[HN Gopher] Show HN: A Chrome extension that will auto-reject no...
___________________________________________________________________
Show HN: A Chrome extension that will auto-reject non-essential
cookies
A FOSS chrome extension that attempts to remove the annoyance of
cookie pop ups and banners. There are some extensions out there
that auto-accept cookies, but I didn't find one that auto rejected
cookies without either chaining some extensions together or setting
up custom rules in tools like uBlock origin. So with this
extension, you just need to add it for non-essential cookies to be
rejected. Github: https://github.com/mitch292/reject-cookies
Extension Link:
https://chromewebstore.google.com/detail/bnbodofigkfjljnopfg...
It's still very early days for the extension. I want it to keep
improving and working on more and more sites. Feedback welcome.
Thanks!
Author : mitch292
Score : 189 points
Date : 2025-04-29 11:49 UTC (11 hours ago)
(HTM) web link (blog.bymitch.com)
(TXT) w3m dump (blog.bymitch.com)
| mrweasel wrote:
| Consent-O-Matic can easily be configured to reject cookies.
|
| I suppose that technically you could also just remove the pop-
| ups, that means that you never agreed to anything and the site
| have no permission to place cookies on your computer.
| shmoogy wrote:
| This is only true in Europe - it is not required by the US
| privacy laws and the default most companies deal with will be
| set to implicit allow
| mrweasel wrote:
| I sort of assumed that companies wouldn't even show the
| cookie/tracking consent in areas where they are not legally
| required, but that's a good point.
| queenkjuul wrote:
| My company puts the cookie banner everywhere and follows
| the "hiding the banner is not consent" pattern.
|
| Not because we're required, but because that's how the off
| the shelf cookie banner thing we use works, and better safe
| than sorry should a European access our US marketing site,
| i suppose.
|
| I always figured most of the popups would reject cookies if
| hidden, if for no other reason that everyone is too lazy to
| modify the default behavior (and the default behavior is
| designed for EU regulations)
| GavCo wrote:
| Was an interesting experience travelling to Italy and
| suddenly starting to get cookie banners on sites I visit
| daily that normally don't have
| bberenberg wrote:
| The common one I use in the space is https://consentomatic.au.dk/
| but good on you for making an alternative. More options is great.
| agos wrote:
| +1 for Consent-O-Matic, it's great
| elashri wrote:
| > So the omission of an acceptance should be on par with an
| explicit rejection
|
| I know that is says "should" but how common that practice is
| followed by the websites? And in that case, wouldn't blocking the
| entire popups like ublock origin does becomes better option than
| installing a new plugin?
| queenkjuul wrote:
| My understanding (as was explained by my compliance department
| at work) is that per EU law, omission of acceptance is on par
| with rejection. Many off the shelf cookie consent plugins used
| by websites will default to this behavior (including the one my
| work uses, despite being a US company).
|
| Ublock does actually have an option to enable just hiding the
| popups.
|
| In theory though, there's nothing requiring websites to
| actually treat a hidden pop-up as a rejection in the US, so i
| guess it doesn't hurt to explicitly reject instead.
| rizs12 wrote:
| Can you release it for firefox too please?
| coldpie wrote:
| uBlock Origin already has this. Enable the "Cookie notices" and
| "Annoyances" filters in uBlock Origin's settings.
|
| Bonus pro-tip: Firefox for Android supports uBlock Origin, which
| means you can get rid of these godawful banners on mobile, too.
| Only iOS users are stuck having to put up with them.
| hammock wrote:
| How do I keep chrome from uninstalling ublock these days every
| time I restart?
| coldpie wrote:
| Use a better browser: https://www.mozilla.org/en-US/firefox/
| lambdaba wrote:
| I was back on Firefox for a few months, and it's noticeably
| slower and drains battery (on M2 Air).
| noname120 wrote:
| If Safari is OK you could move to Orion:
| https://kagi.com/orion/
| lambdaba wrote:
| I tried it briefly but I think it's semi-abandoned? Maybe
| I should give it another shot. Only non negociables for
| me are Stylish and Violentmonkey.
