[HN Gopher] Consent-O-Matic - automatically fills ubiquitous pop...
___________________________________________________________________
Consent-O-Matic - automatically fills ubiquitous pop-ups with your
preferences
Author : nabla9
Score : 274 points
Date : 2024-09-08 11:56 UTC (3 days ago)
(HTM) web link (consentomatic.au.dk)
(TXT) w3m dump (consentomatic.au.dk)
| pcl wrote:
| I've been using this for a couple years now, and absolutely love
| it. Thanks, team!
|
| I also love that it's owned by the University of Aarhus, as I am
| more willing to trust academia with something that has a
| disturbing level of (client-side) access to my browsing data.
|
| I really wish the browser vendors would develop better permission
| models to guarantee my data can't be exfiltrated by a malicious
| plugin (aka a once-good plugin that got bought out by a bad
| actor).
|
| For example, I'd love to see the browser impose a policy of "no
| outbound network requests except to pre-registered endpoints with
| pre-defined headers and data payloads", so that plugins could
| fetch allow lists but could not exhilarate my browsing history.
| jitl wrote:
| It is very hard to prevent exfiltration by code that is allowed
| to write to the DOM in today's browsers.
|
| There is Content Security Policy (csp) which applies to the
| whole page and sometimes governs scripts injected by extensions
| but not the extensions themselves.
|
| I would love to see browsers add a chain-of-custody to scripts
| and DOM nodes, so it is easy to tell which nodes were
| added/touched by a script, and if a script adds a script tag,
| that newly loaded script would show up as branches in the
| custody tree. Then we could say, "no nodes or scripts in this
| tree may trigger requests to unauthorized domains". It would be
| sort of like CSP, but with a runtime-tracked implicit
| capability/taint for extensions.
| jraph wrote:
| Add some sort of signing process and call this Secure DOM.
| ronsor wrote:
| No, then people will mistakenly think it is 100% secure.
| whereismyacc wrote:
| Securer DOM.
| aristus wrote:
| Browser DOM Security Mechanism.
| xelamonster wrote:
| I'd like to see a separation between read and write
| permissions to the DOM for plugins personally. I would feel
| much better if I didn't have to give any plugin that might
| need to modify parts of a limited set of pages the ability to
| silently manipulate anything and everything I see in the
| browser. Read-only access could be granted by default, then
| only when a plugin sees something it wants to act on it could
| pop up and request my approval before doing so. The current
| approximation of that by disabling the plugin globally and
| enabling it on specific pages is so clunky and adds so much
| extra friction that I don't ever bother with it.
| sciolistse wrote:
| while we're wishing for impossible things i'd also love if the
| consent dialogs were an actual standard. if sites could
| describe a list of what they needed consent for and the browser
| supplied the actual dialog, so i could just configure it to
| always allow all if i wanted to, that would be fantastic.
| paulryanrogers wrote:
| Or even better a header to signal the wish to not be tracked.
| We could call it "Do Not Track", and enforce with laws.
| joshuaissac wrote:
| > if the consent dialogs were an actual standard. if sites
| could describe a list of what they needed consent for and the
| browser supplied the actual dialog
|
| There is a standard for this called P3P, which was
| implemented by Netscape, Firefox, Internet Explorer and
| Microsoft Edge before eventually dropping support for it. But
| there was nothing requiring website owners to use it. Various
| data protection regulations across the world require them to
| obtain consent for collecting data, but they are not required
| to recognise consent or non-consent expressed via P3P
| settings.
|
| These standards will only get used if the website owners are
| forced to use them, either by regulators or by
| monopolistic/oligopolistic market forces.
|
| https://en.wikipedia.org/wiki/P3P
| buzer wrote:
| As far as I understand at least some businesses in California
| are required to honor GPC.
|
| https://oag.ca.gov/privacy/ccpa#collapse8b
|
| > Under law, it must be honored by covered businesses as a
| valid consumer request to stop the sale or sharing of
| personal information.
| AgentOrange1234 wrote:
| This sounds awesome! Thanks! It is very tiring to click through
| every single site.
| arduanika wrote:
| Gives a new meaning to "manufacturing consent"
| Cyberdog wrote:
| I've been using the annoyingly-named superagent for a while for
| the same task, but it often seems to fail to detect some of these
| annoying boxes. I'll definitely give this alternative a try and
| see if it works any better.
