• Ensign_Crab@lemmy.world
    link
    fedilink
    English
    arrow-up
    312
    ·
    1 year ago

    It would be nice if the options weren’t like “Enable all cookies” and “navigate 4 menus that try to convince you to enable all cookies.”

    • shastaxc@lemm.ee
      link
      fedilink
      English
      arrow-up
      186
      ·
      1 year ago

      It would be better if you could set your preference on the browser once and never have to mess with it again unless you want to have exceptions for specific sites

      • Adam@doomscroll.n8e.dev
        link
        fedilink
        English
        arrow-up
        70
        arrow-down
        3
        ·
        1 year ago

        In theory this is done. There is a Do Not Track (DNT) header that is browser defined. Does anyone use it? Do they fuck.

        • Lath@kbin.social
          link
          fedilink
          arrow-up
          99
          ·
          1 year ago

          I use it and the browser kindly explained to me that the feature is mostly useless because sites don’t give a shit about it.

          • Adam@doomscroll.n8e.dev
            link
            fedilink
            English
            arrow-up
            3
            ·
            1 year ago

            Sorry, I’ll revise to what I intended (since I also use it). “Does anyone pay attention to it? Do they fuck.”

    • ExLisper@linux.community
      link
      fedilink
      English
      arrow-up
      73
      ·
      1 year ago

      AFAIK the regulation already says that the “only necessary” should be available with one click. I think the issue is that it’s difficult to go after all the small pages that are breaking the law. The big ones like YT of Google already have the ‘disable all’ button on top, I’m guessing because EU complained.

      • Honytawk@lemmy.zip
        link
        fedilink
        English
        arrow-up
        26
        ·
        1 year ago

        It doesn’t say that it should be available with one click.

        It says that accepting should be just as easy as declining. Which also includes things like not being allowed to have a “greyed out” button to reject while the accept button is big and sparkly.

        • ExLisper@linux.community
          link
          fedilink
          English
          arrow-up
          16
          ·
          1 year ago

          Yes, I think you’re right. And everything should be disabled by default, right? So the pages that make you do ‘configure -> disable all -> save’ definitely don’t follow the rules.

      • Maestro@kbin.social
        link
        fedilink
        arrow-up
        16
        arrow-down
        1
        ·
        1 year ago

        It depends on the country. GDPR is not a law. It’s a framework that countries use to implement national laws. GDPR doesn’t say anything about one-click rejection, but some countries added it to their national law.

  • Blackmist@feddit.uk
    link
    fedilink
    English
    arrow-up
    190
    arrow-down
    4
    ·
    1 year ago

    Just make it illegal to sell user data to “data partners”, and use cross site tracking.

    Nobody actually “consents” to this shit. They just don’t read.

    • isles@lemmy.world
      link
      fedilink
      English
      arrow-up
      22
      arrow-down
      4
      ·
      1 year ago

      I really wish we had a simulated world sandbox to try these ideas out in. I suspect this might lead to the end of most free websites.

      • Blackmist@feddit.uk
        link
        fedilink
        English
        arrow-up
        43
        arrow-down
        2
        ·
        1 year ago

        TV never targeted commercials directly at “Dave Smith, likes fishing and interracial porn, lives in Chesterfield, searched for new cameras recently”, but they still operated.

        • isles@lemmy.world
          link
          fedilink
          English
          arrow-up
          8
          arrow-down
          5
          ·
          1 year ago

          Sure, but also beside the point? I’m talking about the effects of changing an underlying mechanism of a live system, not of comparing two different systems that developed over time.

          Here are my guesses: sites that have enough unique visitor count and data to work directly with advertisers may not fall. Small sites that rely on Adsense networks for revenue would no longer have revenue. A small (though non-zero) number of people/groups would continue on and seek alternative funding. Without ad networks, many tech companies fall.

          I’m not saying that I’m against any of this, either. In my view, there’s a large chance that nothing of real value (to a society) would be lost. Maybe we can bring web rings back.

          • laurelraven@lemmy.blahaj.zone
            link
            fedilink
            English
            arrow-up
            12
            ·
            1 year ago

            Ad networks could still work, they just wouldn’t have the targeting data to work with or the usage data they can sell as an entirely unrelated business model. They were profitable before the current big data push, there’s no reason they couldn’t continue to be profitable without that big data again

            • isles@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              arrow-down
              2
              ·
              1 year ago

              Do you think our economy has changed since big data targeted advertising? Your example is the same as Blackmists’, essentially. We’re 30 years down a path and flipping a switch like that would have widespread repercussions. Again, I’m not saying the repercussions shouldn’t happen.

