How would that prevent sites from selling their users' data to third parties without consent server-side? GDPR is not about third party cookies, but about requiring informed consent.

▲

vouwfietsman 5 days ago | parent | next [-]

Though I agree with your point, the idea that cookie banners in any sense contribute to "informed consent" is very debatable.

	▲	kiicia 4 days ago \| parent [-]
		It’s because those were made to be bad solution by very advertising companies wanting people to be denied their rights and making it look like law is bad instead of implementation being bad

▲

xp84 5 days ago | parent | prev [-]

The 'selling of data' is separate of course, but the banners do nothing to actually ensure that they aren't collecting data you don't know about. They're honor system, which is dumb when you could have browsers not send that data back without opt-in.

In other words, of course Facebook knows you like bacon if you've followed 5 bacon fan pages and joined a bacon lovers group, and they could sell that fact.

But without cookies being saved long-term, Facebook wouldn't know that you are shopping for a sweater unless you did that shopping on Facebook. Today they undoubtedly do know if you are shopping for anything because cookies exist and because browsers are configured to always save cookies across sessions.

Also, I always point this out when this topic comes up: Of all websites I visit and have to click stupid banners on, almost none of them are in the market of "selling data" or building dossiers about individuals ("Steve Smith bought flowers on June 19th. Steve is 28 years old. He has a Ford Explorer. He lives in Boston."). They just want to get metrics on which of their ads worked, and maybe to know aggregate demographics about their audience. My local water utility, Atlassian, and Nintendo to pick 3 sites at random, have never been and are not in the business of data brokerage. But they do need to show cookie banners to not be sued for imaginary harms under CCPA or GDPR (unless they want to not make any use of online advertising or even aggregate analytics).

▲

gf000 5 days ago | parent [-]

> They're honor system, which is dumb when you could have browsers not send that data back without opt-in.

Given that there is no objective way to differentiate between functional and tracking cookies, your "technical" solution would also boil down to honoring marking certain cookies as such by the website owner, effectively being the same as what we have today.

(Though I do agree that the UX would be nicer this way)

▲

swiftcoder 5 days ago | parent | next [-]

Well, I mean, we could go the route Safari has, and just blanket-disable 3rd party cookies by default. It's... quite effective (if a tad annoying for folks implementing single-sign-on)

▲

gf000 5 days ago | parent [-]

I don't know, I don't think it helps all that much when you are up against Facebook's, and Google's wits on how to circumvent it.

If they can open a port and side-step the security system of Android wholesale, they can probably find a "solution" to the not even that hard of a problem of doing tracking server-side.

	▲	swiftcoder 5 days ago \| parent [-]
		There is a problem in convincing everyone on the internet to install a server-side tracking component. Pretty much everyone was willing to give this away for free on the client side, in return for limited social integration, or (in Google's case) free analytics - server side is a significantly harder sell in many companies, and there is a much richer variety of backend languages/frameworks you have to integrate with.

▲

const_cast 4 days ago | parent | prev [-]

We don't need the functional/tracking cookie split - the law already thought of this.

If you're using functional cookies, you don't have to ask. If you're still asking, you're just wasting your time.

The reason every website asks is because:

1. They're stupid and don't even bother to preliminarily research the laws they comply with.

2. They actually are tracking you.

Ultimately if you're using something like Google Analytics, then yeah you probably do need a banner. Even if it's just a blog.

Great, so then don't do that.

	▲	gf000 3 days ago \| parent [-]
		We are not in disagreement - my point is that is is a fundamentally civil/legal problem, not a technical one. There is no technical distinction between a functional and a tracking cookie.