Internet's biggest annoyance: Cookie laws should target browsers, not websites
Or just ban this kind of data collection. Is there any reason anyone would willingly click "Accept" when a website asks to share your data with 500+ partner sites?
Same goes for age verification.
There was the DNT header, that was a bit to simplistic, but was never implemented https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/...
The thing people need to understand here is that the annoyance is not due to lack of technical solutions, or regulations forcing something. It is explicitly wanted by the industry so they can maximize the consent rate. The browser solution is probably the best technical/user friendly one, but ad tech/data gathering industry won't have any consent. As they control most of the web, they will never do that
> Your browser becomes your personal privacy enforcer, and the law would require it to act on your behalf. Based on your one-time choice, it would be responsible for allowing or declining cookies from every site you visit. If a website tries to use a cookie with an unclear or undeclared purpose?
Browsers are something the end-user installs. Inserting the government into that doesn't make sense.
This sounds like the idea is for the site to add extra metadata that's not there now, about what each cookie does. Which would still involve mandating site owners to do things.
.
Also, both private mode and https://addons.mozilla.org/en-US/firefox/addon/multi-account... are a thing already, without government meddling.
I disagree that this should be in the scope of a browser.
Cookie banner are called cookie banners because they‘re most frequently associated with the opt in for tracking cookies, but this kind of opt in is required for any kind of third party involvement that goes beyond technical necessity.
Your browser has no way to tell what third party present on the site is a technical necessity and which one isn‘t. So you‘d have to tell it - making it part of the site providers problem as well. But this time its worse, because responsibilities are mixed between the site operator and the third party.
I've come up with an easy solution, which works almost all the time. When a cookie consent dialog interferes with me using the website, I close the tab and move on.
I've found a high correlation between cookie consent notices and low-signal content, so this strategy has actually saved me a lot of time I would've spent reading/watching something that doesn't help me.
I believe this is already starting to be solved via Global Privacy Control (GPC) [1], and has already been implemented in Firefox to replace Do Not Track [2]. All that remains is to see if lawmakers will catch up and make it a legal requirement to follow...
[1] https://globalprivacycontrol.org/
[2] https://support.mozilla.org/en-US/kb/global-privacy-control
California now has a law that requires browsers to have an opt-out setting (effective in 2027) [1]. So far, websites are required to respect opt outs via browser settings or extensions in California, Connecticut, and Colorado [2]. That is also the case for New Jersey [3].
[1] https://legiscan.com/CA/text/AB566/2025.
[2] https://portal.ct.gov/ag/press-releases/2025-press-releases/....
[3] https://www.njconsumeraffairs.gov/ocp/Pages/NJ-Data-Privacy-....
Of course companies could just - I know, weird idea - stop tracking you. Then you don't need those dumb consent boxes.
Is there any evidence that this law is achieving the goals it was designed to tackle? If not, is there any reason it still exists? Why don't laws have to continually justify themselves as a matter of procedure?
If I dare suggesting a technical solution to a non-technical problem, I think this just shows a mismatch between how we design applications and something called requirements, broadly speaking. If this has become a subject of discourse, I think we should just write cookies off as a component to rely on and try to deal with that instead of fighting over where the annoyance should be placed. It's just bad design.
We'll have to keep clicking cookie buttons as long as there are idiots who think that sites can "just" give up tracking (and go out of business because without targeting, internet ads are virtually worthless).
Why is this on the front page? The author apparently did not do any research or they would have discovered that was tried with the DNT header [0] Also there is no cookie law, just that websites need consent to track you (simplified).
uBlock Origin can block these if you check the "Annoyances" filter in the filter list. I think it's disabled by default because it has a higher risk of breaking sites, but I never have a problem. I haven't seen a cookie banner in a long time!
While we're talking about cookies, can anyone explain what legitimate interest is? And if it's an exception to consent then why can I reject legitimate interest? It just seems like another hurdle to rejecting all non essential cookies.
