”Cookie banner” is a misnomer. These consent popups are usually asking for you to consent to having hundreds if not thousands of companies build and sell a profile of you. They will combine your behavior and device data from various sources, identify you across platforms by linking device IDs, and ultimately sell your privacy to the highest bidder.
Typically, you can’t even turn these permissions off, nor can you deny consent or object to their purposes: they are increasingly claiming they are for ”fraud prevention” or some other technical purpose which doesn’t land under consent or the ”legitimate interest” umbrella.
... All so I can have ads that are actually more relevant to me.
Sounds horrible. >..<
The (...fortunately a) handful of places I've worked at which dealt with this sort of thing were very strict about removing PII.
I'm more concerned about only being shown information (not just ads for products) relevant to my click-tuned interests as I think that's just contributing massively to political polarization.
Simply enable the “cookie notices” list in ublock origin (available on every platform now, even iOS). According to the EU law if you don’t click accept it’s equivalent to denying.
> According to the EU law if you don’t click accept it’s equivalent to denying.
The result is the same. Technically there's no such thing as denying, only providing (explicit) consent. If consent is required and no consent is provided, then there is no ground for processing.
How do you object to the site's legitimate interest use of your personal data? That is a legal grounds for processing, which can be enabled by default as long as you are provided with an option to actively object.
>How do you object to the site's legitimate interest use of your personal data?
With the legitimate individual control over one own data required to run a healthy society and unavoidable to sustain a democracy. If a business can't exist without threatening society, the sooner it's going out of existence the better.
If it is an actual legitimate interest then you would likely be expected to contact the site out of band to object to the use of your data. Depending on the technical details you might not be able to continue using the site after a successful objection. In some cases the site might be able to reject your request.
The cookie banner thing is intended to allow the user to explicitly provide consent, should they for some reason wish to do so.
It’s also to check if something works. I recently added something new and while I cannot and will not track any personally identifying information, I still need some data if people go through the whole process alright. That covers legitimate interest. It’s the minimum data I collect and its get wiped after some time.
An IP address is not "personally identifiable data". You can not know who the person is just because you got an IP address in the request.
We are almost 10 years into the GDPR, and we still have these gross misunderstandings about how to interpret it. Meanwhile, it has done nothing to stop companies from tracking people and for AI scrapers to run around. If this is not a perfect example of Regulatory Capture in action, I don't know what is.
> An IP address is not "personally identifiable data".
Of course it is [1][2].
> We are almost 10 years into the GDPR, and we still have these gross misunderstandings
That reads very smug and especially ironic since it describes exactly where you are now. If only there was some place to read about it and clear up the gross misunderstandings. I’ll give you the money shot to save 10 more years:
> Fortunately, the GDPR provides several examples in Recital 30 that include:
> Internet protocol (IP) addresses;
From Recital 30:
> Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses
Also: the consent has to be informed consent. Me clicking away a nag banner, even if I click "accept" isn't informed consent by the definition of the law.
You want to share my data with your 300+ "partners" legally? Good luck informing me about all the ways in which every of those single partners is using my data. If you are unable to inform me I can't give consent, even if I click "Accept all". That is however a you-problem, not a me-problem. If you share my data nontheless you are breaking the law.
Breaks many websites though and you'll be wondering why something doesn't work and then you have to remember you checked that ublock checkbox a few months ago.
I think in the last 12 months of using that unlock list I've only counted less than five times where sites have broken with that list enabled, I don't have to even disable the entire list. You just disable u-block for that specific site
I've found it to happen much more frequently than that, unfortunately. Usually it's because the modal is two DOM elements - a backdrop, that fades out the rest of the content and sits on top of it/prevents interaction; and the actual consent modal. Websites then use various mechanisms to prevent scrolling. uBlock is often only removing the actual dialog, so you end up with a page you can't scroll up or down and can't interact with.
If you're going to turn the filters on, it's worth being aware of this because it's far from flawless.
