upvote

points

by basisword4 hours ago |
comments
upvoteby microgpt4 hours ago|
next
[-]
Website operators hate these cookies popups because they make their website more annoying and make me more likely to press the back button and click on a different website. As it should be. This incentivizes them to stop tracking me.
reply
upvoteby dminik4 hours ago|
parent|
next
[-]
Why then do they make the most annoying, user-hostile dark pattern cookie banners they can come up with? No, website operators hate that they have to either stop spamming thousands of tracker scripts or put up a banner.

They found out that they can offload blame on the EU instead and so have chosen to make the web as annoying as possible.

reply
upvoteby anonzzzies4 hours ago|
parent|
next
[-]
Yeah, that's more the point; in discussions with clients I very often get asked how far we can go without any consent. Most companies want all the privacy ignoring stuff and they don't want to tell their users about it.
reply
upvoteby microgpt3 hours ago|
parent|
[-]
Realistically you won't be caught analyzing server-side logs of things the client is doing anyway, even if you don't follow GDPR rules with those logs. But they want Google Analytics, right?
reply
upvoteby dgellow4 hours ago|
parent|
prev|
[-]
Most of them don’t care and just integrate whatever is the most common cookie banner widget because their legal team asked them to
reply
upvoteby sensanaty3 hours ago|
parent|
prev|
next
[-]
The solution to that one is pretty simple, simply don't collect information you don't need, and you can avoid the banner altogether! Github manages to not have banners, it's not because of magic.
reply
upvoteby goobatrooba2 hours ago|
parent|
prev|
[-]
There is no obligation to put a banner of you don't sell your users' data to third parties. The law is very clear that your don't need it for period technical cookies, so it's really always and every time solely about tracking and advertisement money.
reply
upvoteby microgpt1 hours ago|
parent|
[-]
You do need it for analytics though, or any other non-essential purpose.

You could probably argue self-hosted, privacy-preserving analytics is a "legitimate business purpose" so doesn't need consent. AFAIK it's because you're sending user data to Google that you normally need consent for GA.

reply
upvoteby 4 hours ago|
prev|
next
[-]
deleted
reply
upvoteby ajsnigrutin4 hours ago|
prev|
next
[-]
99% of the people just click accept and go through.

This could be solved on the client side, by requiring all devices with browsers sold in EU to have separate cookie jars per domain and by default those cookies would be deleted on window/tab close. If you wanted to stay logged in to a site, you'd click a button next to the url bar that says "keep cookies for this domain", and be done.

reply
upvoteby sensanaty3 hours ago|
parent|
[-]
Cookies have literally nothing to do with GDPR or the ePrivacy directive. It is mentioned I think twice total in both documents as an example of how user data is persisted and tracked across domains, but ultimately the mechanism is irrelevant.
reply
upvoteby grayhatter3 hours ago|
prev|
[-]
So you like the law, but don't like how it didn't actually solve the problem it was trying to solve?

I assume you're pretty well read up on matters of privacy, right? So you have a better awareness and understanding. But do you believe the average person does? Or would you assume that the average person has either been trained to ignore the banner, automatically consent to more invasive tracking, or is generally more confused about why the banner exists, or what it does?

The cookie consent law is the dumbest application of an attempt to improve privacy. It's made the internet worse, and is being used to train people into consenting to giving away their privacy without thinking... because: "clicking accept is what you have to do to use the page" -- every normal person casually browsing any site.

No implementation for cookie based consent can be done correctly.

Personally, I'd love to see a law that makes any/all dark patterns a crime, and empowers state prosecutors via grand jury to bring charges for them against both the company, and individual authors of the specific commits as jointly responsible. I don't want statutory laws, I want a trial jury to look at it, and decide if any technological measure, pattern, tactic, procedure, design, or measurement was used to encourage one decision over the other instead of a fair choice.

I don't want a set of rules that given enough funding any company is able to win as a negative sum game. I want a jury, not a trailing clause, to decide if the company is clearly acting in good faith or worthy of apocalyptic fines.

reply
upvoteby vouwfietsman2 minutes ago|
parent|
[-]
> So you like the law, but don't like how it didn't actually solve the problem it was trying to solve?

(Not the person you replied to)

I'm not sure where all of this is coming from, the law is actually extremely obvious and useful: you want to track people, they have to be informed, and have to consent. The law says nothing about how, and the way it was implemented was entirely up to the corporations discretion, which of course opted for the most malicious terrible way to do it, but they did it.

The purpose of the law was that people should be informed about cookies being installed and consent to that happening.

Do you feel like people are now aware that cookies are being installed, more so than before the banner? Do people understand that they are consenting to this?

That is the law at work.

Everything above and beyond that is nice to have, and I'm sure the world would be better for it, but without the EU, people probably wouldn't even know what cookies were, let alone understand (or have control over) how they are being tracked.

If that's not a net positive in a world where net-negatives happen every week, I don't know.

reply