I believe that part of why Google is so invested in Chrome is this very thing. They don't want users to have more control over cookies and tracking via the browser.
One of the first things people would do if they really had control over their browsers is start blocking Google Ads. Google realized this early on, it's a huge potential threat to their main source of revenue, so they launched Chrome to influence, and eventually dominate, the browser market.
Google doesn't want users to have more control when it threatens their bottom line. It's part of why they've been trying to block ad-blockers.
> If a website tries to use a cookie with an unclear or undeclared purpose?
How is the browser supposed to determine a cookie's purpose?
The interface definitely should be implemented at the browser level.
If a user sets "allow performance telemetry, deny fingerprinting, ads, tracking" or "decline everything non-vital" once in the browser settings, he should never see a cookie banner ever again - with all of that communicated to the websites by the browser for him, and the websites being obligated to respect the user preferences.
The cookie banner vomit should be reserved only for browsers that don't support that. The fact that this obnoxious behavior somehow became the Internet's default is an atrocity.
Cookies are now stickers with writing on them and computers are now cars. Businesses that you drive up to or close to have license to slap a sticker on you whenever they want with whatever they want.
So we write a law to say "hey you gotta at least ask before you slap a sticker on, most of the time".
We all know why we didn't just make a sticker proof car. As long as the largest ad company in the world is also the defacto king of the internet we will have these issues.
Browsers have no way to determine what code or cookie is tracking and what isn't, and if websites are not targeted, they don't have any incentive to tell browsers "oh, this is for tracking, and this, no, it's not for tracking".
The best we have is heuristics content blockers currently use. But heuristics are not good enough for complying to such laws because there's no guarantee they work in 100% of the cases.
It follows that such laws can't target browsers and not websites.
At this point I’m wondering if “Deny All” and “Accept All” do the same thing on a lot of sites and it’s all too much of a mess to catch anyone.
Yes, I know that breaking the law is illegal, but laws only matter insofar as they can be enforced and are enforced.
> A pop-up, a slide-in, a full-screen overlay demanding you "Accept All," "Manage Preferences," or navigate a labyrinth of toggles designed by a corporate lawyer.
It's the dark patterns and lack of consistency that makes it worse. Some websites even refuse to allow you to reject data collection unless you pay to use their service (i.e. news websites)!
As others have echoed, we just need to make this large data collection illegal.
My least-favourite is websites with the "Pay or OK" model: "If you don't want more companies tracking you than were people in your high school, teachers and students both, you must pay us! [Pay] [Accept tracking]"
*Copy URL, close window, open private browsing session, paste*
As an aside, is anyone else getting LLM-writing-style vibes from the linked page, or is that just me?
For people who have reasonable browsers (i.e. you can install extensions) you can already live in this world. For example: https://addons.mozilla.org/en-US/firefox/addon/consent-o-mat...
Policing the tools instead of policing what is being done with them is the problem for me. Third party cookies have a valid reason to be used in federated authentication for instance, or a bunch of other valid purposes. Just ban shitty data collection practices.
Knives can be used to chop vegetables or stab someone. Don't ban their sale, ban their usage.
Since there are a handful (maybe dozens) of companies who implement this popup feature as a service (e.g. CookieYes), a browser plugin to automate the "no to all" could be handy. That is, the plugin would know the provider and navigate the labyrinth of settings to disable all of them.
I think there’s a small detail missing. Most browsers also track user behavior and use your data. I can’t imagine big tech companies fighting each other in court just to give you the best internet experience. The idea sounds good in theory, but in practice, I don’t think it would change much. What we really need are regulations that truly understand business models and target and punish those that abuse them.
For example, right now any company can ask for your consent ten times a day until you give up, and once you click “yes” even once, your data begins an eternal journey.
A few months ago, my Samsung TV (which I bought four years ago) suddenly blocked everything and displayed a new agreement on the screen with only two options: Read and Agree. There was no way to use the TV without accepting the agreement.
