Just make it illegal to sell user data to “data partners”, and use cross site tracking.
Nobody actually “consents” to this shit. They just don’t read.
European Union set to revise cookie law, admits cookie banners are annoying
Submitted 10 months ago by neme@lemm.ee to technology@lemmy.world
https://www.techspot.com/news/101396-european-union-set-revise-cookie-law-admits-cookie.html
Comments
Blackmist@feddit.uk 10 months ago
isles@lemmy.world 10 months ago
I really wish we had a simulated world sandbox to try these ideas out in. I suspect this might lead to the end of most free websites.
Blackmist@feddit.uk 10 months ago
TV never targeted commercials directly at “Dave Smith, likes fishing and interracial porn, lives in Chesterfield, searched for new cameras recently”, but they still operated.
azertyfun@sh.itjust.works 10 months ago
Which free websites? The modern web is just:
- (Quasi-)monopolistic platforms (meta, google, xitter, etc.)
- Newspapers
- SEO filler
- Webshops
- Free sites already operating out of the goodwill of some random admin and making single-digit ad revenue anyway <– you are here
- Porn aggregators
- SEO filler
- SEO filler
- Wikipedia
- End of list
The only ones whose business model would truly be threatened and whose loss would be problematic are newspapers.
OTOH newspapers accidentally cornering themselves in a “freemium” business model has fucked journalism over so bad I’m not sure how it could even be worse.Free websites like the ones we are on barely exist anymore anyway, because how the fuck do you “compete” in the “free marketplace of search indexing” when some russian troll is burying you to page 5 of google’s search results and you can’t reach anyone via facebook or twitter without paying thousands?
wesley@yall.theatl.social 10 months ago
They can just run ads without all the tracking bullshit and data collection like they do on every other medium with free ad supported content like radio and television. Somehow I can watch TV and listen to the radio for free and they manage to stay running without monitoring my every move.
Might be less profitable for them but so be it. Just because tracking helps their business doesn’t mean it is justified.
yamanii@lemmy.world 10 months ago
A better solution would be to force sites to care about the Do Not Track browser setting that currently does nothing as told by the browsers themselves.
drugo@sh.itjust.works 10 months ago
Exactly this. The goal of requiring explicit cookie consent/refusal is admirable, but the implementation of cookie banners is both useless and terrible. We already have a way to communicate to websites whether we’re alright with cookies or not, they’re called HTTP headers.
deranger@sh.itjust.works 10 months ago
The irony of DNT becoming another data point to fingerprint you with sucks. What a joke
FluffyPotato@lemm.ee 10 months ago
Just add 2 things:
- Cookie settings are possible to set in the browser for all pages.
- There’s a reject all button on every cookie banner.
CosmoNova@lemmy.world 10 months ago
- There’s a reject all button on every cookie banner.
Most importantly, those banners should be streamiled to look the same at the very least. No highlighing “ACCEPT ALL” while graying out “reject all” nonsense. No swapping the buttons left and right, top to bottom trickery. I’d prefer if the browser takes care of it all, though. I’m already using a plugin for that, though it comes with draw backs.
catastrophicblues@lemmy.ca 10 months ago
Which plugin do you use?
vext01@lemmy.sdf.org 10 months ago
Right, this!
Tired of all the dark patterns.
iain@feddit.nl 10 months ago
No, just ban the collection of user data and selling to 3rd parties. Enormous fines for anyone still doing it. Destroy this entire industry please.
1rre@discuss.tchncs.de 10 months ago
The EU is primarily pro-business, but that also means being against anti-competitive and underhanded business practices
The browser thing sounds like a good solution (although there must be a reason why DNT headers weren’t made legally binding, potentially as they wanted to allow people to pick and choose what cookies they allow based on what they thought was “too far” or something but that’s conjecture), however disallowing all user data will likely lead to companies not being able to advertise to people who are interested in their products, something which the EU will see as a negative and would also cause an uptick in scams and misinformation as you see in low quality advertising space at the moment
PlutoniumAcid@lemmy.world 10 months ago
- No there most definitely is not. Most banners have a big yes button, and you need to scroll to a settings button and then do five more things to not get cookies.
Maestro@kbin.social 10 months ago
He said that should be added
PinkPanther@sh.itjust.works 10 months ago
So true. And then you have Schibsted, Norways biggest media conglomerate; the only way to reject cookies is that you have to log in in order to reject it! According to the cookie law (no idea what it’s called), it’s illegal. It’s been reported to the EU and Norwegian government numerous times, but nothing happens. Fuck Schibsted!!
