XSF Discussion - 2022-07-14

  1. rubi

    those are extra annoying when your browser already deletes cookies anyway

  2. jcbrand

    moparisthebest: hate to be that guy but cookie consent forms have nothing to do with GDPR

  3. moparisthebest

    haha yea I know, someone had to say it

  4. qy

    singpolyma: is there one that automatically selects minimal cookies?

  5. qy

    Or do you just have opt in cookie retention at browser level

  6. singpolyma

    qy: consent-o-matic lets you pick level IIRC

  7. qy

    Neat. Shame i use qutebrowser anyway

  8. Maranda[x]

    > don't you get GDPR'd everytime you deal with a cookie consent form ? well after all GDPR does is annoying people

  9. Maranda[x]

    > don't you get GDPR'd everytime you deal with a cookie consent form ? well after all, all GDPR does is annoying people

  10. qy

    > jcbrand wrote: > moparisthebest: hate to be that guy but cookie consent forms have nothing to do with GDPR Which law was that then?

  11. Maranda[x]

    > moparisthebest: hate to be that guy but cookie consent forms have nothing to do with GDPR Also ditto

  12. Maranda[x]

    qy, GDPR just talks about making it clear how user data is treated and give ways to opt out, retrieve the collected and/or erase the data. Saying "cookie consent" is mandatory is just some bs made by GDPR consulting firms to earn their due.

  13. Ge0rG

    it's the EU ePrivacy Directive, but the real reason is not the law, the real reason is that website operators got caught with both hands deep in the PII cookie jar, and now are trying their worst at blame-shifting

  14. qy

    Lol, EUPD

  15. Maranda[x]

    Users have multiple ways to opt out from cookies already, so having that banner is just some constructed hoax, all that stands is the other 2 points which can be really handled OOB.

  16. Maranda[x]

    (which might definitely be a problem for those operators handling very large traffic)

  17. mathieui

    Maranda[x]: multiple ways, none of which are easily found, or as granular. The solution is to stop tracking users

  18. mathieui

    I hate cookie banners as much as anyone, but what they say is that the website wants to track me more than anything

  19. Maranda[x]

    mathieui, really? "In-Private browsing" is hard to find? "Deleting cookies on exit" is hard to find? "Clear cookies of the last hour" is hard to find...? 🤔️

  20. Maranda[x]

    Interesting assertion

  21. mathieui

    Maranda[x]: but I want *some* cookies, and the banner is about storing them at all, not deleting them

  22. Maranda[x]

    deleting cookies of the visited site is hard to find...?

  23. Ge0rG

    "We value your privacy" means that your PII has a price tag

  24. Maranda[x]

    https://upload.lightwitch.org/share/YkmGuDUZWpEI1553/8909dd70-9400-406c-afab-0be0fc20a211.png

  25. Maranda[x]

    🤔️

  26. Maranda[x]

    As I said opt out is a hoax, problem might be the collected metadata server side

  27. Maranda[x]

    As I said opt out is a hoax, problem might be the collected data/metadata server side

  28. Maranda[x]

    mathieui, by law you can't coherce the implementation of something for UX. You just need to viably give ways and/or to be compliant to the law objective. For example if the normative says you need to change passwords at least once a year to be compliant all you need to do is change 'em manually without having an actual expiration implementation in place.

  29. mdosch

    Cookie in Ouzo? Worth a try. 🙂

  30. Maranda[x]

    And you'd still *be compliant*

  31. qy

    Really keen to just have cookies off for every site i don't login to in any way

  32. qy

    They've no business fiddling my cookie jar

  33. singpolyma

    Most "privacy" stuff is like this. Let's make sure everyone knows the blog they visit once a year might remember them when they come back. But neglect to remind them that they carry a homing device that broadcasts their current location to half a dozen parties at all times

  34. singpolyma

    If they wanted to stop online tracking they'd ban that. Instead they want to *look* like the want to stop tracking while continuing to allow it, so they ban *checks notes* merkle trees and backups containing logfiles

  35. kurisu

    The eu should've mandated that the browser itself explicitly asks if you want to store cookies for this specific site or not. They would've if they actually cared about privacy-/understood shit. They would also limit page size, especially the js part. Forbid obfuscation.

  36. kurisu

    Proprietary software should be banned as a whole of course. But websites are the best place to start. Because they are the most cancerous and annoying proprietary software there is.

  37. robertooo

    At least the cookie regulations work. Google recently started showing a "Reject All" button rather than only letting you choose "Accept All" like the case before.

  38. robertooo

    Of course these big tech companies make these consent banners annoying to generate backlash against the cookie regulation.

  39. Ge0rG

    robertooo: cookie regulation was followed by litigation. https://www.theverge.com/2022/4/21/23035289/google-reject-all-cookie-button-eu-privacy-data-laws