Until this moment, I did the same thing… but right now I realize, this behavior incentivizes a domain owner to intentionally break their site, to trick the visitor to disable their blocker.
Then the browser: refreshes the page, downloadz all the thingz… presents cookie banner.
I’ve been using uBlock (or Brave) for years now, and when “something doesn’t work right” the first thing I often do is lower my shields… :facepalm:
From now on, I’ll just bounce. Keep your cookies, I’m not hungry.
Complain and use a different site. There are only few websites which offer a truly unique service. If enough complain and walk away, something might finally change.
This extension gives you more choice than denying or allowing everything though, you get granular choice automatically applied to all websites where it works
This extension gives me my preferered web experience. Namely it tries to automatically fill in the cookie pop-ups for you, instead of hiding it. You can actually enable functional cookies, which are useful. Then when filling the cookie popup doesn't work, you can fill it in manually. This is a huge improvement over the ublock hiding of popups, which actually breaks sites time to time.
What works pretty well for me is the "i don't care about cookies" extension for firefox; my default privacy policy is to throw away cookies when the browser restarts, which I do a few times per day anway.
Th consent is about tracking and your data, not specifically cookies. If you accept them tracking and selling your data then deleting cookies only impacts one way that happens.
That extension might allow tracking. From their Chrome add-on page:
When it's needed for the website to work properly, it will automatically accept the cookie policy for you (sometimes it will accept all and sometimes only necessary cookie categories, depending on what's easier to do).
Deleting cookies is insufficient because of browser fingerprinting, which you just consented to.
True, but considering that the extension was bought in 2022 by Avast, maybe it has its own tracking built in by now or will have something concerning done to it in the future. So even if the user does not care about cookies that much I would still recommend this new extension over "I don't care about cookies"
But this thread stars with someone saying they don’t care about cookies because they’ll delete them anyway. That’s different than saying they don’t care about their privacy, so it’s worth pointing out that accepting every cookie banner does have privacy implications beyond just having cookies placed.
It always impresses me how its actually easy not to need these banners yet everyone will consistently participate in the civil disobedience of annoying their users. No doubt in the hope of making people mad at the EU.
To the point that people are worried when cookie banners are not required now. I have had a few worried conversations on why our site doesn’t have a cookie banner.
The answer is simple, we don’t track our users, and login is explicit consent and functionality which doesn’t require a prompt under GDPR.
If it's that easy to not need the banners, I'd expect EU websites themselves to lead the "no cookies needed" movement.
Yet https://european-union.europa.eu displays a cookie banner for tracking on what is essentially a static informational site. If the EU itself feels tracking is valuable enough to warrant the banner on their own pages, it's hard to fault businesses (whose survival actually depends on understanding their audience) for making the same choice.
At least they're compliant with their own regulation, I suppose.
It's really enraging. Even EU's official sites use the banners, and probably for sites where they wouldn't (or at least shouldn't) even be needed.
It seems that very few, even lawyers, really understand when explicit consent is not needed, and instead we get cargo culting of pointless consent banners everywhere.
The situation has become such that "consents" aren't really meaningful at all, as people just want to get rid of the banner, and it becomes US style contract theatre.
Same with https actually. I still reach some home made website or paper published in this or that legit small university or department without a certificate. Most browser send messages like this is a life threatening move.
I've seen that in a few places, yeah! I think I personally would just put something in the footer and have a specific page for it that I can link people to.
I really hope that I never end up in a situation where someone tells me "well the conversion rate would be much higher if you just stopped fighting it and put up the damn banner".
Regular user here. Cant live without this addon, I absolutely love this. Its been a while since I have to manually dismiss a consent popup. Although the redirects from Google and company can get a bit annoying.
It goes through the "reject all tracking" flow. Other solutions automate clicking "accept all tracking" (since that's usually simpler), or just hide the pop-ups.
Trump promised tariffs would bring Manufacturing Consent back. The consent industry voluntarily complied, as demanded -- fully automated and GDPR-compatible -- in stark contrast to his own well-documented contempt for and violation of consent.
