IMO we need to start normalizing being militant about this stuff again, to aggressively and adversarially defend the freedom to use your computer the way you choose to use it
I'm dubious about people becoming militant about this when the software engineering industry gave Chrome a red carpet by using it and installing it on their relatives' computers while knowing very well it's adware and when switching to the alternative is incredibly cheap.
It's almost as if Steve Ballmer and the legendary "developers developers developers" speech still rings true today - the key to getting people to use your software is to make life as easy for the power users as possible, let them spread the word. And it's ironic how Microsoft lost its ways there... a lot of people I know have gone from Windows to Mac and convinced their close relationships (aka those whose computers they fix) to do the same. It's just so much more relaxing to boot into an OS that doesn't try to shove advertising down your throat at every turn.
HN is not a hive mind. There are people here who love Firefox, people who despite it, and everyone in between. It’s tiring to always be reading your type of comment, as if everyone is a hypocrite. Maybe, just maybe, the people making those contradictory comments are not the same individuals.
And it’s not like Mozilla is free from controversies, including several of betraying user trust. If every major browser maker is going to break your trust and sell your data, I can see why people choose their poison based on other factors.
I use neither Firefox nor Chrome. Is Safari any better? Or Brave? In some areas yes, in others no. I don’t think there’s a single browser vendor which gets it unambiguously right.
Yes. As a millennial the times of civil disobedience was better. Not only did we get a better internet for consumers, but better companies were rewarded and won. Rose tinted glasses? Possibly, but there’s another reason for disobedience: the other side does it, and they do it just for money.
Concretely, is there something like Adblock that can be done for cookies? I don’t think blocking is as effective as poisoned data though. They ask for data, they should get it. If you don’t get consent, poisoned data is merely malicious compliance.
It could even be standardized as an extension to DNT: “if asking for consent after a DNT header, a UA MAY generate arbitrary synthetic data”.
I use a combination of two browser extensions: Cookie AutoDelete[0] and I don't care about cookies[1]. The second hides any GDPR 'compliance' popup; the first deletes any cookies set by a website when you close the last tab with it open. Both extensions have whitelist functionality.
Sadly even if you’re inclined to do this, it’s always a war of attrition, and corporations seem to realize they can just up the cost of your resistance in terms of time/frustration, and that’s enough for them to win in the long term. The history and trajectory of platforms, from browsers to AppStore’s to SaaS-all-the-things, is just tragic, with the amount of user control on a downward slide at each stage. The big question now is whether / how / to what extent AI is going to be corporate or democratized, but it’s hard to be optimistic.
Or, you know, if Clicking do-not-stab for 60 more years sounds like it sucks, you can try to become a shepherd or something. Works great for ~10 years, and then you can’t use cars, dishwashers or light switches without clicking do-not-stab, at which point they finally win and you say, you know what? I should be grateful they asked before they stabbed me, I practically owe it to them anyway, and I can’t wait to see all the love/cash rolling in after I’m a big shot shepherd influencer. Like and subscribe y’all and as always, hail corporate
But perhaps it really only succeeded, because that Microsoft was like the Boeing of today, a company where Pournelles second type (the institutionalists) had taken over and was just riding out the momentum, allowing the upstart unfunded open source hippies to actually have success.
I'm just going to click "yes," stop asking.
For netizens, the idea that the use should be able to opt out of logs about their interaction with the service the operator owns is novel (because they always had the option of not using the service if they found the pattern distasteful).
However the EU dropped the ball by not making it mandatory to respect this flag. If they had we wouldn't have had the huge cookiewall mess we have now.
If anything the shift is going the other way, with some of the more busy-body jurisdictions trying to take things that are properly enforced by the user's user-agent and instead making them officially the responsibility of the other party.
Because of legal requirements, the General Assault Control header may not be enabled by default, as American states like Colorado require explicit opt-out (rather than explicit opt-in). This protects Colorado's thriving stabbing and shooting industry as most users will never want to opt into being stabbed.
Despite the feature being forced to be disabled by default, the organisation behind the spec is pushing hard for customers to download fringe browsers that implement the feature (though you may need about:config to enable it). Because of the small user base, the request not to be assaulted can be used by websites not willing to follow the standard to make their stabbings and shootings more precise. End users can request a JSON file from the web server containing the supposed support for the GAC header, but requesting this URL may be used to kick the user in the teeth by non compliant servers.
This isn't my tribe, but I'm incredibly pleased to see a beautiful reflection of the old internet within this webring.
https://en.wikipedia.org/wiki/Do_Not_Track#:~:text=The%20Do%....
I can dream...
I don't know if they still do it, but last time I browsed Medium I found that it claimed to respect DNT, which is quite nice. Lots of self-hosted analytics software also respects DNT out of the box and I don't think site administrators often bother to turn that off. Still, the vast majority of websites probably ignores the header, especially since it's been deprecated as a standard. If you care about such things, maybe also consider looking into Sec-GPC, its intended replacement.
But apparently it was considered too complex and "lacking enforcement".
Now maybe if it survived till GDPR it could have it's enforcement, but Mozilla yanked support before that...
They don't actually hate you. Rather, they love your money and they have a depraved indifference for you.
No idea if that bit of lore is true but it is certainly the case that RFCs are usually the final word on the relevant standard. In fact, once they get their ID, RFCs cannot be modified or rescinded; only superseded by another RFC.
The idea that a published RFC is a final word is a newer idea too. Yeah, you can't modify an RFC, you have to publish a newer one, but that was a pretty good way of doing distributed change control in 1969.
