Conversation

Notices

1. Embed this notice
   Jeff Atwood (codinghorror@infosec.exchange)'s status on Sunday, 31-Aug-2025 08:15:39 JST Jeff Atwood

   Look, EU, it is difficult to take you seriously when you forced all this cookie notification bullshit on us. That feature a) should not exist and b) if it did, should be a BROWSER feature not "every website in the entire world now has to bother everyone forever about this stupid thing" https://blog.codinghorror.com/breaking-the-webs-cookie-jar/

   • Capitã Obvio, Aral Balkan, GreenSkyOverMe (Monika) and Jesse 🇫🇷 repeated this.
   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Sunday, 31-Aug-2025 08:15:39 JST Rich Felker

     in reply to

     @codinghorror That's a myth perpetrated by adtech industry. There is no EU obligation to spam cookie notices. There's an obligation not to track without explicit consent, and everyone illegally uses the cookie nag popups as a basis for claiming consent (which it's not). A legitimate, non malicious site has no need for cookie nags. Ever.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Sunday, 31-Aug-2025 08:18:16 JST Rich Felker

     in reply to

     @codinghorror No, if you are not tracking you have not broken any law and you will not be sued.

   • Embed this notice
     Jeff Atwood (codinghorror@infosec.exchange)'s status on Sunday, 31-Aug-2025 08:18:17 JST Jeff Atwood

     in reply to

     • Rich Felker

     @dalias not true. It is a LEGAL REQUIREMENT. Or you will be sued. By lawyers. And money.

     Rich Felker and Aral Balkan repeated this.
   • Embed this notice
     Ashley Rolfmore (leymoo) (leymoo@hachyderm.io)'s status on Sunday, 31-Aug-2025 08:30:46 JST Ashley Rolfmore (leymoo)

     in reply to

     • Rich Felker

     @dalias @codinghorror in analogy:
     EU made it illegal to “sucker punch people” ie collect personal data without consent. That’s not the same as legit personal data collection eg an online shop needs your delivery address to mail your order you just made to you.

     Cookie banners are basically giving someone a quick “sorry” after punching them - it’s a loophole that shouldn’t exist. No sorry needed if you don’t punch anyone.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Sunday, 31-Aug-2025 08:43:36 JST Rich Felker

     in reply to

     • Ashley Rolfmore (leymoo)

     @leymoo @codinghorror They're not even a loophole. It's been ruled that they don't meet the GDPR requirements. But enforcement is lax. Really every site with cookie banners instead of genuine opt-in should be facing tens or hundreds of millions of euros in fines.

   • Embed this notice
     Ashley Rolfmore (leymoo) (leymoo@hachyderm.io)'s status on Sunday, 31-Aug-2025 08:47:41 JST Ashley Rolfmore (leymoo)

     in reply to

     • Rich Felker

     @dalias @codinghorror yeah fair. I see some progress has been made on allowing ad free meta product usage (with payment).

     But the banners I think are harder to enforce because it’s just so many companies, large and small.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Sunday, 31-Aug-2025 08:49:52 JST Rich Felker

     in reply to

     • Ashley Rolfmore (leymoo)

     @leymoo @codinghorror It's also that the garbage web frameworks make it basically impossible to comply. EVERY SINGLE ONE automatically generates a session cookie for you on first access, despite having no legitimate reason to track a session for you. Instead this should happen only when you opt to log in, or add something to your cart or whatever (at which point you should *then* get the prompt for consent to store that data, and an option to store cart contents locally instead of server-side).

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Ashley Rolfmore (leymoo) (leymoo@hachyderm.io)'s status on Sunday, 31-Aug-2025 08:57:16 JST Ashley Rolfmore (leymoo)

     in reply to

     • Rich Felker

     @dalias @codinghorror We got decent progress on encouraging https by mainstream browsers soft blocking http.

     I can see a route where:
     - html (new version) has some sort of header “data collected” statement with categories
     - browsers can flag or not depending on personal settings
     - browser defaults encourage broadly decent behaviour from companies or risk getting soft blocked for the general population.

   • Embed this notice
     Ashley Rolfmore (leymoo) (leymoo@hachyderm.io)'s status on Sunday, 31-Aug-2025 09:01:39 JST Ashley Rolfmore (leymoo)

     in reply to

     • Rich Felker

     @dalias @codinghorror yep because they’re coming from a “it’s not a big deal to perform mass surveillance without consent” point of view. Most of them are an inaccessible mess without a lot of extra work too, sadly.

   • Embed this notice
     Enno T. Boland (gottox@chaos.social)'s status on Sunday, 31-Aug-2025 09:28:07 JST Enno T. Boland

     in reply to

     • Rich Felker

     @codinghorror @dalias German here: the gist of GDPR is: people must know when someone connects personal data.

     You can perfectly life without a cookie banner if you don't set one for arbitrary visitors. That was the intended result. But reality instead invented this UX nightmare, because we can't have nice things.

     For me it just shows how fucked up today's web actually is.

   • Embed this notice
     Jeff Atwood (codinghorror@infosec.exchange)'s status on Sunday, 31-Aug-2025 09:48:10 JST Jeff Atwood

     in reply to

     I'm in this picture and I don't like it.

     Haelwenn /элвэн/ :triskell: likes this.
     Aral Balkan repeated this.
   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Sunday, 31-Aug-2025 10:56:36 JST Rich Felker

     in reply to

     • LisPi
     • Ashley Rolfmore (leymoo)

     @lispi314 @leymoo @codinghorror Likely there's pressure on the enforcement bodies not to enforce.

   • Embed this notice
     LisPi (lispi314@udongein.xyz)'s status on Sunday, 31-Aug-2025 10:56:38 JST LisPi

     in reply to

     • Rich Felker
     • Ashley Rolfmore (leymoo)
     @leymoo @dalias @codinghorror > But the banners I think are harder to enforce because it’s just so many companies, large and small.
     
