I've actually started to reject nonessential cookies most of the time now. Doubt it matters at all.
What makes you say they don't need them?
If a site is asking for consent, they're either idiots who don't understand what the law requires of them or they intend on tracking their users.
Not to mention teaching users who are not tech-savvy to blindly click "I Accept" and "I Agree" without thinking about it which is an absolute disaster since such users cannot distinguish between a marketing cookie prompt and an OS elevation prompt coming from a piece of malware they just downloaded.
- Needing writing a documentation (which is viewable even if cookies, CSS, and JavaScripts are disabled) about what each cookies means. (This includes both necessary and unnecessary cookies.)
- Writing a better web browser(s) with more user controls, and can more easily modify it and recompile, etc. (This way, you can more easily adjust individual cookies more finely, including which cookies are enabled, duration overrides, values, etc.)
Do you mean “Consent is only needed...”, because while the existing word order is grammatically viable, it doesn't communicate anything that makes sense with the rest of the post.
Understand that cookie banners are malicious compliance and they make a lot more sense.
If the vague proposal I’m suggesting sounds outlandish, that’s more or less how every major browser implements other requests for intrusive APIs as a matter of protecting users. Even when they do it half-heartedly they do it by developing a standard with their more invested peers which is far less prone to universal abuse.
> Understand that cookie banners are malicious compliance and they make a lot more sense.
How are they malicious compliance? The laws are poorly-reasoned and poorly-written. I'll continue to be mad about that.
> “The legislative department is everywhere extending the sphere of its activity, and drawing all power into its impetuous vortex.” -Madison, Federalist No. 48
HN is still in a love affair with GDPR.
Nice things need to be thoroughly thought out.
Do I really think that's going to happen? No. If GitHub were to introduce ads or invasive marketing everyone would move to GitLab in a second. A decent amount of people are already moving to GitLab and GitHub hasn't even done anything! Things like marketing cookies for analytics on marketing pages are genuinely not an issue.
But people take it as a sign, because of all the shit that goes on the rest of the web, and how GitHub explicitly said they were not going to do this. The fact they made a "commitment" not to do this is particularly important because it shows that GitHub's promises don't mean anything.
But migrating your repo is easy. Personally I'm going to wait until things actually get bad before moving.
Do you think ads have gotten better or worse over time?
I think it's unequivocally worse now than it was then. There's a point where you're fed up with seeing the same ads for products you don't want or need.
Imagine if a store put a tiny sticker on anyone who stopped by to look at their products. Not this person is identifiable as "stopped to look at product X" whenever they visit other stores from the same owner.
Personally, it just creeps me out, even though it's basically the norm online.
On the other hand, in December 2020, they said "We are also committing that going forward, we will only use cookies that are required for us to serve GitHub.com" and apparently in corporate terms, a "commitment" lasts less than two years now.
Presumably the main change here is Nat made this commitment and Nat has since left Microsoft, but it's hard to believe their marketing team thinks the data value from a couple marketing pages is worth the PR hit from this. Just a dumb--- business move, really.
This is very reminiscent of the “why whatsapp doesn’t sell ads” [1]. A good reminder that we should never trust any long term promises from companies.
[1] https://blog.whatsapp.com/why-we-don-t-sell-ads/?lang=en
As long as it only affects the enterprise marketing pages (which, like you, I do not use) and it is clearly documented (unfortunately some of the documentation changes seem confusing, and I am not the only one who thinks that), then I have no problem with this.
(I do not use GitHub for my own projects, but I do use it to view other projects and to communicate with other projects that do use GitHub. In future I might also set up mirrors of my projects on GitHub, but the main working of the project will not be on GitHub.)
Collective action is hard, and it's even harder when billionaires make conscious, organized efforts to disrupt it.
I would not recommend using GitLab unless it is not the only mirror of your project (it is acceptable if you are mirroring it on something else, too). If you do want alternatives, you may consider Codeberg, NotABug, and/or Sourcehut. The reason I exclude GitLab is because it cannot display the files unless JavaScripts are enabled (or if you use the git protocol, which is kind of confusing compared with fossil) (it is OK if it uses JavaScript for other functions as long as the files can be viewed without it) (this is not a problem if there are other mirrors, since you can view the mirrors instead).
Is there something more to this?
This move, like the exclusive Netflix ads inventory, makes it clear that MSFT sees ads as a big driver to business growth.
I can't imagine many developers opting in.
Imagine the most terrible dark patterns from LinkedIn (which they also own), and go self-host Gitea and move your repos.
Microsoft might have billions of problems but CIA using windows and PowerPoint isn't one of them.
i.e. "Comment all you like, we're steaming ahead with this stupid idea regardless."
The same section mentions Privacy Badger and uBlock Origin, which they could mention anyways if they want to do, but they should mention that GitHub is not affiliated with them (even though some of these projects might be hosted on GitHub).