|
| Thank you so very, very much to the EU and whatever other
| government agencies are responsible for making the web more
| annoying to use.
|
| https://super-agent.com/
| notpushkin wrote:
| > Thank you so very, very much to the EU and whatever other
| government agencies are responsible for making the web more
| annoying to use.
|
| They didn't make the web annoying - advertisers did. They were
| the ones who chose the most annoying way to comply with the
| laws.
| jitl wrote:
| Sure, for advertiser thingies. But website features like
| optionally storing your preferences in localStorage, or
| assigning device IDs to be able to understand and optimize
| website performance both require consent pop-ups.
| dzikimarian wrote:
| Preferences and other things required for site to work do
| not require a consent.
| jitl wrote:
| Some preferences are not required for the website to
| work, but do improve the experience. These are classified
| as "functional cookies", "preference cookies", or "user
| interface cookies" in ePrivacy Directive and UK GDPR
| literature, examples like remembering your selected
| language, and still require consent. See
| https://ico.org.uk/for-organisations/direct-marketing-
| and-pr....
|
| Consent-o-Matic uses this text to describe this category
| of cookies (for me, it's the first item in extension's
| config UI):
|
| > Preferences and Functionality: Allow sites to remember
| choices you make (such as your user name, language or the
| region you are located in) and provide enhanced, more
| personal features. For instance, these cookies can be
| used to remember your login details, changes you have
| made to text size, fonts and other parts of web pages
| that you can customize. They may also be used to provide
| services you have asked for such as watching a video or
| commenting on a blog. The information in these cookies is
| not used to track your browsing activity on other
| websites.
| hnbad wrote:
| These require consent if, for example, they involve the
| use of a third-party service. Setting a first-party dark
| mode cookie does not require opting in even if it's "non-
| essential". It does however require disclosure.
|
| The jury's also still out to what degree third-party
| cookies need to be disclosed in detail (e.g. whether you
| really need to keep track of the dozens of cookies Google
| Maps or YouTube sets or whether you can just refer to
| their privacy policy for the details). But embeds for
| YouTube, Twitter, Facebook or Google Maps, or the use of
| Google Fonts or the use of third-party CDNs for non-
| essential functionality definitely do require consent
| (i.e. opt in).
| hnbad wrote:
| They're also violating the ePrivacy directive with any
| consent dialogs that don't give at least equal weight to the
| "Reject all possible and continue" option or hide it behind
| extra clicks.
|
| Sadly the ePrivacy implementations were a bit lacking in some
| member states and the EU directive to replace them with a
| direct EU-wide law doesn't seem to be fully in effect just
| yet but I have high hopes we'll see companies fined over
| these deliberate misdirections soon and that will hopefully
| put an end to it.
| orbisvicis wrote:
| I believe ublock origin blocks these via the annoyances filters,
| but just the popup element without setting the cookie. I haven't
| really looked into it.
| bugtodiffer wrote:
| Yes of course without accepting the cookie. THis malicious
| compliance BS has to end. i won't do the 20 clicks I need to
| deselect legitimate interest everywhere... I'm just blocking
| your popup.
| pbmonster wrote:
| It blocks some of them, usually the most basic. I also seem to
| remember that by not answering those prompts (and hiding them
| instead), you actually consent until you decline.
|
| It absolutely can't block the more advanced, sometimes multi-
| stage prompts Google, Youtube, and many newspapers use.
| Consent-o-Matic actually goes through those prompts and
| declines the maximum possible amount of tracking, while
| consenting to the necessary options required to make the site
| work.
| Elinvynia wrote:
| That is false, you only consent by your explicit action -
| clicking "accept". If you inspect element and remove the
| consent popup entirely, you have not consented.
| tcfhgj wrote:
| At least this the legal requirement
| nicbou wrote:
| Exactly. Consent is opt-in, not opt-out. That's the law.
|
| If a website does not respect that, it probably won't
| respect your choices either, so you might as well block the
| cookie banner and all tracking scripts.
| IanCal wrote:
| It's not false. You are right that you haven't consented
| until you actively do so, but that's not the same thing as
| having the website _work_.
