Yes, This Site Uses Cookies, Because Nearly All Sites Use Cookies, And We're Notifying You Because We're Told We Have To
from the even-though-it's-silly dept
If you’re visiting our site today (and I guess, forever into the future if you don’t click “got it”) you will now see a notification at the bottom of the site saying that this site uses cookies. Of course, this site uses cookies. Basically any site uses cookies for all sorts of useful non-awful, non-invasive purposes. We use cookies, for example, to track your preferences (including when you turn off ads on the site, which we let you do for free). In order to make sure those ads are gone, or whatever other preferences stay in place, we use cookies.
For the last few years, of course, you’ve probably seen a bunch of sites pop up boxes “notifying” you that they use cookies. For the most part, this has to do with various completely pointless EU laws and regulations that probably make regulators feel good, but do literally nothing to protect your privacy. Worst are the ones that suggest that by continuing on the site you’ve made some sort of legal agreement with the site (come on…). These cookie notification pop ups do not help anyone. They don’t provide you particularly useful information, and they don’t lead you to a place that is more protective of your actual privacy. They just annoy people, and so people ignore them, leave the site, or (most commonly) just “click ok” to get the annoying bar or box out of the way to get to the content they wanted to see in the first place.
Here’s the stupendously stupid thing about all of this: you are already in control. If you don’t like cookies, your browser gives you quite a lot of control over which ones you keep, and how (and how often) you get rid of them. Some browsers, like Mozilla’s Firefox Focus browser, automatically discard cookies as soon as you close a page (it’s great for mobile browsing, by the way). Of course, that leads to some issues if you want to remain logged in on certain pages, or to have them remember preferences, but for those you can use a different browser or change various settings. It’s nice that the power to handle cookies is very much up to you. We here at Techdirt like it when the control is pushed out to the ends of the network, rather than controlled in the middle.
But, because it makes some privacy regulators feel like they’ve “done something”, they require such a pointless “cookie notification” on sites. Recently, one of our ad providers told us that we, too, needed to include such a cookie notification, or else we’d lose the ability to serve any ads from Google, who (for better or for worse) is one of the major ad providers out there. We did not get a clear explanation for why we absolutely needed to add this annoying notification that doesn’t really help anyone, but the pleas were getting more and more desperate, with all sorts of warnings. We even asked if we could just turn off the ads entirely (which would, of course, represent something of a financial hit) and they seemed to indicate that because we still use other types of cookies (again, including cookies to say “don’t show this person any ads”), we had to put up the notification anyway.
The last thing we were told is that if we didn’t put up a cookie notification within a day, Google would “block us globally.” I’m honestly not even sure what this means. But, either way, we’re now showing you a cookie notification. It’s silly and annoying and I don’t think it serves your interests at all. It serves our interests only inasmuch as it gets our partner to stop bugging us. Don’t you feel better?
You can click “got it” and make it go away. You can not click it and it will stay. You can block cookies in your browser, or you can leave them. You can toss out your cookies every day or every week (not necessarily a bad practice sometimes). You’re in control. But we have to show you the notification, and so we are.
Filed Under: advertising, control, cookie notification, cookies, eu, preferences, privacy, privacy theater, silly pointless regulations, silly regulations
Companies: techdirt
Comments on “Yes, This Site Uses Cookies, Because Nearly All Sites Use Cookies, And We're Notifying You Because We're Told We Have To”
No Javascript browsing
So… question.
Do your cookies land on my computer even when I am using NoScript to block all JavaScript (on virtually ALL sites, so don’t feel singled out)?
If the answer is no, could I ask a modification of your cookie notice? … that it require JavaScript to cause it to be displayed?
Or are Google’s robots just stupid enough not to be able to make that leap?
Re: No Javascript browsing
The Techdirt homepage tries to set a cookie unconditionally when I open it.
I don’t know if it’s because I’m blocking cookies or don’t have JS enabled, but the "GOT IT" button leads to an infinite redirect loop.
