It’s great satire, but it really does mirror a larger societal shift where the burden of safeguarding personal autonomy has shifted from institutions/regulators to individual users. Do-Not-Stab, Do-Not-Track, whatever it might be, any sort of “voluntary compliance” is a non-starter in the face of financial pressures
IMO we need to start normalizing being militant about this stuff again, to aggressively and adversarially defend the freedom to use your computer the way you choose to use it
It's amusing to see this message heavily upvoted on HN when most mentions of Firefox here are welcomed with an avalanche of perfect solution fallacies.
I'm dubious about people becoming militant about this when the software engineering industry gave Chrome a red carpet by using it and installing it on their relatives' computers while knowing very well it's adware and when switching to the alternative is incredibly cheap.
Chrome had the advantage for a long term because their dev tools were just so much better than Firebug in both features and performance. Even today, I can't pinpoint it to specific things because it's (relatively) little and subtle differences, but Chrome's dev tools feel way more polished than Firefox's.
It's almost as if Steve Ballmer and the legendary "developers developers developers" speech still rings true today - the key to getting people to use your software is to make life as easy for the power users as possible, let them spread the word. And it's ironic how Microsoft lost its ways there... a lot of people I know have gone from Windows to Mac and convinced their close relationships (aka those whose computers they fix) to do the same. It's just so much more relaxing to boot into an OS that doesn't try to shove advertising down your throat at every turn.
I think we shouldn't minimize the harm Chrome does by calling it adware. It monitors all your activity for Google to tie it to your identity, who then publish your demographics, preferences, history, and mental state on the global markets.
Let's call it what it is: a brain tap.
> It's amusing to see this message heavily upvoted on HN when most mentions of Firefox here are welcomed with an avalanche of perfect solution fallacies.
HN is not a hive mind. There are people here who love Firefox, people who despite it, and everyone in between. It’s tiring to always be reading your type of comment, as if everyone is a hypocrite. Maybe, just maybe, the people making those contradictory comments are not the same individuals.
And it’s not like Mozilla is free from controversies, including several of betraying user trust. If every major browser maker is going to break your trust and sell your data, I can see why people choose their poison based on other factors.
I use neither Firefox nor Chrome. Is Safari any better? Or Brave? In some areas yes, in others no. I don’t think there’s a single browser vendor which gets it unambiguously right.
Mozilla would be the first to request permission to stab you so that they can then analyze the blood of the knife in order to make future product decisions.
> IMO we need to start normalizing being militant about this stuff again, to aggressively and adversarially defend the freedom to use your computer the way you choose to use it
Yes. As a millennial the times of civil disobedience was better. Not only did we get a better internet for consumers, but better companies were rewarded and won. Rose tinted glasses? Possibly, but there’s another reason for disobedience: the other side does it, and they do it just for money.
Concretely, is there something like Adblock that can be done for cookies? I don’t think blocking is as effective as poisoned data though. They ask for data, they should get it. If you don’t get consent, poisoned data is merely malicious compliance.
It could even be standardized as an extension to DNT: “if asking for consent after a DNT header, a UA MAY generate arbitrary synthetic data”.
Use ublock origin with the "Cookie notices" custom lists. Not explicitely accepting cookies is legally the same as refusing them (now, whether websites actually respect that is the opening keynote of the Naiveté conference)
> Concretely, is there something like Adblock that can be done for cookies?
I use a combination of two browser extensions: Cookie AutoDelete[0] and I don't care about cookies[1]. The second hides any GDPR 'compliance' popup; the first deletes any cookies set by a website when you close the last tab with it open. Both extensions have whitelist functionality.
> aggressively and adversarially defend the freedom to use your computer the way you choose to use it
Sadly even if you’re inclined to do this, it’s always a war of attrition, and corporations seem to realize they can just up the cost of your resistance in terms of time/frustration, and that’s enough for them to win in the long term. The history and trajectory of platforms, from browsers to AppStore’s to SaaS-all-the-things, is just tragic, with the amount of user control on a downward slide at each stage. The big question now is whether / how / to what extent AI is going to be corporate or democratized, but it’s hard to be optimistic.
Or, you know, if Clicking do-not-stab for 60 more years sounds like it sucks, you can try to become a shepherd or something. Works great for ~10 years, and then you can’t use cars, dishwashers or light switches without clicking do-not-stab, at which point they finally win and you say, you know what? I should be grateful they asked before they stabbed me, I practically owe it to them anyway, and I can’t wait to see all the love/cash rolling in after I’m a big shot shepherd influencer. Like and subscribe y’all and as always, hail corporate
Worth noting the times where you have the choice to engage or not with a company with bad practices. Make it unprofitable for them to provide horrible service. Particularly applicable to tech, because most of it is useless rubbish we don't really need anyway!
