undefined | Better HN

0 pointsthaumasiotes4y ago0 comments

> Set-Cookie was supposed to have the browser ask the user to confirm whether they wanted to set a cookie. Not many clients doing that today.

No worries, that's why we have laws to make the website do in the content what the browser no longer wants to do in the viewer. ;D

0 comments

notriddle4y ago

Having the browser explicitly prompt for cookies is neither necessary nor sufficient to do what strong, consistently-enforced privacy laws can do, because the browser can't tell a tracking cookie (which needs a prompt) apart from a settings cookie (which does not).

dathinab4y ago

And the law also only requires you to ask the user if they want to be spied on.

It's not tightly bound to cookies in any way.

And vastly misunderstood.

There was a predecessor which was somehow tied to cookies but even then you didn't need to ask for setting purely functional cookies.

But somehow everyone ended up interpreting it as such.

Maybe because most sites don't have many purely functional cookies or fingerprinting, as they always track you for other purposes, too.

notriddle4y ago

I’m convinced that a lot of the really annoying cookie prompts are the result of two things:

* paranoia, from small websites that are understandably worried about massive fines that could actually put their one-man-show into the poor house

* retaliation, from large websites that intentionally want to turn public sentiment against privacy laws

1 more reply

ajsnigrutin4y ago

But browsers could disable third party cookies, and autodelete first party cookies on page/tab close by default.

There would be a "keep cookies for this site" button somewhere near the address bar, and at each login, the browser would also ask you if you want to save your password and/or save cookies for that domain.

99% of websites don't require persistant storage, and those who do, 99% of them are sites you're logged into and already prompt the user, asking if they want to save the password.

ipaddr4y ago

That's private browsing currently. Why not use a private window?

3 more replies

lupire4y ago

That would be an extension or fork of Set-Cookie.

notriddle4y ago

Of course a web server could report which cookies are for tracking, and which are for authentication or configuration, instead of doing it within the content.

But so what? The browser has no way to tell if it’s lying.

j / k navigate · click thread line to collapse

0 comments

notriddle4y ago

dathinab4y ago

And the law also only requires you to ask the user if they want to be spied on.

It's not tightly bound to cookies in any way.

And vastly misunderstood.

There was a predecessor which was somehow tied to cookies but even then you didn't need to ask for setting purely functional cookies.

But somehow everyone ended up interpreting it as such.

Maybe because most sites don't have many purely functional cookies or fingerprinting, as they always track you for other purposes, too.

notriddle4y ago

I’m convinced that a lot of the really annoying cookie prompts are the result of two things:

* paranoia, from small websites that are understandably worried about massive fines that could actually put their one-man-show into the poor house

* retaliation, from large websites that intentionally want to turn public sentiment against privacy laws

1 more reply

ajsnigrutin4y ago

But browsers could disable third party cookies, and autodelete first party cookies on page/tab close by default.

99% of websites don't require persistant storage, and those who do, 99% of them are sites you're logged into and already prompt the user, asking if they want to save the password.

ipaddr4y ago

That's private browsing currently. Why not use a private window?

3 more replies

lupire4y ago

That would be an extension or fork of Set-Cookie.

notriddle4y ago

Of course a web server could report which cookies are for tracking, and which are for authentication or configuration, instead of doing it within the content.

But so what? The browser has no way to tell if it’s lying.

j / k navigate · click thread line to collapse