A cookie notice that seeks permission to share your details with “848 of our partners” and “actively scan device details for identification”.

    • macniel@feddit.org
      link
      fedilink
      arrow-up
      145
      arrow-down
      1
      ·
      4 months ago

      In the EU and UK this is also forbidden as rejecting should be as simple as accepting cookies.

    • ssm@lemmy.sdf.org
      link
      fedilink
      arrow-up
      39
      arrow-down
      1
      ·
      edit-2
      4 months ago

      The most effective solution is just to wipe all cookies every time you close your browser, or creating strict cookie whitelists. Actually managing cookies on webpages is for normies.

        • ngwoo@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          4 months ago

          The only way for the site to know to not show the pop-up again is ironically by saving that information in a cookie

          • Angry_Autist (he/him)@lemmy.world
            link
            fedilink
            arrow-up
            4
            arrow-down
            1
            ·
            4 months ago

            Or you could block all cookies from all associated domains and use uBlock Origin element picker to hide the popup.

            I’m tired of expecting service and site owners to be human beings, and have learned the tools needed to curate my own experience. Hell I used to browse with javascript off for years until every shitbag UI graduate decided to cram it into every single site regardless of applicability.

        • Buddahriffic@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          4 months ago

          I like grid for that because it’s by default per-site permissions and also by default allows the sites own cookies while blocking any cookies for other domains.

          It can involve some trial and error to get things working if the site uses a CDN or third party services for functionality, but I’ve found that it hasn’t yet been necessary to enable any 3rd party cookies to get any functionality working (at least none that I wanted to get working, maybe other sites that use Google or fb accounts would automatically log me in if I had those ones enabled, but those are things I specifically want to block).

          Usually I’ll just need to enable some scripts and media from CDNs.

          • Angry_Autist (he/him)@lemmy.world
            link
            fedilink
            arrow-up
            2
            ·
            4 months ago

            I hate nearly everything about web 2.0, if I could thanos snap away Javascript and CSS I would it with zero remorse or regret. Humanity was happier before CDNs.

      • tetris11@lemmy.ml
        link
        fedilink
        arrow-up
        9
        ·
        4 months ago

        and then every time you visit that one good news site, you have to go through their cookie banner each time. That or install a cookie-denying addon and hope that they don’t sellout or sell your data.

        • davidagain@lemmy.world
          link
          fedilink
          arrow-up
          5
          ·
          edit-2
          4 months ago

          You have a total of four choices:

          1a. Wipe all their cookies every time, reject them every time they ask.
          1b. Wipe all their cookies every time, accept them every time they ask. 2a. Don’t wipe cookies, keep the “essential” ones. 2b. Don’t wipe cookies, accept all our most of them.

          2b is the only scenario where you might not get asked again. 1b is the easiest no thanks.

          I use the duck duck go browser because it makes that the default and offers to whitelist sites for cookies if you log into them (but you can turn that off in settings). It also autorejects a lot of cookies that use common popups.

          • tetris11@lemmy.ml
            link
            fedilink
            arrow-up
            5
            ·
            4 months ago

            2a seems the most rational, no?

            Also maybe switch to mullvad-browser instead of DDG browser, since DDG has some controversies (search: “Zach Edwards” on the wiki) on what data it saves.

            • davidagain@lemmy.world
              link
              fedilink
              arrow-up
              2
              ·
              edit-2
              4 months ago

              Thank you. Where can I find the wiki?

              Edit: Wired says

              DuckDuckGo Created a Privacy Exception for Microsoft Cybersecurity and privacy researcher Zach Edwards discovered a glaring hole in the privacy protections of DuckDuckGo’s purportedly privacy-focused browser: By examining the browser’s data flows on Facebook-owned website Workplace.com, Edwards found that the site’s Microsoft-placed tracking scripts continued to communicate back to Microsoft-owned domains like Bing and LinkedIn. DuckDuckGo CEO Gabriel Weinberg responded to Edwards on Twitter, admitting that “our search syndication agreement prevents us from stopping Microsoft-owned scripts from loading”—essentially admitting that a partnership deal DuckDuckGo struck with Microsoft includes creating a carveout that lets Microsoft track users of its browsers. Weinberg added that DuckDuckGo is “working to change that.” (A company spokesperson reiterated in an email to WIRED Weinberg’s assertion that none of this applies to DuckDuckGo search, adding that both its search and its browser offer more privacy protections than the competition.) In the meantime, the revelation blew a glaring hole of its own in the company’s reputation as a rare privacy-preserving tech firm. Turns out this surveillance capitalism thing is pretty hard to escape.

