- cross-posted to:
- technology@lemmy.world
- europe@feddit.de
- cross-posted to:
- technology@lemmy.world
- europe@feddit.de
You must log in or register to comment.
It would be nice if the options weren’t like “Enable all cookies” and “navigate 4 menus that try to convince you to enable all cookies.”
It would be better if you could set your preference on the browser once and never have to mess with it again unless you want to have exceptions for specific sites
I’m not a fan of the cookie consent popups, but I do appreciate the EU actually trying to do something to protect people’s privacy. Seemingly the only major entity to do so right now.
deleted by creator
A better solution would be to force sites to care about the Do Not Track browser setting that currently does nothing as told by the browsers themselves.
Exactly this. The goal of requiring explicit cookie consent/refusal is admirable, but the implementation of cookie banners is both useless and terrible. We already have a way to communicate to websites whether we’re alright with cookies or not, they’re called HTTP headers.
The irony of DNT becoming another data point to fingerprint you with sucks.
Just add 2 things:
- Cookie settings are possible to set in the browser for all pages.
- There’s a reject all button on every cookie banner.
- There’s a reject all button on every cookie banner.
Most importantly, those banners should be streamiled to look the same at the very least. No highlighing “ACCEPT ALL” while graying out “reject all” nonsense. No swapping the buttons left and right, top to bottom trickery. I’d prefer if the browser takes care of it all, though. I’m already using a plugin for that, though it comes with draw backs.
Which plugin do you use?
I am using „I still don‘t care about cookies“ for Firefox. It basically auto-selects the least required cookies possible. Though some sites don‘t offer opt-out so it will automatically accept those cookies. Not perfect, but I really can‘t be bothered to do a cookie captcha every time I open a private tab for example.
But even if you reject all, you still allow them to track you through the legitimate interest cookies
That doesn’t sound like a legitimate interest and should be fined or something.
- No there most definitely is not. Most banners have a big yes button, and you need to scroll to a settings button and then do five more things to not get cookies.
He said that should be added
So true. And then you have Schibsted, Norways biggest media conglomerate; the only way to reject cookies is that you have to log in in order to reject it! According to the cookie law (no idea what it’s called), it’s illegal. It’s been reported to the EU and Norwegian government numerous times, but nothing happens. Fuck Schibsted!!
In my experience a lot of italian (particularly “news”) websites basically say “accept cookies or sign up for our paid subscription”
Incognito and accept all
I meant it should be added as a default thing you have in every one of those things.
well, not on every cookie banner
The reject all is already a thing. (Well is not all all, but reject all except necessary but those doesn’t matter much, they are not tracking).
That said usually is not called this way as obvious, sometimes is just “reject” without the all, “accept only necessary”, “decline”, etc or you have to close the banner etc or they use some other confusing pattern.
It should be just a browser option.
You set cookies on or off, ans the browser sends the option in the headers. Websites just need to take the option from the header instead of a banner.
It already exists and is called “do not track”.
Unfortunately by sending DNT you are merely suggesting to the server that you wish to not be tracked. There’s no requirement for the server to actually care about you at all.
Now, if DNT were actually legally binding though - that would indeed be very cool.
Yes and this is what they should have legislated. I don’t know if lobbyists or stupidity got in the way, or both. But the fact that this news comes now so close to Google Chrome abolishing cookies for its new “privacy” feature is suspicious timing.
There are addons (for firefox at least) where the cookie banner will come up but your browser auotmatically refuses all cookies.
Yes, but it often doesn’t work and even when it does the site is unusable while it works, which for some particularly awful banners is several minutes. The situation is worse on mobile where most people have a browser that you can’t install add-ons to (and I’m not sure if that one works in firefox mobile anyway)
This is the one I use. It’s FOSS and developed at a university.
Am I mistaken in believing it is an already a browser option?
Off the top of my head Qutebrowser and Falkon both support not-saving 3rd party cookies.
Your browser can not save third party cookies, but it might break some sites. Some advertising situations allow the use of first-party cookies, and blocking first-party cookies will break most sites.
In either case you will still have to fill out the consent form, and if the consent is stored in the kind of storage you block, then you will have to fill it out every single time you visit.
The DuckDuckGo browser has this baked in as ‘Cookie Pop-up Protection’. It doesn’t quite get rid of them all, and doesn’t let you set a default for what you want (it’ll basically pick the most privacy-forward option) but I’ve found it works pretty well.
if website has a choice, then they will often choose an option that benefits them the most.
Good news is third party is being phased out now https://developer.mozilla.org/en-US/blog/goodbye-third-party-cookies/
Now don’t make it worse!
Narrator: They made it worse
‘they always can, they always will’
I’d be happy to keep the ones that say:
“we notice you are in europe and we can’t use our cookies to track you so you can’t come to our website”
It’s good to know sites with policies like that to ensure I never visit them.