Deny All, Accept All, but I never (except in a handful of cases) see the Accept Required. Let us admit that there are cookies required for maintaining state within a web site and account.
I default to Deny All, but click on Accept Required when I see it (trusting that it does do what it says it does)
How do we help honest websites that avoid tracking compete better?
>We all do the same thing. We sigh, our eyes glaze over, and we click "Accept All" with the muscle memory of a weary soldier.
No. When I see a cookie banner that doesn't have a "Reject all" or at least "Reject non-necessary", I leave the website. When you look into the "Reject..." section, it often contains 1000+ of adtech shit you have to untick individually. Aren't these actually non-compliant with regulations? Makes you think twice about website owners if they choose to sell your data to adtech - seems like law does exactly what it was supposed to do. The problem is adtech which encourages to collect data websites have no business at collecting. If anything, non-compliant sites should be fined into ground and adtech outlawed.
If I could, I'd downvote the article.
As others have said, we already tried this with DNT. Unless websites are legally compelled to honor the signal, the signal is worthless.
But here's an interesting wrinkle that may illustrate further complexity:
> Essential Only: "Only allow data necessary for websites to function (e.g., keeping me logged in, remembering my shopping cart)."
I would never have called either of those examples "necessary for websites to function". They are both just convenience things, not essential things. So there may be a lot of discussion needed about category definitions here.
Internet's biggest annoyance: Idiots that still think data protection laws are only about one specific implementation of tracking (cookies) that can easily be blocked in the browser.
The whole debacle is a lesson in incentives.
You can't have laws that dictate the desired outcome in broad terms and trust companies to implement in good faith. Not when they have a direct financial incentive to implement it as obtusely as possible.
It's really unfortunately that in the public's eye the legislative attempt to steer towards a positive outcome is seen as the cause of the pain.
Hey, I'm the lead developer on DataGrail's(1) Consent product (cookie banner). I know a fair bit from having been involved with this for years, and talking to a lot of customers.
Happy to answer questions and clear up misconceptions, especially the one about "giving DNT force of law": we already have Global Privacy Control (GPC), and it's already required in (significant parts of) the US, and it's being enforced.
I can say we've tried really hard to prevent a lot of the malicious user interface issues, and to respect the GPC and DNT signal (no banner pop). We've tried to balance the company's need to keep compliant (because frankly, many of the complaints here about "legalese" aren't just deceptive UI (dark patterns), but done on the advice of counsel), and still operating (marketing needs analytics/ad tracking). And we're concerned about the user experience for what is admittedly an intrusive tool, but required.
(1) I'm not a spokesperson for the company, experiences and opinions are mine.
And it would solve nothing.
GDPR already mandates that "Refuse non essential" button should be the same size and prominence than the "Accept all" button, every website around the globe does not care (apart from major players like Google, Apple or Amazon) and national data protection authorities absolutely do not care.
We already had one attempt with "Do not track" header, nobody was willing to commit to it because it impaired business. Same would go with OP proposal.
Websites are forcing this banner on us because they are greedy morons that would rather drain our data for money than incite us to pay for their work.
With all the AI we have, shouldn't browsers be able to click the cookie banners for us? In a way that we want?
Oh man I wonder what arguments will be presente- oh thats a banner for selling my data to advertisers I see
Yes, same with access restrictions. Parents should be able to limit types of content accessed at the device level and websites and app makers are just provided that.
Remove any notion of age blocks that kids just lie about, and let parents determine what is suitable for their kids.
> Your browser becomes your personal privacy enforcer, and the law would require it to act on your behalf. Based on your one-time choice, it would be responsible for allowing or declining cookies from every site you visit. If a website tries to use a cookie with an unclear or undeclared purpose? The browser simply blocks it—no questions asked.
ChatGPT writing aside, how does the author expect browsers to do this exactly? It's not as if website developers are declaring the purpose of each individual cookie. Browser developers already added a Do Not Track header option and to the surprise of no one, it was a massive failure because websites have every incentive to skirt this stuff.