      • bloubz@lemmygrad.ml
        link
        fedilink
        arrow-up
        4
        ·
        4 months ago

        No? If you accept tracking while on the page, this has consequences on your current session

      • Nobilmantis@feddit.it
        link
        fedilink
        arrow-up
        3
        ·
        4 months ago

        Sadly that is not an option for firefox on android yet (while it is on desktop), the only choises you are left with are:

        • Use ff focus that completely resets the browser deleting every cookie in the process
        • Use normal ff and:
        1. Just accept that you have to deal with cookies and care to carefully select Reject on every banner
        2. Turn on delete data on “exit button press” (which sadly deletes everything again, with no possibility to whitelist some websites).

        That said, i believe Firefox should have (even on android) their “total cookie protection” thing which puts them in separate containers for each domain, so you are somewhat protected by cookie cross-tracking, but i would still prefer to delete most of them at close.

    • Petter1@lemm.ee
      link
      fedilink
      arrow-up
      19
      ·
      edit-2
      4 months ago

      Consent-o-matic browser extension can handle a lot of cookie banners and automatically rejects all possible cookies.

      • filister@lemmy.world
        link
        fedilink
        arrow-up
        10
        ·
        4 months ago

        Reject all is actually you agreeing on the legitimate interests loophole so this is also problematic.

      • Void Vortex@lemmy.ml
        link
        fedilink
        arrow-up
        5
        ·
        4 months ago

        I used to rely on Consent-O-Matic a lot, but I’m somewhat uncomfortable by the fact that the extension has full access to all web page content. I mean I understand why, but I’m still uncomfortable with it. In the end I ended up uninstalling it because it broke some sites so that they wouldn’t load at all, or got stuck into an infinite reload loop. On majority of cases it works alright though.

        • Petter1@lemm.ee
          link
          fedilink
          arrow-up
          3
          ·
          4 months ago

          Yea, every extension has full access to any website, if you not make use of a whitelist/blacklist.

          • Void Vortex@lemmy.ml
            link
            fedilink
            arrow-up
            2
            arrow-down
            1
            ·
            4 months ago

            Some extensions, such as SponsorBlock for YouTube actually limit themselves so they can only operate when the browser is on youtube.com. This can be declared in the extension manifest. It’s a separate permission to access data on all web sites vs. access data on a specific website.

            • xthexder@l.sw0.com
              link
              fedilink
              arrow-up
              2
              ·
              4 months ago

              Not helpful when something like Consent-o-matic needs to operate on every possible website with a cookie banner.

              I have had the same concerns, since watching it click through things faster than I can see is scary. Maybe some day someone sneaks in a cookie banner detector that activates on banking pages to steal your money? uBlock Origin has similar risks, but at least it’s not actively controlling browser inputs.

    • Fluba@lemdro.id
      link
      fedilink
      English
      arrow-up
      5
      ·
      4 months ago

      I just implemented a cookie consent bar on my company’s website and the agencies/vendors who advertise for us were giving me so much shit for having reject available right away. But thankfully our Legal department said keep it there… Or else. “Hands tied… Soooooorry!”

        • davidagain@lemmy.world
          link
          fedilink
          arrow-up
          5
          ·
          edit-2
          4 months ago

          If you’re looking for a never true anticedent reason that “some content and ads you see may not be as relevant to you” is vacuous, that would work if they had an ad browser that was 100% effective on the site in question.

          If you’re looking for a never true anticedent for “If trackers are disabled, some content and ads you see may not be as relevant to you.”, it’s that you can’t disable all trackers with a cookie dialog because of the “necessary cookies” blanket exemption, the too many tick boxes to use “legitimate interest” loophole, and that most websites use “fingerprinting”, meaning they reference you not by your cookies but by the worryingly extensive information they get automatically about your browser’s version, settings, capabilities and features, and of course IP address. So it’s never true that trackers are never disabled.