Typically, those already have geo filters because they can’t be bothered to implement EU requirements.
Unless you’re outside of the EU, of course, in which case you’ll probably be tracked no matter what.
The EU law explicitly says no consent by default and users have to opt in. All of these cookie banners are breaking the law, the law doesn’t need to change it just needs enforcing and these banners will disappear. We already have a do not track header and that could be complied with but it’s enforcement that is the problem.
How do they break the law? The opt-in forces them to ask you first and that’s what the annoying banners do. Sites that don’t care about tracking also don’t show these pop-ups.
The default should always be “no”. The user has to opt in.
The law specifically says not to do the super complex dark pattern deny every 3rd part cookie manually by hand - crap.
The problem is that it’s not enforced
The user often needs to click through several steps to say no
And that’s exactly against both the spirit and the letter of the law. They need to enforce it.
What if this wasn’t a website issue but a browser one. Browsers invented cookies so browsers should be the ones to implement the banner feature. All Developers would then be forced to implement fallbacks to their cookies since the user could turn cookies off. If it was browser based fix then it would be a consistent UI and developers wouldn’t be able to do shady shit(at least with cookie consent is concerned)
Damn, this is a really great solution. Then I could decide once if I wanted the cookies and the browser would decline/accept(lol) all from that point.
Ahh a good idea. Basically guarantees it will never get done.
Eh, I think cookies should just be opt-in unless they’re absolutely necessary for the site to function.
Then all cookies will be considered necessary. It’s very hard to legislate the edge case.
It’s already the case that necessary cookies don’t need permission, but websites do not abuse this to not show the prompt. This is because the legislation has teeth.
Companies already bundle their invasive data collection with necessary features so if you block it than the website just won’t work, this would incentivise that behavior if necessary cookies are automatically approved.
This is exactly the spirit of the cookie law
This is what the regulation was all about. The law did not said anything about cookies, they are the core web technology, just that you must be asked for personal data processing.
Not only are they annoying, they go half way to legitimising the theft of user data.
Exactly. Identify what uses are legitimate and what uses aren’t, and legislate directly. None of this consumer consent crap because it’s meaningless to consumers. No consumer benefits from their browsing habits being under surveillance.
Was done before too, but now the websites simply need a banner for using categories of cookies which require it (tracking, marketing, …)
And we already have GDPR at least limiting activities in a broad sense. (of course lots of leeway, but still much better than before)
You cannot do more with a cookie banner you couldnt already do before.What do you mean? GDPR allowed for the “unless the visitor agrees” stuff so that’s why we see cookie banners everywhere.
I would say it should either be allowed or not, depending on the use case. A navigation app should be able to track your location for the service they provide but not for ads or selling to other companies. Your calculator app has no business even asking. Profile based advertising (rather than content based) should be banned wholesale. That sort of stuff
The cookie banner is only required to store data on the users device. the tracking without is still possible and potentially allowed via legitimate interest.
If they want more they already ask for more outside the cookie banners when they require or want to have your consent (e.g. consent to load content from sources which will transfer your data outside their control e.g. youtube-embedings)
The limitations of whats allowed is already established in the GDPR, so anything you cannot find legitimate reasons for is already not allowed e.g. simply selling your data to other companies (as long as they include PII)
And as coupling is not allowed either its not allowed to couple consent with a cookie banner (which should only be used to ask for permission to store data for purposes which arent required for the usage).What we do need is to have a technical implementation of the browser to tell the website via standardized methods what is allowed or not.
At least the regulation show us how shady internet is. That banner only shows up if the website is going to use cookies to use your data as a way to make profit. The fact that every website is doing that was eye opening for a lot of people.
Lol I’m a web developer who has put hundreds of those banners on clients’ sites. Not as part of some nefarious data-selling scheme, but rather as a shallow tickbox exercise in order to comply with laws about technology they don’t understand.
In this case, assuming ignorance over malice is the way to go.
In this case i assume you’re an ingnorant developer who didn’t thought of better options to comply with the law
In any case you are welcome to make incorrect assumptions, especially if my statement hurt your feelings.
deleted by creator
It does… ¯\_(ツ)_/¯
I bet they will keep adding loopholes to keep websites bullying their visitors.
why bother making legal frameworks when you can’t enforce them, there are hundreds of thousands of website including very prominent ones that hide the “reject all cookies” button after a second screen prompt. or flat out force you to opt-out of every second cookie category , just so you give up. they haven’t been fined. and they know EU authorities aren’t bothered either, so they keep infringing on the GDPR.
I saw one that required you to decline every single company that was purchasing marketing data from the site. It was like 300 companies long where you had to click the slider to turn them each off individually.
Sometimes, it’s difficult to discern which setting of the slider is on or off. They use nonstandard colors or don’t explain in text which setting signifies each option.
deleted by creator
