> ”Cookie banners have taken the internet back 20 years.”
I agree. The EU cookie laws were well-meaning, but have had the unintended consequence of making the web more annoying, more difficult to use, and more fragmented.
The solution? Cookie consent should be a built-in feature of browsers and http, not something that is reimplemented in a slightly different way by every single website.
Your browser should pop up a standardised cookie consent request when you browse a new site, and enforce your selection as part of its security policy. If you choose to block all cookies (ie: private browsing mode) then the cookie consent request wouldn’t need to appear at all.
Yes, the browser is where cookie management should happen, we call the browser the user agent for many years, it is the piece of software which is meant to represent the user's best interests when surfing the web.
Unfortunately these days the browser would be better referred to as the advertiser's agent," or perhaps just Google's agent.* Owing to Google's control over both web standards and the advertising market, cookie management features have received little attention.
Google's monopoly power has prevented a competitive market of privacy-focused, user-first browsers from flourishing.
It's also probably unlawful, the irony is that not too many years ago we punished Microsoft for unlawfully leveraging its monopoly to control the browser, and when we stopped them we paved the way for Google to do the same thing!
Now I'm wondering why you were running this in 2019. I watch a lot of nostalgia game reviews on Youtube and get the serious urge to build a '90s era computer from time to time.
Same here. Running some ancient OS/software in a VM can be pretty satisfying though, especially since I don't have a whole lot of space for physical hardware.
Many games wouldn't work well in a VM, of course, there's no getting around that.
Browsers never displayed such a pop-up for cookies by default. You had to tweak settings, just as you do today (in today’s world it might require a browser extension, I don’t know).
I don’t think this is true. I recall this being taken on the default settings for that web browser. Web browsers like IE in that era showed scary pop-ups for all sorts of things - like there would be a pop-up for when you connected to a site over https!
> I agree. The EU cookie laws were well-meaning, but have had the unintended consequence of making the web more annoying, more difficult to use, and more fragmented.
Only if you ignore the giant market of adtech tracking bullshit that that has been ruining the web since about 2000.
Every website that shows you a "cookie" banner (aka we-track-the-fuck-out-of-you banner), is part of this problem. The law is just bringing it to light. Don't be annoyed by the law, be annoyed by the websites, they are choosing to be annoying.
Look at those websites, they are the problem, not the law telling them they can't do it secretly behind your back any more.
The biggest problem was that this law didn't tell them to be fucking honest in the banners. "This website needs cookies to function" (when it's only about their mishandling of data to 3rd parties) is a straight up lie by omission. If they had to honestly tell in the banners what they were up to "we track your every breath on this site and then sell it to third parties, who sell it to other parties, and god knows what", people would be looking at these sites differently.
"We're forced by law to inform you that we crap on your privacy and are actively ruining the web by delivering the fundamental data that runs the adtech industry"
At the risk of being hyperbolic, isn't this a similar argument as saying that we shouldn't make burglary illegal and should instead build better doors?
> I agree. The EU cookie laws were well-meaning, but have had the unintended consequence of making the web more annoying, more difficult to use, and more fragmented.
TBH, I wouldn't blame GDPR for this. Here's a good analogy of what's tracking companies are doing:
- Companies dump used batteries into the sea.
- Dumping batteries into the sea is banned.
- Companies start dumping batteries into lakes.
This basically shit on the law, and just though of another way to keep disrespecting consumer's privacy.
If only the regulators had been happy with (or even aware of?) the existing capabilities of browsers to manage cookie consent, like "Block 3rd party cookies" and "block all cookies" that have been around since the late 90's, we wouldn't even have needed to add anything new to websites or browsers!
The legislators haven't legislated for a particular mechanism, they've just said that any tracking has to be opt in, as opposed to opt out. Do Not Track was a technical solution for this, but when IE made do not track the default, and tracking something you had to opt in to, they panicked and stopped supporting the headers and instead preferring the cookie walls, rather than trusting the browser settings. If websites respected UA settings, and the UA implemented DNT in a way that's compatible with the law (so, DNT: 0 only when you opt in), then we wouldn't be here
EU legislators avoid legislating particular technical solutions, since those tend to not age well (see the uproar on HN when it was reported that the EU legislated to mandate USB-C, when they didn't actually do that, they just mandated that the industry agree on a standard)
Czech Republic (EU member) data protection regulator is aware and ruled that if user has cookies enabled in his browser, that's enough and user gave cookie consent. If user doesn't want to have cookies stored, he can block them in the browser.
A simple off/on switch does not provide a sufficient level of control over cookie policy. It's reasonable to want to allow first-party cookies on certain sites, especially where they're needed for site functionality. But block third-party tracking cookies, or even block all cookies on others.
Cookie control/policy in browsers needs to become more sophisticated than what we have today.
I agree. The EU cookie laws were well-meaning, but have had the unintended consequence of making the web more annoying, more difficult to use, and more fragmented.
The solution? Cookie consent should be a built-in feature of browsers and http, not something that is reimplemented in a slightly different way by every single website.
Your browser should pop up a standardised cookie consent request when you browse a new site, and enforce your selection as part of its security policy. If you choose to block all cookies (ie: private browsing mode) then the cookie consent request wouldn’t need to appear at all.