Internet's biggest annoyance: Cookie laws should target browsers, not websites

That wouldn’t help much in terms of annoyance, because you need the option of per-site or per-service opting-in to tracking cookies (like “remember me” checkboxes and similar functionality), and then you can’t really prevent web pages showing a banner offering that opt-in option. It wouldn’t be exactly the same as today’s cookie banners, but websites would made it similarly annoying.

Unless it was a browser level permission, like asking to access the user's location.

The website has to be able to inform you about what exactly you are opting in to (like saving your shopping cart, and/or who they will be sharing the respective information with). This can’t be covered by a predefined set of options.

Browser-level permissions are about what the browser is sharing with the website, which is a different thing. For one, the browser sharing information with the website isn’t a blanket permission legally for the website to do anything with that information it likes.

We cannot rule by law if the websites don’t want to abide by the rule of law.

The level of tracking is insane and would never happen in real life, and companies would be fined to oblivion had they tried, if not forced to close by an angry mob of people.

I’m sorry but no.

Don’t track me means don’t track me, period.

Asking if you could track me etc. regardless is against the spirit of it and simply user hostile.

So you want to make it illegal for websites to inform you about the services they offer that work with tracking cookies?

Users often want some level of tracking, like not having to log in to services they use across sites each time.

Kinda… but between credit cards (and any cards serviced by them—debit cards aren’t safe) and widespread facial recognition with cameras everywhere in stores these days, and things like “loyalty cards” being required to just get what should be normal prices on things, we’re pretty heavily tracked in physical space now, too. People just don’t realize how much, and don’t see this stuff being sold and aggregated then re-sold.

We really need to crack down on stalking-but-automated.

You came up with a good term there. Maybe we should start calling it “digital stalking” instead of just “tracking”

No, the essential cookies were never subject to such limitations. Even today you don’t need a banner for them.

Digital stalking under the disguise of essential functions or calling it just tracking doesn’t do any good.

Some websites even purposely break their functionality when 3rd party cookies are disabled.

So, no, do-not-track is an order, do not stalk me, period.

In my opinion, it would be best to regulate the browsers themselves... preinstalled browser on a device sold in EU? Cookies are silently stored to a temporary jar, deleted on tab/window close. One jar per domain. Then add a button by the address bar to enable the "I want this site to remember me", and it'll make the cookies from that domain 'permanent' (with an additonal 'advanced' setting if you want to allow 3rd party cookies too or not).

But hey, when the regulators are lawyers who have no idea what cookies and browser are, we get consent forms on every domain visit.

If it's not a third party cooking, then it's not a tracking cookie. So logins and other site functionality will be perfectly fine. They're not subject to GDPR and similar laws.

I as a user, don't want ANY kind of tracking. That is why i check the No Tracking options of the browser.

That is a terrible proposal. The GDPR is not about cookies, it's about tracking. Websites can track you through cookies, through browser fingerprinting, through your IP adres, through your login, through your local storage, and various other ways. They could probably find ways to track you by your mouse movements or how you type, if all other methods were somehow made unavailable.

That websites track you and then sell that data has nothing to do with how long your browser stores cookies. Cookies are just one of many, many ways that websites do tracking.

> widespread facial recognition with cameras everywhere in stores these days, and things like “loyalty cards” being required to just get what should be normal prices on things

Which is why this is also illegal in the same jurisdiction.

> log in to services

That's functional, and doesn't need additional consent. The consent for that is given by pressing the login button.

The border is not first party/third party, but purpose. But yes site functionality is fine.

The big difference there is that unlike, say, Price Chopper, Google, Facebook, and Xitter can track not only what you do with them, but everything you do on thousands and thousands of sites across the internet, through analytics packages that send data back to them and/or the scripts loaded by their "social buttons".

If I buy baby food at Price Chopper, they might send me an email offering me discounts on diapers, but at least I (probably!) won't also get shown such ads literally everywhere I go on the web.

Tracking now happens with fingerprinting, focusing on cookies won't provide a benefit.

> when the regulators are lawyers who have no idea what cookies and browser are, we get consent forms on every domain visit.

In this case the regulators have considered the problem and implemented the law independent of the used technology. The software developers/companies were the clueless/malicious ones here.

I’m pretty sure the loyalty-card thing has become so big because they’re selling the data.

So many things are like that now. Like Roku sticks and TVs are subsidized by selling user data. You want to make a Roku competitor that doesn’t spy? Your product will struggle to get on shelves and to stay there, in part because the price for your product will be higher even if you get just as good a price on your components as they do, because you’d have to price them at-cost to match Roku’s pricing. Meanwhile 99% of people looking at the products don’t realize that one’s cheaper than the other because it’s going to spy on them and sell the data.

That's true, but at least then we could rid the internet of all those shitty cookie consent banners plastered all over. Those are almost more annoying to me than some company making a fraction of a penny on selling my mouse movement history to some chump.

What about a grocery shop.

You can login and buy things. But how do you choose whether the shop can kleep track of what you have bought to suggest rebuying or for you to keep a shoopping list. Requestion those is more than login.

And that is a different view - I prefer the privacy and no tracking unless I give explicit permissions.

> Meanwhile 99% of people looking at the products don’t realize that one’s cheaper than the other because it’s going to spy on them and sell the data.

And this, plus the fact that it's so abstract and opaque what the negative consequences of that spying are, is a huge part of the problem with all of it.

We need better regulations on this, but sadly, even before the recent fascist takeover, the regulators have been largely asleep at the wheel for decades.

The shopping list to display the shopping list is fine, Using the shopping list for analytics is not.

> track of what you have bought to suggest rebuying

You know what you sold, no need to track user behaviour.

You should ask if true privacy is really possible. Cookies are just the tip of the iceberg. Between IP addresses, browser fingerprinting, unique URLs, and the existence of third parties that correlate information across web sites (mainly ad networks) I'm confident it isn't.

Well then the tracker is breading the GDPR keeping personal identifiable information

https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-re...

Yes US sites will be doing that

True privacy is not possible if websites truly want to track you. The point of the GDPR is ensuring that legitimate companies operating in the EU will refrain from doing so without consent, because it's against the law and the punishments can be pretty severe. Sadly enforcement has room for improvement.

Some US sites may bother, many won't. At a small startup, whenever this was discussed, it was decided we had better things to focus on since we had no paying EU customers.