          • Blackmist@feddit.uk
            link
            fedilink
            English
            arrow-up
            5
            ·
            1 year ago

            There’s no reason they can’t just use the page you’re on and a very rough “location from IP address” (e.g. just the country, and sometimes not even that), to give the advertisers something to aim at. If you’re on a camera website, you’d see camera shops in the UK, etc, rather than a load of weird buttplug shaped things from Temu.

            • isles@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              1
              ·
              edit-2
              1 year ago

              How would the advertisers get location IP if they can’t have the data?

              Edit: whoops, got trigger happy. Anyway, I’m totally behind taking back control from advertisers. They have an outsized influence in society. I also think there are unforeseen consequences of your blanket statement suggestion that haven’t been considered, hence wishing for a simulation. Again, if advertising is less targeted, cost of customer acquisition goes up and most business models break.

              • Blackmist@feddit.uk
                link
                fedilink
                English
                arrow-up
                4
                ·
                1 year ago

                Your browser would technically have to request the advert anyway. So they’d have your IP regardless if they served you an ad. They just wouldn’t be allowed to push it and your browser fingerprint to 1000+ “data partners”.

                A better addition might be to have a dedicated advert tag in HTML, that disables any JS within that block, so the only thing they can do is give you a chunk of HTML/CSS/images with no ability to fingerprint.

        • kbotc@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          3
          ·
          1 year ago

          Did you entirely miss Nielsen and the data they gave to advertisers?

      • azertyfun@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        19
        arrow-down
        1
        ·
        1 year ago

        Which free websites? The modern web is just:

        • (Quasi-)monopolistic platforms (meta, google, xitter, etc.)
        • Newspapers
        • SEO filler
        • Webshops
        • Free sites already operating out of the goodwill of some random admin and making single-digit ad revenue anyway <– you are here
        • Porn aggregators
        • SEO filler
        • SEO filler
        • Wikipedia
        • End of list

        The only ones whose business model would truly be threatened and whose loss would be problematic are newspapers.
        OTOH newspapers accidentally cornering themselves in a “freemium” business model has fucked journalism over so bad I’m not sure how it could even be worse.

        Free websites like the ones we are on barely exist anymore anyway, because how the fuck do you “compete” in the “free marketplace of search indexing” when some russian troll is burying you to page 5 of google’s search results and you can’t reach anyone via facebook or twitter without paying thousands?

        • TheSanSabaSongbird@lemdro.id
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Craigslist struck the first blow against newspapers by taking away classified ad revenue. The death blow came when Silicon Valley taught people that “information wants to be free,” which meant that no one wanted to pay for local news anymore. That led most local newspapers to collapse, while the few that managed to survive --apart from a handful of “legacy” papers-- mostly did so at the cost of turning into click-bait sites or outrage machines.

          We have to bring back the idea that people should be happy to pay for local news.

      • wesley@yall.theatl.social
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        They can just run ads without all the tracking bullshit and data collection like they do on every other medium with free ad supported content like radio and television. Somehow I can watch TV and listen to the radio for free and they manage to stay running without monitoring my every move.

        Might be less profitable for them but so be it. Just because tracking helps their business doesn’t mean it is justified.

  • GiddyGap@lemm.ee
    link
    fedilink
    English
    arrow-up
    140
    arrow-down
    1
    ·
    1 year ago

    I’m not a fan of the cookie consent popups, but I do appreciate the EU actually trying to do something to protect people’s privacy. Seemingly the only major entity to do so right now.

    • cybersandwich@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      11 months ago

      That was my first thought as an American. It’s refreshing to see that 1. They attempted something meaningful in the first place 2. They recognize it isn’t perfect/not having the intended effect and are making adjustments.

      This seems like a functioning government.

  • yamanii@lemmy.world
    link
    fedilink
    English
    arrow-up
    139
    arrow-down
    1
    ·
    1 year ago

    A better solution would be to force sites to care about the Do Not Track browser setting that currently does nothing as told by the browsers themselves.

    • drugo@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      60
      arrow-down
      1
      ·
      1 year ago

      Exactly this. The goal of requiring explicit cookie consent/refusal is admirable, but the implementation of cookie banners is both useless and terrible. We already have a way to communicate to websites whether we’re alright with cookies or not, they’re called HTTP headers.

  • FluffyPotato@lemm.ee
    link
    fedilink
    English
    arrow-up
    108
    arrow-down
    3
    ·
    1 year ago

    Just add 2 things:

    1. Cookie settings are possible to set in the browser for all pages.
    2. There’s a reject all button on every cookie banner.
    • CosmoNova@lemmy.world
      link
      fedilink
      English
      arrow-up
      72
      ·
      1 year ago
      1. There’s a reject all button on every cookie banner.

