←back to thread

Internet's biggest annoyance: Cookie laws should target browsers, not websites

(nednex.com)
582 points SweetSoftPillow | 3 comments | 22 Oct 25 12:12 UTC | HN request time: 0.469s | source
Show context
michaelmauderer ◴[22 Oct 25 12:36 UTC] No.45668112[source]
The problem here is not the law, but malicious compliance by websites that don't want to give up tracking.

"Spend Five Minutes in a Menu of Legalese" is not the intended alternative to "Accept All". "Decline All" is! And this is starting to be enforced through the courts, so you're increasingly seeing the "Decline All" option right away. As it should be. https://www.techspot.com/news/108043-german-court-takes-stan...

Of course, also respecting a Do-Not-Track header and avoiding the cookie banner entirely while not tracking the user, would be even better.

replies(27): >>45668188 #>>45668227 #>>45668253 #>>45668318 #>>45668333 #>>45668375 #>>45668478 #>>45668528 #>>45668587 #>>45668695 #>>45668802 #>>45668844 #>>45669149 #>>45669369 #>>45669513 #>>45669674 #>>45670524 #>>45670593 #>>45670822 #>>45670839 #>>45671739 #>>45671750 #>>45673134 #>>45673283 #>>45674480 #>>45675431 #>>45678865 #
crazygringo ◴[22 Oct 25 12:52 UTC] No.45668318[source]
No, the problem is 100% the law, because it was written in a way that allows this type of malicious compliance.

Laws need to be written well to achieve good outcomes. If the law allows for malicious compliance, it is a badly written law.

The sites are just trying to maximize profit, as anyone could predict. So write better laws.

replies(20): >>45668365 #>>45668389 #>>45668443 #>>45668540 #>>45668630 #>>45668809 #>>45668823 #>>45668886 #>>45669084 #>>45669675 #>>45670704 #>>45671579 #>>45672352 #>>45672518 #>>45672991 #>>45673713 #>>45674575 #>>45675918 #>>45676040 #>>45676756 #
michaelmauderer ◴[22 Oct 25 13:02 UTC] No.45668443[source]
But the courts are saying: the law does NOT allow this.

So maybe “malicious compliance” is a misnomer. We should just call it "illegal dark pattern".

replies(4): >>45668518 #>>45668736 #>>45668841 #>>45671429 #
mikae1 ◴[22 Oct 25 13:22 UTC] No.45668736[source]
Not a radical idea. The EU is already working on it.

> […] the Commission is pondering how to tweak the rules to include more exceptions or make sure users can set their preferences on cookies once (for example, in their browser settings) instead of every time they visit a website.

https://www.politico.eu/article/europe-cookie-law-messed-up-...

replies(3): >>45668806 #>>45670117 #>>45680526 #
matheusmoreira ◴[22 Oct 25 14:57 UTC] No.45670117[source]
DNT header already does this. Explicit denial of consent. Reaches their servers before everything else so they have no excuse and zero room for maneuvering.

Now the EU just needs to turn it into an actual liability for corporations. Otherwise it will remain as an additional bit of entropy for tracking.

replies(4): >>45670706 #>>45670933 #>>45670958 #>>45674770 #
pwdisswordfishy ◴[22 Oct 25 15:47 UTC] No.45670933[source]
They can't. The website may very well do the opposite of the preference DNT signals. Meanwhile, proving in a court of law that the tracking still happens will be hard.

Services should be denied the capacity to track and fingerprint, not just told about a preference against it.

DNT will always be an "evil bit", regardless of any law behind it.

replies(2): >>45675739 #>>45677641 #
1. arbol ◴[22 Oct 25 22:05 UTC] No.45675739[source]
How do you deny the capacity to fingerprint? That's basically disabling JavaScript.
replies(2): >>45676082 #>>45676216 #
2. artyom ◴[22 Oct 25 22:41 UTC] No.45676082[source]
Essentially the same way uBlock Origin worked. A global list of offenders to block so that Javascript won't be loaded at all.

Asking browsers to implement uBlock Origin natively tho...

3. avmich ◴[22 Oct 25 22:58 UTC] No.45676216[source]
Adding a different web page-resident language?