this post was submitted on 19 Mar 2024
109 points (86.1% liked)

Technology

59123 readers
2290 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
109
There is no EU cookie banner law (www.bitecode.dev)
submitted 7 months ago by [email protected] to c/[email protected]
19 comments fedilink hide all child comments
 

cross-posted from: https://sopuli.xyz/post/10573247

There is no EU cookie banner law

all 20 comments
sorted by: hot top controversial new old
[–] [email protected] 33 points 7 months ago (3 children)

Ever since sites started doing this, StackExchange has been the one constant thorn in my side. "We'll only ask you once" and yet that popup has appeared every single time I have visited the site, and I'm there quite frequently for programming questions. Other sites like StackOverflow were able to store a cookie containing my selected preferences, but SE seems to ignore my selection and I finally gave up even trying to click on the banner years ago.

Funny thing is, I checked them again after reading this article, and suddenly there is no cookie banner on the page. Hopefully they finally got it fixed and this isn't just some temporary fluke.

[–] [email protected] 11 points 7 months ago (1 children)

uBlock usually blocks those cookie pop-us for me, didn't really noticed them.

[–] [email protected] 11 points 7 months ago (2 children)

I've been running uBlock Origin forever, didn't even know reddit had ads until people started complaining, but it's never done anything for these stupid cookie warnings.

[–] [email protected] 3 points 7 months ago (1 children)

You need to enable filter lists for that. I have uBlock filters - Annoyances and EasyList/uBO - Cookie Notices activated under the Annoyances tab

[–] [email protected] 1 points 7 months ago

Thanks! Guess I should look through the available filters list more often.

[–] [email protected] 3 points 7 months ago

Maybe try consentomatic?

[–] [email protected] 1 points 7 months ago

If nothing else works, use a CSS-rewriting extension to set the cookie banner to display:none. Has to be done per-site, unfortunately.

[–] [email protected] 1 points 7 months ago

Consent-o-matic/I still don't care about cookies both work really well. I haven't seen a banner in months.

[–] [email protected] 29 points 7 months ago (3 children)

Even if they were such a thing as a cookie banner law, and there is none, companies in the USA would not have to comply in their country.

It would be only for Europe.

This is a pretty naive take.

If you operate in Europe, you must comply with GDPR. To selectively show a cookie banner, you have to be able to identify the (location of) the user.

It is totally reasonable for a company to operate in Europe but not wish to implement a full identity or location detection system. And so they just show the opt-in prompt to everyone.

And you can't just implement that by using the browser's location API, because European users can totally choose to not share their location with you using that API. But you still need to comply for those users.

There has been for years a proposal for a standard, designed in 2009 (!), still available in all the popular web browsers (except safari) that can make for a seamless experience: the DNT header.

The diversion about the DNT header is irrelevant.

Firstly, it is not codified in law that the DNT header is canonical. What if a user forgets to check the box? What should the default be? What kind of UX should be presented to users? This stuff needs to be spelled out in law for DNT to be a valid way to express opt-in.

Secondly, it's not a robust per-site permission. Browsers only let you set it globally.

Thirdly, it's actually bad for privacy. By making your headers different from the majority, you are easier to fingerprint. This is why Safari does not implement it.

Be mad at companies

I get the spirit of the article.

But the GDPR has pushed the problem of consent to the users, and they haven't done anything to make this easy or convenient. Therefore cookie banners are inevitable. Like, you can't blame companies for acting in their own self interest; that is entirely counter productive.

The EU needs to solve this.

First, go after the data brokerage industry so that it is no longer profitable to sell user data.

Second, regulate how websites can seek permission. Ideally by specifying a consent API and requiring browsers to implement a sane UX.

It will be much more productive to try to solve this with the handful of Browser vendors than trying to regulate each and every consent banner.

[–] [email protected] 19 points 7 months ago

Does the law not specify that accepting and rejecting should be just as easy? And companies simply ignore that.

If I can just hit a reject all button it would be fine, a plugin can do that too.

[–] [email protected] 13 points 7 months ago

Excellent analysis. Especially this part:

It will be much more productive to try to solve this with the handful of Browser vendors than trying to regulate each and every consent banner.

Early cookie banners were a bad experience but they were manageable. But now thing have transitioned into content-blocking modals, dark patterns, forced individual consent/rejection for each and every one of the 943 partners they're selling your data to, sites that refuse to serve content if you reject tracking and other ways to frustrate the end user.

I'm done with every piece of shit predatory actor inventing their own way of malicious compliance with the GDPR. You either implement the user-friendly consent API or you get no more tracking at all. Paywall your shit for all I care, at least then you'll have a sustainable business model.

[–] [email protected] -2 points 7 months ago (1 children)

I didn't bother reading much of your comment, but businesses obviously already need to detect which countries users come from. I'm sure you can come up with at least one reason on your own.

[–] [email protected] 4 points 7 months ago

They absolutely don't need to detect the country of their users. Simple popup asking, if you're in an EU country, and then adapt according to the users answer.

[–] [email protected] 15 points 7 months ago (1 children)

Is Cookie Monster forming through those bars like the T1000?

[–] [email protected] 4 points 7 months ago

There is no cookie. Only Zuul

[–] [email protected] 7 points 7 months ago (1 children)

Websites should only track if DNT is 0. Null means no consent, 1 means rejection.

Consent has to be given, not assumed.

[–] [email protected] 1 points 7 months ago (1 children)

Consent does indeed have to be given, not assumed. But "legitimate interest" cookies do not need consent

[–] [email protected] 2 points 7 months ago (1 children)

And every crappy app and website has 300 "legitimate interest" cookies 🤑🤮

[–] [email protected] 1 points 7 months ago

Yup, they serve ads and they "need" the information for that