| nicbou wrote:
| It blocks pretty much all of them for me. I almost never see
| a cookie banner, to the point I forget that they exist, just
| like YouTube ads.
|
| I sometimes forget how bad the unfiltered internet is.
| agos wrote:
| Consent-O-Matic runs on recent Safari, while ublock
| unfortunately does not
| nottorp wrote:
| That's Apple's fault though, for not offering an API that
| would support uBlock Origin.
| leokennis wrote:
| The issue is that some sites will not work until you made a
| decision in the cookie pop-up. So then I have to reload the
| page without blocking, reject the cookies, and then reload the
| page with blocking...
|
| So for now I disabled the blocking of cookie pop-ups and I let
| C-O-M automatically reject cookies for me.
| account42 wrote:
| > The issue is that some sites will not work until you made a
| decision in the cookie pop-up. So then I have to reload the
| page without blocking, reject the cookies, and then reload
| the page with blocking...
|
| My solution in these cases is to leave the website in
| question and do something that doesn't involve getting
| abused.
| sonium wrote:
| I'd like the option to automatically choose the LEAST privacy
| conserving option, because
|
| 1. I don't care
|
| 2. It should work better since it aligns with the goal of the
| site
| kevmo314 wrote:
| The extension allows you to choose what settings you want.
| creshal wrote:
| Regarding 2: That's the fun part! Manual consent isn't required
| for functional cookies, only for marketing garbage that doesn't
| help you at all.
| bhawks wrote:
| What if the goal of the site is to monetize views so it is
| economically viable to produce content?
|
| Then GP's point towards 'it should work better' implies it
| works over the long-term and not a single interaction.
|
| I find ads frustrating as well, but it is a powerful
| monetization strategy and that doesn't have a substitute.
| alkonaut wrote:
| This comes up every time gdpr or ads are discussed. But
| it's pretty simple I think: not enforcing privacy
| regulations _forces_ site owners to break them.
|
| The reason is that so long as some sites show tracking ads,
| the monetization possible by privacy-friendly ads is almost
| nothing.
|
| The long term goal must be that no one cheats, so that ad
| the revenue from well-behaving advertising can go up.
|
| Remember the consent dialogs aren't ever asking permission
| to show ads.
| xigoi wrote:
| Hot take: People who produce content with the goal of
| getting money should just do something else.
| troupo wrote:
| You don't need invasive and pervasive tracking and
| wholesale trade of user data to display ads.
|
| Google earned billions of dollars doing contextual ads
| before tracking user's every motion became the norm
| seanhunter wrote:
| That is an option with consent-o-matic. You just go to the
| first page of the preferences and turn everything on.
| seanhunter wrote:
| I've been a very happy user of this plugin for some time and it
| works great for me. I'm always bewildered by how many cookie
| consent dialogs I see on my work browser which is locked down so
| doesn't have this plugin.
| beefnugs wrote:
| Sadly this is the wrong solution: proper solution is to create
| generic "get to the base information" solutions to get past all
| dark pattern bullshit.
|
| Trusting advertisers, web developers under coercion, annoying
| paywall based sites has been proven to be a bad choice over and
| over in history repeating itself hellscape.
|
| Firefox's "reader view" was the right idea, that doesn't quite go
| far enough. We need options like "i just want text, non ad
| pictures, and original videos".
|
| Any higher layers where we allow these brutal dark patterns are
| too much work to track and fix every little thing they can do
| with code
| TeMPOraL wrote:
| > _We need options like "i just want text, non ad pictures, and
| original videos"._
|
| That's called an ad blocker.
|
| This is touching on the larger battle for control over user
| experience, that has been going on since the birth of the WWW.
|
| Most of the sites want you to see everything _other_ than
| "text, non ad pictures, and original videos" - the latter is a
| bait and a vector to expose you to ads, dark patterns, and
| other marketing shenanigans. They'd serve you their page as a
| PDF if they could get away with. They almost did get away with
| Flash. They do get away with this with mobile apps. About the
| only thing stopping them from replacing websites with some
| ungodly mix of canvas, WebAssembly, and React-like frameworks,
| is _accessibility_ [0].
|
| Point I'm making is, it's not a PvE game, it's a PvP one. A
| beefed up Reader Mode is not a solution - try to build one, and
| half the industry will cry foul, and proceed to invent
| workarounds. The Web, as we know it today, is funded by the
| enemy.