      Most importantly, those banners should be streamiled to look the same at the very least. No highlighing “ACCEPT ALL” while graying out “reject all” nonsense. No swapping the buttons left and right, top to bottom trickery. I’d prefer if the browser takes care of it all, though. I’m already using a plugin for that, though it comes with draw backs.

        • CosmoNova@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          I am using „I still don‘t care about cookies“ for Firefox. It basically auto-selects the least required cookies possible. Though some sites don‘t offer opt-out so it will automatically accept those cookies. Not perfect, but I really can‘t be bothered to do a cookie captcha every time I open a private tab for example.

    • iain@feddit.nl
      link
      fedilink
      English
      arrow-up
      50
      arrow-down
      1
      ·
      1 year ago

      No, just ban the collection of user data and selling to 3rd parties. Enormous fines for anyone still doing it. Destroy this entire industry please.

      • 1rre@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        The EU is primarily pro-business, but that also means being against anti-competitive and underhanded business practices

        The browser thing sounds like a good solution (although there must be a reason why DNT headers weren’t made legally binding, potentially as they wanted to allow people to pick and choose what cookies they allow based on what they thought was “too far” or something but that’s conjecture), however disallowing all user data will likely lead to companies not being able to advertise to people who are interested in their products, something which the EU will see as a negative and would also cause an uptick in scams and misinformation as you see in low quality advertising space at the moment

        • iain@feddit.nl
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          This comment got to me really late, probably to Lemmy’s distributed nature.

          But I still want to add: of course business will make more money if you allow more practices, but selling personal data just has too many negative consequences.

          Also low quality advertising? You mean like billboards and in the newspaper? You mean regular advertising?

          • 1rre@discuss.tchncs.de
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            1 year ago

            I mean “[local town] grandma discovers 10 foods you never knew you should avoid” or even downright scams when I say low quality advertising

            Also “negative consequences” is a bit overdramatic and I’d love you to elaborate… Really it’s down to the person’s own opinion, eg you don’t like it so you’ll reject that sort of thing, meanwhile I don’t mind it especially as a way of paying for decent quality media so I’ll allow it on some sites but not others

    • PlutoniumAcid@lemmy.world
      link
      fedilink
      English
      arrow-up
      29
      arrow-down
      23
      ·
      1 year ago
      1. No there most definitely is not. Most banners have a big yes button, and you need to scroll to a settings button and then do five more things to not get cookies.
      • PinkPanther@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        19
        ·
        1 year ago

        So true. And then you have Schibsted, Norways biggest media conglomerate; the only way to reject cookies is that you have to log in in order to reject it! According to the cookie law (no idea what it’s called), it’s illegal. It’s been reported to the EU and Norwegian government numerous times, but nothing happens. Fuck Schibsted!!

        • Robaque@feddit.it
          link
          fedilink
          English
          arrow-up
          4
          ·
          edit-2
          1 year ago

          In my experience a lot of italian (particularly “news”) websites basically say “accept cookies or sign up for our paid subscription”

    • XTornado@lemmy.ml
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      10
      ·
      edit-2
      1 year ago

      The reject all is already a thing. (Well is not all all, but reject all except necessary but those doesn’t matter much, they are not tracking).

      That said usually is not called this way as obvious, sometimes is just “reject” without the all, “accept only necessary”, “decline”, etc or you have to close the banner etc or they use some other confusing pattern.

  • Adanisi@lemmy.zip
    link
    fedilink
    English
    arrow-up
    97
    ·
    1 year ago

    What’s annoying is the “Reject” button hidden on another page. That should be illegal.

  • 𝒍𝒆𝒎𝒂𝒏𝒏@lemmy.dbzer0.com
    cake
    link
    fedilink
    English
    arrow-up
    84
    ·
    1 year ago

    They should do something about “consent platforms” using various DNS tricks and thousands of domain names to bypass/evade user blocks.

    I wasn’t so bothered about some non-invasive ads a few years ago, but I absolutely despise any kind of ad now TBH, and it’s mainly down to how persistent some of these platforms are with their evasion tactics

    Also pretty ironic for their popups to talk about “respecting” my privacy when these platforms literally do the opposite of that to show their popup in the first place. I will not support any of them, in any way, on my network.

    As soon as I see a new one appear when browsing, I chuck it into dnsdumpster so it can get recorded with the rest of them, and then block the new list from dnsdumpster (grid icon) on my network.

