Internet's biggest annoyance: Cookie laws should target browsers, not websites

(nednex.com)

583 points SweetSoftPillow | 1 comments | 22 Oct 25 12:12 UTC | HN request time: 0.206s | source

Show context

michaelmauderer ◴[22 Oct 25 12:36 UTC] No.45668112[source]▶

The problem here is not the law, but malicious compliance by websites that don't want to give up tracking.

"Spend Five Minutes in a Menu of Legalese" is not the intended alternative to "Accept All". "Decline All" is! And this is starting to be enforced through the courts, so you're increasingly seeing the "Decline All" option right away. As it should be. https://www.techspot.com/news/108043-german-court-takes-stan...

Of course, also respecting a Do-Not-Track header and avoiding the cookie banner entirely while not tracking the user, would be even better.

replies(27): >>45668188 #>>45668227 #>>45668253 #>>45668318 #>>45668333 #>>45668375 #>>45668478 #>>45668528 #>>45668587 #>>45668695 #>>45668802 #>>45668844 #>>45669149 #>>45669369 #>>45669513 #>>45669674 #>>45670524 #>>45670593 #>>45670822 #>>45670839 #>>45671739 #>>45671750 #>>45673134 #>>45673283 #>>45674480 #>>45675431 #>>45678865 #

crazygringo ◴[22 Oct 25 12:52 UTC] No.45668318[source]▶

>>45668112 #

No, the problem is 100% the law, because it was written in a way that allows this type of malicious compliance.

Laws need to be written well to achieve good outcomes. If the law allows for malicious compliance, it is a badly written law.

The sites are just trying to maximize profit, as anyone could predict. So write better laws.

replies(20): >>45668365 #>>45668389 #>>45668443 #>>45668540 #>>45668630 #>>45668809 #>>45668823 #>>45668886 #>>45669084 #>>45669675 #>>45670704 #>>45671579 #>>45672352 #>>45672518 #>>45672991 #>>45673713 #>>45674575 #>>45675918 #>>45676040 #>>45676756 #

1. mrandish ◴[22 Oct 25 19:08 UTC] No.45673713[source]▶

>>45668318 #

> Laws need to be written well to achieve good outcomes.

This is a critical failure point which should get more attention. Laws (and regulations) are like computer code in some key ways. Early computer code was written assuming it would be run by experts in trusted, benign environments that were relatively fixed in size and complexity. Our legislative law-making structures were created with similar assumptions. As the world changed, code changed but law-making structures didn't.

At a minimum, while being drafted laws should be subject to independent red-teaming and penetration testing to A) Assess their ability to actually accomplish their stated intent over time in the real world, and B) Surface likely unintended perverse consequences. Of course, that still wouldn't solve the issue of intentional weakening of laws with vague terminology, incomplete scoping, inserting loopholes, exceptions, etc by special-interest-driven legislators.

Sadly, these days I think intentional nerfing of laws during drafting is the biggest cause of 'bad laws'. But at least the red-teaming concept might prevent some unintended bugs on top of lobbyist-driven nerfing.

↑