undefined | Better HN

0 pointsnotriddle4y ago0 comments

Having the browser explicitly prompt for cookies is neither necessary nor sufficient to do what strong, consistently-enforced privacy laws can do, because the browser can't tell a tracking cookie (which needs a prompt) apart from a settings cookie (which does not).

0 comments

dathinab4y ago

And the law also only requires you to ask the user if they want to be spied on.

It's not tightly bound to cookies in any way.

And vastly misunderstood.

There was a predecessor which was somehow tied to cookies but even then you didn't need to ask for setting purely functional cookies.

But somehow everyone ended up interpreting it as such.

Maybe because most sites don't have many purely functional cookies or fingerprinting, as they always track you for other purposes, too.

notriddleOP4y ago

I’m convinced that a lot of the really annoying cookie prompts are the result of two things:

* paranoia, from small websites that are understandably worried about massive fines that could actually put their one-man-show into the poor house

* retaliation, from large websites that intentionally want to turn public sentiment against privacy laws

shadowgovt4y ago

We were naive if we ever thought the end result would be otherwise.

ajsnigrutin4y ago

But browsers could disable third party cookies, and autodelete first party cookies on page/tab close by default.

There would be a "keep cookies for this site" button somewhere near the address bar, and at each login, the browser would also ask you if you want to save your password and/or save cookies for that domain.

99% of websites don't require persistant storage, and those who do, 99% of them are sites you're logged into and already prompt the user, asking if they want to save the password.

ipaddr4y ago

That's private browsing currently. Why not use a private window?

ajsnigrutin4y ago

Because i might want cookies on this page, gmail and reddit, and nowhere else. This would mean me starting a private window, googling something, finding a link on reddit, opening it, either logging in again, or copying the link to a non-private window, commenting, closing that window, and back to search results.

ipaddr4y ago

Firefox has containers tabs that does this exactly from a new tab.

benibela4y ago

I often do that, but now I have to click on cookie confirmation banners all the time. It is very annoying. Might just take seconds, but it sums, eventually I have been clicking on these banners for hours

Sometimes these banners do not even work because of my NoScript

ajsnigrutin4y ago

https://addons.mozilla.org/en-US/firefox/addon/i-dont-care-a...

marcosdumay4y ago

Because software is supposed to make our lives easier, not to insist we keep making the same choices again and again, and undo everything as soon as we make a mistake.

lupire4y ago

That would be an extension or fork of Set-Cookie.

notriddleOP4y ago

Of course a web server could report which cookies are for tracking, and which are for authentication or configuration, instead of doing it within the content.

But so what? The browser has no way to tell if it’s lying.

j / k navigate · click thread line to collapse

0 comments

dathinab4y ago

And the law also only requires you to ask the user if they want to be spied on.

It's not tightly bound to cookies in any way.

And vastly misunderstood.

There was a predecessor which was somehow tied to cookies but even then you didn't need to ask for setting purely functional cookies.

But somehow everyone ended up interpreting it as such.

Maybe because most sites don't have many purely functional cookies or fingerprinting, as they always track you for other purposes, too.

notriddleOP4y ago

I’m convinced that a lot of the really annoying cookie prompts are the result of two things:

* paranoia, from small websites that are understandably worried about massive fines that could actually put their one-man-show into the poor house

* retaliation, from large websites that intentionally want to turn public sentiment against privacy laws

shadowgovt4y ago

We were naive if we ever thought the end result would be otherwise.

ajsnigrutin4y ago

But browsers could disable third party cookies, and autodelete first party cookies on page/tab close by default.

99% of websites don't require persistant storage, and those who do, 99% of them are sites you're logged into and already prompt the user, asking if they want to save the password.

ipaddr4y ago

That's private browsing currently. Why not use a private window?

ajsnigrutin4y ago

ipaddr4y ago

Firefox has containers tabs that does this exactly from a new tab.

benibela4y ago

Sometimes these banners do not even work because of my NoScript

ajsnigrutin4y ago

https://addons.mozilla.org/en-US/firefox/addon/i-dont-care-a...

marcosdumay4y ago

Because software is supposed to make our lives easier, not to insist we keep making the same choices again and again, and undo everything as soon as we make a mistake.

lupire4y ago

That would be an extension or fork of Set-Cookie.

notriddleOP4y ago

Of course a web server could report which cookies are for tracking, and which are for authentication or configuration, instead of doing it within the content.

But so what? The browser has no way to tell if it’s lying.

j / k navigate · click thread line to collapse