     Why not use the fines to fund more enforcement?
   • Embed this notice
     Jeff Atwood (codinghorror@infosec.exchange)'s status on Sunday, 31-Aug-2025 10:57:20 JST Jeff Atwood

     in reply to

     • Rich Felker
     • LisPi
     • Ashley Rolfmore (leymoo)

     @lispi314 @dalias @leymoo I think the most important thing of all is to make all of the users suffer as much as possible in this process

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Sunday, 31-Aug-2025 10:57:20 JST Rich Felker

     in reply to

     • LisPi
     • Ashley Rolfmore (leymoo)

     @codinghorror @lispi314 @leymoo Literally the only people doing that are the ones who are trying to use user suffering (via malicious compliance) as leverage to get what they want - rollback of regulation.

   • Embed this notice
     Jeff Atwood (codinghorror@infosec.exchange)'s status on Sunday, 31-Aug-2025 11:37:40 JST Jeff Atwood

     in reply to

     • Rich Felker
     • LisPi
     • Ashley Rolfmore (leymoo)

     @dalias @lispi314 @leymoo beside the point; I visit 100 well-intentioned, well-designed websites doing everything exactly right, and it's scutwork over and over and over and over

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Sunday, 31-Aug-2025 11:37:40 JST Rich Felker

     in reply to

     • LisPi
     • Ashley Rolfmore (leymoo)

     @codinghorror @lispi314 @leymoo They may be well-intentioned* but they're not well-designed or doing everything right. They're tracking visitors without their consent.

     * Normally I would not even call this well-intentioned, but as I said upthread, the fact that every web framework *automatically sets session cookies assuming you want to break the law and track users* even when the user has not indicated that they want to do something like log in or store a shopping cart, means a lot of people *don't even know they're doing it*. But this doesn't excuse it; it just makes them "well-intentioned".

   • Embed this notice
     Jeff Atwood (codinghorror@infosec.exchange)'s status on Sunday, 31-Aug-2025 17:54:39 JST Jeff Atwood

     in reply to

     a neverending delight

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Sunday, 31-Aug-2025 20:45:50 JST Rich Felker

     in reply to

     • LisPi
     • Ashley Rolfmore (leymoo)

     @codinghorror @lispi314 @leymoo We only have to constantly think about it because site owners are constantly assaulting us. What "sane, safe defaults" would you propose? That we just go back to "they're allowed to do this because it's too annoying when they whine to us that they're not"?

     Nothing nuanced about this unless you're on their side.

   • Embed this notice
     Jeff Atwood (codinghorror@infosec.exchange)'s status on Sunday, 31-Aug-2025 20:45:51 JST Jeff Atwood

     in reply to

     • Rich Felker
     • LisPi
     • Ashley Rolfmore (leymoo)

     @dalias @lispi314 @leymoo the issue is far too nuanced to cover to cover in this limited medium. The short version is, users should have sane, safe defaults they don't have to think about for 90% of their activity. For critical web sites, perhaps. Forcing everyone to constantly think about minutiae is an overwhelmingly bad strategy.

     Rich Felker repeated this.
   • Embed this notice
     pgcd (pgcd@mastodon.online)'s status on Sunday, 31-Aug-2025 20:52:07 JST pgcd

     in reply to

     • Rich Felker
     • Ashley Rolfmore (leymoo)

     @dalias

     Session cookies in themselves are fine - no PII involved and no third party tracking. If you only set one of those you don't need consent, the same way you don't need to consent to set a "no cookies consent" cookie

     @leymoo @codinghorror

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Sunday, 31-Aug-2025 20:52:07 JST Rich Felker

     in reply to

     • pgcd
     • Ashley Rolfmore (leymoo)

     @pgcd @leymoo @codinghorror Nope, a session cookie is tracking. It enables processing data on you like "the same person who looked at products A, B, and C yesterday bought products C and D today". Likewise choosing what to show you based on that profiling. It might also reveal things about you to other ppl you share a computer with like "somebody using this computer was looking for information on contraceptives or HRT" etc.

     Session cookies are unlawful tracking unless you consented to it by logging in to the site with the understanding and intent that you have a persistent profile and what that profile will be used for was made clear.

   • Embed this notice
     Ashley Rolfmore (leymoo) (leymoo@hachyderm.io)'s status on Sunday, 31-Aug-2025 20:56:47 JST Ashley Rolfmore (leymoo)

     in reply to

     • Rich Felker
     • pgcd

     @dalias @pgcd @codinghorror weirdly an interesting rule on thumb (anecdotally) on identifying movement/tracking of data is to open the site with a Chinese IP address and see how much they block or slow down (disclaimer - use a western site).

   • Embed this notice
     Marcus Bointon (synchro@phpc.social)'s status on Sunday, 31-Aug-2025 20:57:40 JST Marcus Bointon

     in reply to

     • Rich Felker
     • LisPi
     • Ashley Rolfmore (leymoo)

     @leymoo @codinghorror @dalias @lispi314 it’s not nuanced at all; it’s very, very simple: Don’t do dodgy shit, and you don’t have to request consent. Your take merely underlines that you have fallen completely into the bogus malicious compliance trap that adtech set for you. It’s not the regulation’s fault, though you could legitimately blame the lack of enforcement for its prevalence.

   • Embed this notice
     webhat (webhat@infosec.exchange)'s status on Sunday, 31-Aug-2025 21:02:54 JST webhat

     in reply to

     • Rich Felker
     • LisPi
     • Ashley Rolfmore (leymoo)

     @codinghorror @dalias @lispi314 @leymoo this is a cop-out. Website creators, who have the intention to use the data poorly, are intentionally making the user experience poor, and not even actually complying with the letter law. Saying that this medium is to limited to cover this nuanced topic, shows you don't even understand the topic being discussed

   • Embed this notice
     Matthew Miller (mattdm@hachyderm.io)'s status on Sunday, 31-Aug-2025 21:12:01 JST Matthew Miller

     in reply to

     • Rich Felker

     @dalias @codinghorror

     Here is how my company's compliance lawyers explained it to me. There aren't really EU-wide laws. There are "directives", and each individual country then passes laws that aim to meet the goals of that directive. To make sure you're compliant with all of them, it's easiest to err on risk-avoidant side, even though it is all deeply stupid.