FluffyPotato@lemm.ee 10 months ago
I meant it should be added as a default thing you have in every one of those things.
filister@lemmy.world 10 months ago
But even if you reject all, you still allow them to track you through the legitimate interest cookies
FluffyPotato@lemm.ee 10 months ago
That doesn’t sound like a legitimate interest and should be fined or something.
XTornado@lemmy.ml 10 months ago
The reject all is already a thing. (Well now not sure if is all all or only necessary but doesn’t matter much those are not an issue) Although usually is not called this way or they use some confusing pattern.
ad_on_is@lemmy.world 10 months ago
well, not on every cookie banner
daniskarma@lemmy.world 10 months ago
It should be just a browser option.
You set cookies on or off, ans the browser sends the option in the headers. Websites just need to take the option from the header instead of a banner.
zaphod@sopuli.xyz 10 months ago
It already exists and is called “do not track”.
MrOtherGuy@lemmy.world 10 months ago
Unfortunately by sending DNT you are merely suggesting to the server that you wish to not be tracked. There’s no requirement for the server to actually care about you at all.
Now, if DNT were actually legally binding though - that would indeed be very cool.
sndrtj@feddit.nl 10 months ago
That has been tried with the DoNotTrack header. Turned out servers didn’t oblige by it.
Rinox@feddit.it 10 months ago
That’s because it was entirely voluntary. It should be integrated in the browser by law, and the choice should be binding
ilinamorato@lemmy.world 10 months ago
Yeah, but if the EU required sites to pay attention to them…
CheeseNoodle@lemmy.world 10 months ago
There are addons (for firefox at least) where the cookie banner will come up but your browser auotmatically refuses all cookies.
FishFace@lemmy.world 10 months ago
Yes, but it often doesn’t work and even when it does the site is unusable while it works, which for some particularly awful banners is several minutes. The situation is worse on mobile where most people have a browser that you can’t install add-ons to (and I’m not sure if that one works in firefox mobile anyway)
bob_lemon@feddit.de 10 months ago
This is the one I use. It’s FOSS and developed at a university.
Falcon@lemmy.world 10 months ago
Am I mistaken in believing it is an already a browser option?
Off the top of my head Qutebrowser and Falkon both support not-saving 3rd party cookies.
FishFace@lemmy.world 10 months ago
Your browser can not save third party cookies, but it might break some sites. Some advertising situations allow the use of first-party cookies, and blocking first-party cookies will break most sites.
In either case you will still have to fill out the consent form, and if the consent is stored in the kind of storage you block, then you will have to fill it out every single time you visit.
Bluefold@sh.itjust.works 10 months ago
The DuckDuckGo browser has this baked in as ‘Cookie Pop-up Protection’. It doesn’t quite get rid of them all, and doesn’t let you set a default for what you want (it’ll basically pick the most privacy-forward option) but I’ve found it works pretty well.
JaddedFauceet@lemmy.world 10 months ago
if website has a choice, then they will often choose an option that benefits them the most.
Good news is third party is being phased out now …mozilla.org/…/goodbye-third-party-cookies/
lemann@lemmy.dbzer0.com 10 months ago
They should do something about “consent platforms” using various DNS tricks and thousands of domain names to bypass/evade user blocks.
I wasn’t so bothered about some non-invasive ads a few years ago, but I absolutely despise any kind of ad now TBH, and it’s mainly down to how persistent some of these platforms are with their evasion tactics
Also pretty ironic for their popups to talk about “respecting” my privacy when these platforms literally do the opposite of that to show their popup in the first place. I will not support any of them, in any way, on my network.
As soon as I see a new one appear when browsing, I chuck it into dnsdumpster so it can get recorded with the rest of them, and then block the new list from dnsdumpster (grid icon) on my network.
Adanisi@lemmy.zip 10 months ago
What’s annoying is the “Reject” button hidden on another page. That should be illegal.
FrederikNJS@lemm.ee 10 months ago
And it actually is… Quote from the GDPR:
It shall be as easy to withdraw as to give consent.
spirinolas@lemmy.world 10 months ago
The problem isn’t the law. It’s that it isn’t enforced.