Re: No Javascript browsing
Cookies do not require JavaScript to be set. In fact it’s even something of a headache to set a cookie via JavaScript, whereas many server-side languages it’s a one-liner.
So… Your Noscript is almost certainly not blocking cookies.
Source: Web developer for 10+ years.
Re: Re: No Javascript browsing
My cookie was blocked.
Re: No Javascript browsing
Cookies are set and sent in HTTP, not Javascript.
The phrase "got it" is most rude. "Got It!"
Re: GOT IT
How about a 2nd button that says "Don’t Give A Fuck" because all of the data that can be captured for a cookie can be read out of your servers logs. And if you have a cdn that’s in the EU, then you’ll need a button that denies you permission to set cookies.
As a webmaster and web user it’s a pointless legislation. As a webmaster I add a bit of code and extend the privacy policy some what. I make sure the consent is placed on the screen in such a way that you can still read the content whether you consent or not.
As a web user it’s a damn pain in the arse (I’m from the UK, so arse). No one looks at the policy that each website has implemented. It just slows my pace around the web and does nothing more. End of.
Re: Re:
There’s literally a filter for uBlock Origin that blocks cookie acceptance scripts. I don’t know if it accepts them or rejects them by default but, I generally don’t see them at all.
Re: Re:
What it does do is make everyone aware of how pervasive the use of cookies is, and of privacy as an issue in general. It makes people have a negative association with cookies (cookies = annoying pop-ups). That is the only good thing. Otherwise I agree with you. A new European law is coming that forbids sites from forcing users to accept cookies in order to view the site (except truly functional/necessary cookies, which concept is defined in detail in the regulations). This should help a bit more.
Cookie Preferences
I prefer chocolate chip, or pecan sandies, thank you very much. Though macaroons would do in a pinch. Can you accommodate me, daily? A dozen would do nicely.
Re: Cookie Preferences
Sorry, Techdirt only offers oatmeal raisin cookies… The flavor no one ever asks for but is always offered, just like the useless cookie notification that I had to dismiss twice!
Re: Re: Cookie Preferences
I don’t mind oatmeal raisin, in fact my cardiologist prefers them. Fuck my cardiologist. 🙂
Re: Re: Cookie Preferences
You got served oatmeal raisin cookies?
All I got are cow cookies, and they’re not very tasty.
I intend to keep six feet or two metres away from the lot of you until all of this blows over.
You know what? Fuck a bunch of Google and other sites that make arbitrary demands on short time frames.
I mean, it doesn’t cost me anything because I tell Google to go away in my robot.txt already. But these "dance, monkey, dance" demands drive me nuts.
To the PM who is worried about getting this done by whatever deadline you’re afraid will hurt your bonus: I hope you stub your toe.
Re: Re:
You do realize that it is the EU putting pressure on Google to put pressure on everyone else that is causing this, don’t you? It is evidenced by the uselessness of other EU edicts, whereby this fall right in line.
Re: Re: Re:
I’m aware of the legal pressures. But no court in the EU told Google to give small sites 24-hours-or-else-notices.
See, responsible adults deal with unreasonable demands by sorting things out and trying to do the right thing. And then there’s people like this, who make it someone else’s problem.
Re: Re: Re:
You realize the EU doesn’t have jurisdiction to determine how Google treats companies based in the US in how they interact with US users visiting their website from the US, right?
Re: Re: Re: Re:
The US seems to think their jurisdiction extends worldwide. FATCA is one prime, steaming example… their abuse of trade pacts to dictate copyright law to other countries is another. I doubt that you’ll get much sympathy abroad by claiming US sovereignty is in some way being infringed if the US has zero respect for the sovereignty of anyone else.
Re: Re: Re:2 Re:
If you or your company benefits from the infrastructure of this country including the postal service, you are expected to pay a percent of your income back to the country to help keep it going for next year. By hiding part of your income in offshore accounts, you are trying to have your cake and eat it too.
