| ▲ | aurareturn 8 hours ago |
| So they finally admit that it was a mistake. Even EU government websites had annoying giant cookie banners. Yet, some how the vast majority of HN comments defend the cookie banners saying if you don't do anything "bad" then you don't need the banners. |
|
| ▲ | legitster 5 hours ago | parent | next [-] |
| > Yet, some how the vast majority of HN comments defend the cookie banners saying if you don't do anything "bad" then you don't need the banners. There are a LOT of shades of gray when it comes to website tracking and HN commenters refuse to deal with nuance. Imagine running a store, and then I ask you how many customers you had yesterday and what they are looking at. "I don't watch the visitors - it's unnecessary and invasive". When in fact, having a general idea what your customers are looking for or doing in your store is pretty essential for running your business. Obviously, this is different than taking the customer's picture and trading it with the store across the street. When it comes to websites and cookie use, the GDPR treated both behaviors identically. |
| |
| ▲ | pseudalopex 4 hours ago | parent [-] | | > Imagine running a store, and then I ask you how many customers you had yesterday and what they are looking at. Server logs can provide this information. | | |
| ▲ | crazygringo 2 hours ago | parent | next [-] | | Only in very simple ways. Realistically, you want to know things like, how many users who looked at something made a purchase in the next 3 days? Is that going up or down after a recent change we made? Many necessary business analytics require tracking and aggregating the behavior of individual users. You can't do that with server logs. | | |
| ▲ | vladms 7 minutes ago | parent [-] | | Many people want to do many things, problem is do we agree as society it is ok, considering all the implications. I personally find the commercial targeting extremely poor. I look for things to buy and I get stupid ads which don't fit, or I bought the things and still bombarded with the ad for the same thing. But data collection can be used by far more nefarious purposes, like political manipulation (already happening). So yes, I am willing to give up some percentage points in optimizing the commercial and advertisement process (for your example, wait for 2 weeks and check for the actual sales volume difference) to prevent other issues. |
| |
| ▲ | legitster 4 hours ago | parent | prev [-] | | Not for the amount of stuff on the web now that is client-side rendered. | | |
| ▲ | pseudalopex 3 hours ago | parent [-] | | Client side rendering means in practice clicking a product retrieves JSON and images instead of HTML and images. This can be logged. |
|
|
|
|
| ▲ | basisword 8 hours ago | parent | prev | next [-] |
| It worked to highlight the insane amount of tracking every fucking website does. Unfortunately it didn’t stop it. A browser setting letting me reject everything by default will be a better implementation. But this implementation only failed because almost every website owner wants to track your every move and share those moves with about 50 different other trackers and doesn’t want to be better. |
| |
| ▲ | fmbb 6 hours ago | parent | next [-] | | 50 is not even close. Those banners often list up to 3000 ”partners”. | |
| ▲ | graemep 6 hours ago | parent | prev | next [-] | | The cookie law made this worse. I used to use an extension that let me whitelist which sites could set cookies (which was pretty much those I wanted to login to). I had to stop using it because I had to allow the cookie preference cookies on too many sites. | | |
| ▲ | whstl 5 hours ago | parent | next [-] | | uBlock blocks most of those for me lately. | |
| ▲ | pessimizer 4 hours ago | parent | prev | next [-] | | You can fix that. I use an extension called "I don't care about cookies" that clicks "yes" to all cookies on all websites, and I use another extension* that doesn't allow any cookies to be set unless I whitelist the site, and I can do this finely even e.g. to the point where I accept a cookie from one page to get to the next page, then drop it, and drop the entire site from even that whitelist when I leave the page, setting this all with a couple of clicks. * Sadly the second is unmaintained, and lets localStorage stuff through. There are other extensions that have to be called in (I still need to hide referers and other things anyway.) https://addons.mozilla.org/en-US/firefox/addon/forget_me_not.... I have the simultaneous desire to take the extension over or fork it, and the desire not to get more involved with the sinking ship which is Firefox. Especially with the way they treat extension developers. https://addons.mozilla.org/en-US/firefox/addon/cookie-autode... does a similar thing. | | |
| ▲ | graemep 4 hours ago | parent [-] | | I use the first of those extensions, its the cookie whitelist one that no longer works for me. |
| |
| ▲ | immibis 5 hours ago | parent | prev [-] | | There could be an extension to block the banners, too. I think uBO has a feature to block certain CSS classes? | | |
| ▲ | graemep 4 hours ago | parent [-] | | The only thing that works well for me is using an extension that automatically gives permissions and another that auto deletes cookies when i close the tab. The problem with Ublock etc. is that just blocking breaks quite a lot of sites. |
|
| |
| ▲ | GardenLetter27 7 hours ago | parent | prev [-] | | You can just set your browser not to send whichever cookies you don't want to. Cookies are a client-side technology. Why does the government need to be involved? | | |
| ▲ | layer8 6 hours ago | parent | next [-] | | The website wouldn’t inform you about which cookies are doing what. You wouldn’t have a basis to decide on which cookies you want because they are useful versus which you don’t because they track you. You also wouldn’t be informed when functional cookies suddenly turn into tracking cookies a week later. The whole point of the consent popups is to inform the user about what is going on. Without legislation, you wouldn’t get that information. | |
| ▲ | stavros 6 hours ago | parent | prev | next [-] | | Because it's not like the browser has two thousand cookies per website, it only has one and then they share your data with the two thousand partners server-side. The government absolutely needs to be involved. | | |