|
| --
|
| [0] - specifically, the legal requirements in some scenarios
| and jurisdictions, which create a sort of back pressure on the
| industry that keeps the web from full-blown appification.
| alkonaut wrote:
| It should be called Reject-O-matic or you might get the
| impression that it's ever used to consent to anything...
| Drakim wrote:
| While you aren't wrong, somebody might get the dumb idea that
| "If a tool instantly rejects the consent then the user hasn't
| truly consciously made a rejection."
|
| This is the flimsy excuse made not to respect the Do Not Track
| header. By making it so that it's a tool for expressing the
| user's opinion, be it negative or positive, it becomes harder
| to spin it as being a tool that does not actually embody the
| user's view.
| MereInterest wrote:
| For the GDPR, that argument would fail immediately. Since the
| GDPR requires consent to be explicitly granted, and neither
| conscious rejection nor automatic rejection would constitute
| an explicit granting of consent, the site would not have a
| consent to track.
| paulryanrogers wrote:
| DNT could be mandated as a prompt instead of ever included
| by default. Or does the GDPR require explicit consent
| prompt and selection per domain?
| troupo wrote:
| GDPR requires explicit informed consent for data not
| strictly required for the working of a
| <website|app|store|organization|anything>
|
| A user giving consent to <site|app...> A does not
| translate into consent for <site|app...>.
|
| And yes, the _default_ for such consent questions _must_
| be "no"
| paulryanrogers wrote:
| Perhaps I was unclear. IMO someone picking "sure fine
| everyone track me" when setting up browser (DNT
| preference) first time should count as explicit consent
| for every site. And similarly choosing DNT for all should
| legally count as telling site not to track _and_ not to
| ever prompt.
| MereInterest wrote:
| In addition to being explicit, consent must also be
| informed in order to be valid under the GDPR. This is not
| a blanket understanding of "I may be tracked on the
| internet." but a specific "X information may be used by Y
| data processors for Z purposes." If somebody is not
| informed of X, Y, and Z prior to giving consent, then it
| doesn't count. A browser-wide preference from years ago
| is not informed consent.
|
| There is one and only one legal default under the GDPR:
| Do not track.
| anticorporate wrote:
| > There is one and only one legal default under the GDPR:
| Do not track.
|
| This is immediately followed by every head of marketing
| (at least for US-based companies) asking "Okay, so how do
| we track those people?"
|
| I'm not saying this is right. But it is reality. We
| normalized for two decades marketing leadership having
| the expectation that they can track every interaction,
| and prying that data away has been painful, especially
| for folks who really want to do the right thing but are
| told otherwise by their managers.
| MereInterest wrote:
| I agree, and that's why I try to avoid any prevarication
| on the point. Because the head of marketing will at some
| point ask developers to break the law. Treating privacy
| law as a grey area gives the marketers more room to
| pressure developers, and more room to throw developers
| under the bus afterward.
| weberer wrote:
| >This is the flimsy excuse made not to respect the Do Not
| Track header.
|
| Not exactly. The issue was that a specific version of IE
| enabled that header without giving the user a choice. If a
| user explicitly chooses to toggle the header, or install an
| add-on, then that argument would not hold up.
| fifteen1506 wrote:
| Global Privacy Control should provide a global control that
| should work better than DNT ever did.
| j-bos wrote:
| Would something like this prevent the Disney defense against
| wrongful death liability?
| https://news.ycombinator.com/item?id=41242400
| dns_snek wrote:
| Not in this specific case, they agreed to those terms when
| signing up for a Disney+ account, this extension only helps
| with regular consent pop-ups.
|
| What would've helped is not signing up to Disney+ and pirating
| all of their content instead.
| account42 wrote:
| Is there even a Disney defense here? Lawyers can bring all
| kinds of arguments, what matters is if they are upheld. Note
| that in this case Disney didn't even own or operate the
| restaurant so it's questionable why they even are a defendant
| here.
| dns_snek wrote:
| I love the idea but giving "root access" to an extension that's
| "not monitored for security" is a non-starter. I wish Mozilla
| would step in and do something good for a change.
