Instead of hating the EU, how about directing your hate towards the bad players of the web? Cookie banners are not the fault of the EU, but the fault of companies disrespecting privacy rights and pushing data collection, ads and all possible shady growth hacking strategies towards the user. I am glad that a government body actually made this possible and made visible how horrible the internet is.
Cookie banners are absolutely the fault of the EU.
Users have always been in control of whether they accept cookies. There have been settings in your browser since (at least) Netscape 3.0. It's only because of dumb EU laws that cookie control has been pushed up into "user space" with these idiotic banners that no one reads.
It seems like you don't practice what you preach, seeing how Hacker News relies on cookies for authentication.
Besides, GDPR isn't about cookies, it's about what companies are allowed to do with your personal information. Functional cookies don't require consent, abuse of your personal data does.
Our machines always had Cookie Pal [0] installed on them, and it allowed per domain settings for rejecting cookies and control over third party cookies [1].
> Cookie Pal includes the following features:
> Automatically and transparently accepts or rejects cookies from all or specified servers without user interaction.
> Cookies received from unspecified servers can be automatically accepted or rejected without user interaction, or the user can be asked for confirmation.
> "On the fly" adding of servers to the accept from and reject from lists, allows you to manually accept or reject a cookie the first time it is received and then have it automatically accepted or rejected every time it is received thereafter.
A bad bandaid is still a bad thing, regardless of what it is covering up. Cookies are table stakes on the internet. This is the wrong solution to a completely different problem.
Website analytics can be incredibly useful for designers and developers; giving those up would be a huge hit to a lot of companies, large and small, so it's understandable that they're not going to do so.
Random example from more than a decade ago: I worked at an online retailer, and we did a nice redesign of our cart page. Looked great, much more readable, but we started losing sales. Did people hate the redesign? It was certainly easier to use and navigate.
Our marketing guy looked at our analytics and saw that there was a massive drop in checkouts from users whose displays were set to 1024x768. He changed his resolution and, sure enough, the 'Checkout' button was something like four pixels below the bottom of the screen, if you were using Internet Explorer or Chrome and you had your browser maximized.
I get that analytics can seem creepy and gross, and stuff like that is 'none of [retailers'] business' to a lot of people, but without those analytics we would have had no idea why we lost those sales, and would have had to simply revert the redesign with no real opportunity to change it.
The EU allows you to get stuff like 1024x768 without tracking individuals. This metric works just as well in aggregate. You can have metrics without per user id, or with an ephemeral id that evaporates when you leave the site.
Yeah, sorry but some small dev story won't bulge my opinion on this extremely lucrative 1984-esque business. I can come up with tons of similar battle stories for reason X or Y, they are nothing but tiny largely meaningless anecdotes. Also, you could have just spent a tiny bit more on UI testing and discover these rather obvious UI issues.
I'd expect a bit more from smart people who see very well into what kind of society we are going full speed, with no way out once in (if you don't consider going back to caves as a good option, I don't).
Its very fabric of whole society our kids will live in we are talking about here, nothing less. Is pretty clear what directions the biggest corporations are taking, hey are not even trying to hide what's in plain sight. If we common folks don't at least attempt to stop it or steer it in other direction I am worried nobody else ever will.
> Website analytics can be incredibly useful for designers and developers
I'd have sympathy for these people if they weren't also primarily responsible for the many darkpatterns, traps, and user-hostile aspects of modern interactivity.
> Website analytics can be incredibly useful for designers and developers; giving those up would be a huge hit to a lot of companies, large and small, so it's understandable that they're not going to do so.
Everyone thinks that but in practice most folks don't have a clue what they're looking at and just use the numbers as a crutch for whatever opinion they already had.
Of course, this problem isn't just a web analytics one.
> Website analytics can be incredibly useful for designers and developers; giving those up would be a huge hit to a lot of companies, large and small, so it's understandable that they're not going to do so.
Yes, but the cost of doing that through GA is that a single US megacorp outside EU jurisdiction can reconstruct most users entire browsing history for whatever US intelligence wants to do with it.
> Website analytics can be incredibly useful for designers and developers; giving those up would be a huge hit to a lot of companies, large and small, so it's understandable that they're not going to do so.
And at small small cost of privacy violations and spying on users.
Doesn't HTTP has an header [0] for this? The user can opt easily in and out. I've just read the specs and find that it's being deprecated. Why? It may not be granular, but I believe anyone opting out of telemetry also does not want marketing tracking.