And today the GDPR law extends much more than cookies, it requires explicit consent for processing personal data in general. Your browser has absolutely no bearing on whether a website's backend will save the pages you visited, the text you entered, your IP address, and whether it shares it with 500 partners or not. This problem fundamentally requires cooperation from website developers and that's why we have the law targeting websites as it is today.
I simply do not care if advertisers form an accurate view of my desires and beliefs.
current malicious compliance by websites aside, would this not put the onus on browser devs to, site by site, identify which cookies are actually "necessary"?
side note: ublock origin has optional filter lists for blocking these banners
I think targeting web sites was the right move because it was the web sites who were doing all the tracking.
Of course now we also have browsers to worry about as well, being products of the same ad companies that were clogging up the web sites in the first place.
But if cookie laws pushed data collecting web sites to malicious compliance, surely similar laws would do the same to (also data collecting!) browser providers. I’d prefer to avoid inviting browsers to add another layer of bullshit. And there’s no reason it would make web sites behave differently… if I’m a web site bound to comply with laws, I’m probably going to cover my own ass and keep doing what I’m doing without assuming the browser will handle it. Rendering the browser controls redundant and ineffective.
If we want to look for core flaws, look at allowing a handful of giant companies to control the market for personal data — or to traffic in personal data at all.
Ad companies have convinced the whole economic system of the Internet that they are inevitable and essential. They are neither. But we won’t fix that either.
The solution is to get off the damn internet, but short of doing that, I’ll prefer to keep my options open to disable telemetry on my own terms.
Here’s something I would like, though: total sandboxing per web site. Let every domain be alone in its own room of cookies and telemetry. Let it think I only ever visit that site, and optionally always for the first time. I shouldn’t have to blow away all my cookies all the time just to keep Facebook from following me all over the web.
It's also the case that really making cookies painful just pushes more tracking to other places such as browser fingerprinting, which is much, much more difficult to defeat than cookies.
> "2. It Punishes the Little Guys"
Yeah ... I just don't do it. I'm not based in the UK or EU and I don't care if they try to "punish" me.
For Knuth's sake: The GDPR is NOT about cookies! The older 'cookie directive' is also NOT about cookies! They're about a third party storing their data on your computer, or storing your personal data on their computers - no matter what technology is used.
Nothing in the GDPR stops websites from honoring "Do not track" and then _not asking_ if it's present. They don't have to ask if they don't track you! They don't have to ask for a technically necessary session cookie that appears after you actively log in!
Websites ask because they want to track you! A 'law targeting browsers' would not help because people would say no to cookies, and then websites would ask about some other way to track you. Because they want to track you.
Amen to that, and to Age verification mentioned by @vmaurin. I get cookie rage sometimes from those banners. Most definitely I suffer from consent fatigue.
The browser doesn't know what each of the cookies are for so that's still relying on the sites to properly accept this new setting.
Can anyone make out who writes nednex.com articles?
A browser extension or addon that automatically sets the user's preferences and hides the site's popup. Does it exist?
The cookie laws make it so that web sites have to ask permission to track you, surveil you, sell your data, etc. And surprise, almost every website wants to track you, surveil you, and sell you data. The EU should have just banned the unethical behaviour, the middle ground of every single website asking for unethical tracking is a travesty.
The EU’s principal contribution to the web in a decade has been these shitty cookie popups.
My 2c: actually it’s the problem of mixing security and identity mgmt with tracking and marketing
The main reason I don’t turn off cookies everywhere is so many sites put my login token in a cookie. Hopefully as a random nonce but even so, it’s using cookies for security.
We are all so used to it is a massive blind spot.
We should move to Fido/webauthn - everywhere. Most all the population has a really impressive Secure Enclave in their pockets
Letting the browser handle cookie consent makes it feel like part of a privacy operating system.
Or simply stop tracking and selling user data… sell real services or native ads
What about by default web browsers are required to have Javascript disabled and uBlock installed and running? They could do a reverse Google, and make it so its impossible to uninstall uBlock.