  • BrightCandle@lemmy.world
    link
    fedilink
    English
    arrow-up
    80
    ·
    1 year ago

    The EU law explicitly says no consent by default and users have to opt in. All of these cookie banners are breaking the law, the law doesn’t need to change it just needs enforcing and these banners will disappear. We already have a do not track header and that could be complied with but it’s enforcement that is the problem.

    • GigglyBobble@kbin.social
      link
      fedilink
      arrow-up
      5
      arrow-down
      17
      ·
      1 year ago

      How do they break the law? The opt-in forces them to ask you first and that’s what the annoying banners do. Sites that don’t care about tracking also don’t show these pop-ups.

      • lepinkainen@lemmy.world
        link
        fedilink
        English
        arrow-up
        42
        ·
        1 year ago

        The default should always be “no”. The user has to opt in.

        The law specifically says not to do the super complex dark pattern deny every 3rd part cookie manually by hand - crap.

        The problem is that it’s not enforced

  • StereoCode@lemmy.world
    link
    fedilink
    English
    arrow-up
    72
    arrow-down
    2
    ·
    1 year ago

    What if this wasn’t a website issue but a browser one. Browsers invented cookies so browsers should be the ones to implement the banner feature. All Developers would then be forced to implement fallbacks to their cookies since the user could turn cookies off. If it was browser based fix then it would be a consistent UI and developers wouldn’t be able to do shady shit(at least with cookie consent is concerned)

    • TheMurphy@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      ·
      1 year ago

      Damn, this is a really great solution. Then I could decide once if I wanted the cookies and the browser would decline/accept(lol) all from that point.

    • dutchkimble@lemy.lol
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 year ago

      Technically you can do this already with some firefox settings, or with extensions. Set your preference and forget.

  • chitak166@lemmy.world
    link
    fedilink
    English
    arrow-up
    45
    arrow-down
    2
    ·
    1 year ago

    Eh, I think cookies should just be opt-in unless they’re absolutely necessary for the site to function.

      • FishFace@lemmy.world
        link
        fedilink
        English
        arrow-up
        7
        ·
        1 year ago

        It’s already the case that necessary cookies don’t need permission, but websites do not abuse this to not show the prompt. This is because the legislation has teeth.

    • extant@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      Companies already bundle their invasive data collection with necessary features so if you block it than the website just won’t work, this would incentivise that behavior if necessary cookies are automatically approved.

    • smileyhead@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      This is what the regulation was all about. The law did not said anything about cookies, they are the core web technology, just that you must be asked for personal data processing.

  • daniskarma@lemmy.world
    link
    fedilink
    English
    arrow-up
    44
    arrow-down
    2
    ·
    1 year ago

    At least the regulation show us how shady internet is. That banner only shows up if the website is going to use cookies to use your data as a way to make profit. The fact that every website is doing that was eye opening for a lot of people.

    • brey1013@lemmy.world
      link
      fedilink
      English
      arrow-up
      27
      arrow-down
      4
      ·
      1 year ago

      Lol I’m a web developer who has put hundreds of those banners on clients’ sites. Not as part of some nefarious data-selling scheme, but rather as a shallow tickbox exercise in order to comply with laws about technology they don’t understand.

      In this case, assuming ignorance over malice is the way to go.

      • knatschus@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        1 year ago

        In this case i assume you’re an ingnorant developer who didn’t thought of better options to comply with the law

        • brey1013@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          In any case you are welcome to make incorrect assumptions, especially if my statement hurt your feelings.

  • TWeaK@lemm.ee
    link
    fedilink
    English
    arrow-up
    41
    arrow-down
    1
    ·
    1 year ago

    Not only are they annoying, they go half way to legitimising the theft of user data.

    • qevlarr@lemmy.world
      link
      fedilink
      English
      arrow-up
      24
      ·
      1 year ago

      Exactly. Identify what uses are legitimate and what uses aren’t, and legislate directly. None of this consumer consent crap because it’s meaningless to consumers. No consumer benefits from their browsing habits being under surveillance.

      • Nyfure@kbin.social
        link
        fedilink
        arrow-up
        3
        ·
        edit-2
        1 year ago

        Was done before too, but now the websites simply need a banner for using categories of cookies which require it (tracking, marketing, …)
        And we already have GDPR at least limiting activities in a broad sense. (of course lots of leeway, but still much better than before)
        You cannot do more with a cookie banner you couldnt already do before.

        • qevlarr@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          What do you mean? GDPR allowed for the “unless the visitor agrees” stuff so that’s why we see cookie banners everywhere.

