Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
basisword 8 hours ago

It worked to highlight the insane amount of tracking every fucking website does. Unfortunately it didn’t stop it. A browser setting letting me reject everything by default will be a better implementation. But this implementation only failed because almost every website owner wants to track your every move and share those moves with about 50 different other trackers and doesn’t want to be better.

fmbb 6 hours ago | parent | next [-]

50 is not even close.

Those banners often list up to 3000 ”partners”.

graemep 6 hours ago | parent | prev | next [-]

The cookie law made this worse.

I used to use an extension that let me whitelist which sites could set cookies (which was pretty much those I wanted to login to). I had to stop using it because I had to allow the cookie preference cookies on too many sites.

whstl 5 hours ago | parent | next [-]

uBlock blocks most of those for me lately.

pessimizer 4 hours ago | parent | prev | next [-]

You can fix that. I use an extension called "I don't care about cookies" that clicks "yes" to all cookies on all websites, and I use another extension* that doesn't allow any cookies to be set unless I whitelist the site, and I can do this finely even e.g. to the point where I accept a cookie from one page to get to the next page, then drop it, and drop the entire site from even that whitelist when I leave the page, setting this all with a couple of clicks.

* Sadly the second is unmaintained, and lets localStorage stuff through. There are other extensions that have to be called in (I still need to hide referers and other things anyway.) https://addons.mozilla.org/en-US/firefox/addon/forget_me_not.... I have the simultaneous desire to take the extension over or fork it, and the desire not to get more involved with the sinking ship which is Firefox. Especially with the way they treat extension developers.

https://addons.mozilla.org/en-US/firefox/addon/cookie-autode... does a similar thing.

graemep 4 hours ago | parent [-]

I use the first of those extensions, its the cookie whitelist one that no longer works for me.

immibis 5 hours ago | parent | prev [-]

There could be an extension to block the banners, too. I think uBO has a feature to block certain CSS classes?

graemep 4 hours ago | parent [-]

The only thing that works well for me is using an extension that automatically gives permissions and another that auto deletes cookies when i close the tab.

The problem with Ublock etc. is that just blocking breaks quite a lot of sites.

GardenLetter27 7 hours ago | parent | prev [-]

You can just set your browser not to send whichever cookies you don't want to.

Cookies are a client-side technology.

Why does the government need to be involved?

layer8 6 hours ago | parent | next [-]

The website wouldn’t inform you about which cookies are doing what. You wouldn’t have a basis to decide on which cookies you want because they are useful versus which you don’t because they track you. You also wouldn’t be informed when functional cookies suddenly turn into tracking cookies a week later.

The whole point of the consent popups is to inform the user about what is going on. Without legislation, you wouldn’t get that information.

stavros 6 hours ago | parent | prev | next [-]

Because it's not like the browser has two thousand cookies per website, it only has one and then they share your data with the two thousand partners server-side. The government absolutely needs to be involved.

AnthonyMouse 5 hours ago | parent | next [-]

To begin with that isn't true, because the worst offenders are third party cookies, since they can track the user between websites, but then you can block them independently of the first party cookies.

Then you have the problem that if they are using a single cookie, you now can't block it because you need it to be set so it stops showing you the damn cookie banner every time, but meanwhile there is no good way for the user or the government to be able to tell what they're doing with the data on the back end anyway. So now you have to let them set the cookie and hope they're not breaking a law where it's hard to detect violations, instead of blocking the cookie on every site where it has no apparent utility to you.

But the real question is, why does this have anything to do with cookies to begin with? If you want to ban data sharing or whatever then who cares whether it involves cookies or not? If they set a cookie and sell your data that's bad but if they're fingerprinting your browser and do it then it's all good?

Sometimes laws are dumb simply because the people drafting them were bad at it.

stavros 4 hours ago | parent [-]

> If you want to ban data sharing or whatever then who cares whether it involves cookies or not?

Nobody. The law bans tracking and data sharing, not cookies specifically. People have just simplified it to "oh, cookies" and ignore that this law bans tracking.