Typically, you can’t even turn these permissions off, nor can you deny consent or object to their purposes: they are increasingly claiming they are for ”fraud prevention” or some other technical purpose which doesn’t land under consent or the ”legitimate interest” umbrella.
Sounds horrible. >..<
The (...fortunately a) handful of places I've worked at which dealt with this sort of thing were very strict about removing PII.
I'm more concerned about only being shown information (not just ads for products) relevant to my click-tuned interests as I think that's just contributing massively to political polarization.
The result is the same. Technically there's no such thing as denying, only providing (explicit) consent. If consent is required and no consent is provided, then there is no ground for processing.
https://noyb.eu/en/your-right-object-article-21
With the legitimate individual control over one own data required to run a healthy society and unavoidable to sustain a democracy. If a business can't exist without threatening society, the sooner it's going out of existence the better.
The cookie banner thing is intended to allow the user to explicitly provide consent, should they for some reason wish to do so.
Legitimate interest is for example a website using your IP to send you the necessary TCP/IP packets with the website's content upon request.
Many websites use the term "legitimate interest" misleadingly (or even fraudulently), but that's not how GDPR defines it.
We are almost 10 years into the GDPR, and we still have these gross misunderstandings about how to interpret it. Meanwhile, it has done nothing to stop companies from tracking people and for AI scrapers to run around. If this is not a perfect example of Regulatory Capture in action, I don't know what is.
I'd argue that's the opposite of regulatory capture.
Of course it is [1][2].
> We are almost 10 years into the GDPR, and we still have these gross misunderstandings
That reads very smug and especially ironic since it describes exactly where you are now. If only there was some place to read about it and clear up the gross misunderstandings. I’ll give you the money shot to save 10 more years:
> Fortunately, the GDPR provides several examples in Recital 30 that include:
> Internet protocol (IP) addresses;
From Recital 30:
> Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses
[1] https://gdpr.eu/eu-gdpr-personal-data/
[2] https://gdpr.eu/recital-30-online-identifiers-for-profiling-...
You want to share my data with your 300+ "partners" legally? Good luck informing me about all the ways in which every of those single partners is using my data. If you are unable to inform me I can't give consent, even if I click "Accept all". That is however a you-problem, not a me-problem. If you share my data nontheless you are breaking the law.
If you're going to turn the filters on, it's worth being aware of this because it's far from flawless.
Then the browser: refreshes the page, downloadz all the thingz… presents cookie banner.
I’ve been using uBlock (or Brave) for years now, and when “something doesn’t work right” the first thing I often do is lower my shields… :facepalm:
From now on, I’ll just bounce. Keep your cookies, I’m not hungry.
https://news.ycombinator.com/item?id=30625218
https://news.ycombinator.com/item?id=41479882
https://news.ycombinator.com/item?id=35562230
Instead i use this https://github.com/OhMyGuus/I-Still-Dont-Care-About-Cookies
To the point that people are worried when cookie banners are not required now. I have had a few worried conversations on why our site doesn’t have a cookie banner.
The answer is simple, we don’t track our users, and login is explicit consent and functionality which doesn’t require a prompt under GDPR.
Yet https://european-union.europa.eu displays a cookie banner for tracking on what is essentially a static informational site. If the EU itself feels tracking is valuable enough to warrant the banner on their own pages, it's hard to fault businesses (whose survival actually depends on understanding their audience) for making the same choice.
At least they're compliant with their own regulation, I suppose.
It seems that very few, even lawyers, really understand when explicit consent is not needed, and instead we get cargo culting of pointless consent banners everywhere.
The situation has become such that "consents" aren't really meaningful at all, as people just want to get rid of the banner, and it becomes US style contract theatre.
I really hope that I never end up in a situation where someone tells me "well the conversion rate would be much higher if you just stopped fighting it and put up the damn banner".
https://support.mozilla.org/en-US/kb/cookie-banner-reduction