| speckx wrote:
| Orion is not abandoned, the last beta, version 0.99.133
| was released on April 21, 2025. See
| https://kagi.com/orion/updates/orion-release-notes.html.
| aquir wrote:
| I would love to but I can't use the MacOS default
| password manager :(
| albumen wrote:
| Safari supports 3rd-party password managers like
| 1password no problem.
| kitchi wrote:
| Take a look at Zen browser - it's a fork of firefox ESR,
| with some dramatic UI changes made to look similar to the
| Arc browsers.
|
| I've been using it on my Mac M1 and I only notice the
| memory footprint when I have > 30 - 40 tabs open.
| dddw wrote:
| Ublock-lite is there, but better switch to firefox or brave
| ozcap wrote:
| You can still install the extension manually. This is a good
| video on how to do it
| https://www.youtube.com/watch?v=jQX2lgePAKk
| lukasgraf wrote:
| Install it using an enterprise profile and enable the
| ExtensionManifestV2Availability flag:
| https://news.ycombinator.com/item?id=43340358
|
| Still works for me to this day, but this option might get
| axed come June 2025.
| replax wrote:
| for iOS users, you can just install eg AdGuard as iOS safari
| extension/blocker extension and enable the uBlock filter lists
| :) Fully working ad blocker for mobile safari.
| moebrowne wrote:
| Hiding the popup is not the same as clicking reject.
|
| It should be but it's not.
| coldpie wrote:
| You think these websites give a shit about your privacy
| because you clicked on a div with a "No" in it? Not a chance.
| It's like asking thieves to promise not to steal from you.
|
| Protecting users is the browser's job:
|
| https://support.mozilla.org/en-US/kb/enhanced-tracking-
| prote...
|
| https://support.mozilla.org/en-US/kb/introducing-total-
| cooki...
| toomuchtodo wrote:
| The act of indicating no is frictionless if automated
| through an extension, and if it turns out orgs are not
| respecting the action, it'll end up in a class action or
| other legal event eventually (assuming statute or other
| regulatory mechanisms exists on the topic). "Porque no los
| dos?" Strongly agree the browser should still aggressively
| act in the user's interest and protect them.
|
| (privacy law and how it relates to customer user experience
| is a component of my work in finance)
| dns_snek wrote:
| I think that's a distinction without a difference in
| general, but certainly under the GDPR where any form of
| consent must be explicit.
| coldpie wrote:
| I mean sure I guess, do whatever you want. I will always
| have uBo installed and I prefer to have less software on
| my machine (fewer things to go wrong), so uBo's list plus
| Firefox's protections is good enough for me.
|
| > if it turns out orgs are not respecting the action,
| it'll end up in a class action or other legal event
| eventually
|
| Not a chance.
| berkes wrote:
| > You think these websites give a shit about your privacy
| because you clicked on a div with a "No" in it
|
| Yes. For a subset of "these websites". Because this is
| enforced and EU has fined billions already. The fines for
| doing what you say they do, are steep and a severe risk for
| many "these websites".
| coldpie wrote:
| > For a subset of "these websites".
|
| So for websites that are not in that subset, they will
| still track you regardless of what you click on, so you
| still need browser-level protections for those websites,
| and those browser-level protections will _also_ work on
| the websites that are in that subset, so you still gain
| nothing by clicking the No.
| berkes wrote:
| Yes. But "these websites" will then be prosecuted, their
| owners cannot enter the EU ever again without the risk of
| severe penalties, they cannot do business in the EU and
| can and often will, lose access to many services that do
| want to stay on the good side the EU (i.e. will see their
| google ads blocked, their stripe frozen, their hosting
| closed etc)
|
| Edit: what I'm trying to say is: this "technical" problem
| has a real and working "solution" that's not technical at
| all: law and enforcement. Now, that won't work for all
| and everything, it never does. There will always be
| malicious, scammy, malware, criminal and illegal
| webservices around. But it makes it very hard for
| malicious actors to do so and make money.
| coldpie wrote:
| Yeah but the question is how you, as a user, should best
| protect yourself. I'm saying clicking the "No" provides
| no advantage over using a browser that just protects you
| from tracking by default. Then it doesn't matter whether
| the website is following the law or whether the EU (where
| I don't live) will enforce the law or change it in the
| future or whatever.