If we are going to go down the path of mandating legal liability on software makers of a neutral communication medium, then the EU should just break the commercial web.
I understand the point of convenience, and having discussions and changes on implementations is good, but there is a reason that the law targets websites and why the whole discussion is around websites rather than browsers: the websites (their servers) are those who actually collect the personal data. The law does not target browsers because the browsers (their companies or whatever) are not the data controllers in this case, the website owners are.
Moreover, consent by law tends to need to be specific: you give consent for the specific purpose to the specific company. Of course there are and should be ways to convey denial of consent by "do not track" style headers, but I am not sure this can solve all the issues.
I think blaming the law is bullshit. When a website throws a cookie popup obstructing you from using it, it is because they really want you to click on "accept all". There is no other reason to do this. It is terrible UX and not all websites do this. It is a totally conscious and intentional decision.
I wanted to read the article about cookies but gave up after seeing this many ads.
The annoyances are dependant in part on the software (browser) used
I do not use a popular browser to make HTTP requests or to read HTML. I never see these annoyances. I don't store cookies except for HN and a few other exceptions. Nor do I run Javascript. The annoyances cited in the OP appear to be targeted at people who use certain web browsers that enable these "features" by default
This demonstrates to me that the annoyances are in part contingent on the browser, e.g., browser "features" such as Javascript
Perhaps convincing all www users to use the same small set of Silicon Valley-controlled browsers is prudent according to some Silicon Vallley logic. But when these browsers are all provided by commercial entities that profit from "advertising services" and each has "business" interests^1 that run counter to the interests of some www users,^2 then it makes sense for www users to consider alternatives
1. For example, data collection, surveillance and targeted advertising
2. Thereby prompting government regulation
For example, it is possible to retreive information from websites, e.g. "check a product price or read an article", using software that does not not serve an internet advertising objective. No cookies or Javascript required
It's pretty sad that Europe basically weakened the web experience for everyone. Pure vanity. Pat themselves in the back and tell themselves we're all more privacy oriented now. Great.
Except that the noble cause has not been achieved but it has made the web worse.
Daily reminder that no law requires websites to show popups. They could simply stop tracking users. Your website will still work, trust me!
So why didn't GDPR require Do Not Track to be honored? It was already there, to be expanded on if needed.
But I can't imagine copmanies would want that. They benefit from cookie dialogs fatigue, and for some reason people blame GDPR of all things for surveillance tech being annoying in how they ask for permission.
The GDPR people want the banner noise to make you feel like cookies are bad. Without that, we would go back to the status quo from ~five years ago when websites just worked and did whatever with cookies, and there weren't stupid banners everywhere.
> Imagine if every time you got into your car, you had to manually approve the engine's use of oil, the tires' use of air, and the radio's use of electricity
Metaphor is incorrect. Tracking you is not essential to the function of the website. A more appropriate one would be:
> Imagine if everytime you got into your car, you had to approve or reject GM tracking your trip, the number of people in the car, recording your conversations, and sharing all of that with 500 indiscriminate partners including your insurance, law enforcement, supermarkets in the area, and why not your spouse or partner.
Or better even
> imagine if every time you entered a physical store they asked for your id and made you sign a contract that allows them to track you and sell that information
The proposal in that article sets a default tracking preference, it's trying to fix a UX issue with more UX. What it's missing is that there's no EU mandated UX. You don't have to show a banner if your cookies are not used to track random people on your website. The reason why it's bad UX is that it's bad on purpose, skimming the line of legality by deploying as many dark patterns as possible to trick you into consenting to your soul and your children's, in a desperate attempt to make that god awful banner go away and finally access your shot of endorphins.
Websites could very well decide to use only non tracking storage by default, and not show you a banner. Or have everything checked off with a single click to make the banner go away. Sending you to a separate page full of checkboxes and legalese is a choice, and a nefarious one, because most people don't want to be tracked.