| nottorp wrote:
| Would you like an "ecosystem" where you can't publish anything
| that the gatekeeper doesn't like?
|
| I believe there's one over there <looks at Apple>.
| dns_snek wrote:
| I don't like "ecosystems" where a gatekeeper decides what we
| can and can't do with our own devices, browsers, etc. That's
| different from a software repository guarding users against
| malicious updates, e.g. due to compromised extension
| publishing account. The blast radius on extensions with
| permissions like that is huge, they could steal all of our
| session cookies and login info, for example.
|
| My comment was a bit harsh, and that harshness wasn't aimed
| at authors of this extension. I'm merely asking Mozilla to be
| more proactive with extensions that are extremely security
| sensitive, but also further their own purported mission, like
| this one.
| Fethbita wrote:
| Check out this feature from Firefox then:
| https://bugzilla.mozilla.org/show_bug.cgi?id=1783015 Apparently
| can be turned on with the following:
|
| cookiebanners.service.mode = 1
| cookiebanners.service.mode.privateBrowsing = 1
| cookiebanners.ui.desktop.enabled = true
| mrtksn wrote:
| The tracking pop-ups used to be the scapegoat of UX but these
| days the experience is broken by "are you a robot" walls,
| subscribe to my blog walls, paywalls, your ip is from the wrong
| country walls, login walls and other all kind of wall.
|
| These days when I see a link to a news outlet or a blog that
| intend to consume seriously, I just use archive.is. It removes
| all the annoyances, it's brilliant.
| account42 wrote:
| ... except when archive.is itself presents you with one of
| those walls because you are using a browser that is not the
| latest Chrome.
| k__ wrote:
| Brave simply hides these popups.
|
| Works pretty well.
| recursive wrote:
| It only works because no-one* is developing to Brave. If Chrome
| tried that, it would be reverse-engineered or otherwise worked-
| around.
| mp3geek wrote:
| Brave uses Easylist/uBO Cookies list. Everyone develops for
| it.
| recursive wrote:
| If that was true, then Easylist/uBO Cookies list wouldn't
| work, as the thing they're blocking would have been
| developed not to be blockable by those things.
| aucisson_masque wrote:
| 'I still don't care about cookies' works on almsot every website
| I browse.
|
| This extension on the other hand used to work maybe on a third,
| don't know if it improved but I would suggest the first if you're
| fed up with the cookie popup.
| Refusing23 wrote:
| > 'I still don't care about cookies'
|
| if i recall this just closes the cookie popup
|
| but if you want some functionality you may need to accept some
| basic cookie like "remember me" for logging in, etc?
|
| this is what the extension is great for
|
| not sure if you can use both
| Double_a_92 wrote:
| The problem is that it needs to be manually adapted to each
| side that doesn't have a well known cookie banner... So if
| you mostly visit "exotic" pages it doesn't work.
| account42 wrote:
| Sites do not need to ask for consent for a login cookie or
| anything else that is strictily required to provide the asked
| for service.
| Macha wrote:
| Note "I don't care about cookies" and "I still don't care about
| cookies" will accept tracking if that's the easiest route to
| get rid of the popup, which is a significant difference to the
| extension in this topic.
| aucisson_masque wrote:
| I understand the shortcoming but to be fair, if a website
| owner wants to track you he can do it even without cookie. I
| appreciate the gdpr for many reasons but the cookie banner
| constant spam is not one of them, I believe people just want
| to get rid of it even if it means agreeing to everything.
| marsh_mellow wrote:
| This is great. Is there any work being done to make something
| similar part of the browser API?
| troupo wrote:
| There was the Do Not Track header that this great industry of
| ours immediately used to track users
| dspillett wrote:
| I keep considering this and similar tools, but I have a concern
| that they will miss things and effectively opt-in when I want
| them to opt-out.
|
| For instance: if the code/config for a particular site or family
| of sites becomes out of date for a while due to said site(s)
| adding a bunch of "legitimate interest"1 checkboxes, then I may
| have just given consent (or passed by the opportunity to object)
| without knowing.
|
| ----
|
| [1] In other words "we see your preference not to be stalked by
| our partner(s), but fuck you and your preferences we want to let
| them anyway".
