IMO we need to start normalizing being militant about this stuff again, to aggressively and adversarially defend the freedom to use your computer the way you choose to use it
I'm dubious about people becoming militant about this when the software engineering industry gave Chrome a red carpet by using it and installing it on their relatives' computers while knowing very well it's adware and when switching to the alternative is incredibly cheap.
It's almost as if Steve Ballmer and the legendary "developers developers developers" speech still rings true today - the key to getting people to use your software is to make life as easy for the power users as possible, let them spread the word. And it's ironic how Microsoft lost its ways there... a lot of people I know have gone from Windows to Mac and convinced their close relationships (aka those whose computers they fix) to do the same. It's just so much more relaxing to boot into an OS that doesn't try to shove advertising down your throat at every turn.
My point exactly! You're talking about which browser to use for web development. That's not relevant for engineers not touching html/js/css, and for all non tech savvy family members whose computers we set up.
Is there any evidence this actually happens? Or are we just going based on vibes?
HN is not a hive mind. There are people here who love Firefox, people who despite it, and everyone in between. It’s tiring to always be reading your type of comment, as if everyone is a hypocrite. Maybe, just maybe, the people making those contradictory comments are not the same individuals.
And it’s not like Mozilla is free from controversies, including several of betraying user trust. If every major browser maker is going to break your trust and sell your data, I can see why people choose their poison based on other factors.
I use neither Firefox nor Chrome. Is Safari any better? Or Brave? In some areas yes, in others no. I don’t think there’s a single browser vendor which gets it unambiguously right.
I didn't mean to say that all of HN despises Firefox, but simply that it very often brings negative sentiments, so seeing the comment I was responding to so high up in the thread made me react. It was also a kind reminder that militating is as simple as using an alternative to Chrome.
> And it’s not like Mozilla is free from controversies, including several of betraying user trust. If every major browser maker is going to break your trust and sell your data, I can see why people choose their poison based on other factors. > I use neither Firefox nor Chrome. Is Safari any better? Or Brave? In some areas yes, in others no. I don’t think there’s a single browser vendor which gets it unambiguously right.
And you're making my point about the perfect solution fallacy as well! Of course Firefox isn't perfect and has screwed up on several occasions, does that mean it's comparable to a piece of software that sends every single bit of information it can gather to its parent ad company?
Yes. As a millennial the times of civil disobedience was better. Not only did we get a better internet for consumers, but better companies were rewarded and won. Rose tinted glasses? Possibly, but there’s another reason for disobedience: the other side does it, and they do it just for money.
Concretely, is there something like Adblock that can be done for cookies? I don’t think blocking is as effective as poisoned data though. They ask for data, they should get it. If you don’t get consent, poisoned data is merely malicious compliance.
It could even be standardized as an extension to DNT: “if asking for consent after a DNT header, a UA MAY generate arbitrary synthetic data”.
I use a combination of two browser extensions: Cookie AutoDelete[0] and I don't care about cookies[1]. The second hides any GDPR 'compliance' popup; the first deletes any cookies set by a website when you close the last tab with it open. Both extensions have whitelist functionality.
I like to use Consent-o-Matic[1] for this. IDCAC accepts tracking when ignoring the request doesn't work. CoM rejects all tracking on those popups. I like the slight Fuck Off that that sends.
Sadly even if you’re inclined to do this, it’s always a war of attrition, and corporations seem to realize they can just up the cost of your resistance in terms of time/frustration, and that’s enough for them to win in the long term. The history and trajectory of platforms, from browsers to AppStore’s to SaaS-all-the-things, is just tragic, with the amount of user control on a downward slide at each stage. The big question now is whether / how / to what extent AI is going to be corporate or democratized, but it’s hard to be optimistic.
Or, you know, if Clicking do-not-stab for 60 more years sounds like it sucks, you can try to become a shepherd or something. Works great for ~10 years, and then you can’t use cars, dishwashers or light switches without clicking do-not-stab, at which point they finally win and you say, you know what? I should be grateful they asked before they stabbed me, I practically owe it to them anyway, and I can’t wait to see all the love/cash rolling in after I’m a big shot shepherd influencer. Like and subscribe y’all and as always, hail corporate
But perhaps it really only succeeded, because that Microsoft was like the Boeing of today, a company where Pournelles second type (the institutionalists) had taken over and was just riding out the momentum, allowing the upstart unfunded open source hippies to actually have success.
I'm just going to click "yes," stop asking.
Yeah, no. Hostile advertising companies added that cookie banner as a form of "malicious compliance" with the law purely to annoy everyone like a buncha spoil't little brats who didn't get their way, so now they're gonna make everyone suffer... If we get a similar law in the USA, you can expect to see annoyances just like it (and probably worse) on sites hosted here, too.
It also failed to actually ban ad tracking.
