Internet's biggest annoyance: Cookie laws should target browsers, not websites

(nednex.com)

583 points SweetSoftPillow | 2 comments | 22 Oct 25 12:12 UTC | HN request time: 0s | source

Show context

moooo99 ◴[22 Oct 25 12:32 UTC] No.45668075[source]▶

I disagree that this should be in the scope of a browser.

Cookie banner are called cookie banners because they‘re most frequently associated with the opt in for tracking cookies, but this kind of opt in is required for any kind of third party involvement that goes beyond technical necessity.

Your browser has no way to tell what third party present on the site is a technical necessity and which one isn‘t. So you‘d have to tell it - making it part of the site providers problem as well. But this time its worse, because responsibilities are mixed between the site operator and the third party.

replies(3): >>45668142 #>>45668223 #>>45670402 #

ryukoposting ◴[22 Oct 25 12:38 UTC] No.45668142[source]▶

>>45668075 #

Legally compel websites to respect the DNT header. Bam, done. This is a simple problem, and should be solved in a simple way.

replies(4): >>45668225 #>>45668425 #>>45668564 #>>45668604 #

jeroenhd ◴[22 Oct 25 13:01 UTC] No.45668425[source]▶

>>45668142 #

DNT doesn't solve all problems, though. Not only is DNT being deprecated, it also lacks the proper customisability the law actually prescribes for data processing.

There's no value you can give DNT that says "you can do your own on-site tracking and telemetry and I accept sharing my data with Sendgrid for your newsletter, but I do not want third-party trackers".

As a practical example: there are news sites that will not play videos if you hit "deny all" because their video host does some viewership analytics. I'm fine with that, but not the 750 other advertisers the news site tries to have me track.

Of course, "deny all" should be an option, "accept all or deny all" isn't control.

For the longest time we had https://en.wikipedia.org/wiki/P3P as a basis to build on, but that officially died the day Edge became Chromium-based.

replies(1): >>45670662 #

AlexandrB ◴[22 Oct 25 15:31 UTC] No.45670662[source]▶

>>45668425 #

> you can do your own on-site tracking and telemetry and I accept sharing my data with Sendgrid for your newsletter, but I do not want third-party trackers

I'm sorry, but does a user who would want this actually exist? This seems like a hypothetical dreamed up by the marketing team to avoid having to accept that a large group of users hate all their tracking shit.

replies(3): >>45670818 #>>45671348 #>>45675919 #

1. SpicyLemonZest ◴[22 Oct 25 16:12 UTC] No.45671348[source]▶

>>45670662 #

Yes, it's quite common for users to want this. I think a lot of people don't realize functionality like "remember I want dark mode every time I visit" or "keep me logged in when I reopen my browser tomorrow" constitutes first-party tracking and requires consent under EU law.

replies(1): >>45678262 #

2. Zerot ◴[23 Oct 25 04:52 UTC] No.45678262[source]▶

>>45671348 (TP) #

Sorry, but no. Those functionalities fall under "functional cookies" and as such do not require consent. Also, there is no tracking needed for the dark mode at all. And "logging in" does not mean "tracking"

↑