Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

At some point I just stopped reading sites that make it too hard to opt out. Though I would really like to have a browser that automatically opens links to such sites in incognito mode, accepts the popup for me, and makes sure everything is thoroughly deleted afterward.



I would like an extension that replaces the page with "It's not worth it" so I know not to even try to opt out and just leave.


If you block the domain in umatrix it basically does that. For instance techcrunch redirects me to some "guce.advertising.com" url and umatrix blocks it https://imgur.com/bxGAbiH


I'll look into doing that with uBlock/Privacy Badger, thanks!


Oh, that's too much work. I've been using Cookie AutoDelete for Firefox and I've set it to clear all non-whitelisted cookies a couple of hours after last visit. This way I have to click once if I visit a couple of times a day.


I use Vanilla Cookie for Chrome (it deletes all non-whitelisted cookies after some time or after closing the browser), and have been thinking about making a browser extension that just hides all fixed elements and transparent full size elements. The reason for me thinking this, is that nowadays I just accept almost everything, and trust the Valinna cookie to clean up afterwards. What do you think about this?


The first bookmark on my bookmark bar is "Kill floater", and it removes most floating elements on the page. It even works on many sites that hide the page behind a popup. Use it on my iPad all the time.

The bookmarklet:

  javascript:(function()%7B(function%20()%20%7Bvar%20i%2C%20elements%20%3D%20document.querySelectorAll('body%20*')%3Bfor%20(i%20%3D%200%3B%20i%20%3C%20elements.length%3B%20i%2B%2B)%20%7Bif%20(getComputedStyle(elements%5Bi%5D).position%20%3D%3D%3D%20'fixed')%20%7Belements%5Bi%5D.parentNode.removeChild(elements%5Bi%5D)%3B%7D%7D%7D)()%7D)()


I cleaned up and improved this a little. Now it hides the fixed elements, unless their computed top is at 0px. Also makes the body to scroll automatically, as many sites set their body to fixed before the fixed popup is gone:

``` javascript:(function () { var i, elements = document.querySelectorAll('body *'); var style;

    document.body.style.overflow-y = 'auto'
    for (i = 0; i < elements.length; i++) {
        style = getComputedStyle(elements[i]);
        if (style.position === 'fixed' && style.top !== "0px") {
            elements[i].style.display = 'none';
        }
    }
})() ```


This is great, thank you! More precise and thorough then what I had. I'll minify it and start using it on my iPad.


HN breaks the formatting, and does not seem to support Markdown.


Thanks! This will save me a lot of time.


Do you mind prepending the bookmarklet code with two spaces as described here: https://news.ycombinator.com/formatdoc

It's breaking the layout of this entire comment thread for me so I have to scroll horizontally to read all of the comments. Thanks!


I've added two spaces there.


The chrome and firefox extension I made: https://baitblock.app has a feature called tracking resistance. It deletes cookies on websites that you are not logged into automatically


As a Firefox user (on Windows) this is not a particularly encouraging prompt x

https://imgz.org/iqHHPwcE-1280.png


Pardon me, but what do you think is wrong with the prompt?


It looks terrible? The Firefox prompt is broken.

It doesn't realise I'm on firefox, so doesn't preferentially serve me a primary focus?


Reddit's even worse, if you visit the site from iOS it asks if you want to open the app 'or continue with Safari', whatever browser app you use.


Similar thing on Android. Doesn't matter what browser you use, it asks you to "continue with Chrome".


Really? I was specific about it because I had an Android phone until a few weeks ago, and didn't experience this.


With Firefox for Android it shows me continue with Firefox.


i get chrome on firefox/android


That sounds perfect. Login is the only legitimate use case for persistent cookies that I can think of.


Logins are a common enough use case that browsers should simply support it directly, and drop support for cookies entirely.

There's no reason we can't have sites set an auth token, and send that in under the Authorization header. And then when you want to sign out of a website, you can have a button for that in the browser. The tooling already exists in the HTTP standard, it's just that it's only widely used for server-server communication.


Wouldn't advertisers just use the auth token as a cookie then?


Bingo. "Auth Token" simply becomes "Session ID", and the backend then tracks anything it wants as part of the session.

I don't see much of a solution other than making it a matter of policy, eg. Microsoft's "P3P" header. Otherwise authentication credentials need to be supplied with every request. Not a session id or token as a cookie, but the actual username and password being supplied with every request. Basically the old http basic auth, but with a more modern system to replace it.

I understand the core idea behind the EU's desire, but the fact is that cookies are absolutely required for login sessions, and it's impossible to allow users to opt out. The EU doesn't understand the tech behind the laws they are trying to enforce, and this is where it leads to. Absurdity.


Yes. However, there are some upsides: having an auth token which from the perspective of the browser is limited to auth, makes it more explicit when the browser is passing an auth token to the site: if the browser shows a "Log out" button, then you're providing that auth token--if you didn't log in to a website and suddenly you have the option to log out, that's very obviously weird. Of the perhaps 10 sites I visit on a regular basis, I only even have logins for 3 (email, Reddit, HN) so other sites would be slightly hampered in tracking me.


Only if you're logged in and only to the first party server, though.


That requires separate opt-in consent according to GDPR.

GDPR is absolutely not about cookies, it's not about having private information but about uses of it. You may have a legitimate need to collect some data - that auth token for login purposes, the customer's address for delivery, etc. That's fine, it allows you to collect and use that data for that purpose. But it does not mean that you're automatically allowed to use that login token or delivery address you have on your servers for other purposes such as selling or giving it to third party advertisers.


I can think of several other reasons:

- A/B testing.

- Limiting the number of articles a non-paying user can read per month.

- Persisting form data and shopping cart info. (Not all sites require an account to order stuff from them.)

- Improving recommendations based on what someone has liked or viewed on the site.


Firefox containers can be used that way. There’s a plug-in (on phone and I forget the name) which opens each new tab as a new container. It’s bliss.


https://addons.mozilla.org/en-US/firefox/addon/temporary-con...

Though you'll need an additional extension to auto-accept.


That’s the one. Thank you


Personally I just use a Private Browsing window.

Plant all the cookies you like, they'll last about 3 minutes.


firefox focus does ... some of this?




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: