But even Github has misunderstood it's not about the cookies. They had an article earlier about removing the popup since they managed to do stuff without cookies. The law doesn't care about cookies, it cares about tracking and illegitimate use of personal data. If you send data to third parties or track by other means, consent is still needed.
Because the law obviously didn't help stopping companies from doing shady shit and made the user experience of the web worse?
This what I have been explained. Any sort data sharing, like introducing Google Analytics in your website and you need a disclaimer.
What problem do you believe is being solved by the popup? The idea that it will get consumers to boycott garbage websites and internet services (read: the vast majority) is wishful thinking. Consumers do not care in the slightest and just want to be cool and fit in and use the same thing as everyone else. Anyone who is tunnel visioned on web privacy (which doesn't and will never exist, due to how webcrap is built) will go to the bottom of the page and click "privacy policy". Websites shouldn't have means of collecting data about you at all in the first place. Banking and shopping should be done with software instead of insecure web scripts. Yes smaller steps can be taken but there is such thing as too small.
EDIT: Oh I think you're saying that the popup is indeed redundant because your website shouldn't have it because if it does your website is crap. I agree, but I don't agree with the law since I still use those websites regarldess of how trash they are and all the popup does is make it more annoying.
Because it's clearly not easy to run a service without these types of practices. If you want to get ad revenue then you have to have them.
Even the EU commission's own website has the pop up: https://europa.eu/
And they don't even have to worry about paying the bills for the website.
Why should the EU decide that it's a bad thing for me and I need to be asked about? I hate the banners much more than the tracking.
https://ico.org.uk/for-organisations/guide-to-pecr/cookies-a...
I don't care about all the other stuff the popups are about either. The popups are pointless, click-through damage and they serve no purpose. The laws that caused them to exist are equally pointless. There is no measurable benefit to any of this privacy theater and no less tracking is occurring since the advent of all of these pointless popups.
As for privacy theatre, there are two reasons why these popups are pointless. First, it was too little and too late. If the regulations came in before tracking became pervasive, it could have been effective since people would have had the option to find similar content. Second, far too few people feel entitled and click through without really considering whether it is worth the price.
I agree this is the wrong way to go about the issue but it does seem to have some positive effects as well.
(Of course if their terms are posted somewhere else on their website they might have you there).
Enjoy tracking that
What do you mean with personal data anyway? In GDPR this means:
a name and surname;
a home address;
an email address such as name.surname@company.com; (NOT info@company.com!!!!)
an identification card number;
location data (for example the location data function on a mobile phone);
an Internet Protocol (IP) address;
a cookie ID
;the advertising identifier of your phone;
data held by a hospital or doctor, which could be a symbol that uniquely identifies a person.
For the IP address, I never count on the fact that they don't track it. Who does??? Same for location. Why would you think a website wouldn't be able to get your location, unless you take some real measure to prevent it.
Some consent popup isn't going to convince me that they will or will not track it. I don't give a shit, I expect EVERY website to track this.
For the rest, well, if I provide my info to the website, I'm guessing that they can also identify me with it, no? If I don't want the website to know it, I just don't provide it.
Same thing here: I really don't care what their consent message says.
So long story short: If I want to keep some privacy, I will definitely not rely on the "word of the website" that they will handle it any way they say. If I want privacy, I will take care of that myself.
And for the rest of the legal bullshit, I never read it anyway. EULA's etc.... who does?
It does seem like the GDPR is being exploited to manipulate how users consent in a way that benefits the website's online ad scheme more than the user's experience.
If I were drafting a GDPR, I would standardise the consent mechanism and not allow for much creativity. Ideally IMO the consent process, e.g., each pop-up, should be so predictable that consent/denial of consent could be automated. Asking users to read terms, and engage in some sort of interactive consent is not practicable. Users will just click "OK" or whatever they need to in order to make the pop-up go away. Website developers know this and it should be no surpise if they are taking advantage of that to sneek in all manner of one-sided terms.
General terms: https://www.st.com/content/st_com/en/common/privacy-portal/c...
Breakdown of cookie use: https://www.st.com/content/st_com/en/common/privacy-portal/p...
Technical opt-out measures: https://www.st.com/content/st_com/en/common/privacy-portal/p...
> It does seem like the GDPR is being exploited to manipulate how users consent in a way that benefits the website's online ad scheme more than the user's experience.
Agreed.
> If I were drafting a GDPR, I would standardise the consent mechanism and not allow for much creativity. Ideally IMO the consent process, e.g., each pop-up, should be so predictable that consent/denial of consent could be automated. Asking users to read terms, and engage in some sort of interactive consent is not practicable. Users will just click "OK" or whatever they need to in order to make the pop-up go away. Website developers know this and it should be no surpise if they are taking advantage of that to sneek in all manner of one-sided terms.
I would agree, except ... these pop-ups are visible and it is easy to verify that certain information is being presented. The failure review such information falls to the end user, even though there are legitimate reasons why they would click to make the pop-up go away (e.g. the time required to review the information). Unfortunately, it is difficult for most people to verify which cookies are being used by a particular site and it is impossible for them to verify how they are being used.
So here is a proposal:
What if a user could declare her/his consent settings _before_ opening the website? There would no longer be a need for consent dialogues, right?
One way to achieve that would be to take an example from the UTM parameters. A browser/User could just use ?utm_consent=all, ?utm_consent=minimal, and ?utm_consent=deny to indicate the level of consent. Browsers could offer it as a standard setting and automatically amend it to any URL. Websites could just drop the consent dialogue whenever that UTM is set.
