←back to thread

Internet's biggest annoyance: Cookie laws should target browsers, not websites

(nednex.com)
583 points SweetSoftPillow | 6 comments | 22 Oct 25 12:12 UTC | HN request time: 0.682s | source | bottom
Show context
moooo99 ◴[22 Oct 25 12:32 UTC] No.45668075[source]
I disagree that this should be in the scope of a browser.

Cookie banner are called cookie banners because they‘re most frequently associated with the opt in for tracking cookies, but this kind of opt in is required for any kind of third party involvement that goes beyond technical necessity.

Your browser has no way to tell what third party present on the site is a technical necessity and which one isn‘t. So you‘d have to tell it - making it part of the site providers problem as well. But this time its worse, because responsibilities are mixed between the site operator and the third party.

replies(3): >>45668142 #>>45668223 #>>45670402 #
ryukoposting ◴[22 Oct 25 12:38 UTC] No.45668142[source]
Legally compel websites to respect the DNT header. Bam, done. This is a simple problem, and should be solved in a simple way.
replies(4): >>45668225 #>>45668425 #>>45668564 #>>45668604 #
jeroenhd ◴[22 Oct 25 13:01 UTC] No.45668425[source]
DNT doesn't solve all problems, though. Not only is DNT being deprecated, it also lacks the proper customisability the law actually prescribes for data processing.

There's no value you can give DNT that says "you can do your own on-site tracking and telemetry and I accept sharing my data with Sendgrid for your newsletter, but I do not want third-party trackers".

As a practical example: there are news sites that will not play videos if you hit "deny all" because their video host does some viewership analytics. I'm fine with that, but not the 750 other advertisers the news site tries to have me track.

Of course, "deny all" should be an option, "accept all or deny all" isn't control.

For the longest time we had https://en.wikipedia.org/wiki/P3P as a basis to build on, but that officially died the day Edge became Chromium-based.

replies(1): >>45670662 #
1. AlexandrB ◴[22 Oct 25 15:31 UTC] No.45670662[source]
> you can do your own on-site tracking and telemetry and I accept sharing my data with Sendgrid for your newsletter, but I do not want third-party trackers

I'm sorry, but does a user who would want this actually exist? This seems like a hypothetical dreamed up by the marketing team to avoid having to accept that a large group of users hate all their tracking shit.

replies(3): >>45670818 #>>45671348 #>>45675919 #
2. jabroni_salad ◴[22 Oct 25 15:41 UTC] No.45670818[source]
At my first job I took phone calls for an insurance carrier and agents definitely didn't like finding out that all the unhandled exception screens the rater had simply disappeared into the abyss.
replies(1): >>45673863 #
3. SpicyLemonZest ◴[22 Oct 25 16:12 UTC] No.45671348[source]
Yes, it's quite common for users to want this. I think a lot of people don't realize functionality like "remember I want dark mode every time I visit" or "keep me logged in when I reopen my browser tomorrow" constitutes first-party tracking and requires consent under EU law.
replies(1): >>45678262 #
4. mrguyorama ◴[22 Oct 25 19:19 UTC] No.45673863[source]
Microsoft solved this decades ago.

You download a specific tool which only has the purpose of collecting your local error reports and sending them to Microsoft". Later on that tool became just a button in your control panel that submitted all your local errors and told you if those errors had an already developed solution.

That's how they did all their error telemetry until like late XP era, and it worked just fine.

All the people insisting that they need* this telemetry is also horse shit. Companies are demonstrably not producing better and more bug fixed software, and demonstrably are not using that data to make serious improvements, but demonstrably ARE using that data to choose where to focus dark pattern and other sales funnel based efforts.

If Unity and Unreal and GPU drivers can ask me "Do you want to send this error report" with a default no, nobody else has any excuse.

Even now, a significant amount of companies use the system of "Please upload your error log and the output of this command to this forum" as their bug report solution and it works just fine if that company actually intends to fix bugs.

The solution is not to turn your software into spyware. Stop being entitled. You don't have a right for me to QA your software for you, that's your job. Even with all this telemetry, companies only fix the most common and most obvious bugs anyway, so the perfect telemetry is utterly useless. Those bugs would have surfaced anyway.

Developers in the 80s did not need telemetry to get bug reports and fix things and release patches. Learn some history of your profession people.

Has throwing a hundred thousand bugs onto your sprint backlog actually helped anyone develop better software? No. Meanwhile it has exposed all your customers and users to predatory bullshit from your marketing and sales departments, and enabled your worst product managers to optimize hostility and extraction.

5. freehorse ◴[22 Oct 25 22:22 UTC] No.45675919[source]
I do not want my data sent to data brokers or used for advertising. I have less of an issue if my data is used to improve a service I use and only for this, as long as I value/trust the service. The problem is that many websites really want to sell your data to third parties and/or use if for advertising, that often it feels safer to just refuse any consent.
6. Zerot ◴[23 Oct 25 04:52 UTC] No.45678262[source]
Sorry, but no. Those functionalities fall under "functional cookies" and as such do not require consent. Also, there is no tracking needed for the dark mode at all. And "logging in" does not mean "tracking"