|
| > Now, that won't work for all and everything, it never
| does. There will always be malicious, scammy, malware,
| criminal and illegal webservices around.
|
| Yeah, exactly. So if I have to protect myself from those
| websites anyway, I may as well apply the same protections
| to all websites. Clicking the "No" does nothing for me.
| ziofill wrote:
| > So if I have to protect myself from those websites
| anyway, I may as well apply the same protections to all
| websites.
|
| And what is the protection?
| coldpie wrote:
| I posted links up thread:
| https://news.ycombinator.com/item?id=43832541
| IggleSniggle wrote:
| I'm currently at a small ad tech firm and while I can't
| speak for other outfits, we _definitely_ are extra careful
| about respecting user consent indicators. Because we are
| small, it 's not easy to do this, because there are many
| possible ways for users to "reject". This includes
| situations that merely _imply_ non-consent due to inaction,
| rather than active non-consent like a reject cookie
| indicator, or living in a jurisdiction that makes non-
| consent automatic (as it should be!). Many of the "reject
| cookies" tools are especially useful because even if a
| _website_ doesn 't respect your choice (and therefore tries
| to send data to us) your _browser_ can still tell us if you
| are non-consenting. This means it 's easier for us to
| notice non-consent and drop the data as soon as possible,
| before any logging or analysis can occur.
|
| We do not materially benefit from this in any way, nor do
| we market it. I am not a spokesperson for my company nor do
| I want to be publicly identified with it. I'm advocating
| here because you said "not a chance" but there _is_ a
| chance.
|
| It's not just that we are worried about some sort of
| regulatory enforcement, either, although existence of such
| regulations does help convince the less scrupulous people
| from pursuing a bad path.
|
| The free internet is built on ads. I still believe in the
| free internet. I still think we can make it work. I welcome
| regulation and regulatory enforcement even though it's hard
| for a small outfit like us, because it reduces the chances
| that our ad tech has to compete with less scrupulous
| people. I think we've survived as a small outfit since
| roughly the dotcom era _because_ we 've tried to be good
| stewards. People wouldn't need uBlock if there was better
| regulation/enforcement, and companies like mine, who are
| trying to do the right thing (even as we operate in the
| loathed ad space), would benefit.
|
| I'm worried about AI on this front because it means in the
| future your ads will be served up to you out of a black box
| instead of out in the open where we can all inspect who is
| trying to get what from us (and block bad parties via eg
| uBlock), and, to a degree, who is trying to shove what down
| our throats.
| skeeter2020 wrote:
| >> we _definitely_ are extra careful about respecting
| user consent indicators.
|
| Where you used italics I think you meant finger quotes
| and a wink.
| jsheard wrote:
| Yeah I find that list is more trouble than it's worth,
| because some sites will block interaction until you dismiss
| the cookie notice, so you get softlocked if the notice is
| hidden. I assume that's why uBO disables that list by
| default.
| moebrowne wrote:
| Agreed. YouTube is a notable example of this, at least in
| the EU.
| dongkyun wrote:
| This is incorrect. The GDPR requires affirmative consent
| before processing user information, hiding is not
| "affirmative." Additionally, there's been increasing
| litigation via wiretapping statutes (most notably in
| California where there's statutory minimums for damages) that
| pose additional legal risk for companies using analytic
| cookies w/o affirmative consent.
| queenkjuul wrote:
| Legally it is the same
|
| Doesn't mean people implement it correctly though
| Mashimo wrote:
| Oh neat. I did not know this. Thanks for sharing.
| raverbashing wrote:
| My ideal solution to this would be: accept all cookies, then
| delete them after page unload
| gear54rus wrote:
| this is called incognito mode
| sneak wrote:
| This is what the extension Cookie Autodelete does. It even
| allows you to make an exclusion list of ones you wish to
| persist.
| probably_wrong wrote:
| Note that "I agree to tracking" and "I agree to cookies" are
| two different things. If you agree to tracking then a website
| can fingerprint you in any way they see fit, including
| methods that do not depend on cookies.