          What the Wikipedia article doesn’t explain well in my view, is that logically, “if A then B” means “B or not A” for short, or more explicitly, “in all circumstances, at least one of B, or (not A) , is true”. This is vacuously (emptily) true if B is always true or A is always false, because it’s not genuinely conditional at all.

          So I suspect that they meant it was vacuous, not on the grounds that the anticedent could never be true, but that the consequent could never be false. Like “If you give me $10, the sun will rise tomorrow”. In this case, all they need to assert is that “some content and ads you see may not be as relevant to you” is true irrespective of whether trackers are disabled, which is almost certainly what they meant.

          I’m curious that the Wikipedia article says the base case in an induction is often vacuously true, but I think they mean trivially true, like cos(1x) + sin(1x) = (cos x + sin x)^1, not vacuously true. I couldn’t think of any induction proofs where the base case was literally vacuous except false ones used for teaching purposes, probably because I could only think of induction proofs of absolute rather than conditional ones. Probably there are mathematical fields where induction is used for conditional statements a lot that I’m forgetting.

          • tetris11@lemmy.ml
            link
            fedilink
            arrow-up
            4
            ·
            4 months ago

            In this case, all they need to assert is that “some content and ads you see may not be as relevant to you” is true irrespective of whether trackers are disabled, which is almost certainly what they meant.

            Ah I see. Thanks for the detailed writeup

    • paraphrand@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      ·
      4 months ago

      Back in the early 2000s, we were promised that the magic of ads online would be that they are always relevant and not terrible anymore. This is why the targeting and tracking was valid to do.

      It never happened. Not for a moment.

  • stiephelando@discuss.tchncs.de
    link
    fedilink
    arrow-up
    51
    ·
    4 months ago

    This is for legal reasons mostly. They don’t think anyone reads this so they went for the most blunt and transparent language, which also gives them the most legal certainty. The banner is missing the reject all button though, which in Europe is seen as required by many of the privacy regulators.

      • Sleepkever@lemm.ee
        link
        fedilink
        arrow-up
        22
        ·
        4 months ago

        How is it nonsense?

        The EU law is that the reject all should be exactly as easy as the accept all button. 1 extra click, however minor of an inconvenience it is, is extra effort. And therefore strictly speaking in violation of the law.

        Nothing will ever happen but it’s valid criticism.

      • lenz@lemmy.ml
        link
        fedilink
        arrow-up
        5
        ·
        4 months ago

        You underestimate people’s laziness and their burn out. An extra click to reject all is an extra click people won’t bother with. I literally used to go all the extra steps to reject these things, even when a reject all button was not provided. Plus I’ve found that sometimes the reject all button doesn’t actually reject all, and there are a few hidden settings still left to uncheck. It’s ridiculous. It should be 1 click, just like hitting accept is 1 click. The ease of use should be 1:1. I was getting burned out by those extra clicks and all that manual checking that took like 20s-2mins of my time. That adds up. All to read a single paragraph on some website? Bruh. Used to do this until I discovered ublock origin has settings that can be used to block cookie consent forms.

        To you, one extra click is no big deal, like a paper cut of inconvenience. To me, it’s the thousandth papercut I’ve received. I am tired of it.

    • Jimmycrackcrack@lemmy.ml
      link
      fedilink
      arrow-up
      6
      ·
      4 months ago

      I think you actually usually can get them to list them all, never much interested, they’re all going to be completely random names you never heard of, just so long as I can reject them all, that’s all I care about, otherwise I have to browse a different website on principle.

  • prof_wafflez@lemmy.world
    link
    fedilink
    arrow-up
    32
    ·
    edit-2
    4 months ago

    As someone who works in tech, I can confidently say that many people plainly do not understand what cookies do and why they exist. There are plenty of cookies that are good and useful, but third party advertising tracking cookies are the devil folks don’t like. Necessary, performance and functional cookies are all chill.