   • Embed this notice
     Aral Balkan (aral@mastodon.ar.al)'s status on Sunday, 31-Aug-2025 22:46:19 JST Aral Balkan

     in reply to

     @codinghorror Then change your business model.

   • Embed this notice
     taziden (taziden@mstdn.fr)'s status on Sunday, 31-Aug-2025 22:47:25 JST taziden

     in reply to

     • javier :vericol:

     @codinghorror
     Nope, only those who monetize user data tracking
     @javier

   • Embed this notice
     Jeff Atwood (codinghorror@infosec.exchange)'s status on Sunday, 31-Aug-2025 22:47:26 JST Jeff Atwood

     in reply to

     • javier :vericol:

     @javier every website on the world is involved

     Aral Balkan repeated this.
   • Embed this notice
     javier :vericol: (javier@col.social)'s status on Sunday, 31-Aug-2025 22:47:27 JST javier :vericol:

     in reply to

     @codinghorror how is stack exchange at all involved??

   • Embed this notice
     Zenie (zenie@piaille.fr)'s status on Sunday, 31-Aug-2025 22:48:31 JST Zenie

     in reply to

     @codinghorror

     I love that you don't like it.

     Stop tracking people. Problem solved.

     Tracking is not necessary. It is immoral.
     It is tracking that ruins the internet, not cookie notices.

   • Embed this notice
     Rihards Olups (richlv@mastodon.social)'s status on Sunday, 31-Aug-2025 22:54:30 JST Rihards Olups

     in reply to

     • RevK :verified_r:
     • Rich Felker

     @revk @dalias @codinghorror There is no need for popups to have logs and track sessions.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Sunday, 31-Aug-2025 22:54:30 JST Rich Felker

     in reply to

     • RevK :verified_r:
     • Rihards Olups

     @richlv @revk @codinghorror There is no legitimate business reason to track sessions for users who are purely reading, not buying stuff from you or posting their own things to your site. Session cookies without consent (which can be implicit in logging in) are violations. But they're so widespread due to bad software assuming anyone with a website wants to track & exploit their visitors that fixing it will be an enormous task.

   • Embed this notice
     RevK :verified_r: (revk@toot.me.uk)'s status on Sunday, 31-Aug-2025 22:54:32 JST RevK :verified_r:

     in reply to

     • Rich Felker

     @dalias @codinghorror Indeed, but I would say it was 100% entirely predictable that this would be the outcome, and so on that basis the regulations were really badly thought out.

     Personally, I think some rules on this are a tad far, it makes sense for a site to have logs and track sessions - if only to improve the site or understand traffic. The bad bit is the third parties and cross site targeted ads and profiles and shite we see in the advertising industry.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Sunday, 31-Aug-2025 23:57:36 JST Rich Felker

     in reply to

     • pgcd
     • Ashley Rolfmore (leymoo)
     • The Lack Thereof :v_bi:

     @lackthereof @pgcd @leymoo @codinghorror Maybe we're going by different definitions of "session". It sounds like you think it's a short-lived thing that disappears when you terminate the browser. Which, even if that were the definition, would still mean it... never disappears. Most of us have browser "sessions" 10+ years old. Mobile doesn't even have a sense of terminating the browser.

     The definition I'm going by is an identifier, regardless of lifetime, that establishes distinct HTTP requests as originating from the same browser. There is no "strictly necessary" reason to do this unless the purpose of the site is maintaining a stateful interaction with the user. If the visitor is just reading your site, there is no legitimate business interest in knowing whether the load of page A and the load of page B came from the same person.

   • Embed this notice
     The Lack Thereof :v_bi: (lackthereof@beige.party)'s status on Sunday, 31-Aug-2025 23:57:38 JST The Lack Thereof :v_bi:

     in reply to

     • Rich Felker
     • pgcd
     • Ashley Rolfmore (leymoo)

     @dalias @pgcd @leymoo @codinghorror

     under GDPR, session cookies as normally understood meet the definition of "strictly necessary" and do not require explicit consent

     If your session cookie is persistent, it's not a session cookie anymore. Not persisting from one browser session to another is kind of a defining characteristic of a session cookie.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Monday, 01-Sep-2025 01:53:49 JST Rich Felker

     in reply to

     • pgcd
     • Ashley Rolfmore (leymoo)
     • The Lack Thereof :v_bi:

     @lackthereof @pgcd @leymoo @codinghorror "Duration of browser process" is not even well defined on mobile. It's async-killed and transparently restarted under system controlled conditions, and to the user (and handling of cookie lifetimes) it's as if it's never closed.

     But regardless, sites don't even use nominally transient session cookies. They use long lived ones and constantly refresh them.

   • Embed this notice
     The Lack Thereof :v_bi: (lackthereof@beige.party)'s status on Monday, 01-Sep-2025 01:53:50 JST The Lack Thereof :v_bi:

     in reply to

     • Rich Felker
     • pgcd
     • Ashley Rolfmore (leymoo)

     @dalias @pgcd @leymoo @codinghorror
     I mean, it is not persisted to disk on the client. It only lives in memory for the duration of the browser process.
     This is the RFC-defined default behavior if you do not override it by explicitly setting one of the "max-age" or "expires" attributes on cookie creation.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Monday, 01-Sep-2025 01:54:42 JST Rich Felker

     in reply to

     • pgcd
     • Ashley Rolfmore (leymoo)
     • The Lack Thereof :v_bi:

     @pgcd @lackthereof @leymoo @codinghorror They set a session cookie on first access that's subsequently sent back to the server on each access.

   • Embed this notice
     pgcd (pgcd@mastodon.online)'s status on Monday, 01-Sep-2025 01:54:43 JST pgcd

     in reply to

     • Rich Felker
     • Ashley Rolfmore (leymoo)
     • The Lack Thereof :v_bi:

     @dalias

     I'm sorry but you're still taking about what you do with it. No framework I ever used forced me to track your shopping cart or sell your activity.