| jorvi wrote:
| This is what Brave's "Forgetful Browsing" does. There's even
| a slight delay, in case you accidentally closed the tab.
|
| You can configure the "Cookie Autodelete" extension to behave
| in a similar way.
| knowitnone wrote:
| this means they track you for your duration. ideal solution
| is accept all cookies and randomly modify the values so it
| becomes a jumbled mess to their analytics
| rkagerer wrote:
| Could you clarify which options you mean?
|
| https://i.imgur.com/QnedRVZ.png
|
| Also, how's that compare to Consent-O-Matic in terms of
| effectiveness,safety (i.e. that it doesn't mangle the wrong
| thing on the site) and performance?
| coldpie wrote:
| I use the EasyList ones, though I don't have any particular
| reason for that other than it is also the default "Ads" list
| chosen upon installation.
|
| > Also, how's that compare to Consent-O-Matic in terms of
| effectiveness,safety (i.e. that it doesn't mangle the wrong
| thing on the site) and performance?
|
| Dunno. I've never had any problems with it. All it does is
| hide the cookie banner DOM elements.
| nfriedly wrote:
| Not the op, but I just enable all of them.
|
| It is a very rare for me to see a site that's broken by
| ublock origin.
| hedora wrote:
| Orion for iOS supports Firefox and Chrome extensions.
| godelski wrote:
| I've been using this and it even blocks YouTube ads. But do
| note that it often reduces video quality and in shorts there
| seems to be an off-by-one error where if it's "hide toolbar"
| then if you click the like it'll click the dislike and if you
| click dislike it'll click comments.
|
| Worth it IMO but I really wish there was a better way to
| submit bug reports than creating an account on their site.
| Fuck that dark pattern
| rkagerer wrote:
| _How it's implemented: Vibe coding is the answer_
|
| Sorry, you want me to give browser privileges to code written by
| AI?
| Imustaskforhelp wrote:
| Where is it shown that it was written by vibe coding?
| rkagerer wrote:
| Click the Show HN link and scroll down to the second heading.
| Gracana wrote:
| You should stick with extensions that have lots of stars, that
| way you know they're trustworthy and secure.
| DaiPlusPlus wrote:
| I assume you're being facetious; because popular (and good,
| trustworthy) extensions written by initially passionate
| people often end-up being bought-out by dodgy orgs - with
| very-hard-to-refuse offers - and the Chrome Extension Store
| has no way of knowing about that.
|
| I had a Chrome extension with about 20,000 users and I
| received unsolicited buyout offers a few times a year, and
| some offers were very hard to refuse - but it's not hard to
| imagine anyone else capitulating.
| burnished wrote:
| What were the larger offers you received?
| DaiPlusPlus wrote:
| They were all below $10,000 USD, but some were very close
| to that.
| loloquwowndueo wrote:
| While I agree with you 200%, the code is there for you to
| review. I skimmed it and it didn't seem difficult to grok, keep
| in mind I speak almost no JavaScript or typescript.
| asadm wrote:
| AI is mere mirror of human code.
| mitch292 wrote:
| This is 100% a fair point of view and you're right to be
| skeptical. With the blog post I was just trying to convey that
| cursor + auto select model was not great at this task. It gave
| me a project structure, but besides that everything had to be
| refactored.
| leoxiong wrote:
| I never understood why the HTTP Do Not Track header wasn't used
| to signal cookie preferences. It seemed like the perfect
| solution.
| moebrowne wrote:
| Maybe GPC will do a better job
|
| https://en.wikipedia.org/wiki/Global_Privacy_Control
| charcircuit wrote:
| The issue is with how browsers implemented it. Instead of
| implementing it with a per domain granularity it was
| implemented as a global option. People may enable the option to
| block tracking from malicous parties, but may unknowingly block
| tracking from good companies. So now good companies would need
| to ask the user if they actually want tracking since they may
| accidently be blocking it.
| coldpie wrote:
| > tracking from good companies
|
| Say what?
| berkes wrote:
| There's proper and good tracking possible just fine.
|
| Tracking to discover latency, errors, weird behaviour,
| malicious actors and so on.
|
| Tracking to see what content does well and what not.
|
| Tracking to see what rough demographics (mobile, desktop,
| country, region, time-of-day etc) visit your premises.
|
| E.g. plausible-analytics or even Matomo do a good job at i)
| keeping the data rough and broad and without any PII, and
| ii) storing the data on-premise rather than at commercial
| aggregators who will either re-sell or use it for own
| services.
| sceptic123 wrote:
| If it's not tracking the user then I don't understand
| what the problem is with DNT here
| berkes wrote:
| No, the real problem was that it worked too good from the
| perspective of ad-tech and data-gatherers.1
|
| It relied on the goodwill of those who run these services to
| i) invest some effort and money to detect the DNT headers and
| then ii) not collect/store the data of these requests.
|
| Back, when only a tiny portion of web-users would send these
| headers along, the industry was fine to implement it. If only
| for marketing purpose. But, as soon as they saw that it
| actually worked, the industry saw a threat to their revenues
| and stopped.
|
| I believe a DNT2.0 that's more granular could've been a basis
| for GDPR, but the GDPR refrained -rightfully so, IMO- from
| any implementation details. For one, the GDPR never once
| requires some "popup", it merely states that if you are an
| a*hole and collect data that you shouldn't and/or send that
| to other parties, you should at least ask concent to do so -
| the idea being that web-owners would then massively ditch
| these services so that they don't have to nag their users.
|
| And because the GDPR refrained from implementation details,
| the Ad- and surveilance industry adopted a "dark pattern"
| that annoys people to no end (the popups) so as to paint the
| GDPR in a bad light. This industry could've easily said "If
| we see a DNT header with level:x and domainmask:*, we'll
| assume NO to every tracking cookie and won't collect them".
| And the browser makers then could add some UI to allow users
| per-domain or global, or wildcard or whatever settings "set-
| and-forget". But alas, this industry is malicious at best and
| will annoy users to no end for their own agenda.
|
| 1 edit: source: https://pc-tablet.com/firefox-ditches-do-not-
| track-the-end-o...
| charcircuit wrote:
| >adopted a "dark pattern" that annoys people
|
| It's not a dark pattern, but actually is similar to terms
| of conditions and privacy policies that sites show.
| Requiring users to go through legal agreements sucks, but
| companies can't just ignore the law in order to make a
| better user experience.
| orangecat wrote:
| _the GDPR refrained -rightfully so, IMO- from any
| implementation details_
|
| I would disagree with this. If you're going to force bad
| actors to take actions that they don't want to, and you
| give them wide latitude to decide how to comply, then of
| course they're going to try to find ways to satisfy the
| letter of the law while avoiding the law's underlying goal.
|
| _surveilance industry adopted a "dark pattern" that annoys
| people to no end (the popups) so as to paint the GDPR in a
| bad light_
|
| We should in fact blame lawmakers when they fail to
| anticipate the obvious consequences of their laws.
|
| _This industry could 've easily said "If we see a DNT
| header with level:x and domainmask:*, we'll assume NO to
| every tracking cookie and won't collect them"._
|
| If they were the type of people to do that, then they
| wouldn't have been doing the invasive tracking in the first
| place.
|
| The GDPR would be far better if it simply banned
| individualized tracking. It would be somewhat better if it
| explicitly specified that sites must honor browser headers
| and specified the exact UI to use when requesting
| permissions.
| mananaysiempre wrote:
| You assume the problem was to determine the user's preference
| in the most efficient way possible. The problem, instead, was
| to fool as many users into consenting as possible; and from
| that point of view, it is indeed rational to ignore any
| advisory signals and annoy the user so they want to just make
| the message go away.
| daveoc64 wrote:
| >I never understood why the HTTP Do Not Track header wasn't
| used to signal cookie preferences.
|
| You aren't really giving preferences related to cookies with
| these "cookie banners".
|
| The laws in the EU require companies to get user permission for
| certain types of data processing.
|
| Cookies may be involved in that, but they may not be.