Re: Re: Re:3 Re:
You’re missing the point. FATCA is being applied to dual citizens of other countries while they’re living in those other countries. For instance, Canada’s leader of Her Majesty’s Official Loyal Opposition would be one of many directly in FATCA’s crosshairs. Who delivers his mail? CanadaPost.ca – not USPS – so why should he be part of your tax base when he does not live in your country and your government provides him nothing?
Re: Re: Re:4 BECAUSE! -- WE CAN!
BECAUSE!
WE CAN!
The basic psychology of several major different (meaning not connected) groups is world hate, world dominance, world control, and world slavery under their elitist guidance. The belief that they are exceptional which means that the world should bow down to their expertise.
The problem comes about just as the German / Russian problem came about in who is going to be in control and whose psychology is going to dominate. The groups violently do not agree on who is going to be in control while they have a confluence of interest in maintaining the (social, financial, political) system.
For the past 100 years eugenics in one form of another has been the guiding thought pattern of the elitist. Do, believe, and say what we, your superiors, say or OFF with your head. Combine this with the elitist control of government and you have a perfect fascist thought and agenda.
For a good description read "1984".
As in "1984" fascist masquerade as communists which leads the unenlightened to believe that the US is a democracy where individual thought counts not realizing the very platforms such as Google, Facebook, Amazon, et are are owned and controlled by the fascists elitist who are screaming that they are communists the loudest.
When you have a $100 billion(US billion) you have to have this someplace. You can own property – land and money (gold, silver) but they do not produce wealth. You produce wealth by controlling companies.
Note the word control. Here is an example. The Big W a company (now defunct) once had three classes of stock: Class A and Class B Preferred and Class C Common. Each class of stock elected 1/3 of the board of directors. There was 100,000 class A shares; 10 million class B shares, and 200 million class C shares. Total control equal ownership of 50,001 of class A plus 5 million and 1 shares of class B. This was owned by one individual. And! As far as what the owners of the 200 million shares thought – How was that relevant?
With 100 Billion multiplied in such a fashion over a number of major companies and their shares owned by foundation and non government agencies you have world control and the New World Order of facist complete total control of the world elitist.
And as far as the socialist and communists go who cares they have no real power. If they had real power they would be fascists.
I’mjustheresoIdon’tgetfined.gif
This sort of thing makes me want to toss my cookies….
Thanks a lot EU, now I have ANOTHER cookie.
Can i have a permacookie that makes sure i don’t have to click ok again?
nom nom nom
Re: Re:
The webmaster helpfully gave the annoying position:fixed (ewww!) bar an id of "cookienotice", so you could permanently hide it with a stylesheet. This would work regardless of any cookies you stored, since it would be a purely client side fix to this bit of obnoxiousness.
I think this should work:
In the meantime, a request to the site master: mind naming and shaming the idiots who pushed you to do this? I find the banners annoying on principle, and I especially hate position:fixed banners because most browsers seem to get stupid when trying to use a full-page scroll jump in conjunction with fixed banners.
Re: Re: Re:
Actually, i just want the cookie so i can permanently store it while other cookies which do not interest me or which i reject may be deleted.
Not that css isn’t fun sometimes. Bad scripting practices, on the other hand, such as you have mentioned, should be killed with fire.
Your ad provider told you that their policy requires you to show a cookie notice, even if you cease to do business with them? I guess I haven’t "got it".
Can you stop trying to set cookies until someone tries to customize the site? My browser shows a "set-cookie" header when just opening the Techdirt home page. I hadn’t tried to do any of the stuff you said you use cookies for.
I almost exclusively interpret those cookie notifications as malicious and hide them every time I visit a website instead of click them. I don’t understand the legalese but I do understand that I lessen the likelihood of unknowingly entering into a contract adverse to my interests if I NEVER click okay.