AnthonyMouse 4 hours ago | parent [-]

> The law bans tracking and data sharing, not cookies specifically.

From what I understand it specifically regards storing data on the user's device as something different, and then cookies do that so cookies are different.

stavros 4 hours ago | parent [-]

Not really, it disallows tracking even if you aren't storing anything (eg via fingerprinting):

https://gdpr.eu/cookies/

AnthonyMouse 4 hours ago | parent [-]

That link seems to say the opposite:

> The EPR was supposed to be passed in 2018 at the same time as the GDPR came into force. The EU obviously missed that goal, but there are drafts of the document online, and it is scheduled to be finalized sometime this year even though there is no still date for when it will be implemented. The EPR promises to address browser fingerprinting in ways that are similar to cookies, create more robust protections for metadata, and take into account new methods of communication, like WhatsApp.

If the thing they failed to pass promises to do something additional, doesn't that imply that the thing they did pass doesn't already do it?

And I mean, just look at this:

> Strictly necessary cookies — These cookies are essential for you to browse the website and use its features, such as accessing secure areas of the site. Cookies that allow web shops to hold your items in your cart while you are shopping online are an example of strictly necessary cookies. These cookies will generally be first-party session cookies. While it is not required to obtain consent for these cookies, what they do and why they are necessary should be explained to the user.

> Preferences cookies — Also known as “functionality cookies,” these cookies allow a website to remember choices you have made in the past, like what language you prefer, what region you would like weather reports for, or what your user name and password are so you can automatically log in.

So you don't need consent for a shopping cart cookie, which is basically a login to a numbered account with no password, but if you want to do an actual "stay logged in with no password" or just not forget the user's preferred language now you supposedly need an annoying cookie banner even if you're not selling the data or otherwise doing anything objectionable with it. It's rubbish.

vladms a few seconds ago | parent [-]

> but if you want to do an actual "stay logged in with no password"

Wouldn't that be a session cookie (which is a strictly necessary cookie for accessing a secure area) with no expiration?

> or just not forget the user's preferred language

Why would you store the language preference client site anyhow? Isn't a better place the user profile on the server? I use the same language for the same site no matter the device I am logged in.

immibis 5 hours ago | parent | prev [-]

Actually it often is a separate cookie per tracker because that's convenient for the trackers. But the only reason they don't put in the effort to do it the way you said is that browsers don't have the feature to block individual cookies. If they did, they would.

1718627440 2 hours ago | parent [-]

Some browsers like Midori do the sensible thing and ask you for every cookie, whether you actually want to have it. Cookie dialogs are then entirely redundant. You can click accept all in the website, and reject all in the browser.

webstrand 7 hours ago | parent | prev | next [-]

Not all cookies are bad for the user, for instance the one that keeps you logged in or stores the session id. Those kind were never banned in the first place.

Blocking cookies locally doesn't allow you to easily discriminate between tracking and functional cookies. And even if the browser had a UI for accepting or rejecting each cookie, they're not named such that a normal user could figure out which are important for not breaking the website, and which are just for tracking purposes.

By passing a law that says "website providers must disambiguate" this situation can be improved.

youngtaff 6 hours ago | parent [-]

Cookies that keep you logged in or maintain a session don’t need consent

eitau_1 3 hours ago | parent | prev | next [-]

If there's no regulation, nothing stops a website from telling hundreds of third-party entities about your visit. No amount of fiddling with browser settings and extensions will prevent a keen website operator from contributing to tracking you (at least on ip/household level) by colluding with data brokers via the back-end.

rebolek 5 hours ago | parent | prev | next [-]

Of course, let ME decide if I want to keep fdfhfiudva=dsaafndsafndsoai and remove cindijcasndiuv=fwíáqfewjfoi. I know best what those cookies do!

troupo 2 hours ago | parent | prev [-]

Because it's not about cookies. Ad trackers shouldn't store my precise geolocation for 12 years for example: https://x.com/dmitriid/status/1817122117093056541