          I would say it should either be allowed or not, depending on the use case. A navigation app should be able to track your location for the service they provide but not for ads or selling to other companies. Your calculator app has no business even asking. Profile based advertising (rather than content based) should be banned wholesale. That sort of stuff

          • NeshuraA
            link
            fedilink
            English
            arrow-up
            4
            ·
            1 year ago

            You do realize you only see the cookie banners because the companies are now forced to show you one? It’s not like they started collecting shit only after the GDPR nor is it entirely illegal and unethical to sell user data. The point of the GDPR was to make users aware of which websites are selling which data and give them an avenue (be that declining cookies or leaving the site) to prevent that. Corporations then designed their way around the wording of the GDPR to make declining cookies as difficult as possible which is why we’re seeing this push for a revision now. The goal still isn’t to make user data based financing impossible, it still is to prevent users from being pushed or bullied into selling their user data against their will.

            • qevlarr@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 year ago

              That should be the goal. This cannot be left to individual consumer choice, is what I’m saying. The annoying cookie banners should be a wake-up call for regulators that the “let the consumers decide” experiment has failed.

          • Nyfure@kbin.social
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            The cookie banner is only required to store data on the users device. the tracking without is still possible and potentially allowed via legitimate interest.
            If they want more they already ask for more outside the cookie banners when they require or want to have your consent (e.g. consent to load content from sources which will transfer your data outside their control e.g. youtube-embedings)
            The limitations of whats allowed is already established in the GDPR, so anything you cannot find legitimate reasons for is already not allowed e.g. simply selling your data to other companies (as long as they include PII)
            And as coupling is not allowed either its not allowed to couple consent with a cookie banner (which should only be used to ask for permission to store data for purposes which arent required for the usage).

            What we do need is to have a technical implementation of the browser to tell the website via standardized methods what is allowed or not.

  • erranto@lemmy.world
    link
    fedilink
    English
    arrow-up
    42
    arrow-down
    6
    ·
    edit-2
    1 year ago

    I bet they will keep adding loopholes to keep websites bullying their visitors.

    why bother making legal frameworks when you can’t enforce them, there are hundreds of thousands of website including very prominent ones that hide the “reject all cookies” button after a second screen prompt. or flat out force you to opt-out of every second cookie category , just so you give up. they haven’t been fined. and they know EU authorities aren’t bothered either, so they keep infringing on the GDPR.

    • BlueBockser@programming.dev
      link
      fedilink
      English
      arrow-up
      33
      ·
      1 year ago

      Lawmaking is a slow and tedious process full of compromises, and the EU is apparently the only governmental body that cares enough to actually do something against the wild west of digital tracking. I for one am happy about that, and contrary to public opinion the GDPR is actually being enforced (albeit not strictly enough).

    • MethodicalSpark@lemmy.world
      link
      fedilink
      English
      arrow-up
      18
      ·
      1 year ago

      I saw one that required you to decline every single company that was purchasing marketing data from the site. It was like 300 companies long where you had to click the slider to turn them each off individually.

      Sometimes, it’s difficult to discern which setting of the slider is on or off. They use nonstandard colors or don’t explain in text which setting signifies each option.

    • Exosus@lemdro.id
      link
      fedilink
      English
      arrow-up
      2
      ·
      11 months ago

      My biggest qualm is that usually these sites won’t save it when you only allow necessary cookies. So they will ask you for every single session until you give in.

      • Kiddkao@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        39
        arrow-down
        3
        ·
        1 year ago

        No. Most of the time there is a Accept all button, but a Manage button and then another popup where you have to uncheck everything and then Save. Pretty annoying, especially on mobile

        • ADTJ@feddit.uk
          link
          fedilink
          English
          arrow-up
          36
          ·
          edit-2
          1 year ago

          You are both correct, the law states that it has to be as easy to opt out as in, but most companies are not implementing it correctly

          • Phoenixz@lemmy.ca
            link
            fedilink
            English
            arrow-up
            10
            ·
            1 year ago

            Yeah, they “accidentally” did it completely wrong because fuck the customers and the law.

          • OhmsLawn@lemmy.world
            link
            fedilink
            English
            arrow-up
            7
            ·
            1 year ago

            Yeah, California is supposed to have a “Do Not Track” option. I’ve hardly ever seen it.

            • efstajas@lemmy.world
              link
              fedilink
              English
              arrow-up
              4
              arrow-down
              1
              ·
              edit-2
              1 year ago

              Do Not Track is a browser setting. You enable it in your browser settings for all websites. All it does is ask the website to please “not track” you. Most sites of course don’t even check for the setting.

              The law in California is just that the privacy policy must clearly state if / how the site is honoring Do Not Track, not that it must be presented to you as an option or even actually honored at all.

        • TJA!@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          22
          ·
          1 year ago

          Yes annoying and also not allowed. You can tell your data protection agency which site is doing it and they will investigate.