Re: Re:
A few sites (though increasingly many) do what the Commission originally intended, giving the choice to accept or reject each cookie along with an explanation of what it is used for (so you can reject everything except session login cookies, for example). The GDPR also requires personal data to be used only for the purpose for which it was ostensibly collected. The guardian was one of the first to do the specific purpose notices as intended, and IEEE does it as well.
The commission put a requirement to do that in the first draft, but lobbyists got at the bill and watered it down to the pointless notices.
What would help is putting a requirement to use fixed IDs within a domain so your browser can remember which ones you rejected and automatically reject them in future.
I’m trying to decide if I want a sugar cookie with pink frosting or a peanut butter cookie. Both are winners in my book.
‘Sfunny, I don’t see any such notice. Perhaps AdGuard is earning its keep after all.
The rest of what I have to say is just so much blathering of an old curmudgeon, so I’ll get off of your lawn now…..
Mike,
Based on how you wrote your article, it sounds as if the ad provider (rather than Google themselves) said you’d be blacklisted from Google if you didn’t put the cookie notification banner. Is this true or am I misreading things?
Re: Re:
I think idiots like to escalate things, whether true or not. Maybe they think the G would delist td and then selling adspace on td would be lost. Or maybe just someone trying to be helpful, the way that sometimes goes. Pretty sure you read it correctly.
Re: Re: Re:
An Ad Provider (that isn’t Google) threatening a Google Blacklist is something that should be looked into and reported on.
Re: Re: Re: Re:
The ad provider told us that we’d be "blocked on Google globally." We asked for clarification as to what this meant, and we did not get it. Just more urgent pleas to please put up the notice. We’ve been talking to them for a while trying to get clarification and we’ve been unable to get any real clarity beyond "this needs to be done." It’s been very frustrating.
And, yes, the immediate reaction of some people is "find a different ad provider." And, we’re always on the lookout for a better ad provider, but honestly, every time we experiment with one they’re terrible. Our current partner, at least, has done a good job keeping terrible ads off the site (or getting rid of them if any sneak through). Every other provider we’ve tested promises only good ads, and then immediately fills the site with filth and junk and we have to get rid of them.
So, yeah, if there’s a good ad provider out there, we’d love to go with them. It’s just not easy to find.
Either that or we just get rid of ads altogether, which honestly, I’m tempted to do. Though, that would leave a decent sized hole in our budget.
Re: Re: Re:2 Re:
Basically, you had to go with the least bad. I hate when anyone has to deal with those sorts of decisions, but what can you do? ????♂️
Re: Re: Re:2 Re:
I do understand that conundrum. I’m just curious from what position of influence an ad provider (that isn’t Google) gets off on threatening a Google blacklist.
Re: Re: Re:3 Re:
They implied that Google told them this, and they were passing it on to us. We asked for more clarity and specificity and they just pointed us to this page: https://www.cookiechoices.org/
Re: Re: Re:2 Re:
A guess: some moronic manager or exec came up with this interpretation of reality and passed it down to all employees. Said manager/exec refuses to ever admit to being wrong, the frontline employees can’t tell you "it’s because a higher up is being a moron", and the manager/exec won’t take calls from clients like you to explain their reasoning.
It’s fallout from the abuses. So many entities abused cookies for so many bad things and refused to do anything about user anger or even admit they were doing it that the response turned from "Please stop the abuse." to "We find your terms acceptable." (in response to the abusers’ position that allowing even benign cookies without restrictions means having to allow any and all cookies without restriction).
Re: Re:
And how does this not transform the situation into abusers forcing people into agreeing to contracts codifying "consent" to their abuse?
Re: Re: Re:
Because under EU law if you reject the contract they can’t use your data.
I went to the Neiman Marcus site; they left this cookie in my browser cooking.nytimes.com/recipes/9465-the-250-cookie-recipe and billed me two hundred and fifty dollars; now I am bankrupt http://www.nytimes.com/2020/05/07/business/neiman-marcus-bankruptcy.html and it’s all your fault. You’ll be hearing from my lawyers…
This is why I love Ublock
I right click on annoying pop up banners and hit "block element".