|
| Browser features like local storage or session storage would
| also be covered, and a lot of processing done server-side
| without the use of cookies requires permission too.
|
| A single indicator like the DNT header or the newer GPC header
| can't cover all of this, so it isn't suitable for complying
| with the ePrivacy Directive or GDPR.
| hedora wrote:
| It's broken in the same way as do-not-stab. We tried that in
| my town, but people started slashing each other. One person
| got a big knife and kept it sheathed, then clubbed people
| with the handle.
|
| There's clearly no way to indicate what sort of knife based
| assault is acceptable using a single indicator.
| INTPenis wrote:
| I want a Firefox extension that will auto-accept all cookies.
|
| Because I already use Cookie Auto-Delete and I'm just sick of the
| question popping up. Stop nagging and give me all the cookies so
| I can delete them 5s after I close your tab.
| Spare_account wrote:
| that is covered off in the article, for what it's worth
| INTPenis wrote:
| Thank you! I just installed "I still don't care about
| cookies" in FF and this has improved my browser experience a
| lot!
| hedora wrote:
| You could use ublock origin's annoyance list for the same
| effect. Even better, you could use one of the ones that
| send "deny" listed elsewhere in this thread.
|
| Note that most tracking is possible without cookies these
| days, so deleting the cookies on exit (or even always
| running in a private tab) doesn't do as much as it used to.
| cj wrote:
| I noticed you deleted the privacy policy in Github, and link to
| this one instead https://privacy.reject-cookies.bymitch.com/
|
| The one you link to doesn't really make sense:
|
| > Data is collected on specific sites that the product is not
| working on. This data is sent explicitly by users and when it is
| collected we do not collect any information that could be tied to
| a specific user. Only the name of the site is collected and any
| additional information you include in the text of the report.
|
| The original one that was deleted from the Github repo [0] is
| much simpler and to the point.
|
| [0] https://github.com/mitch292/reject-
| cookies/commit/18a87b2bee...
| mitch292 wrote:
| Agree! Unfortunately, that one was rejected by chrome.
| Xunjin wrote:
| Could you provide more details?
| mitch292 wrote:
| Added some additional details under another reply in the
| same thread!
| GavCo wrote:
| Interesting. Did they explain why?
| mitch292 wrote:
| They had this in the reply
|
| > How to rectify: Ensure your privacy policy contains
| details about user data collection, handling, storage and
| sharing. Omission of any section is not allowed.
|
| So I added a section for each. I could make the
| "Information We Collect" section less verbose for sure.
| Xunjin wrote:
| Does this kind of privacy policy they demand follow any
| law, or it's just their "you should do this way"?
| mitch292 wrote:
| I'm honestly not sure.
| m00dy wrote:
| A rule based approach alone is insufficient and lacks maturity.
| The solution must be capable of understanding the context of a
| given webpage and taking actions based on that understanding.
| HypnoticOcelot wrote:
| What's the difference between this and "I still don't care about
| cookies"[0]?
|
| [0] https://github.com/OhMyGuus/I-Still-Dont-Care-About-Cookies
| jauntywundrkind wrote:
| It rejects cookies & reduces how much you are tracked, rather
| than accepting all tracking & cookies.
| graemep wrote:
| I don't care about cookies plus an extension that deletes
| frequently plus firefox container tabs will make tracking
| quite misleading.
| jauntywundrkind wrote:
| My gut feeling is that this would be somewhat useful yes at
| shielding privacy. But even if you delete cookies every
| day, at least for me, that's a day of various advertisers
| tracking my motions across the web. And it also involves
| the inconvenience of losing the sign in cookies that are
| greatly convenient for me to have. For my own sake, I'd
| prefer not accepting unnecessary cookies.
|
| On a macro sense, I also feel like there's a virtue to
| making it clear to sites that no I don't want their
| unnecessary cookies. Exercising my right to opt out
| (actually I'm American I have no such rights in my state)
| is a clear & direct signal, one that I hope someday perhaps
| the majority of the world might exercise. At which point
| there's little value in keeping up this user-hostile
| practice. Just deleting my cookies does reduce their
| usefulness, but it's not as clear a sign; it could just as
| well be someone who doesn't have a secure personal device
| they can rely on. I'd rather make it clear that no, I'm
| explicitly rejecting the premise of your cookies.
