←back to thread

Internet's biggest annoyance: Cookie laws should target browsers, not websites

(nednex.com)
582 points SweetSoftPillow | 2 comments | 22 Oct 25 12:12 UTC | HN request time: 0.411s | source
Show context
vmaurin ◴[22 Oct 25 12:26 UTC] No.45668002[source]
Same goes for age verification.

There was the DNT header, that was a bit to simplistic, but was never implemented https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/...

The thing people need to understand here is that the annoyance is not due to lack of technical solutions, or regulations forcing something. It is explicitly wanted by the industry so they can maximize the consent rate. The browser solution is probably the best technical/user friendly one, but ad tech/data gathering industry won't have any consent. As they control most of the web, they will never do that

replies(4): >>45668031 #>>45668051 #>>45668121 #>>45668873 #
Animats ◴[22 Oct 25 12:28 UTC] No.45668031[source]
It was implemented in browsers and ignored by sites. Chrome help says:

Turn "Do Not Track" on or off

When you browse the web on computers or Android devices, you can send a request to websites not to collect or track your browsing data. It's turned off by default.

However, what happens to your data depends on how a website responds to the request. Many websites will still collect and use your browsing data to improve security, provide content, services, ads and recommendations on their websites, and generate reporting statistics.

Most websites and web services, including Google's, don't change their behavior when they receive a Do Not Track request. Chrome doesn't provide details of which websites and web services respect Do Not Track requests and how websites interpret them.[1]

About the best we have browser side is a mode where all cookies are cleared at browser exit.

[1] https://support.google.com/chrome/answer/2790761

replies(3): >>45668515 #>>45668519 #>>45669116 #
1. pessimizer ◴[22 Oct 25 13:48 UTC] No.45669116[source]
That's not an implementation. That's a request to sites that you visit to comply willingly. An implementation would be defensive.

It's what you would do if you had the crazy idea that a browser should be a client for the user, and only a client for the user. It should do nothing that a user wouldn't want done. The measure of a client's functionality is indistinguishable from the ability of the user to make it conform to the their desires.

replies(1): >>45671914 #
2. TheCoelacanth ◴[22 Oct 25 16:53 UTC] No.45671914[source]
It's not realistic to completely prevent tracking solely on the client-side. Every time that you interact with a server, that's an opportunity to track you. You can't prevent unless you just completely stop interacting with the server.