No more annoying banner. Life is good again.
Cookie?
Mike, what kind of cookies does your writing staff prefer? I’m assuming you’re working from home… if so I’ll need that address… but if there’s a group of you in an office we’re good there.
Chocolate chip?
Peanut butter?
Oatmeal raisin?
Please don’t say M&Ms… those don’t ship well in this heat.
Also how many staffers? I can have those cookies to you on Tuesday.
Also if you DO NOT WANT THESE COOKIES click "GOT IT".
🙂
E
P.S. Can I claim I’m a proud supporter of TechDirt Cookies if you take me up on it?
Re: Cookie?
P.S. Can I claim I’m a proud supporter of TechDirt Cookies if you take me up on it?
I feel like that should be a t-shirt…
Misreading of the law on essential cookies
This is a bad representation. EU privacy laws do not require a cookie warning for essential cookies, only for the inessential ones.
https://gdpr.eu/cookies/
See also the legal basis of processing under GDPR (consent is one out of 6 and tehre are various ways to gain consent):
https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/legal-grounds-processing-data/grounds-processing/when-can-personal-data-be-processed_en
https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/legal-grounds-processing-data/grounds-processing/when-consent-valid_en
Techdirt sets a number of cookies for unregistered users, few if any of which appear to be necessary to serve the content:
https://i.stack.imgur.com/joXty.png
Practically speaking, if you removed Google Analytics you would have done most of the work. (Or do you also show ads from Google? I’m happy to pay a subscription largely because I refuse to load ads. At the moment you don’t seem to be loading any ads but maybe it’s just you being suspended by Google Ads.)
Some passages of the Techdirt privacy policy are a bit dubious:
This seems to imply you don’t share IP addresses with third parties, which is incorrect because Techdirt loads resources from Automattic, Google, FontAwesome, CloudFlare, Soundcloud, StackCommerce, Amazon, RawGit, Akamai and ChartBeat. Some of these are definitely superfluous, for instance fonts and static JS could be easily stored on your server.
People like to blame the EU law but the responsibility rests squarely with the laziness of the website admins and developers who failed to reconsider their usage of cookies. I’m happy to help with patches if there’s a git repository you can share somewhere.
Re: Misreading of the law on essential cookies
"Receive users’ consent before you use any cookies except strictly necessary cookies.
Provide accurate and specific information about the data each cookie tracks and its purpose in plain language before consent is received.
Document and store consent received from users.
Allow users to access your service even if they refuse to allow the use of certain cookies"
While those points don’t make it clear but they point to "the consent has to be given explicit not implicit, so "by using this site you are agreeing to" isn’t GDPR compliant there has to be an option of "fuck of with 3rd party cookies"
I think there has been a court decision making it clear, though not sure.
Re: Re: Misreading of the law on essential cookies
There are a few cases ongoing, maybe you mean one of these:
https://gdprhub.eu/index.php?title=CJEU_-_C-673/17_-_Planet49
https://gdprhub.eu/index.php?title=AP_-_Consent_to_place_cookies
Most interesting at the moment are Guidelines 05/2020 on consent under Regulation 2016/679 (Version 1.1, adopted on 4 May 2020):
Also:
And:
Notably, what Mike asks (consent to be given by browser settings) is explicitly allowed by the authority:
But:
Many forget the general premise of all this:
Re: Misreading of the law on essential cookies
"essential cookies"
First I had heard of this designation, rather humorous.
Re: Misreading of the law on essential cookies
Looking into this, but again, the amount of time and money we’re spending to get this sorted out is going to be more than we make in ads. At what point does the whole thing just not become worth it any more?
We’ve already bent over backwards to try to make our site as friendly as possible to visitors, and now it feels like we’re getting punished for it.
Re: Re: Misreading of the law on essential cookies
Gee, Maz, here I can almost sympathize with you, except that you are clueless! — The goal of the major corporations is CONTROL. They do not care about even YOU, powerful owner of Techdirt.