Evia@lemmy.world 10 months ago
Plus the ‘legitimate interests’ of 3rd parties
FrederikNJS@lemm.ee 10 months ago
Yeah, definition of “legitimate interest” is definitely being stretched well beyond it’s breaking point.
redditReallySucks@lemmy.dbzer0.com 10 months ago
Pretty sure it is
nothing@lemm.ee 10 months ago
Now don’t make it worse!
metaStatic@kbin.social 10 months ago
Narrator: They made it worse
Broodjefissa@lemmy.world 10 months ago
‘they always can, they always will’
GiddyGap@lemm.ee 10 months ago
I’m not a fan of the cookie consent popups, but I do appreciate the EU actually trying to do something to protect people’s privacy. Seemingly the only major entity to do so right now.
cybersandwich@lemmy.world 10 months ago
That was my first thought as an American. It’s refreshing to see that 1. They attempted something meaningful in the first place 2. They recognize it isn’t perfect/not having the intended effect and are making adjustments.
This seems like a functioning government.
BrightCandle@lemmy.world 10 months ago
The EU law explicitly says no consent by default and users have to opt in. All of these cookie banners are breaking the law, the law doesn’t need to change it just needs enforcing and these banners will disappear. We already have a do not track header and that could be complied with but it’s enforcement that is the problem.
GigglyBobble@kbin.social 10 months ago
How do they break the law? The opt-in forces them to ask you first and that's what the annoying banners do. Sites that don't care about tracking also don't show these pop-ups.
lepinkainen@lemmy.world 10 months ago
The default should always be “no”. The user has to opt in.
The law specifically says not to do the super complex dark pattern deny every 3rd part cookie manually by hand - crap.
The problem is that it’s not enforced
Manmikey@lemmy.world 10 months ago
I’d be happy to keep the ones that say:
“we notice you are in europe and we can’t use our cookies to track you so you can’t come to our website”
It’s good to know sites with policies like that to ensure I never visit them.
Blackmist@feddit.uk 10 months ago
“It is literally impossible for us not to spy on you or sell your data. Sorry not sorry bye.”
AnUnusualRelic@lemmy.world 10 months ago
Typically, those already have geo filters because they can’t be bothered to implement EU requirements.
Unless you’re outside of the EU, of course, in which case you’ll probably be tracked no matter what.
lolcatnip@reddthat.com 10 months ago
One example I know if is my hometown newspaper, dentonrc.com; I have a friend who moved to Europe and was annoyed that they geo-blocked him, but I can’t really blame them. How many people are really gonna visit the site for a small American newspaper from the EU? From a business perspective it makes no sense for them to pay a developer to do more than the bare minimum.
StereoCode@lemmy.world 10 months ago
What if this wasn’t a website issue but a browser one. Browsers invented cookies so browsers should be the ones to implement the banner feature. All Developers would then be forced to implement fallbacks to their cookies since the user could turn cookies off. If it was browser based fix then it would be a consistent UI and developers wouldn’t be able to do shady shit(at least with cookie consent is concerned)
themurphy@lemmy.world 10 months ago
Damn, this is a really great solution. Then I could decide once if I wanted the cookies and the browser would decline/accept(lol) all from that point.
chitak166@lemmy.world 10 months ago
Eh, I think cookies should just be opt-in unless they’re absolutely necessary for the site to function.
ForgotAboutDre@lemmy.world 10 months ago
Then all cookies will be considered necessary. It’s very hard to legislate the edge case.
FishFace@lemmy.world 10 months ago
It’s already the case that necessary cookies don’t need permission, but websites do not abuse this to not show the prompt. This is because the legislation has teeth.
lepinkainen@lemmy.world 10 months ago
This is exactly the spirit of the cookie law
extant@lemmy.world 10 months ago
Companies already bundle their invasive data collection with necessary features so if you block it than the website just won’t work, this would incentivise that behavior if necessary cookies are automatically approved.
laurelraven@lemmy.blahaj.zone 10 months ago
Ah yes, the good ol Internet
ExploderExplorer tactic
smileyhead@discuss.tchncs.de 10 months ago
This is what the regulation was all about. The law did not said anything about cookies, they are the core web technology, just that you must be asked for personal data processing.
erranto@lemmy.world 10 months ago
I bet they will keep adding loopholes to keep websites bullying their visitors.
why bother making legal frameworks when you can’t enforce them, there are hundreds of thousands of website including very prominent ones that hide the “reject all cookies” button after a second screen prompt. or flat out force you to opt-out of every second cookie category , just so you give up. they haven’t been fined. and the know EU authorities are bothered either so they keep infringing on the GDPR.