     @lackthereof @leymoo @codinghorror

   • Embed this notice
     ikuturso (ikuturso@mastodon.social)'s status on Monday, 01-Sep-2025 02:57:32 JST ikuturso

     in reply to

     • Rich Felker
     • Kristoffer Lawson
     • Mark Koek

     @mkoek @Setok @dalias @codinghorror that is in fact not how all EU jurisdictions interpret it and while some have taken lax views, there's no special exemption in the EU law for tracking your users if you do it first party.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Monday, 01-Sep-2025 02:57:32 JST Rich Felker

     in reply to

     • Kristoffer Lawson
     • Mark Koek
     • ikuturso

     @ikuturso @mkoek @Setok @codinghorror Indeed, retention and processing are subject to regulation.

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Mark Koek (mkoek@mastodon.nl)'s status on Monday, 01-Sep-2025 02:57:34 JST Mark Koek

     in reply to

     • Rich Felker
     • Kristoffer Lawson

     @Setok @dalias @codinghorror Not if you do analytics based on your own web server logs. You only need consent if you use a data guzzling third party analytics tool.

   • Embed this notice
     Kristoffer Lawson (setok@attractive.space)'s status on Monday, 01-Sep-2025 02:57:36 JST Kristoffer Lawson

     in reply to

     • Rich Felker

     @dalias @codinghorror that’s all very nice in theory, but it was always going to end up with what we have, due to the way this regulation was brought in. With having to incessantly click Accept on every single website out there. Only a small fraction of people care to do anything else. Thus reducing the experience for almost everyone and annoying millions every day. The cookies are not just used for ads, but every analytics tool out there. Key to running sites.

   • Embed this notice
     Jeff Atwood (codinghorror@infosec.exchange)'s status on Monday, 01-Sep-2025 06:55:56 JST Jeff Atwood

     in reply to

     • Rich Felker
     • pgcd
     • Ashley Rolfmore (leymoo)
     • The Lack Thereof :v_bi:

     @dalias @lackthereof @pgcd @leymoo if users want everything for free forever, how do we make that work? That’s the root question. Fix THAT. Is the answer no content licensing of any kind, ever, no payment of any kind for any service whatsoever in the entire world? Consider the actual problem we face.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Monday, 01-Sep-2025 06:55:56 JST Rich Felker

     in reply to

     • pgcd
     • Ashley Rolfmore (leymoo)
     • The Lack Thereof :v_bi:

     @codinghorror @lackthereof @pgcd @leymoo The answer is don't try to make things as a business that can't be profitable without violating people's privacy. It's that simple. There's no right to your business model working.

   • Embed this notice
     Jeff Atwood (codinghorror@infosec.exchange)'s status on Monday, 01-Sep-2025 06:57:25 JST Jeff Atwood

     in reply to

     • Rich Felker
     • justJanne

     @justjanne @dalias so roll back to print media? Put genie back in bottle?

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Monday, 01-Sep-2025 06:57:25 JST Rich Felker

     in reply to

     • justJanne

     @codinghorror @justjanne No, but if you want to run a publication funded by ads, you do it exactly the same way it worked in the print model. Advertisers don't get to spy on your readers. You vet their ads to make sure they're not scams or things that would hurt your reputation, and they pay you based on your reputation and belief that their ad will reach an audience that will benefit their business. No auctions. No brokers. No third-party embeds. No malware. Just static ad text and images vetted by the publisher's advertising department.

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     justJanne (justjanne@mastodon.decentralised.chat)'s status on Monday, 01-Sep-2025 06:57:27 JST justJanne

     in reply to

     • Rich Felker

     @codinghorror @dalias no, it's not required. None of the EU companies I've been at needed cookie banners, and neither do you.

     There's one simple trick: just don't track users. It's even possible to run ads without tracking. Print media has done so for decades!

   • Embed this notice
     Augier (fr & en) 🇵🇸🇺🇦☭🏴 (augierle42e@diaspodon.fr)'s status on Monday, 01-Sep-2025 07:00:11 JST Augier (fr & en) 🇵🇸🇺🇦☭🏴

     in reply to

     @codinghorror

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Augier (fr & en) 🇵🇸🇺🇦☭🏴 (augierle42e@diaspodon.fr)'s status on Monday, 01-Sep-2025 07:00:12 JST Augier (fr & en) 🇵🇸🇺🇦☭🏴

     in reply to

     @codinghorror GDPR never mandated cookie banners. GDPR mandates user consent. There was a browser feature for that: the DNT HTTP header. That header was deprecated because nobody respected it. It was just easier to enforce user consent through cookie banners and dark patterns.

     Nothing here is EU's fault. You want a better option? Campaign for a legislation to enforce the website to respect DNT.

     Or… Just don't track?

     Haelwenn /элвэн/ :triskell: repeated this.
   • Embed this notice
     Jeff Atwood (codinghorror@infosec.exchange)'s status on Monday, 01-Sep-2025 07:02:29 JST Jeff Atwood

     in reply to

     • Rich Felker
     • justJanne

     @dalias @justjanne the word "belief" is doing a tremendous amount of work in that para. How many religions are we starting here, because I am generally not a fan.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Monday, 01-Sep-2025 07:02:29 JST Rich Felker

     in reply to

     • justJanne

     @codinghorror @justjanne The word belief was fairly inconsequential and not a distinguishing characteristic of the model I proposed. Right now, advertisers are believing all the lies of the adtech cult, like that personalized ads work. I don't see why you're grasping at it. You could strike the words "and belief" out of the post you replied to and it would mean the same thing.

   • Embed this notice
     Blurry Moon (sun@shitposter.world)'s status on Monday, 01-Sep-2025 07:02:43 JST Blurry Moon

     in reply to

     • jonny (good kind)
     @jonny cookies are basic internet functionality if you want to even just retain a SINGLE user preference so forcing a nonstandard banner on every user on every site is beyond abusive
   • Embed this notice
     jonny (good kind) (jonny@neuromatch.social)'s status on Monday, 01-Sep-2025 07:02:44 JST jonny (good kind)

     in reply to

     • William Oldwin

     @willegible it's remarkably easy to support by simply not tracking people as well

   • Embed this notice
     William Oldwin (willegible@mastodon.ie)'s status on Monday, 01-Sep-2025 07:02:45 JST William Oldwin

     in reply to

     @codinghorror As for why this isn't a browser feature, it was and is! It is a *choice* by your industry to disregard this, by ignoring DNT and not implementing GPC in major browsers. Did your site honour DNT? Does it honour GPC in places where it is not legally obliged to?

     https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/DNT
     https://globalprivacycontrol.org/

   • Embed this notice
     William Oldwin (willegible@mastodon.ie)'s status on Monday, 01-Sep-2025 07:02:46 JST William Oldwin

     in reply to

     @codinghorror That the EU 'forced' cookie banners is flat-out false. It was a *choice* for sites like yours to persist in the intensive collection of data about your users to feed in to the surveillance capitalism machine. As genuinely admirable as your philanthropy is, it was built on this.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Monday, 01-Sep-2025 07:19:53 JST Rich Felker

     in reply to

     • Kristoffer Lawson
     • Mark Koek

     @codinghorror @mkoek @Setok Really telling what kind of person would blame the pigs and not the farmer...

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Jeff Atwood (codinghorror@infosec.exchange)'s status on Monday, 01-Sep-2025 07:19:54 JST Jeff Atwood

     in reply to

     • Rich Felker
     • Kristoffer Lawson
     • Mark Koek

     @mkoek @Setok @dalias the least-worst path here is being honest "what is this so-called 'free' really costing me", but do it without one zillion popups please.

   • Embed this notice
     Jeff Atwood (codinghorror@infosec.exchange)'s status on Monday, 01-Sep-2025 07:19:56 JST Jeff Atwood

     in reply to

     • Rich Felker
     • Kristoffer Lawson
     • Mark Koek

     @mkoek @Setok @dalias it hasn’t changed anything because it does not address root causes. Users want everything for free, forever, and content creators want to make money to feed themselves and their families. Until we resolve THAT, we will be stuck in endless combat between these two opposing forces. And the money is going to find a way to inevitably win because it has to. You have to make a living somehow. Free everything is great and all but it is never ever ever gonna be “free.”

     Rich Felker repeated this.
   • Embed this notice
     Mark Koek (mkoek@mastodon.nl)'s status on Monday, 01-Sep-2025 07:19:56 JST Mark Koek

     in reply to

     • Rich Felker
     • Kristoffer Lawson

     @codinghorror @Setok @dalias I am actually fine with Facebook charging €6 (iirc) for a privacy-friendly account. Also fine with the new kind of cookie banners on some newspaper websites that say up front that either they track you, or you pay for access. Just be honest about it. It’s the sneaky profile building that I totally agree with being illegal.

   • Embed this notice
     Mark Koek (mkoek@mastodon.nl)'s status on Monday, 01-Sep-2025 07:19:57 JST Mark Koek

     in reply to

     • Rich Felker
     • Kristoffer Lawson

     @Setok @dalias @codinghorror it hasn’t changed anything because it’s not enforced (well almost)

   • Embed this notice
     Kristoffer Lawson (setok@attractive.space)'s status on Monday, 01-Sep-2025 07:19:58 JST Kristoffer Lawson

     in reply to

     • Rich Felker
     • Mark Koek

     @mkoek @dalias @codinghorror frankly, yes. The law hasn’t changed anything of substance. Companies still use the same analytics tools. But now users are constantly nagged at, and companies have increased costs and slower go to market times as they need to faff with these things.

     Perfect example of regulation that is completely misguided, and is a nuisance to almost everyone, bar a few people on Mastodon. Wrong approach.

   • Embed this notice
     Mark Koek (mkoek@mastodon.nl)'s status on Monday, 01-Sep-2025 07:19:59 JST Mark Koek

     in reply to

     • Rich Felker
     • Kristoffer Lawson

     @Setok @dalias @codinghorror I would not advise startups to behave unethically because it’s easier, no. In fact, shouldn’t it be an eye opener that a law that requires people to do the right thing (don’t track people without consent) is viewed as wrong simply because it takes a tiny bite out of the ability to move fast and break things?

   • Embed this notice
     Kristoffer Lawson (setok@attractive.space)'s status on Monday, 01-Sep-2025 07:20:00 JST Kristoffer Lawson

     in reply to

     • Rich Felker
     • Mark Koek

     @mkoek @dalias @codinghorror tell that to the thousands of startups desperately trying to balance with a billion other things they're trying to do. That's just not a practical suggestion when the third party analytics are much faster to set up, better understood, and generally superior too than some self-hosted thing cobbled together.

     As mentioned, the reality we are in today with cookie popups everywhere was 100% predictable and the regulation was thus poorly considered.

   • Embed this notice
     justJanne (justjanne@mastodon.decentralised.chat)'s status on Monday, 01-Sep-2025 07:21:25 JST justJanne

     in reply to

     • Rich Felker
     • Kristoffer Lawson
     • Mark Koek

     @codinghorror @mkoek @Setok @dalias

     As society, we've decided that some business models shouldn't exist.

     You could make the same argument about root causes and money trying to find a way about many other business models society has deemed unwanted.

     Of course it's a game of whack-a-mole, but that's true whether the business model is ad telemetry (aka surveillance capitalism), fake gucci bags or cooking meth.

     Luckily, the tide is slowly and surely turning against telemetry driven content.

   • Embed this notice
     Jeff Atwood (codinghorror@infosec.exchange)'s status on Monday, 01-Sep-2025 07:31:15 JST Jeff Atwood

     in reply to

     • Rich Felker
     • Kristoffer Lawson
     • Mark Koek

     @dalias @mkoek @Setok we are, in fact, a different species than pigs. All I'm saying is, try to design systems that work with observed real world human behavior, and not against it. I am tired, so very very tired, of watching so many tilt at windmills for decades

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Monday, 01-Sep-2025 07:31:15 JST Rich Felker

     in reply to

     • Kristoffer Lawson
     • Mark Koek

     @codinghorror @mkoek @Setok When the behavior of some humans is actively hostile towards others I care about, I absolutely am going to work against that behavior, and encourage others to do so too.

     Not doing that is how we got where we are. Letting bad people keep pushing norms and boundaries to do harmful things they wanted to make money doing.