If anything I think the law should be strengthened: make tracking default-off, and allow users to consent to more if they so wish. Not consenting should be a single, obvious click (or no click at all), rather than a sub menu. Your information should not be shared or sold by default, or even better, not sellable at all.
This screams of classic techno-optimist "just build one simple solution" mindset.
Yes, consent fatigue is real and nobody likes these cookie banners. Which is also the exact reason why I think they are important. Making tracking visible to the user is the point. It creates an actual "cost" for tracking by forcing websites to actively ask the user to consent. The moment you hide it in a one-time set-and-forget browser setting is the moment when informed consent dies, tracking becomes invisible, and accountability disappears.
We are also looking at very perverse incentives here: Who controls the biggest browsers? Google's Chromium is basically the engine behind 80% of the browser market right now. Apple and Microsoft aren't exactly neutral parties either. Google is an advertising company, and Apple and Microsoft still have a huge interest in data. The idea that you should trust these parties to implement a "simple" consent system that runs counter to their business model is... optimistic, to put it mildly.
You would also have to trust websites to accurately categorize their cookies. If your cookie preferences are a set-and-forget setting in your browser, are you sure that random website you just visited didn't declare Google Analytics as "essential" for their website to work? Are you going to check?
The blog post also assumes cookie preferences are universal, but perhaps I'm okay with analytics on a random tech blog but absolutely not on a website about medical issues.
The funniest part: The "Do Not Track" signal already exists, and it failed spectacularly. The post even mentions it. DNT was supposed to be exactly this simple, browser-level signal. And websites just ignore it.
Sidenote:
> Imagine if every time you got into your car, you had to manually approve the engine's use of oil, the tires' use of air, and the radio's use of electricity. It’s absurd, right? You’d set your preferences once, and the car would just work.
Yes, absurd. Except that's more or less happening with different features. Every time I start my car, I need to manually disable the speed limit warning because it's annoying, and the lane keep assist because I feel like it is overly aggressive and sometimes genuinely dangerous. Also, the analogy is exceptionally weak. The author compares mechanical necessities (oil, air) with optional data extraction. That's hardly the same thing. Cookies required for basic functionality of websites is usually enabled by default. A more appropriate equivalent would be a popup by the car's dealership asking you to track everywhere you drive, and how fast, and if you looked at some billboards along the way.
we had it already, it was "do not track" header, whole ads industry worked very hard so in the end it went nowhere...
> Imagine if every time you got into your car, you had to manually approve the engine's use of oil, the tires' use of air, and the radio's use of electricity. It’s absurd, right? You’d set your preferences once, and the car would just work.
A funny comparison to me. Actually, I have to manually disable some EU regulated features every time I get into my car. The alerts every time I go 1kmph over the speed limit aren't very relevant for me, and the lane keep alert buzzes as soon as I'm slightly over halfway to the left, but lets me drive along fine if I'm even over the line on the right.
I'd actually like to use both of these, but only if I could calibrate them to my needs.
...
Just like cookie banners.
Internet's biggest annoyance: AI slop blogposts
This seems like a good opportunity for a browser company like Mozilla to offer a GDPR compliant library that is easy to integrate that automatically applies user privacy preferences instead of showing the GDPR prompt. Opensource the library, and promote it. Try to make it an open protocol so other browser can implement this.
To be real though I'm sure that many sites would not want this because they rely on GDPR fatigue and users to just accept instead of taking a few seconds to opt-out.
cookie laws shouldn't exist. all browsers have privacy settings and have had them for many years.
Internet‘s biggest annoyance? Websites with more ads than content, AI generated BS flooding the web, links to important information that don’t work anymore (thanks archive.org to help in that case most of the time).
Also, a lot of people forget that you don't need a cookie popup. apple.com or tesla.com doesn't have one. Plenty of others, but they're quite rare.
I absolutely hate unnecessary cookie popups, e.g. when you're already signed in and have accepted privacy policy. Or, when accessing a parcel tracking service or similar.
