←back to thread

Internet's biggest annoyance: Cookie laws should target browsers, not websites

(nednex.com)
583 points SweetSoftPillow | 4 comments | 22 Oct 25 12:12 UTC | HN request time: 0s | source
Show context
michaelmauderer ◴[22 Oct 25 12:36 UTC] No.45668112[source]
The problem here is not the law, but malicious compliance by websites that don't want to give up tracking.

"Spend Five Minutes in a Menu of Legalese" is not the intended alternative to "Accept All". "Decline All" is! And this is starting to be enforced through the courts, so you're increasingly seeing the "Decline All" option right away. As it should be. https://www.techspot.com/news/108043-german-court-takes-stan...

Of course, also respecting a Do-Not-Track header and avoiding the cookie banner entirely while not tracking the user, would be even better.

replies(27): >>45668188 #>>45668227 #>>45668253 #>>45668318 #>>45668333 #>>45668375 #>>45668478 #>>45668528 #>>45668587 #>>45668695 #>>45668802 #>>45668844 #>>45669149 #>>45669369 #>>45669513 #>>45669674 #>>45670524 #>>45670593 #>>45670822 #>>45670839 #>>45671739 #>>45671750 #>>45673134 #>>45673283 #>>45674480 #>>45675431 #>>45678865 #
itopaloglu83 ◴[22 Oct 25 12:54 UTC] No.45668333[source]
Tracking by default is not an acceptable solution, so I would say respecting the Do-Not-Track header must be mandatory and enforced by laws and percentage of global revenue fines.
replies(2): >>45668525 #>>45668738 #
bradleyy ◴[22 Oct 25 13:08 UTC] No.45668525[source]
GPC (Global Privacy Control) is the header that's actually being enforced in (parts of) the US. DNT is considered deprecated by many, due to the nonconsensual way that Microsoft rolled it out.
replies(2): >>45668986 #>>45669871 #
1. velcrovan ◴[22 Oct 25 14:43 UTC] No.45669871[source]
For a new corporate website we just completed, we used GPC signals as the opt out mechanism. If your browser sends GPC, the site just opts you out of everything and loads zero tracking scripts. If it doesn't, you see a popup that explains how to turn it on if you want, or an "I understand" button.

An approach like this seems ideal to me, the problem is that it's only natively supported in Firefox. Our instructions for Chrome and Edge are basically "install Privacy Badger."

And Safari is the WORST, which as an Apple customer it pains me to say. Not only does the browser not support it, there are ZERO Safari browser extensions, NONE, on ANY platform (mac/iphone/ipad), that you can install that will send a simple GPC signal with the HTTP headers. There is a paid Safari extension on iOS called ChangeTheHeaders that you can configure to send a GPC signal, but come on, you can't ask normal people to buy an app and manually enter a specific HTTP header. (ChangeTheHeaders is made by Jeff Johnson, the same dev as StopTheMadness. I asked him whether he'd consider adding user-friendly GPC signals to that (or any other) plugin and he said it would just be "duplicating functionality" :-/ )

replies(1): >>45671204 #
2. bradleyy ◴[22 Oct 25 16:04 UTC] No.45671204[source]
It's sounding like California is going to require browser manufacturers to support the GPC signal. The privacy movement in California has a lot of political power and backing; it's pretty likely this will change in the next couple years.
replies(1): >>45671665 #
3. velcrovan ◴[22 Oct 25 16:35 UTC] No.45671665[source]
From what I understand, their AG has said the GPC signal must be honored if sent and that it is an acceptable opt-out mechanism under the CCPA. I haven't heard anything concrete about requiring browsers to support it, but that would be a welcome development.

https://oag.ca.gov/privacy/ccpa/gpc

replies(1): >>45674818 #
4. bradleyy ◴[22 Oct 25 20:35 UTC] No.45674818{3}[source]

    California's "Opt Me Out Act" (AB 566) requires that by January 1, 2027, internet browsers must provide a built-in, easy-to-use setting that allows users to send an opt-out preference signal, such as Global Privacy Control.
(copied from a search, but wanted to let you know)