    • unwarlikeExtortion@lemmy.ml
      link
      fedilink
      arrow-up
      10
      ·
      4 months ago

      A question: What is preventing the site using one huge cookie for all purposes, thus preventing fully functional use of the site without also enabling all other forms of tracking?

      • prof_wafflez@lemmy.world
        link
        fedilink
        arrow-up
        7
        ·
        edit-2
        4 months ago

        Cookies are very small snippets of code that have a specific purpose. Making a one-size-fits-all cookie would make them complicated and much harder to track - which goes against the point of a cookie. Also, cookies are often independent of each other because they are from different providers/different tools. Having a one-size-fits-all cookie would also present a security hazard and make laws similar to GDPR about cookie tracking difficult to implement. An example of a tool that actually does use one cookie is Adobe’s Marketo. You can read some more about them here. https://termly.io/resources/articles/types-of-internet-cookies/

      • Buddahriffic@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        4 months ago

        Same thing that’s preventing them from ignoring your choices or not offering them in the first place: nothing technical; it’s all up to the legal system.

        I’m not sure how sites generally do it, but from my web dev experience in the past, I wouldn’t be surprised if it is actually implemented as one giant cookie. Iirc cookies are attached to domains and one domain can’t access another’s cookies. So if they are sharing the data on their end, I’d guess it is one big cookie. If they have their site set up to make the clients share the data themselves, I’d guess there’s a cookie for each partner’s domain.

        It’s even possible that the information is shared without using actual cookies at all, since data can be sent to servers using the http get request. If you see ? in the url, everything after that is a list of arguments and values… Though the entire URL (after the domain, which maps it to that server) is data and doesn’t have to map to a directory structure and file on a server. Maybe this falls under the umbrella of “cookie” despite technically not being a cookie.

        Or maybe it’s a loophole where the legislation focused on just cookies and falls back to these methods. Probably not, because if it’s done on the client side, it would be easy to detect by anyone who knows how to look. But who knows what’s going on on the server side of things?

        Edit: my knowledge here is dated and outside of my specializations, so consider this more technically informed speculation than necessarily applicable to how things generally work. I say this because I see another comment came in while I was writing this that contradicts mine about a giant cookie being technically possible. My own use of cookies was to store a session id so that php could find the data that was being stored server side that was necessary for site functionality (like storing logged in state, user id, and other internal stuff we don’t want users being able to change by editing a cookie). They worked like maps iirc where you just give them key:value pairs, thus could store an arbitrary amount of data.

  • The Quuuuuill@slrpnk.net
    link
    fedilink
    English
    arrow-up
    30
    ·
    4 months ago

    If the partner count is larger than the number of bananas I can imagine being in a bunch I decline cookies. If I can’t disable performance or targeting cookies I decline cookies. These are my rules

    • Max-P@lemmy.max-p.me
      link
      fedilink
      arrow-up
      12
      ·
      4 months ago

      I switched to cookie allowlist, and manually add the sites I want to remember me. I don’t want to play the cookie game anymore, period. The only reason they ask is because legally they have to, and even then they do the bare minimum and use dark patterns to make it as hard as possible to decline cookies.

      No more cookies for anyone, should have used them responsibly in the first place.

  • Dark Arc@social.packetloss.gg
    link
    fedilink
    English
    arrow-up
    10
    arrow-down
    1
    ·
    edit-2
    4 months ago

    It’s truly crazy how much our information gets shared these days and how long it lingers.

    My house spent a few years as a rental. I still get mail from people who haven’t lived here in over a decade (despite deliberate efforts to stop it).

    My grandpa signed up for ever “store card” you can imagine to get all the deals and rewards programs. His landline virtually never stops ringing… On August 5th alone he got, no joke, 43 spam calls (I have his landline hooked up to Jolly Roger Telephone to try and filter some of this out and help him out, so I’m forming that statistic off of the emails from them).

    It’s completely ridiculous and all of it needs to stop.

  • Nyanix@lemmy.ca
    link
    fedilink
    arrow-up
    7
    ·
    4 months ago

    2 days and this post has fewer likes than number of companies that get your data for visiting the Verge. Holy crap, that’s terrifying