BlueBockser@programming.dev 10 months ago
Lawmaking is a slow and tedious process full of compromises, and the EU is apparently the only governmental body that cares enough to actually do something against the wild west of digital tracking. I for one am happy about that, and contrary to public opinion the GDPR is actually being enforced (albeit not strictly enough).
daniskarma@lemmy.world 10 months ago
At least the regulation show us how shady internet is. That banner only shows up if the website is going to use cookies to use your data as a way to make profit. The fact that every website is doing that was eye opening for a lot of people.
TWeaK@lemm.ee 10 months ago
Not only are they annoying, they go half way to legitimising the theft of user data.
FishFace@lemmy.world 10 months ago
A start would be to require sites to remember non-consents for at least as long as they remember consents. Why do I have to be asked about cookies by every site every month?
lurch@sh.itjust.works 10 months ago
There are sites that respect the “do not track” setting of the browser and just display a small timed info on your first visit that cookies have been rejected. Example: geizhals.eu geizhals.de
dacookingsenpai@lemme.discus.sh 10 months ago
A serious law would be like (but in legalese):
- By default you CANNOT use tracking cookies
- If you want to use them you should have a Table that classify them based on how much fingerprint do they take
- Then you have to explicitly ask the user in the most clear and unintrusive way possible if you can track them
- And the consent should last 30 days max
huggingstars@programming.dev 10 months ago
Just don’t remove it entirely, currently companies will at least pretend to comply.
bEFORE yOU cONTINUE tO gOOGLE sure is annoying though.
WholeEnchilada@lemmy.today 10 months ago
It would be less annoying if you could easily tell it that you don’t want garbage. Instead, when you select your preferences you have to go through a whole list of options. By the time you’re finished customizing your cookie preferences you’ve forgotten why the hell you went to the page and what the hell the page is. It’s ridiculous. It should be as simple as having two buttons: one for accepting the site’s default garbage and another for for rejecting the site’s default garbage.
helmet91@lemmy.world 10 months ago
Oh. Someone at the EU Commission started to use websites? 🤔
linearchaos@lemmy.world 10 months ago
OH THANK f’ING GOD
victorz@lemmy.world 10 months ago
All of these comments that say different things, but all sound like “just do X, I’m an expert in EU laws and their theoretical consequences”. It’s as simple as that, is it? Wonder why nobody thought of that before.
Linkerbaan@lemmy.world 10 months ago
018118055@sopuli.xyz 10 months ago
Ban adtech
BaardFigur@lemmy.world 10 months ago
Should’ve just required it to be as easy to decline as it is to accept
Ktheone@lemmy.world 10 months ago
Common European Union W
beefontoast@lemmy.world 10 months ago
This is the worst output of EU regulation ever. How has it taken them so long to realise it’s annoying?! Don’t they use the internet in Brussels?
wahming@monyet.cc 10 months ago
About time. Last time I pointed out the uselessness of cookie banners, the reddit hivemind downvoted me to heck.
Ensign_Crab@lemmy.world 10 months ago
It would be nice if the options weren’t like “Enable all cookies” and “navigate 4 menus that try to convince you to enable all cookies.”
shasta@lemm.ee 10 months ago
It would be better if you could set your preference on the browser once and never have to mess with it again unless you want to have exceptions for specific sites
adam@doomscroll.n8e.dev 10 months ago
In theory this is done. There is a Do Not Track (DNT) header that is browser defined. Does anyone use it? Do they fuck.
ExLisper@linux.community 10 months ago
AFAIK the regulation already says that the “only necessary” should be available with one click. I think the issue is that it’s difficult to go after all the small pages that are breaking the law. The big ones like YT of Google already have the ‘disable all’ button on top, I’m guessing because EU complained.
Honytawk@lemmy.zip 10 months ago
It doesn’t say that it should be available with one click.
It says that accepting should be just as easy as declining. Which also includes things like not being allowed to have a “greyed out” button to reject while the accept button is big and sparkly.
Maestro@kbin.social 10 months ago
It depends on the country. GDPR is not a law. It's a framework that countries use to implement national laws. GDPR doesn't say anything about one-click rejection, but some countries added it to their national law.
ook_the_librarian@lemmy.world 10 months ago
I want an “only necessary cookies except one cookie to remember I clicked this option” button available with one click.