For netizens, the idea that the use should be able to opt out of logs about their interaction with the service the operator owns is novel (because they always had the option of not using the service if they found the pattern distasteful).
However the EU dropped the ball by not making it mandatory to respect this flag. If they had we wouldn't have had the huge cookiewall mess we have now.
If anything the shift is going the other way, with some of the more busy-body jurisdictions trying to take things that are properly enforced by the user's user-agent and instead making them officially the responsibility of the other party.
Because of legal requirements, the General Assault Control header may not be enabled by default, as American states like Colorado require explicit opt-out (rather than explicit opt-in). This protects Colorado's thriving stabbing and shooting industry as most users will never want to opt into being stabbed.
Despite the feature being forced to be disabled by default, the organisation behind the spec is pushing hard for customers to download fringe browsers that implement the feature (though you may need about:config to enable it). Because of the small user base, the request not to be assaulted can be used by websites not willing to follow the standard to make their stabbings and shootings more precise. End users can request a JSON file from the web server containing the supposed support for the GAC header, but requesting this URL may be used to kick the user in the teeth by non compliant servers.
You might also want to read our ToS in order to stay informed about the multiple ways, some of them illegal under EU law, you still will get stabbed.
(Approximate reading time: 4h53m, assuming a law degree and multiple years of experience in data protection law practice)
This isn't my tribe, but I'm incredibly pleased to see a beautiful reflection of the old internet within this webring.
https://en.wikipedia.org/wiki/Do_Not_Track#:~:text=The%20Do%....
I can dream...
I don't think it's that easy though. The "just" is doing a lot of work in there. Consider:
Some websites have login with third-party credentials. It doesn't matter that you choose to use these for convenience, because intent doesn't matter, and it is a fact that both the Service Provider and the Identity Provider are tracking you. IdP knows which sites you are logging in to, and SP knows and stores your third-party identity (they might say they need it to know which account you're logging in to, but like I said, intent doesn't matter).
Hacker News is currently tracking me. They might say the cookie is needed for session stuff to work, but intent doesn't matter, and it is a fact that the cookie uniquely identifies me.
My web browser is tracking my mouse position. Mozilla might say they need it for styling stuff to work, but intent doesn't matter, and it is a fact that Mozilla's software is tracking my mouse position in real time (let's not even talk about browser history).
Your browser cache might have two HN posts where my comments appear. If that's the case, then it would be a fact that you are tracking which posts I am commenting on. Intent doesn't matter, so hopefully you're not a company (tracking is fine if you're an individual though (based on the quoted text)).
/s
Hopefully this ride down the slippery slope illustrates some subtleties, at least without a very precise definition of "tracking". But then again, if the definition is too precise, there's gonna be loopholes in the letter of the law; in that case we might say that we should also consider the spirit of the law, but "intent" is part of that.
I don't know if they still do it, but last time I browsed Medium I found that it claimed to respect DNT, which is quite nice. Lots of self-hosted analytics software also respects DNT out of the box and I don't think site administrators often bother to turn that off. Still, the vast majority of websites probably ignores the header, especially since it's been deprecated as a standard. If you care about such things, maybe also consider looking into Sec-GPC, its intended replacement.
But apparently it was considered too complex and "lacking enforcement".
Now maybe if it survived till GDPR it could have it's enforcement, but Mozilla yanked support before that...
They don't actually hate you. Rather, they love your money and they have a depraved indifference for you.
Do they provide a guaratee to only sell once, instead of selling to everyone?
No idea if that bit of lore is true but it is certainly the case that RFCs are usually the final word on the relevant standard. In fact, once they get their ID, RFCs cannot be modified or rescinded; only superseded by another RFC.
The idea that a published RFC is a final word is a newer idea too. Yeah, you can't modify an RFC, you have to publish a newer one, but that was a pretty good way of doing distributed change control in 1969.
> https://www.rfc-editor.org/rfc/rfc8700.html
Nowadays you're supposed to comment before it gets to "Internet standard"
Another satire RFC in the same spirit is the one about the evil bit[2] (designate one bit in packets to indicate whether it’s intended for evil), with the same subtext as the linked post: no, you can’t trust malicious entities to change their behavior to make it easier to stop.
(Sutures As A Service) which is a additional somewhat often used service once Stabbing As A Service has occurred.
Them: What's your LinkedIn Account?
Me: Don't have one.
Them: Twitter?
Me: Nope.
Them: InstaGram or TicToc?
Me: Nope.
Them: Do you use the web at all?
Me: Only through Lynx. I see a lot fewer ads.
Them: No JavaScript! How do you use YouTube?
Me: I don't, really.
Them: You have no social media?
Me: Well... I *did* order a pizza from Dominos online once...