   • Embed this notice
     Jeff Atwood (codinghorror@infosec.exchange)'s status on Monday, 01-Sep-2025 07:33:19 JST Jeff Atwood

     in reply to

     • Rich Felker
     • Kristoffer Lawson
     • Mark Koek

     @dalias @mkoek @Setok you have to realize that, statistically speaking, all human beings have an insatiable bloodlust for "free"

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Monday, 01-Sep-2025 07:33:19 JST Rich Felker

     in reply to

     • Kristoffer Lawson
     • Mark Koek

     @codinghorror @mkoek @Setok There's nothing wrong with that, except calling it a "bloodlust" rather than a virtue.

     We have the physical/technological capacity to give them that.

     The only thing we lack is the political will to stop the people who want to hoard it.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Monday, 01-Sep-2025 07:35:25 JST Rich Felker

     in reply to

     • Kristoffer Lawson
     • Mark Koek

     @codinghorror @mkoek @Setok There are more people than we need to invent, write, perform, sing, etc. orders of magnitude more than anyone needs, who would do so for no compensation, as long as our physical needs were met and we were not coerced into using our skills to enrich evil people for the sake of taking home a tiny portion of that to pay the people who demand we pay them or be treated as criminals.

   • Embed this notice
     Jeff Atwood (codinghorror@infosec.exchange)'s status on Monday, 01-Sep-2025 07:37:37 JST Jeff Atwood

     in reply to

     • Rich Felker
     • Kristoffer Lawson
     • Mark Koek

     @dalias @mkoek @Setok wanting everything given to you for free isn't a virtue. You can design on your premise, I can design on mine, and we can happily go our separate ways.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Monday, 01-Sep-2025 07:37:37 JST Rich Felker

     in reply to

     • Kristoffer Lawson
     • Mark Koek

     @codinghorror @mkoek @Setok I don't care if you disagree with that.

     I do care about the adtech cartel you're carrying water for and the harm it does to people I love.

   • Embed this notice
     Blurry Moon (sun@shitposter.world)'s status on Monday, 01-Sep-2025 08:04:37 JST Blurry Moon

     in reply to

     • jonny (good kind)
     @jonny I won’t subject you to my lengthy argument about why effectively you have to do this because anything you store for any purpose has to be defensible in a complaint so it is safer for you to always just tell everyone you’re potentially tracking and you don’t have to deal with it. We already went through a claim last year by a guy saying completely client side anti Adblock on YouTube (literally just if Adblock then don’t show video) was violating his privacy in the EU and he got them to agree.
   • Embed this notice
     jonny (good kind) (jonny@neuromatch.social)'s status on Monday, 01-Sep-2025 08:04:38 JST jonny (good kind)

     in reply to

     • Blurry Moon

     @sun
     GDPR/ePrivacy doesn't require consent for first-party strictly necessary cookies like that. Cookie banners are a retaliatory measure taken by the ad industry to make people complain about the regulations - looks like it worked!

   • Embed this notice
     Blurry Moon (sun@shitposter.world)'s status on Monday, 01-Sep-2025 08:13:33 JST Blurry Moon

     in reply to

     • jonny (good kind)
     • new me new me
     @lebronjames75 @jonny what is the telos of a video site
     
     Well for YouTube it is to make money by showing ads on videos so why do you even need a consent banner where the value proposition is that you watch ads to get free videos. I actually like think if it made sense you wouldn’t have the banner on anything ad supported because you are the product to advertisers. If tracking consent made sense you’d only see it on sites where it’s not obvious they are monetizing your data
   • Embed this notice
     new me new me (lebronjames75@shitposter.world)'s status on Monday, 01-Sep-2025 08:13:34 JST new me new me

     in reply to

     • jonny (good kind)
     • Blurry Moon
     @sun @jonny youtube wanted to permaban all non-paying adblock using users (unenforcable to the end, but enough to increase profits)
   • Embed this notice
     Blurry Moon (sun@shitposter.world)'s status on Monday, 01-Sep-2025 08:37:57 JST Blurry Moon

     in reply to

     • jonny (good kind)
     • new me new me
     @jonny @lebronjames75 I am basically okay with making youtube inform users even if it should be obvious theyre being monetized but what I was trying to say is basically the EU accepted that a completely client-side thing that only made your tab not the play the video was violating your privacy. so it really seems like their standard for what requires consent is completely arbitrary. I don't like google either, I'm just trying to look at exactly what happened.
   • Embed this notice
     jonny (good kind) (jonny@neuromatch.social)'s status on Monday, 01-Sep-2025 08:37:59 JST jonny (good kind)

     in reply to

     • Blurry Moon
     • new me new me

     @sun
     @lebronjames75
     It is pretty far from obvious to everyone that YouTube is an ad surveillance platform, unfortunately. A standard that relied on "whether a reasonable person would know they are being tracked or not" sounds like a way worse compliance burden.

   • Embed this notice
     new me new me (lebronjames75@shitposter.world)'s status on Monday, 01-Sep-2025 08:40:24 JST new me new me

     in reply to

     • jonny (good kind)
     • Blurry Moon
     @sun @jonny the purpose of a video site is to show me videos (entertainment) from my PoV and to make money from the enterprises PoV. buy and sell
     
     a monopolized youtube platform for easy-access long-videos is a threat to the infrastructure of a good internet and must be damaged severely for the sake of capitalism's constituents to function; the alternative is hyper-regulation by governing state bodies. there are no alternative options, it is one, the other, or a mix of both. it's also a right-to-repair and right-to-use-for-personal-purposes-as-desired tier argument to an extent.
     
     piracy of youtube content is beneficial to achieving a healthier state of the free market (which is currently not functioning in this niche, and almost wouldve become even less functioning in this niche)
     
     if competition cannot regulate the actions of a monopoly (, then a state MUST regulate a monopoly. if a monopoly is not regulate-able by neither the state (annoying shitty bureocracy regulations) nor the people (vote with the wallet), then ancap's wet dreams of permanent, ultra-oppressive monopoly moments happen.
     