| ▲ | AnthonyMouse 5 hours ago | parent | next [-] | | To begin with that isn't true, because the worst offenders are third party cookies, since they can track the user between websites, but then you can block them independently of the first party cookies. Then you have the problem that if they are using a single cookie, you now can't block it because you need it to be set so it stops showing you the damn cookie banner every time, but meanwhile there is no good way for the user or the government to be able to tell what they're doing with the data on the back end anyway. So now you have to let them set the cookie and hope they're not breaking a law where it's hard to detect violations, instead of blocking the cookie on every site where it has no apparent utility to you. But the real question is, why does this have anything to do with cookies to begin with? If you want to ban data sharing or whatever then who cares whether it involves cookies or not? If they set a cookie and sell your data that's bad but if they're fingerprinting your browser and do it then it's all good? Sometimes laws are dumb simply because the people drafting them were bad at it. | | |
| ▲ | stavros 4 hours ago | parent [-] | | > If you want to ban data sharing or whatever then who cares whether it involves cookies or not? Nobody. The law bans tracking and data sharing, not cookies specifically. People have just simplified it to "oh, cookies" and ignore that this law bans tracking. | | |
| ▲ | AnthonyMouse 4 hours ago | parent [-] | | > The law bans tracking and data sharing, not cookies specifically. From what I understand it specifically regards storing data on the user's device as something different, and then cookies do that so cookies are different. | | |
| ▲ | stavros 4 hours ago | parent [-] | | Not really, it disallows tracking even if you aren't storing anything (eg via fingerprinting): https://gdpr.eu/cookies/ | | |
| ▲ | AnthonyMouse 4 hours ago | parent [-] | | That link seems to say the opposite: > The EPR was supposed to be passed in 2018 at the same time as the GDPR came into force. The EU obviously missed that goal, but there are drafts of the document online, and it is scheduled to be finalized sometime this year even though there is no still date for when it will be implemented. The EPR promises to address browser fingerprinting in ways that are similar to cookies, create more robust protections for metadata, and take into account new methods of communication, like WhatsApp. If the thing they failed to pass promises to do something additional, doesn't that imply that the thing they did pass doesn't already do it? And I mean, just look at this: > Strictly necessary cookies — These cookies are essential for you to browse the website and use its features, such as accessing secure areas of the site. Cookies that allow web shops to hold your items in your cart while you are shopping online are an example of strictly necessary cookies. These cookies will generally be first-party session cookies. While it is not required to obtain consent for these cookies, what they do and why they are necessary should be explained to the user. > Preferences cookies — Also known as “functionality cookies,” these cookies allow a website to remember choices you have made in the past, like what language you prefer, what region you would like weather reports for, or what your user name and password are so you can automatically log in. So you don't need consent for a shopping cart cookie, which is basically a login to a numbered account with no password, but if you want to do an actual "stay logged in with no password" or just not forget the user's preferred language now you supposedly need an annoying cookie banner even if you're not selling the data or otherwise doing anything objectionable with it. It's rubbish. |
|
|
|
| |
| ▲ | immibis 5 hours ago | parent | prev [-] | | Actually it often is a separate cookie per tracker because that's convenient for the trackers. But the only reason they don't put in the effort to do it the way you said is that browsers don't have the feature to block individual cookies. If they did, they would. | | |
| ▲ | 1718627440 2 hours ago | parent [-] | | Some browsers like Midori do the sensible thing and ask you for every cookie, whether you actually want to have it. Cookie dialogs are then entirely redundant. You can click accept all in the website, and reject all in the browser. |
|
| |
| ▲ | webstrand 7 hours ago | parent | prev | next [-] | | Not all cookies are bad for the user, for instance the one that keeps you logged in or stores the session id. Those kind were never banned in the first place. Blocking cookies locally doesn't allow you to easily discriminate between tracking and functional cookies. And even if the browser had a UI for accepting or rejecting each cookie, they're not named such that a normal user could figure out which are important for not breaking the website, and which are just for tracking purposes. By passing a law that says "website providers must disambiguate" this situation can be improved. | | |
| ▲ | youngtaff 6 hours ago | parent [-] | | Cookies that keep you logged in or maintain a session don’t need consent |
| |
| ▲ | eitau_1 3 hours ago | parent | prev | next [-] | | If there's no regulation, nothing stops a website from telling hundreds of third-party entities about your visit. No amount of fiddling with browser settings and extensions will prevent a keen website operator from contributing to tracking you (at least on ip/household level) by colluding with data brokers via the back-end. | |
| ▲ | rebolek 5 hours ago | parent | prev | next [-] | | Of course, let ME decide if I want to keep fdfhfiudva=dsaafndsafndsoai and remove cindijcasndiuv=fwíáqfewjfoi. I know best what those cookies do! | |
| ▲ | troupo 2 hours ago | parent | prev [-] | | Because it's not about cookies. Ad trackers shouldn't store my precise geolocation for 12 years for example: https://x.com/dmitriid/status/1817122117093056541 |
|
|
|
| ▲ | youngtaff 6 hours ago | parent | prev | next [-] |
| Cookie banners are made obtrusive by the people running CMPs as they want to make it as hard as possible to stop collecting the data |
| |
| ▲ | Mountain_Skies 5 hours ago | parent [-] | | Funny thing is that I often will go out of my way to find the least permissive settings if the banner is obnoxious or has a dark pattern. |
|
|
| ▲ | LogicFailsMe 5 hours ago | parent | prev | next [-] |
| every accusation is a confession you see... |
|
| ▲ | m00dy 8 hours ago | parent | prev | next [-] |
| worst implementation ever. I bet it is the reason that most people are now taking anti depressants. |
|
| ▲ | croes 4 hours ago | parent | prev [-] |
| > if you don't do anything "bad" then you don't need the banners. Because that’s how it is. For instance why does a site need to share my data with over 1000 "partners“? And the EU uses the same tracking and website frameworks as others so they got banners automatically. It wasn’t a mistake but website providers maliciously complied with the banners to shift the blame. Seems you fell for it. |