> https://www.rfc-editor.org/rfc/rfc8700.html
Nowadays you're supposed to comment before it gets to "Internet standard"
Another satire RFC in the same spirit is the one about the evil bit[2] (designate one bit in packets to indicate whether it’s intended for evil), with the same subtext as the linked post: no, you can’t trust malicious entities to change their behavior to make it easier to stop.
(Sutures As A Service) which is a additional somewhat often used service once Stabbing As A Service has occurred.
Them: What's your LinkedIn Account?
Me: Don't have one.
Them: Twitter?
Me: Nope.
Them: InstaGram or TicToc?
Me: Nope.
Them: Do you use the web at all?
Me: Only through Lynx. I see a lot fewer ads.
Them: No JavaScript! How do you use YouTube?
Me: I don't, really.
Them: You have no social media?
Me: Well... I *did* order a pizza from Dominos online once...
Yeah... I don't use the web much as you would expect for someone
who's livelihood depends on it. I just wish USENET was still
USEFUL. I have a rant in me about ad-tech and crap-ware on the
web. I'm just enjoying my life without the web too much to
write it. And clearly, HN is my web-tech achilles heel.> Google has also released a browser plug-in that turns off data about a page visit being sent to Google, however, this browser extension is not available for mobile browsers.
source: https://en.wikipedia.org/wiki/Google_Analytics#Privacy
For example, I have my browser send all of these with each request:
Do-Not-Eat: 1
Do-Not-Insert-Into-Anus: 1
Do-Not-Do-Evil: 1
Do-Not-Chew-Loudly: 1
Do-Not-Forget-To-Bring-A-Towel: 1
Do-Not-Pee-Into-The-Wind: 1
Do-Not-Give-Me-Up: 1
Do-Not-Let-Me-Down: 1
Do-Not-Turn-Around: 1
Do-Not-Desert-Me: 1
Do-Not-Stab: 1
The last one I added just now because this article opened my eyes to this glaring omission.
"Fools! I have invented a usb device which can collect votes from the Internet and drive a knife through your heart!"
This gets more and more unhinged, I love it
Maybe they could get advice on the best way to do that from these people?: https://news.ycombinator.com/item?id=42169027
I fully understand that it's absence wouldn't meant that people won't get stabbed, but it would save time and mental space of all people like me who really don't care about being stabbed or not.
Honestly if anything, I'd like to be stabbed more.
By analogy to current situation about tracking ... Ad companies know too much about me? I think they know too little. For example for half a year they still haven't figured out that I know barely any words in German and are serving me German advertisements all the time just because I happen to be living in Germany currently.
You can still laugh at the joke with the section there, you’ll just have fewer confused people to correct, and be in one less elite club.
While it's true that children will often go out of their ways to test boundaries, I have no trouble giving them the benefit of the doubt and saying that children are innocently experimenting.
Companies, meanwhile, are doing this with fully deliberate malicious intent. They do this because capitalism rewards it. We need to say this, and keep saying it, until everyone gets it. Companies cannot be reared like children. Companies do not “mature” to become well-behaving, ethical citizens. With the profit motive in effect, companies have every incentive to work around every legislation and regulation and screw us at every opportunity they get. The profit motive must go.
On a more serious note: yeah wtf. I hope we in the EU draw the conclusion of companies even being unable (unwilling?) to gain informed consent and just start treating these privacy breaches as an outright crime.
Do a sidedoor as a /do-not-stab.txt
Do-Not-Stab: 1
For Microsoft this also rings true from the opposite direction. Any specification that Microsoft technically abides is implemented in an egregiously dark way (at least for anything consumable at an enterprise level).
They go to great lengths to exercise every bit of leeway permitted by the spec, even when it doesn't make economical sense, because what are you gonna do about it? Vote with your wallet? Against the vendor that runs all your workstations and manages your directories and databases and deployments and authentication and authorization and business intelligence and and and?
No, you're gonna accommodate their absurd counter-requirements because what other choice do you have? The decision then becomes:
1. branch your code to shit with `vendor == microsoft` clauses
2. branch your project/architecture to shit and effectively maintain a Microsoft version alongside the "normal" core version
3. use Microsoft's bespoke library that solves the problem they created
A project that selects option 3 will face the least resistance integrating with Microsoft products, but will also become beholden to arbitrary rules that complicate integration with every other vendor who benevolently implements the standard.
Certainly not any government. If you think the EU's regulation are of any help to the consumer you are gravely mistaken. The EU is quickly becoming a fucking nightmare to live in. "The more corrupt the state, the more numerous the laws". The meme that goes around atm is that while Elon Musk created Tesla, SpaceX and Starlink the EU managed to get everybody to now have plastic bottles who do not close properly anymore: due to some regulation that mandates that bottle caps must hold to the bottle, weird only partially-functional mechanism have been created and it's a PITA to either drink from a plastic bottle or, worse, try to lay it horizontally in a fridge.
That's what the EU is: probably that some politicians or bureaucrats with enough brain cells to recognize a bottle cap on the ground thought "I've got an idea to make the EU better, let's mandate every bottle to have a cap that cannot be separated from the bottle".
As a result you lay horizontally a plastic bottle of sugary drink in your fridge (because you've been used to do that for decades) and now all your fridge is sticky due to the bottle leaking.
It's all that is wrong with the EU bureaucrats in one example.
Also hailing the EU as the savior vs Microsoft when our lives becames miserable with EU consent cookie popups virtually everywhere is a bit thick.
I haven't encountered that meme, but if it exists, it's like most memes seem to be: Wrong. The bottle caps work just fine.
At least the EU made something useful