     tldr: if it was possible for youtube to ban all adblock using users, the inevitable result would be first oppressive monopoly moments, followed by shitty regulations and new alternatives for youtube faster BUT now with shitty regulations that they too have to follow
     
     personal-use piracy thumbs up, EU helping IP piracy for private single users thumbs up; this specific action specifically acts in favour for my world view (yay)
     
     for people thinking that youtube is a tracking site? very few people %-wise realize this, almost no casual users (and those who do know, dont care! which is fine for them, but not fine for me! it pisses me off, i hate police state, i hate surveillance state, and anything resembling it). Telling someone their phone is always transcribing their microphone 24/7 into words for displaying ads if they have anything google-installed, is completely beyond the concept of understanding for most people, let alone that google(youtube) sells so much data to advertisers and whatnot.
     narcolepsy and alcoholism :flag: likes this.
   • Embed this notice
     narcolepsy and alcoholism :flag: (hj@shigusegubu.club)'s status on Monday, 01-Sep-2025 08:41:13 JST narcolepsy and alcoholism :flag:

     in reply to

     • jonny (good kind)
     • Blurry Moon
     • new me new me
     @lebronjames75 @jonny @sun yet you use discord and telegram, curious
   • Embed this notice
     narcolepsy and alcoholism :flag: (hj@shigusegubu.club)'s status on Monday, 01-Sep-2025 08:42:57 JST narcolepsy and alcoholism :flag:

     in reply to

     • jonny (good kind)
     • Blurry Moon
     • new me new me
     @lebronjames75 @jonny @sun peertube exists too
   • Embed this notice
     new me new me (lebronjames75@shitposter.world)'s status on Monday, 01-Sep-2025 08:42:58 JST new me new me

     in reply to

     • narcolepsy and alcoholism :flag:
     • jonny (good kind)
     • Blurry Moon
     @hj @jonny @sun and yet i use youtube, fucking retard
   • Embed this notice
     Blurry Moon (sun@shitposter.world)'s status on Monday, 01-Sep-2025 09:07:33 JST Blurry Moon

     in reply to

     • jonny (good kind)
     • new me new me
     @lebronjames75 @jonny almost none of this argument is actually just about the supposed purpose of the law which is just informed consent not preventing monopolies etc
   • Embed this notice
     Greg Hills (winterknell@mastodon.social)'s status on Monday, 01-Sep-2025 11:03:42 JST Greg Hills

     in reply to

     • Rich Felker
     • Kristoffer Lawson
     • Mark Koek

     @codinghorror @mkoek @Setok @dalias
     "Users want everything for free, forever, and content creators want to make money to feed themselves and their families"

     Wait a minute. Who are the users and who are the content creators on Stack Overflow? All the content creators were users. The ones who decided to monetise that site were a third category, site owners. Their desire for income was legitimate, but don't pretend it was the downtrodden content creators crying for money for their children.

   • Embed this notice
     Liam @ GamingOnLinux 🐧🎮 (gamingonlinux@mastodon.social)'s status on Monday, 01-Sep-2025 19:30:39 JST Liam @ GamingOnLinux 🐧🎮

     in reply to

     • Rich Felker
     • lj·rk

     @ljrk @codinghorror @dalias the only banner we have is the google adsense built-in approval banner, but lots of people entirely block it anyway

   • Embed this notice
     Liam @ GamingOnLinux 🐧🎮 (gamingonlinux@mastodon.social)'s status on Monday, 01-Sep-2025 19:30:39 JST Liam @ GamingOnLinux 🐧🎮

     in reply to

     • Rich Felker
     • lj·rk

     @ljrk @codinghorror @dalias but I do also agree that it should have been mandated to browser companies, so users get one dedicated spot for it, not left up to companies to do however they wish and attempt to skirt the rulings

   • Embed this notice
     lj·rk (ljrk@todon.eu)'s status on Monday, 01-Sep-2025 19:30:41 JST lj·rk

     in reply to

     • Liam @ GamingOnLinux 🐧🎮
     • Rich Felker

     @codinghorror @dalias Oh ffs, this isn't true and you should know better than perpetuating that lie.

     I host multiple websites. None with cookie banners. This works even for news, e.g. @gamingonlinux -- and Liam isn't even hosting in the EU but AUS. But he, correctly, thinks that just not needing a cookie banner is exactly the right thing to do.

   • Embed this notice
     James Cridland (james@bne.social)'s status on Monday, 01-Sep-2025 23:44:44 JST James Cridland

     in reply to

     • Rich Felker

     @codinghorror @dalias My main website is GDPR compliant and has no cookie banner. Instead, *if* I set a cookie that can be made to track someone, I ask *when* I set the cookie (ie when you log in).

     Setting a cookie that doesn’t track a visitor does not require consent.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Monday, 01-Sep-2025 23:46:23 JST Rich Felker

     in reply to

     • Kristoffer Lawson
     • Mark Koek
     • justJanne

     @Setok @justjanne @codinghorror @mkoek The popups are illegal. They are not a legitimate means of obtaining consent. They're purely an attempt at malicious compliance to get fools to oppose regulation for them.

   • Embed this notice
     Kristoffer Lawson (setok@attractive.space)'s status on Monday, 01-Sep-2025 23:46:25 JST Kristoffer Lawson

     in reply to

     • Rich Felker
     • Mark Koek
     • justJanne

     @justjanne @codinghorror @mkoek @dalias the business model hasn’t been made illegal. It’s just been made to exist through endless popups that users click blindly. It’s a nuisance nag for the vast majority of people, only causing extra effort (and costs) for everyone. Exactly the kind of regulation we should never have. Hell, there are even plugins that click Accept for you.

     Rich Felker repeated this.
   • Embed this notice
     justJanne (justjanne@mastodon.decentralised.chat)'s status on Monday, 01-Sep-2025 23:48:46 JST justJanne

     in reply to

     • Rich Felker
     • Kristoffer Lawson
     • Mark Koek

     @Setok @codinghorror @mkoek @dalias None of those dialogs are legal.

     Recent court decisions have forced even Google and Meta to add "reject all" buttons that are just as easy to click as "accept all". Some court decisions have found that if the Do Not Track header is set, the dialog should just automatically reject all.