It's always annoying, but there are clear cases when you don't need to track users and it probably just drives them away or makes them angry.
The author's idea is "A Simple, Radical Idea: Put Consent in the Browser". So when you set up your browser, you get a single choice of whether you want websites to track you and sell your data.
Here's an even more radical idea: the browser doesn't even ask you this, and by default it just respects the user's privacy and blocks all third party tracking.
Can you imagine an internet where the user is put first?
To solve the root problem, we need to steer away from the ad-based revenue model.
We use websites for "free" paying with data. A cynical take on that is "if you are not a customer, you are a product".
If there were no adverts, quite a few things would change:
* much less incentive to track users
* way less distractions
* higher quality content (since it is less about clickbaits and shear volume of visitors)
Yes, it means paying for stuff. Would love to pay per visit or type spent, provided it is easy.
>> Most people do the same thing: sigh, their eyes glaze over, and they click "Accept All" with the muscle memory of a weary soldier.
My instinct is to find the other option is either easy or obfuscated a little bit. But the EU regulation requires that it not take more than 2 clicks to do the other thing.
I thought cookies were kind of evil back in the 1990's and I still think they need to go away entirely.
I said the same years ago
Uh... no.
The purpose of the laws (GDPR et al) is to give me control over who does what with my data, data about me. The operator of the website is who the law binds. It's not even about the website - if I phoned or emailed, the same laws would apply. You need my explicit consent to process my data in a number of ways that you'd like to, it makes you money, but I don't want you to.
The processors of this data can't make as much money off selling access to data about me, if I have these rights. So they petulantly get in my face as much as possible, via banners on websites, to annoy me and confuse me as to why these banners are even there, and try and trick me into letting them make more money.
The banners, which a browser could block or autofill, are just the surface. And they're an attack surface, so even if we agreed a way for the browser to pass on your preferences (we already did this, it's called the Do-Not-Track or DNT header, and it was a complete failure because website-owners just ignored it), website-owners would add a second layer of "ah, I see you said no automatically, but are you REALLY sure you don't want to let me make more money from your data?"
NOYB is very good for chasing after such charlatans, and forcing companies to obey data protection laws. Here is some of their guidance, and listing of the dark patterns used by non-compliant companies: https://noyb.eu/sites/default/files/2024-07/noyb_Cookie_Repo...
By far from the biggest annoyance, to me that would be ads, and the slop that it incentivizes.
Although, I too had enough of the cookie popups. Let's just ban (and enforce banning) cookie tracking, and be done with this nonsense.
Interesting idea.
Regulating browsers could regulate a free and open internet though as well.
Only permitted to use certain browsers that can do certain things.
And this article is full of another failure of the internet - adds…
The GPC flag is a setting in browsers that attempts to alleviate the cookie popup issue
There can't be a blanket consent. You cannot consent to contracts you've never seen. You can't waive your rights away. Browsers could only implement a blanket deny, but that wouldn't stop websites from showing cookie banners, because they want you to click Accept All.
I would not trust browsers to keep my preferences though. Firefox keeps resetting stuff I disabled before. Zero trust zone unfortunately.
HIPAA for all personal data. Period.
You want to share it? Get my express consent.
If you hand me a book, you can't then complain I have your book.
GDPR is pretty annoying for sure, a close second being websites that have as many ads as this one.
Why would this need to be law? My browser already does this, because I, the "user" in "user agent", wanted it that way. Some sites don't work, but that's their choice, not mine, as it should be.
>"Imagine if every time you got into your car, you had to manually approve the engine's use of oil, the tires' use of air, and the radio's use of electricity. It’s absurd, right? You’d set your preferences once, and the car would just work."
This is an excellent analogy of the problem!
>"Yet, that’s exactly what we do online. We are asked the same questions, by every single website, every single day. This approach is broken for three simple reasons:
Consent Fatigue is Real: We're so bombarded with these requests that they’ve become meaningless. The banners are an obstacle to be cleared, not a choice to be considered. True consent requires a conscious, informed decision, not an exasperated click to get the pop-up out of the way."
