.

Honestly I think we should just have Joe "Sensible Person" judge company's websites for whether they're being actively malicious in any way and force the closure of any company which is considered actively malicious along with the destruction of all company IP and liquidation of non-IP assets. All the company owners should also be banned from owning/running any other company for 10 years. (only half kidding)

devjab 8 hours ago | parent | prev [-]

As someone who has worked on the Danish public sector I have a slightly different take on the public websites. They should never have been using things like 3rd party analytics to begin with.

I understand it’s was media and communication departments do, and that it’s natural that the people working within them would want to do so regardless of where they work. It’s their trade after all, unfortunately they bring the exact same “user engagement” mindset with them into the public sector. Well, at least in my anecdotal experience with a handful of these departments in 7-8 different cities around here. You can of course make good points on user metrics on a public website, but they should frankly work very different than they would on most web sites. On a public website it should be the goal to get to user to leave the site as quickly as possible, because the longer they hang around the more time they are spending finding what they need. That’s not what happens with these metrics in my experience, however, instead they are used to do what you might do on a news site.

That’s just one side of it, however, because the privacy concerns are their own issue. If you absolutely want metrics on a public website at least have the courtesy to build your own. It should be illegal for public web sites to use 3rd party tracking. I know why they use it, it’s for the same reason they spend a ridiculous amount of money on custom designs systems build on top of what is usually SharePoint or Umbraco. They refuse to hire the Django (insert any other extremely low maintenance system) expertise because it’s expensive on the “long term budget”, even though it would be much cheaper than 3rd party tools and consultants on the actual long term budget. Anyway, that is another point. But it really pisses me off when public websites need you to allow 3rd party tracking because they aren’t using it in any way which serves the public.

Worst of all is that cookie banners are explicitly a private industry way of dealing with their refusal to respect “do-not-stab”. Public websites could simply put their bullshit into their privacy page. Of course nobody would go there and turn on 3rd party cookies, but why should the public care?