Standardize an extension to the Set-Cookie header for a "Purpose" field. This field if unset means the cookie is essential (local laws now still apply so if a website misrepresents a non-essential cookie as essential then that's illegal just the same way as implementing a fake cookie banner or not implementing one (if you need it) is illegal). Now in my browser I can set my cookie preferences to only store and send essential cookies.
For other tracking methods that don't use cookies there's already DNT and all that's needed is for a local law update to clarify what it means and to enforce its use.
These things would actually make sense as opposed to the current situation where the EU makes it sound like cookies are something a website forcibly stores on your computer and uses.
We could stop using tracking cookies.
To work with js free sites, you can feed the same information through in a tag for the HTML.
We don't need an exemption for necessary cookies, since the only reason a site would need to set a necessary cookie is to remember the users choice, and the browser can do that better.
If the user logs in, by filling out a username and password field, a single cookie should automatically be saved.
I imagine Firefox is the best browser to get this started in. Anybody has any pointers to how to get the ball moving?
Maybe writing an extension as a proof-of-concept, then finding someone who's a member of W3C to propose it as a standard.
Here's a radical idea for a solution: pressure EU member state data protection agencies to start seriously enforcing GDPR violations. Internet is so good at amplifying messages, so why not amplify that?
GDPR is already a good solution to this problem. The only reason it works so poorly is because it's not being enforced - so most websites feel safe choosing to break the law. If there was an uptick in fines being issued against all players, big and small, the situation would change very quickly.
1. Never seen a cookie div.
2. Never been bitten by incorrect / false-positivey / over-zealous rules.
Everything else being equal, more options is good, but I don't see any reason to switch from Easylist Cookies, which I know is well-maintained, benefits from the Easylist umbrella, and has lots of users (since it's offered by default in uBlock Origin).
EDIT: browser makers are understandably cautious about it, even with a closed ecosystem it's already hard enough for them to avoid half their users getting pushed into installing dubious/malware addons within three hours of browsing, and their resources are limited. So, they default to closed-ness "for the masses", but there's a knob. I don't find this unreasonable.
I think more restrictions should be put on extensions but it's always hard to balance between accesible developers tools to people who know what they're doing and somebdoy writing down the instructions how to circumvent it to lure the user to install a malicious extension in developer mode.
“If you surf anonymously or if you delete cookies automatically every time you close the browser, websites will ask for that permission again and again, and it will soon become very irritating to click the same I agree buttons every day.”
The extension doesn't claim to delete cookies (and GP doesn't suggest that it does), but it's clearly targeted at people that are using technological means to deal with the problem rather than clicking "pretty please don't track me" and hoping for the best.
Given that I'm getting the cookies whether I want them or not, and deleting them whenever my browser closes, if this extension keeps the banners off my screen it's a huge net positive from my perspective.
The only downside is that some sites are broken by this extension. Sometimes you end up on a site where the page is disabled and you cannot click on things. Usually turning off the extension and clicking manually the banner fixes the issue.
So here are the three extensions I can’t live without:
- ublock origin
- I don’t care about cookies
- cookie auto delete.
They make the internet usable.
""" Cookies and local storage serve different purposes. Cookies are primarily for reading server-side, local storage can only be read by the client-side. So the question is, in your app, who needs this data — the client or the server?
If it's your client (your JavaScript), then by all means switch. You're wasting bandwidth by sending all the data in each HTTP header.
If it's your server, local storage isn't so useful because you'd have to forward the data along somehow (with Ajax or hidden form fields or something). This might be okay if the server only needs a small subset of the total data for each request. """
So I guess server-side no-JS applications are going to be caught in this crossfire?
[1] https://stackoverflow.com/questions/3220660/local-storage-vs...
Come to think of it, a malicious company could probably set up their systems so they get auto-confirmed by the plugin. I'm not sure they'd be valid in that case.
Similar attacks: load the fine print via JS and stick it into an /ads/advertisement.js so adblockers will block the loading of it.
Can the company claim "we showed it to the user, if their software hides it, that's not our problem"?
I don't believe this to be true. My CS1 browser fingerprinting[1] results shows that Internet Explorer and Chromium (Chrome etc.) are trackable with fingerprinting but Firefox (at least for me) is not, neither on desktop or mobile. Of course they might have found something the researchers have not.
I still think it is easy for a malicious site to make both the yes and no button install X malware when you click it. I don’t know if that fear is valid but as a Windows 95 and 98 ptsd person we were trained don’t click and agree to anything.
It wouldn’t be so necessary if all those websites asking for my permission to use cookies would actually use a cookie to store that permission / preference so they don’t ask again every damn time. This is really the reason why I use this extension - I didn’t mind so much reviewing the permissions once for each site, but having to do it constantly really became too much after a certain point.
(Yes, I really dislike how the "privacy" warriors are dragging everyone into their pointless crusades.)
[1]: https://web.archive.org/web/20170831060807/https://addons.mo...
It costs a bit of money, but when asked, an invoice is provided so you can deduct it as a business, or ask your boss to pay.
What's needed is better default protection by the law to stop companies collecting and using data.
It seems more useful to write my own Greasemonkey script, instead. At least when I encounter a site like this, which I couldn't think of.
The new E-Privacy Directive (if it doesn't get watered down) might help with the cookie wall problem.