Yeah... I don't use the web much as you would expect for someone
who's livelihood depends on it. I just wish USENET was still
USEFUL. I have a rant in me about ad-tech and crap-ware on the
web. I'm just enjoying my life without the web too much to
write it. And clearly, HN is my web-tech achilles heel.> Google has also released a browser plug-in that turns off data about a page visit being sent to Google, however, this browser extension is not available for mobile browsers.
source: https://en.wikipedia.org/wiki/Google_Analytics#Privacy
For example, I have my browser send all of these with each request:
Do-Not-Eat: 1
Do-Not-Insert-Into-Anus: 1
Do-Not-Do-Evil: 1
Do-Not-Chew-Loudly: 1
Do-Not-Forget-To-Bring-A-Towel: 1
Do-Not-Pee-Into-The-Wind: 1
Do-Not-Give-Me-Up: 1
Do-Not-Let-Me-Down: 1
Do-Not-Turn-Around: 1
Do-Not-Desert-Me: 1
Do-Not-Stab: 1
The last one I added just now because this article opened my eyes to this glaring omission.
"Fools! I have invented a usb device which can collect votes from the Internet and drive a knife through your heart!"
This gets more and more unhinged, I love it
Maybe they could get advice on the best way to do that from these people?: https://news.ycombinator.com/item?id=42169027
I fully understand that it's absence wouldn't meant that people won't get stabbed, but it would save time and mental space of all people like me who really don't care about being stabbed or not.
Honestly if anything, I'd like to be stabbed more.
By analogy to current situation about tracking ... Ad companies know too much about me? I think they know too little. For example for half a year they still haven't figured out that I know barely any words in German and are serving me German advertisements all the time just because I happen to be living in Germany currently.
You can still laugh at the joke with the section there, you’ll just have fewer confused people to correct, and be in one less elite club.
Imagine in real life, someone starts making a joke, and then suddenly starts cursing and yelling. I wouldn't be comfortable with what feels like a lack of self-control and I will try to move away before things get violent.
Either do the "joke" style or the "angry rant" style, not both. The joke can be explained calmly if there is a need to.
While it's true that children will often go out of their ways to test boundaries, I have no trouble giving them the benefit of the doubt and saying that children are innocently experimenting.
Companies, meanwhile, are doing this with fully deliberate malicious intent. They do this because capitalism rewards it. We need to say this, and keep saying it, until everyone gets it. Companies cannot be reared like children. Companies do not “mature” to become well-behaving, ethical citizens. With the profit motive in effect, companies have every incentive to work around every legislation and regulation and screw us at every opportunity they get. The profit motive must go.
On a more serious note: yeah wtf. I hope we in the EU draw the conclusion of companies even being unable (unwilling?) to gain informed consent and just start treating these privacy breaches as an outright crime.
Do a sidedoor as a /do-not-stab.txt
Do-Not-Stab: 1
For Microsoft this also rings true from the opposite direction. Any specification that Microsoft technically abides is implemented in an egregiously dark way (at least for anything consumable at an enterprise level).
They go to great lengths to exercise every bit of leeway permitted by the spec, even when it doesn't make economical sense, because what are you gonna do about it? Vote with your wallet? Against the vendor that runs all your workstations and manages your directories and databases and deployments and authentication and authorization and business intelligence and and and?
No, you're gonna accommodate their absurd counter-requirements because what other choice do you have? The decision then becomes:
1. branch your code to shit with `vendor == microsoft` clauses
2. branch your project/architecture to shit and effectively maintain a Microsoft version alongside the "normal" core version
3. use Microsoft's bespoke library that solves the problem they created
A project that selects option 3 will face the least resistance integrating with Microsoft products, but will also become beholden to arbitrary rules that complicate integration with every other vendor who benevolently implements the standard.
Certainly not any government. If you think the EU's regulation are of any help to the consumer you are gravely mistaken. The EU is quickly becoming a fucking nightmare to live in. "The more corrupt the state, the more numerous the laws". The meme that goes around atm is that while Elon Musk created Tesla, SpaceX and Starlink the EU managed to get everybody to now have plastic bottles who do not close properly anymore: due to some regulation that mandates that bottle caps must hold to the bottle, weird only partially-functional mechanism have been created and it's a PITA to either drink from a plastic bottle or, worse, try to lay it horizontally in a fridge.
That's what the EU is: probably that some politicians or bureaucrats with enough brain cells to recognize a bottle cap on the ground thought "I've got an idea to make the EU better, let's mandate every bottle to have a cap that cannot be separated from the bottle".
As a result you lay horizontally a plastic bottle of sugary drink in your fridge (because you've been used to do that for decades) and now all your fridge is sticky due to the bottle leaking.
It's all that is wrong with the EU bureaucrats in one example.
Also hailing the EU as the savior vs Microsoft when our lives becames miserable with EU consent cookie popups virtually everywhere is a bit thick.
https://www.emballagefokus.dk/goer-noget-uden-at-goere-noget...
I haven't encountered that meme, but if it exists, it's like most memes seem to be: Wrong. The bottle caps work just fine.
At least the EU made something useful