| netsharc wrote:
| I just came to the realization how ducked up things are, that
| right now every website view involves solving a stupid puzzle
| of toggles... that the privacy-conscious think might help them
| protect some of it, but I have a suspicion will do duck-all for
| said privacy anyway.
| londons_explore wrote:
| I like this, but would like it to avoid the loading time of the
| consent popups.
|
| Too often, the consent dialogue takes over a second to load, and
| when you finally click 'accept' there is a little spinner for
| what seems like ages before the dialogue goes away and you get to
| see the content you came to see.
|
| Can we simply detect the "<script src=consent.js..." tag, and
| simply not load it for the most common and annoying types of
| popup?
| worble wrote:
| uBlock origin with the "annoyances" list blocks 90% of these I
| find
| weberer wrote:
| 1. Open the uBlock Origin dashboard in your browser (click the
| little gears icon)
|
| 2. Navigate to the "Filter Lists" tab
|
| 3. Scroll down to the "Cookie notices" section
|
| 4. Check the box that says "EasyList/uBO - Cookie Notices"
| MostlyStable wrote:
| In the case that the popup doesn't load/the user never makes a
| choice, what is the cookie behavior?
|
| How about if you hit the "x" button on the cookie popup instead
| of either "accept all" or "reject all"?
|
| My assumption is that, despite what the law says/is meant to
| do, doing anything than going through the checklist will result
| in all cookies being enabled.
| turblety wrote:
| I just installed it on Chrome, and it hasn't worked on a single
| site, but upvoting as I love the idea as horrible as the whole
| consent banner thing is :(
|
| For example bing.com, britishairways.com all show their consent
| popup. It does try and do that minimize thing, as something
| flashes to the bottom right. But the model still appears in the
| same place as always.
| willks wrote:
| I've been using this on mobile for a couple of years now, I've
| noticed it failing in the way you mention quite often in the
| last 3 months or so. I'm not sure how maintained the rules are,
| they might need updating. Previously it was working nicely,
| although probably only on 40% or so of pages. I've also used
| ublock to block cookie consent popups, which catches more but
| occasionally has to be disabled as sometimes it will break
| scrolling or interaction with the page.
| ivann wrote:
| I like this proposal to add a "purpose" field to the cookie
| header. This could allow consent settings at the browser level,
| preventing all these pop-ups.
|
| https://mailarchive.ietf.org/arch/msg/httpbisa/Mp-DjtBk-sfdQ...
| fanf2 wrote:
| I am sure it will be as successful as do-not-track.
| franga2000 wrote:
| The problem isn't lack of a solution, we've had DNT for years.
| It's that the people who want to track you generally don't want
| to make it easy for you to opt out.
| ivann wrote:
| Yes, this will need legislative backing. We had the GDPR
| since the DNT.
|
| I also just discovered the GPC which seems more interesting:
| https://globalprivacycontrol.org
| bradleyy wrote:
| Actually, GPC support is required in CPRA. CPRA, if you're
| not familiar, is the California privacy law.
| xnorswap wrote:
| And they will mark all the advertising cookies as "Legitimate
| interest", as they've already started to do that with the
| confirmation prompts.
|
| The "legitimate interest" of selling you shit you don't want
| and selling your interests to third parties.
| ivann wrote:
| Would this get past the GDPR? I get the defeatism, there are
| powerful actors, but it doesn't mean we shouldn't try to
| improve the situation.
| whereismyacc wrote:
| Isn't this one of those things that is going to require a
| landmark case?
| krageon wrote:
| No, it's not legal. It's clearly not legal, it doesn't need
| a case. It's well established in the law as it was written.
|
| It's just that the enforcement agencies are large, lazy and
| won't enforce anything. They don't even enforce when you
| can prove beyond a shadow of a doubt when and how the
| corporations have leaked your private information, let
| alone when their use of cookies is illegal.
| antonkochubey wrote:
| GDPR enforcement actions are happening quite often in the
| EU.
|
| https://www.enforcementtracker.com
| bradleyy wrote:
| Nothing prevents a company from doing this, but it's
| definitely not GDPR compliant.
| laborat wrote:
| THANK YOU for letting us know that this exists
| sgc wrote:
| With how aggressive websites are in shoving popups down our
| throats for every little random thing, we need an in-browser AI
| bot to get rid of them appropriately.