Consent Fatigue -- That phrase is going into my 2025 lexicon! I love it! (Well, the phrase itself, not what it stands for! You know, the words, not the meaning -- the symbol, not the referent! :-) )
Now I like the article's ideas and all (good ideas, very thought provoking, etc., etc.) -- but if cookie consent is delegated to people's browsers, then what if a court case comes up where someone is being sued for a cookie they agreed to, they're asked in court if they agreed to the cookie, and they respond with something like the following:
"No Your Honor, I personally did not agree to that! The browser agreed to it! The browser is guilty, not me!"
:-)
(The same problem could occur outside of browsers, with AI's, if they are acting on behalf of someone... or chain of other AI's...)
Anyway, great article!
But if we target only fifty browsers instead of five million websites, we cut ourselves off that sweet sweet punitive monies. it's much more lucrative for lawyers to have a 5-million-strong pool to sue rather than a 50-strong crew, which has significant money to pay lawyers of their own.
Remember how many members of parliaments have a legal background. That's not a coincidence. It is safe to assume laws are deliberately written badly to create more work for their caste.
lawmakers are mostly tech ignorant maybe that's why.
The point of the 'annoy with consent banners' was to get people to 'allow (to be tracked) '.
Denying would, in many cases, go up to hundreds of yes/no options, with no 'deny all'. Makes getting coerced permission easy, and active denial almost impossible.
Of course, by not tracking, they dont need any of this crap. But surveillance capitalism must continue. Sigh.
[dead]
Most people miss that the Cookie Law was essentially the training phase for GDPR. It conditioned users to reflexively click “Agree” just to make popups disappear. Once that behaviour was normalised, GDPR arrived - now those same clicks legally authorise data collection and trade that used to exist in a grey area.
That's why the more logical and simpler ideas were never on the table.
Instead of forcing those cookie banners Europe should have had an Airbus moment and fully funded a privacy first web browser, then Europe would be a player in the web and not looking in from the outside.
It already exists. It is called an ad blocker, or content blocker, whatever you want to call it.
And we don't need a law for that, it is already working. We may need a law to protect that freedom, and for most part, it is on that side as we already have rulings saying that ad blocking is not illegal, and enforcement of browser choice, some of them having built-in blockers.
This is the way. The law is broken and was built on misunderstandings and is not enforceable, and also caused a ton of headache for internet browsing (no one really wants to enable cookies just to read a news article?). Enforce it at the browser level (by law) to prevent private information BY DEFAULT unless the user really wants to give their private information, and if they want to, then they can comply.
Sorry for all the companies that like to track personal information, but this is how it has to be (not sorry).
Maybe it will one day lead to elimination of (most) cookies and lead to cleaner browsing experience.
Exactly that, and how regulations are a sinking costs, at times for absurdly poor impact.
the solution is simple, shift the cost of compliance, onto regulators!
it would work like this:
1/ Somewhat competent but disconnected from reality politicians vote for adding yet another rule.
2/ Incompetent, disconnected from reality, so called Experts articulate how to implement the rule.
3/ Estimate costs and report back to clouded brains up there.
4/ Clouded brains but budget wise acute, look at the numbers, and say no way
I bet we would get regulations that would always be welcomed by industries.
We could start by rolling everything back, the "economy", you bet, would finally "recover".
Without incentive to make it right, it can't be a surprise you get what you seeded for.
The problem here is not the law, but malicious compliance by websites that don't want to give up tracking.
"Spend Five Minutes in a Menu of Legalese" is not the intended alternative to "Accept All". "Decline All" is! And this is starting to be enforced through the courts, so you're increasingly seeing the "Decline All" option right away. As it should be. https://www.techspot.com/news/108043-german-court-takes-stan...
Of course, also respecting a Do-Not-Track header and avoiding the cookie banner entirely while not tracking the user, would be even better.