| shav123 wrote:
| nice how do you know where to reject is that a closed list?
| pete1302 wrote:
| In todays world, having a performant and robust (that can support
| extension) browser on widely used Platforms (Ios, Android) seems
| like a dream. Is it too much too ask for?
| gear54rus wrote:
| Firefox is that browser. Its not on ios but neither is any
| other browser that matters.
| hedora wrote:
| Kagi browser for iOS supports Firefox and Chrome extensions.
|
| I've been running UBlock Origin and Privacy Badger. Planning
| to add a cookie consent denier after I type this.
| mcoliver wrote:
| Love the idea. I wish chrome extensions had a more granular
| permissions structure and/or reminders/security checkups on
| installed extensions and their permissions.
|
| As it is the content scripts manifest permission for https://*/*
| for content.js is always so jarring to see. For those that don't
| know this allows the extension to run that script on every site
| you visit after clicking accept ONCE when you install the
| extension. That means it can see financial info, health info,
| legal info, your diary, etc...
|
| Now this makes sense from a usability perspective (I never have
| to see a cookie banner ever again!), but the author could change
| content.js at any time and the extension would continue to run
| without prompting the user.
|
| This is not an attack on you Mitch! It sure looks like you're
| trying to provide value in this world rather than take it. Rather
| it's an attack on Google's extension security model I'm really
| shocked google has not taken a more careful and nuanced stance to
| protecting users from a security standpoint.
|
| I write this as a fellow chrome extensions dev. I wish I had
| better more granular permissions structures to protect my users
| and give them more information about what I am requesting and why
| along with regular reminders so they can make informed decisions
| about what they want to share.
| mitch292 wrote:
| Definitely agree, not a fan of the permissions.
|
| The broad permissions were required from a usability
| standpoint. Granting permission on every site for this
| extension would just be a 1 to 1 replacement of clicking reject
| on the banner or pop up for every site.
|
| I would hope that before Chrome approves an extension to be
| added to the store that they are auditing the content of
| package.
| shadowgovt wrote:
| One of the reasons Manifest v3 was started is that is
| impossible for an extension that eval's arbitrary code from
| the web (or downloads, say, a dynamic list of data and acts
| on it).
|
| For something like this, it's tractable.
| dhc02 wrote:
| Personally, I would still love a site-by-site "reject non-
| essential cookies" prompt from an extension that's in the
| same place, with the same UI, on every site. Still a click,
| but lots better than having to figure out how to accomplish
| it on each and every site.
| p_ing wrote:
| Consent-O-Matic is an extension that works fairly well and is
| cross browser.
|
| https://github.com/cavi-au/Consent-O-Matic
| nashashmi wrote:
| What works on iOS mobile? That's the ultimate limitation on
| customization.
| tenthirtyam wrote:
| Have you seen consent-o-matic? https://github.com/cavi-
| au/Consent-O-Matic https://addons.mozilla.org/en-
| GB/firefox/addon/consent-o-mat...
| rendaw wrote:
| I tried consent-o-matic. Aside from the name making it sound
| like it says _ok_ to all forms of tracking, it broke a few
| websites for me and failed to get rid of the banners on many
| others, and I quickly had to turn it off. TBH I 'm not sure how
| it could be expected to work either, unless all websites use
| the same consent banner solution.
| jmholla wrote:
| It by default only accepts essential cookies. I too thought
| the same thing based on the name of the extension.
| jlpom wrote:
| Are you aware of
| https://addons.mozilla.org/fr/firefox/addon/consent-o-matic/?
| skeeter2020 wrote:
| Cookie banners are a bad/wrong solution to the underlying
| problem, but it's the dark patterns within that really piss me
| off. I shouldn't have to invest deep cognitive attention to "only
| accept mandatory" but if you're not careful many dialogs will
| trick you into clicking accept all after you go to the trouble to
| untoggle all the optional shit. The answer is to use isolation
| containers, aggressively reset them and not to worry about any of
| this.