     Nag dialogs as you've described them are illegal. They only exist because crime is more profitable than doing things legally (e.g., Uber).

   • Embed this notice
     justJanne (justjanne@mastodon.decentralised.chat)'s status on Monday, 01-Sep-2025 23:49:35 JST justJanne

     in reply to

     • Rich Felker
     • Kristoffer Lawson
     • Mark Koek

     @Setok @codinghorror @mkoek @dalias I don't have to, because the courts have already done that https://www.heise.de/en/news/Administrative-court-Cookie-banner-must-contain-Reject-all-button-10390520.html

     The reason illegal banners, such as the one on StackOverflow, continue existing is because the data protection office has to build a case before going to court, which takes time, especially with how many websites continue to violate the law.

   • Embed this notice
     Kristoffer Lawson (setok@attractive.space)'s status on Monday, 01-Sep-2025 23:49:36 JST Kristoffer Lawson

     in reply to

     • Rich Felker
     • Mark Koek
     • justJanne

     @justjanne @codinghorror @mkoek @dalias if that were the case, they wouldn’t exist at all. You haven’t outlined how those dialogs are illegal.

     Rich Felker repeated this.
   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Monday, 01-Sep-2025 23:52:59 JST Rich Felker

     in reply to

     • Joe Brockmeier (@jzb)

     @jzb @codinghorror It's not only not required, it's not permitted. After we've already told them we don't consent (via http header etc) they nag us with "are you sure you don't consent? Solve this puzzle to prove you don't and that you care enough to solve a puzzle or we're going to assume you really do consent anyway". This is very illegal.

   • Embed this notice
     Joe Brockmeier (@jzb) (jzb@mastodon.social)'s status on Monday, 01-Sep-2025 23:53:00 JST Joe Brockmeier (@jzb)

     in reply to

     • Rich Felker

     @codinghorror @dalias The reaction you're having is *exactly* what ad tech companies hope for.

     Their malicious "compliance" is not required by the GDPR, but that's how they've chosen to strike back at users for daring to use legislation to try to protect their data.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Monday, 01-Sep-2025 23:55:08 JST Rich Felker

     in reply to

     • Joe Brockmeier (@jzb)

     @jzb @codinghorror Moreover the form Stack Overflow does, embedding a third party service to get tracking consent, is outright illegal because they've provided tracking data to a third party (the one doing the opt-out tracking) before they have consent to do so.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Tuesday, 02-Sep-2025 10:12:27 JST Rich Felker

     in reply to

     • Matt
     • erinaceus

     @apple4ever @erinaceus @codinghorror No, there is a requirement for them to obtain consent to do what they want to do. They can do this by burying the method to give consent in a settings page you have to navigate to if you want to give them consent to track you. This does not require any banner/popup.

     However they want to falsify a claim that you consented by bombarding you with an annoying and confusing prompt when you first open the site, and hope you won't read closely and figure out what it means and how to say no.

   • Embed this notice
     Matt (apple4ever@mastodon.social)'s status on Tuesday, 02-Sep-2025 10:12:30 JST Matt

     in reply to

     • Rich Felker
     • erinaceus

     @erinaceus @codinghorror @dalias So then Jeff is right - there is a legal requirement for them to put up the banner to do what they want to do.

     We can argue about whether they should do it, but the companies are doing it due to a legal requirement. Sounds like the EU needs to come up with a different solution then.

   • Embed this notice
     erinaceus (erinaceus@chaos.social)'s status on Tuesday, 02-Sep-2025 10:12:39 JST erinaceus

     in reply to

     • Rich Felker

     @codinghorror I have to agree with @dalias here. The law is not about cookies or cookie banners. The law is about tracking and handling personal data. You are even generally allowed to handle personal data if:

     1. it is technically or legally necessary for your service
     2. you _only_ use that data for the intended purpose
     3. you delete it if you do not need it anymore.

     For other things, you need consent. The banners are to get your consent to share your data with 90+ different third parties.

   • Embed this notice
     Matt (apple4ever@mastodon.social)'s status on Tuesday, 02-Sep-2025 10:16:53 JST Matt

     in reply to

     • Rich Felker
     • justJanne

     @justjanne @codinghorror @dalias So if they want to collect data, then they need to do the banner to get consent. right? Sounds like it is a legal requirement to do what they want. We can argue whether they should, but the solution is the EU fixing the law/regulation.

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Tuesday, 02-Sep-2025 10:16:53 JST Rich Felker

     in reply to

     • justJanne
     • Matt

     @apple4ever @justjanne @codinghorror No, they need to actually obtain consent. The misleading nag banner does not do that. It's a pathetic attempt by the adtech industry to cover their asses while doing something illegal.

     Stop F'in simping for the adtech industry and go actually read about the topic. The EU does not have an enforcement arm. Member nations are responsible for enforcement, and enforcement requires building cases and litigating them. This takes time and resources.

     "Bringing criminals to justice is hard" is not an exuse for "make crime legal".

   • Embed this notice
     Davey (davey_cakes@mastodon.ie)'s status on Tuesday, 02-Sep-2025 19:33:38 JST Davey

     in reply to

     • Rich Felker
     • Matt

     @apple4ever @codinghorror @dalias if site owners want to cut off their nose to spite their face with these things, that's up to them and not for the EU to fix

   • Embed this notice
     Matt (apple4ever@mastodon.social)'s status on Tuesday, 02-Sep-2025 19:33:39 JST Matt

     in reply to

     • Rich Felker
     • Davey

     @davey_cakes @codinghorror @dalias Then maybe the EU needs to up their law/regulations to solve the actual problem instead of letting the companies do this.

     Rich Felker repeated this.
   • Embed this notice
     Davey (davey_cakes@mastodon.ie)'s status on Tuesday, 02-Sep-2025 19:33:41 JST Davey

     in reply to

     • Rich Felker

     @codinghorror @dalias

     What if I told you that site owners could just show a Yes/No popup instead of sending visitors down a rat maze to subdue them into data collection?

     This is 100% malicious compliance and if you can't see it, you're not looking closely enough in this matter.

     Signed, someone whose sites don't have popups cus I'm not invested in collecting user data.