> it is indeed very complex to enact at scale, especially with large systems that were designed under different constraints
The only different "constraints" relevant here would be "we get to play fast and loose with the data we collect or allow to be collected about users, without repercussions".
If that wasn't the "constraints" they were operating under, they have no problem now either.
> Calling it handwringing is hand-wavey and dismissive -- this stuff isn't easy to get right, and it's arguably a large cost for the wrong solution. Cookies come in HTTP response headers. Don't want the cookie to do anything? Don't read it! Tell your browser to ignore it. Don't like the JS that's being run? Disable JS.
> Waging a war against cookies is just a cop-out for fighting the actual problem. What's next? Opt-in banners for JS in webpages? For using HTTP? TCP?
This is indeed where we disagree, except the law also disagrees with you:
It's. Not. About. Cookies.
It's simply about collecting and storing more data on your users than you strictly need to run your business.
There's really nothing technological about it, if you did it with pen and paper, you'd be subject to the same GDPR. Talking about HTTP response headers or "waging a war against cookies" is just misleading.
The only different "constraints" relevant here would be "we get to play fast and loose with the data we collect or allow to be collected about users, without repercussions".
If that wasn't the "constraints" they were operating under, they have no problem now either.
> Calling it handwringing is hand-wavey and dismissive -- this stuff isn't easy to get right, and it's arguably a large cost for the wrong solution. Cookies come in HTTP response headers. Don't want the cookie to do anything? Don't read it! Tell your browser to ignore it. Don't like the JS that's being run? Disable JS.
> Waging a war against cookies is just a cop-out for fighting the actual problem. What's next? Opt-in banners for JS in webpages? For using HTTP? TCP?
This is indeed where we disagree, except the law also disagrees with you:
It's. Not. About. Cookies.
It's simply about collecting and storing more data on your users than you strictly need to run your business.
There's really nothing technological about it, if you did it with pen and paper, you'd be subject to the same GDPR. Talking about HTTP response headers or "waging a war against cookies" is just misleading.