No, really. You make no profit for them so are only a drag. And as the removal of Adsense shows, you have been downgraded. Likely your little influence at Google is over.
By the way, I have a browser so powerful that I never see ads, where ads might be, or your cookie notice. — I think that last means that you’d better put the text up plain, not the annoying floating bar that other browsers show.
Hm, I must missed the part where your ad provider and Google became EU government agencies.
Without that, it sure looks like it’s the US private corporations that are strongarming you.
Did Google not at least say why they’ll "block you globally"? Like, point to a certain clause in the regulation or a court order that would force them to do it? There’s nothing like it in the article, and if they really didn’t provide such a justification, it would mean you don’t know that it’s the GDPR’s fault.
(Relatedly: uMatrix lists, among others, 13 blocked Google cookies on this page. Since you didn’t provide an opt-out dialog, Techdirt is not actually in compliance with the GDPR, and this whole charade is a big bag of nothing. Like many before you, you’re simply inconveniencing your readers for no gain whatsoever, and pretending it’s somehow EU’s fault. If you want to blame it on EU, it would be nice if you at least implemented it properly — then the blame may be warranted…)
Re: Re:
Since you didn’t provide an opt-out dialog, Techdirt is not actually in compliance with the GDPR
If we can tell that you’re coming from an EU (or California) location, and we’re serving such ads on your page, we do provide an opt-out. Of course, when we first put those up, we got yelled at by people too for creating such an annoying experience.
The whole thing is ridiculous and does nothing to protect anyone’s privacy, and it’s a no-win for us. It’s making it too "costly" for us to have any ads at all, and that means it may be too costly to keep running the site. For what? So everyone has to click through when they could just do things in their own browsers?
If you don’t want cookies, YOU have the control. If you don’t want the ads, YOU have the control. Us having to put up extra annoying pop ups and click throughs doesn’t help anyone.
Re: Re: Not helping anyone
It would help for the large majority of visitors, if you chose to remove the unnecessary cookies and other PII processing.
Nobody is saying this is easy: doing without centralized ad networks is indeed difficult for a small publication like TechDirt (unlike the NYT). As a reader I enormously appreciate all the efforts made to keep TechDirt afloat with various sources of revenues.
By the way, were you given the option to display "untargeted ads", which require less consent? This "option" was floated for a few publishers who estimated they’d be paid 25-75 % less for untargeted ads, see e.g. https://digiday.com/media/gdpr-mayhem-programmatic-ad-buying-plummets-europe/
Re: Re: Re: Not helping anyone
We had our ad provider switch to untargeted (and took that revenue hit) a while back. And we had pointed that out when they started demanding this, and they told us this was separate from that.
The frustration from my point is that the cost of "compliance" here is more than we’re making in ads. So the end result is that I feel like we should just block the EU entirely rather than deal with this nonsense. I have a ton of work to do and half of my time is now trying to get clarification on ridiculously complex EU regulations that don’t actually protect anyone.
If the goal of these regulations is to put small sites out of business, well, that’s working. I don’t see how that helps anyone though.
Re: Re: Re:2 Not helping anyone
FTFY.
Re: Re: Re:3 Not helping anyone
No, I don’t think you did. The root cause of this is the regulation itself, which threatens incredibly damaging amounts of liability for infractions, requiring expensive compliance to accommodate confusing instructions.
The ad provider certainly isn’t helping things, but I’d say it’s not accurate to lay blame solely at their feet.
Re: Re: Re:
Thanks for the reply.
I’m a citizen of the EU, but currently living abroad — I guess that explains why I never saw the popup.
According to the GDPR, opt-out should be as easy as opt-in. Usually, there’s a one-click "accept all" button, which means that to be compliant there should also be a one-click "deny all" button. If it indeed was implemented like that, then the people calling it annoying were being unreasonable and you should ignore them.