|
| It's leaking too. I got a popup on my keyboard on my phone
| yesterday, and literally thought "this is too much, I wish I was
| dead" (I'm doing fine, just an intrusive thought :). Time to dial
| it back in folks. It is unbearable.
| iwontberude wrote:
| To those of us with ADHD this firehose of notifications and
| distractions feels like a deliberate attack on our agency. It
| does make me feel like I want to die, not because I'm depressed
| or suicidal generally but because I can't imagine aging
| gracefully with this escalating source of entropy.
| fuzzy_biscuit wrote:
| This is precisely why I'm sidling up to the idea of an old
| flip phone. The deluge of "communication" that is force-
| injected into my eyes every day is an immense waste of my
| mental energy. I hate this age of attention assault.
| zelphirkalt wrote:
| May I suggest a well configured uBlock Origin and
| additionally to cut out some websites completely from your
| life? Doesn't solve the problem in general, but it will
| hopefully make you feel better. And it will make your
| browsing faster, because you are not loading all that crap.
| sgc wrote:
| I had the thought for much the same reason. It amounts to a
| denial of service attack on the human psyche.
|
| There are places with laws about advertising pollution in
| public spaces. That needs to extend beyond advertising to a
| more general set of aggressive attention grabbing features,
| and to our digital lives, where we spend a huge amount of our
| time. It's not going to self-regulate. Ironically, the
| ubiquitous GDPR popups sort of broke a dam that have led to
| popups of all sorts being forced on us all over the place.
| Double_a_92 wrote:
| The actual problem is not the popups, it's that websites have
| so much spyware crap on them that you need all those warnings.
| zelphirkalt wrote:
| But also that the popups do not conform to what GDPR demands.
| Remember, rejecting everything should be the same amount of
| effort as accepting the settings, and by default non-
| functional stuff should of course be turned off. If websites
| followed those rules, we would have way less of a problem
| here.
| dredmorbius wrote:
| If only there were some way to eliminate that need for
| warnings....
| krageon wrote:
| > The actual problem is not the popups
|
| Yes, it is. That's the actual problem and so is everything
| else about the attention-hijacking industry.
| drdaeman wrote:
| > we need an in-browser AI bot to get rid of them
| appropriately.
|
| Not just popups. We need browsers to die and be reborn as User
| Agents again.
|
| Currently the best browsers do is some translation and
| summarization, but there's currently zero automation.
|
| An ability to tell user agent a command, in a natural language,
| like "go through first 10 pages of those Amazon search results,
| check every one of them including photos, descriptions and
| reviews, filter products according to those and those criteria
| (and not whatever Amazon lets me search and filter on) and give
| me a nice clean list of images and links with zero extra junk"
| will be a game changer.
|
| We have all the tools, it's about time we show a middle finger
| to dark patterns and enshittification. Sure, it'll be a game of
| cat-and-mouse with websites fighting against robotic agents
| empowering end users (ad industry is going to hate this so
| much), but it's a battle worth fighting.
| fnordsensei wrote:
| Or a standard API whereby a user fills out their preferences
| once in their browser, and the websites ask the browser for
| this information.
| alok-g wrote:
| Asking genuinely as I never experimented myself -- Does the
| Internet experience in general cripple if one rejects the cookies
| on all websites? Or there is very little loss of functionality? I
| often allow 'essential cookies'. Would go to 'reject all' if that
| works fine.
| gleenn wrote:
| I reject-all as often as possible and they just make me log in
| more.
| 1oooqooq wrote:
| Given that the average person visits a site once. No.
| Double_a_92 wrote:
| Not really. You might need to login everytime, or on shops you
| will lose your cart.
| nani8ot wrote:
| Storing login tokens and cart information falls under
| "legitimate interest", which does not need consent. They just
| aren't allowed to use that information to do anything else
| with it.
|
| I've rejected all optional cookies/tracking for many years
| and I've never noticed any missing functionality.
| dredmorbius wrote:
| For years my own practice on sites that impose cookie pop-ups
| has been:
|
| - Zap that element (uBo element zapper or custom CSS style rule
| via Stylus).
|
| - Globally deny _ALL_ cookies for that site, via uMatrix.
