←back to thread

Internet's biggest annoyance: Cookie laws should target browsers, not websites

(nednex.com)
583 points SweetSoftPillow | 1 comments | 22 Oct 25 12:12 UTC | HN request time: 0s | source
Show context
michaelmauderer ◴[22 Oct 25 12:36 UTC] No.45668112[source]
The problem here is not the law, but malicious compliance by websites that don't want to give up tracking.

"Spend Five Minutes in a Menu of Legalese" is not the intended alternative to "Accept All". "Decline All" is! And this is starting to be enforced through the courts, so you're increasingly seeing the "Decline All" option right away. As it should be. https://www.techspot.com/news/108043-german-court-takes-stan...

Of course, also respecting a Do-Not-Track header and avoiding the cookie banner entirely while not tracking the user, would be even better.

replies(27): >>45668188 #>>45668227 #>>45668253 #>>45668318 #>>45668333 #>>45668375 #>>45668478 #>>45668528 #>>45668587 #>>45668695 #>>45668802 #>>45668844 #>>45669149 #>>45669369 #>>45669513 #>>45669674 #>>45670524 #>>45670593 #>>45670822 #>>45670839 #>>45671739 #>>45671750 #>>45673134 #>>45673283 #>>45674480 #>>45675431 #>>45678865 #
crazygringo ◴[22 Oct 25 12:52 UTC] No.45668318[source]
No, the problem is 100% the law, because it was written in a way that allows this type of malicious compliance.

Laws need to be written well to achieve good outcomes. If the law allows for malicious compliance, it is a badly written law.

The sites are just trying to maximize profit, as anyone could predict. So write better laws.

replies(20): >>45668365 #>>45668389 #>>45668443 #>>45668540 #>>45668630 #>>45668809 #>>45668823 #>>45668886 #>>45669084 #>>45669675 #>>45670704 #>>45671579 #>>45672352 #>>45672518 #>>45672991 #>>45673713 #>>45674575 #>>45675918 #>>45676040 #>>45676756 #
michaelmauderer ◴[22 Oct 25 13:02 UTC] No.45668443[source]
But the courts are saying: the law does NOT allow this.

So maybe “malicious compliance” is a misnomer. We should just call it "illegal dark pattern".

replies(4): >>45668518 #>>45668736 #>>45668841 #>>45671429 #
mikae1 ◴[22 Oct 25 13:22 UTC] No.45668736[source]
Not a radical idea. The EU is already working on it.

> […] the Commission is pondering how to tweak the rules to include more exceptions or make sure users can set their preferences on cookies once (for example, in their browser settings) instead of every time they visit a website.

https://www.politico.eu/article/europe-cookie-law-messed-up-...

replies(3): >>45668806 #>>45670117 #>>45680526 #
matheusmoreira ◴[22 Oct 25 14:57 UTC] No.45670117[source]
DNT header already does this. Explicit denial of consent. Reaches their servers before everything else so they have no excuse and zero room for maneuvering.

Now the EU just needs to turn it into an actual liability for corporations. Otherwise it will remain as an additional bit of entropy for tracking.

replies(4): >>45670706 #>>45670933 #>>45670958 #>>45674770 #
techjamie ◴[22 Oct 25 15:49 UTC] No.45670958[source]
DNT is considered deprecated in favor of GPC, which has legal backing in places with internet privacy laws. Funnily, Chrome still supports DNT but you need an extension to send a GPC header. Almost like the advertisement company wouldn't want people enabling legal privacy protections.
replies(4): >>45671270 #>>45672135 #>>45675096 #>>45681088 #
1. fmajid ◴[22 Oct 25 16:08 UTC] No.45671270[source]
GPC compliance is already the law in California. I don’t know why the EU has been so slow at making it legally binding. That said, existing cookie popups that don’t have “Reject All” as prominently placed as “Accept All” are already illegal but widespread, in no small part due to deliberate sabotage by the Irish DPA, so don’t expect GPC compliance to fare any better until consumer rights associations like NOYB.eu are allowed to initiate direct enforcement actions.