From the article, and your other reply upthread, I see that the one putting silly demands on you is your ad provider, based on some massive misunderstanding of both the content as well as the jurisdictional scope of the GDPR, and it appears they’re happy with a change that doesn’t improve compliance at all. And they refuse to explain why or what happens if you don’t do it.
I really, really, really don’t think EU or GDPR are your problem here.
Yes, I do, and I block everything (third-parties, JavaScript, cookies, trackers, ads…), use a VPN, mask my browser user agent string, use a VM for some sites, and avoid Google & co as much as it is feasible, and then a bit more than that. I also added the cookie popup to my custom "Techdirt Dark Mode" CSS stylesheet.
(TBH, I don’t really think any of that helps all that much, but it’s kinda fun in it’s own way.)
It doesn’t, but doing it correctly helps the 99.99% of the general population that doesn’t have the knowledge, experience, or, most of all, time to do all of the (likely useless) stuff I listed up there.
Re: Re: Re:
Now, Maz, at other times you claim (okay, maybe I’m reading you in reverse relative to Youtube rippers) that since in the US of A and not doing signif biz or aimed at Europe, that you’re not subject to EU regs!
However, this shows that your actual position is that websites actually DO have to obey the laws of every country. Please disambiguize.
Are you actually setting those cookies BEFORE anyone ever clicks on anything? Because if so, the banner will do absolutely nothing to make you more legal, or more in compliance, or whatever. If you are not, then the banner is working GREAT for me – because I never agree to any of them, I just hide them all out of existence.
And no, I’m not otherwise "in control" as you’re trying to imply – not sure what your browser lets you do, but all mine lets me do is accept or reject cookies wholesale – no such thing as "keep cookies from this site indefinitely, allow some from that one but delete them as soon as I leave the page, and refuse everything from that other one", accessible through simple means, per-site, on the UI (or anywhere else in general). Yes, I could try finding an extension that lets me do this properly. Yes, THAT would be an actual pain to find (yes, I already tried); the banner I don’t see isn’t.
Re: Cookies before clicks
Have you tried privacy badger? https://privacybadger.org/
Blocking third-party cookies and JavaScript is relatively easy if one accepts some inconvenience. The problem is that third parties like Google Analytics nowadays store their information in first-party cookies, so you have to do some trickery based on the entropy content of cookies to guess whether they are legitimate necessary cookies or surveillance cookies.
Publishers lie all the time and there are some legal cases ongoing:
https://noyb.eu/en/say-no-cookies-yet-see-your-privacy-crumble
Re: Re: Cookies before clicks
Hey, a fellow noybee! 🙂 Thanks for the tip, I’ll take a look…
Got it
From the brilliant minds that want to sue grandmothers for daring to post pictures of their grandkids showing how proud they are of them…
Perhaps they aren’t actually solving anything but trying to make people feel better without any effort on their part while trying to get paid by the deep pockets for not being able to jump when told to jump & stay in the air forever.
Balkanization
So… throwing it out there…
I see these pseudo press-conferences where some guy is pointedly rude to the journalists who are there to cover the event. None of them get up and leave. I, and like-minded people I talk to, think that if he starts to be rude or call someone "nasty" for asking a perfectly reasonable question, all [but two] of them should get up and leave.
Why is it, then, that a European law should apply to TechDirt? Why not just have a banner at the top that says "If you’re coming from a country that supports the GDRP you should close this browser window"?
I understand that the little countries in Europe think this is a good idea… and some parts of it are a good idea. Some are not. This is me speaking both as an IT person who implements things, and as someone who respects the rule of law as a person, and someone who thinks we should not be beholden to every jurisdiction in the world.
Here’s the Godwin angle: What if tomorrow China passes their own version of the GDPR and it says we have to call Hong Kong and Taiwan "by their proper names of Slaves-Of-China-Rule™"? Would every website in the world (including TD) now have to change all references to be that way? Would we retroactively have to go edit all references to be that way? Would wikipedia do it?
If yes, then we’ve lost.