Yea websites straight up ignore it. Can’t currently find it but there was some wired/verge article detailing what they track of u and they actually mentioned as such too
> The Platform for Privacy Preferences Project (P3P) enables Websites to express their privacy practices in a standard format that can be retrieved automatically and interpreted easily by user agents. P3P user agents will allow users to be informed of site practices (in both machine- and human-readable formats) and to automate decision-making based on these practices when appropriate. Thus users need not read the privacy policies at every site they visit.
> Why is P3P useful?
> P3P uses machine readable descriptions to describe the collection and use of data. Sites implementing such policies make their practises explicit and thus open them to public scrutiny. Browsers can help the user to understand those privacy practises with smart interfaces. Most importantly, Browsers can this way develop a predictable behavior when blocking content like cookies thus giving a real incentive to eCommerce sites to behave in a privacy friendly way. This avoids the current scattering of cookie-blocking behaviors based on individual heuristics imagined by the implementer of the blocking tool which will make the creation of stateful services on the web a pain because the state-retrievel will be unpredictable.
> In some situations, the cookies we use to secure and authenticate your Google Account and store your preferences may be served from a different domain than the website you're visiting. This may happen, for example, if you visit websites with Google +1 buttons.
> Some browsers require third party cookies to use the P3P protocol to state their privacy practices. However, the P3P protocol was not designed with situations like these in mind. As a result, we've inserted a link into our cookies that directs users to a page where they can learn more about the privacy practices associated with these cookies.
> Our marketing guy looked at our analytics and saw that there was a massive drop in checkouts from users whose displays were set to 1024x768. He changed his resolution and, sure enough, the 'Checkout' button was something like four pixels below the bottom of the screen, if you were using Internet Explorer or Chrome and you had your browser maximized.
Hint: buy the cheapest crappiest laptop you can find. Test your site on it.
Why do you give those retroactive hints as if it is something obvious?
You are clearly confusing the issue here.
No one cares for your smartass solution for the problem - it's obvious enough once you are aware of the problem itself. The issue is tracking the problem in the first place.
Hints like "oh you should have just been totally aware of it in the first place" are plain naive.
> Website analytics can be incredibly useful for designers and developers; giving those up would be a huge hit to a lot of companies, large and small, so it's understandable that they're not going to do so.
I'll believe that when they don't have a huge banner that's covering a fourth of the page.
EU just requires explicit consent for non-table stakes/non-required persistent tracking.
> The commonly seen method of using a checkbox and a simple information note such as “remember me (uses cookies)” next to the submit form would be an appropriate means of gaining consent therefore negating the need to apply an exemption in this case.
If it is 'table stakes', like "remember me" checkbox, you don't need a separate cookie banner
Enforcement is part of regulation. If the policymakers of the EU put regulation in place without enforcing it promptly and consistently, then it is indeed fair to blame them for this mess.
It's not like this is limited to "bad players." It's standard procedure for almost every website. Whether that's good or bad is a separate topic - the point it's not just nefarious people using cookies to watch user behavior. Normal people use this information to make their websites better and create more effective products for people. Which is exactly what people said when this legislation was introduced. So instead of actually fixing anything, they made it worse. Now we're being tracked _and_ we have annoying nags that block content show up on every website, exactly like people said would happen when this legislation was introduced.
It's the same tired nonsense as when regulators try to tax a business that's already operating on thin margins and act surprised when the business passes the cost to their customers instead of eating it.
I'm not upset with the intent of what they were trying to do, which was noble; the upsetting thing is that it was patently obvious their hamfisted implementation would lead to this outcome, and they did it anyway, knowing they could count on people to deflect blame away from them.
It's not as if these companies are kicking in your door and violating your right to privacy. You're accessing their site with a device that is configured to transmit whatever you have it set to.
If you don't want cookies, disable cookies. If you want greater control, go and configure it yourself. Stop forcing your preferences on everyone.
The reality is that outside of a vocal contingent on HN, most people simply do not care. They won't pay a cent for their ad supported services. And I for one hate the endless consent popups and GDPR hoops I have to jump through. As an expat in London, I can't read many local news stories in the US because those sites simply block the traffic instead of trying to comply with a foreign law.
> You're accessing their site with a device that is configured to transmit whatever you have it set to.
This is not how it works.
Me visiting a website does not mean I want that website to send my personal identifiers to hundreds of unknown (both to me and the website operator in question) third parties.
I am using cookies as a catch all term, as many people do. I thought this was well known.
If you don’t want fingerprinting, disable canvas, fonts, or JS entirely. My point is that you are downloading code and then executing it. You have control.