| ta1243 wrote:
| The underlying problem that the cookie banner operators have is
| there are laws preventing them from abusing the data they
| collect.
|
| Annoying banners increase pressure on people to contact their
| representatives to overturn those laws, allowing the operators
| to abuse the data
| shadowgovt wrote:
| I just always click accept all.
|
| Less to think about, and it basically puts the web into the
| state it was in before we all got bent out of shape about
| tracking, which was fine.
|
| (Now that I type that... I should have made an extension ages a
| go that just does "identify cookie banner and click on the
| left-most button automatically").
| ryandrake wrote:
| I hate how web sites can weasel their way around consent by
| simply declaring their cookies as "necessary" or "mandatory."
| As the Dude would say: Yeah, well, that's just like, your
| opinion, man. How about we have an easy-to-use "Reject ALL
| cookies from this site (and deal with whatever breaks)" option?
| rapind wrote:
| You're assuming maliciousness. I run a site that uses cookies
| (encrypted session cookie) so they can add items to a cart,
| because not doing so would be a horrible UI. There's also a
| cookie created by the payment processor, but I only load
| their script on checkout. There's nothing else though. I
| don't even use tracking / analytics.
|
| There's zero weaseling going on. No dark patterns. I'm just
| too busy to build a no-cookie version that passes info in the
| URL or w/e (which also seems less than ideal). Your two
| options are to use the site or don't use the site. If there
| was enough pressure from real customers to provide another
| option then I probably would, but it wouldn't change
| anything. It's just busy work / checking boxes.
|
| IMO this needs to be built into the browsers rather than
| being yet another tax on builders due to spammers / scammers
| / advertisers. If we had meta referencing each cookie where
| you can disclaim exactly how it will be used and whether it's
| optional / required, then we would have a standard without
| dark patterns being possible.
| shwouchk wrote:
| I don't get it. All browsers have a "do not track" toggle
| implemented.
|
| And still, we get consent banners. Wasn't I clear when i said
| don't track?
| convolvatron wrote:
| when you say 'dont track', it seems like you could really mean
| 'dont not track', which would make more sense. since thats the
| safer option, maybe i should assume that. or maybe bring up a
| dialog that asks 'do you fail to consent to the lack of not
| tracking'
| shwouchk wrote:
| yes, that's what i thought. but then, what would be the point
| of rejecting anything, except to actively consent to
| something else?
| fshafique wrote:
| Wilfully ignored because i guess it's not mandated by law.
|
| You need someone powerful like Google to say they will lower
| Page Rank for sites that don't comply with the Do Not Track
| flag.
| darajava wrote:
| Brave does this by default and it works flawlessly apart from on
| fairly obscure websites (a lot of obscure websites don't have
| cookie notices anyway).
|
| I don't know why more people don't use Brave - you can turn all
| the annoying crypto/ad stuff off and it never bothers you about
| it again.
| queenkjuul wrote:
| I guess because Firefox doesn't make me turn off annoying
| crypto and ad stuff in the first place (plus I've been using it
| for like ten years now)
| johncoltrane wrote:
| I --still-- don't care about cookies so I use
| https://chromewebstore.google.com/detail/i-still-dont-care-a....
| exabrial wrote:
| The whole cookies law in EU is a prime example of government
| overreach and complete misunderstanding of how technology works.
|
| Imagine instead, if they legislated that a browser can merely be
| an html client, and not a spy tool for advertising companies.
| dsr_ wrote:
| Back in the Matt's Script Archive days I would automatically
| reject anything written in PHP from serious consideration.
| Whatever it was, would inevitably be full of bugs, security
| issues, and either unmaintained or poorly maintained.
|
| These days, I apply the same filter to anything written with
| "vibe coding". If the nominal author didn't bother to write the
| code, I'm certainly not going to bother running it.
|
| I encourage my rivals and enemies (if any exist) to screech about
| how I will surely fall behind the zeitgeist and immediately fire
| all their devs in favor of six MBAs and a team of coops to be
| exploited ruthlessly.
___________________________________________________________________
(page generated 2025-04-29 23:00 UTC)