If no, then f the GDPR and run your website the way you want to run it. Let those who live under repressive regimes enjoy their newfound "freedoms" without costing everyone else time, effort, and money.
Also the cookie offer is still open.
V/r
Ehud
Re: Balkanization
Newsflash: China already did that, and global companies are already complying. For instance, Apple:
https://qz.com/1723334/apple-removes-taiwan-flag-emoji-in-hong-kong-macau-in-ios-13-1-1/
Why not just just place the banner in the space below where your ads go? Users that can already see the ads will likely notice the banner. For users that don’t see ads normally, make the background of the banner swap between white and blue at slow intervals (alternatively, put a slow fade effect between the two colors on the button)…
That places the banner out of the main view area (which means less user annoyance) but eventuality grabs the attention of the user by contrasting with the static nature of the rest of the rest of the site’s interface.
I use a Firefox extension called Cookie AutoDelete. It doesn’t have the most user-friendly interface but I appreciate its granular controls; it defaults to deleting cookies after I close a page, but allows a whitelist of domains where I want to keep them.
For what it’s worth I didn’t notice the new "GOT IT" banner at the bottom of the page until I read this article. The chosen colors seem to make a very nice closing page border (javascript and cookies both turned off).
But…full disclosure…
It could be that I’ve gotten better at ignoring these. Afterall, they are everywhere now. Or, perhaps it’s the (2nd, 3rd?) T&T at my left hand clouding my visuals. Sorry, but it is after five o’clock somewhere in the pandemic.
In any case, keep up the good fight, Mike. I appreciate it (really!). There are so few out there that think about us (the end user), much less look after us.
I Have Issues With How This Cookie Thing Is Implemented
Now that the EU has stepped this anti-cookie behavior up another step by saying that sites can’t block users from content if they refuse cookies I have even more issues with it.
Here’s my analogy, let’s say that a store has a sign posted saying that they use a mix of technologies (Wi-Fi beacons, using Wi-Fi as radar, etc.) to track the movement of customers through their store. If you don’t want to be tracked in that way, you can choose to not shop there. How is that different from a website saying, we pay for the content you’re here to see by serving targeted ads. To target those ads we place cookies on your computer. If you don’t want ads targeted at you then you can look for the content elsewhere.
By the way, my first case isn’t just a random hypothetical, I was at a free to the public badged event last year where anyone could come in and view the event as long as they stopped at the front desk to get a badge. Those badges contained small Bluetooth Low Energy beacons. While they were anonymous, the venue was certainly using them for traffic analysis and those of us who were working the event got our badges scanned for entry into various off-limits areas.
the really stupid thing about EU cookie notifications is that some of those "notifications" are not needed at all for some sites, because purely technical cookies are extempted.
Since lawyers are sucking ass at properly defining terms such as "purely technical".. we ended up with cookie notifications for anything even when they are not needed… because lawyers.
https://wikis.ec.europa.eu/display/WEBGUIDE/04.+CookiesCookies, stateful browsing, ecommerce
So today we use cookies.
Tomorrow the mechanism we use to have our web server track the path of browsing will be different. Should we have to recode our web servers then?
Fundamentally there is stateless browsing, where one just browses to whatever page, and there you are. There is no logging in. There is no option to log in. No login/no credit card/no auth = no ecommerce.
Then there is stateful browsing. Parameters are established, maintained, and hopefully secured throughout "a browsing session". It can be cookies… a generated custom part of the URL ("tracking URL")… or whatever clever people come up with next. Key here is "session" means it’s stateful from a "start" to an "end".
The point is that these are REQUIRED in order for ecommerce to work. Ecommerce can even be as simple as "Hey do you want to save your TechDirt settings so you don’t have to re-enter them every time? Log in here."
The GDPR is mostly out of touch with its requirements. TD should get a hiking trail map and hand it to the ICO, addressed to "Jack" with a note that says "take a hike."
E
"This site uses cokies"
Where’s the "Oh duh!" button?
I want like you
not me hackers opt me out all and block them