|
| Note that uMatrix (and AFAIU Fireox) already block all _third
| party_ cookies. This just makes that prejudice global to the
| site itself.
|
| The number of sites for which I require some level of state
| preservation is parlous few. Hacker News itself is most of
| them, my Fediverse home the other.
|
| (I largely don't use the Internet for commerce. That's always
| struck me as a bad idea, getting worse. If I cared ... another
| very small number of exceptions would deal with that.)
| Macha wrote:
| Generally, no. Despite the claims that "this will not cause you
| to see less ads", sometimes it even does cause you to see less
| ads as ad slots are less likely to fill if they have less user
| info. (Sometimes the opposite happens and you get the shittiest
| weight loss ads however). That said, I assume most people
| likely to use this extension already run an ad blocker.
|
| Sometimes it breaks youtube/twitter embeds.
| jmorenoamor wrote:
| We should kill cookies once and for all.
|
| Put on a scale what we gain and what we loose, and just let it
| sit.
| account42 wrote:
| Cookies are a tool, this is like saying we should ban knives
| because they can be used to stab people.
|
| Login sessions is one thing that cookies solve well - we'd have
| to go back to session IDs in URLs with all the problems that
| causes.
|
| ... which also shows that cookies are not the problem because
| you can track users using an infinite number of different ways.
|
| Now stricter enforcement of consent laws as well as regulating
| in which ways consent can be asked for, that would make sense.
| zelphirkalt wrote:
| With GDPR conform cookie consent popups/banners, managing ones
| preferences is actually very easy. First time visiting a website
| just click decline and all is good. Unless of course we are
| talking about websites, which only pretend to be conforming, but
| are actually intentionally not. I say intentionally, because it
| is way more likely, than everyone responsible at a company having
| lived under a rock for the last ... what? 10 years now? ... and
| not actually knowing better. Nope, we have widespread shameless
| blatant violation of the law at our hands.
| cbeach wrote:
| On my pension provider's website I get the cookie consent
| warning every time I visit (whether I decline or accept). Even
| more annoyingly, this happens in the iOS app of the provider
| (which has a webview).
|
| EU regulations like this are so poorly thought-out. They should
| have just banned nefarious tracking cookies outright. The EU
| never seems to understand the practical consequences of their
| technical regulation.
| layer8 wrote:
| How does this compare to the similar functionality in Ghostery?
| WesolyKubeczek wrote:
| A very nice extension, but mobile Safari is a pig and somehow it
| fails to close the popup on roughly half of the sites I visit.
| :-(
| more_corn wrote:
| Shouldn't this just be called "no"? Or "I do not consent"?
|
| Anyone who cares enough to automate this will disable all
| optional cookies.
|
| Also, don't we all think the law should have simply required
| websites to respect the browser setting for this instead of
| requiring it every goddamned time?
| CalRobert wrote:
| The law states all of this should be opt-in. Website operators
| just ignore it.
| arendtio wrote:
| I wonder how many websites declare the Google Tag Manager a
| technical necessity (as part of the consent layers). In my world,
| it is a tool to manage different tracking and ad tools, far from
| being technically necessary to host a website.
| CalRobert wrote:
| Worth noting that GDPR says all this crap is opt-in anyway, and
| everyone is just breaking the law. But the law isn't enforced
| :-(.
| mrgreenfur wrote:
| Hopefully this is handled in the upcoming eprivacy regulation
| that intends to move the opt-in choices from individual websites
| to the browser: https://eur-lex.europa.eu/legal-
| content/EN/TXT/?uri=CELEX:52...
| rlt wrote:
| And hopefully the EU has learned a valuable lesson.
|
| Not holding my breath, though.
| riedel wrote:
| The upcoming e-privacy directive will most certainly solve all
| problems, except that it remains to be just that: upcoming for
| years
| xelamonster wrote:
| Sure, if we're really lucky that'll be implemented before 2030
| and maybe a handful of us will still be alive to see the day
| most of the mainstream web actually gets rid of all their
| obnoxious dialogs :)
|
| It is great to see but I'm also happy if we can have even half
| a solution like this in the meantime.
| IshKebab wrote:
| Are you sure? Can you tell me which part of the regulation
| tries to do that because I couldn't find it.
___________________________________________________________________
(page generated 2024-09-11 23:00 UTC)