Is this a case where monopoly actually benefits the cause? The last great uprising in the public interest, imo, was Microsoft against the open source movements at the turn of the century. It was a heady time to be involved in software. I miss it frankly.
But perhaps it really only succeeded, because that Microsoft was like the Boeing of today, a company where Pournelles second type (the institutionalists) had taken over and was just riding out the momentum, allowing the upstart unfunded open source hippies to actually have success.
I'm registering my elderly relatives for dmachoice.org, to prevent them from getting junk mail. These clowns create the problem and then have the audacity to charge you to be added to the opt out list. I was really skeptical about the GDPR when it was passed and I am now fully on board for an American version.
I'm still extremely skeptical of it because in practice it basically added a cookie banner to every every website I visit infrequently with no particular benefit to me.
I wonder if there is some way to DoS the tracking services by basically accepting third party cookies but then immediately discarding them so every page load generates a new cookie and presumably state stored on the other end to match it. Or are these tracking cookies typically self-contained so that no state is stored server-side?
On the internet, it started as the user's responsibility.
For netizens, the idea that the use should be able to opt out of logs about their interaction with the service the operator owns is novel (because they always had the option of not using the service if they found the pattern distasteful).
There's a bit of a difference between normal logging of access to services to protect your devices / network (and to understand your users' access to your services), and using every nasty trick in the book to build extensive detailed profiles of everyone's browsing footprint across the entire web, often without their knowledge or consent (hence the laws, because it's the only way to convince some folks to not do bad things). The first should be expected behavior, whereas the second should be considered unacceptable and abusive, but has somehow been "normalized" in modern society.
Yeah and the fuss about it being enabled by default is not really relevant. In the EU tracking must be opt-in anyway. So this is expected behaviour.
However the EU dropped the ball by not making it mandatory to respect this flag. If they had we wouldn't have had the huge cookiewall mess we have now.
The annoying thing is that they have regulations in trilogue that would actually make the DNT header obligatory to follow, the ePrivacy Regulation. That was supposed to drop alongside GDPR, but has instead been delayed for 6 years now. It's apparently supposed to be finally finalized somewhere in 2024, so I hope to see it sometime soon.
> larger societal shift where the burden of safeguarding personal autonomy has shifted from institutions/regulators to individual users.
If anything the shift is going the other way, with some of the more busy-body jurisdictions trying to take things that are properly enforced by the user's user-agent and instead making them officially the responsibility of the other party.
It's important to note that the Do-Not-Stab header has been deprecated because one browser engine switched it on by default and requiring users to opt into stabbing hurt the bottom line of the stabbing industry, so it's no longer respected. Luckily someone came up with General Assault Control, a non-standard alternative, which also only has one value, so you can set Sec-GAC to 1 to request websites not to assault you. By design, this header cannot be extended, so it cannot be used to distinguish brutal stabbings from a comedic pie to the face in the future.
Because of legal requirements, the General Assault Control header may not be enabled by default, as American states like Colorado require explicit opt-out (rather than explicit opt-in). This protects Colorado's thriving stabbing and shooting industry as most users will never want to opt into being stabbed.
Despite the feature being forced to be disabled by default, the organisation behind the spec is pushing hard for customers to download fringe browsers that implement the feature (though you may need about:config to enable it). Because of the small user base, the request not to be assaulted can be used by websites not willing to follow the standard to make their stabbings and shootings more precise. End users can request a JSON file from the web server containing the supposed support for the GAC header, but requesting this URL may be used to kick the user in the teeth by non compliant servers.
It's now customary, in order to comply with European regulations, to present users with a list of possible violent crimes against their person that they can opt out of before using a website. This ensures that non-consent to stabbing is always an active choice, so that users who want to be stabbed or otherwise maimed won't accidentally miss out on the opportunity.
You can put a window that covers the bottom half of the content the defaults to all assaults being allowed also has a way to customize which assaults you would like. It shouldn't be possible to uncheck necessary assaults for the website might not work.
This is such transparent EU Bureaucracy shilling. No wonder Europe doesn't have any large SaaS companies with their stabbing unfriendly business climate.
The stabtech industry will just change to Stab-Into-The-Back technology, because every user hates to be stabbed in the chest, but doesn't care if it's not seen.
I think you are factually wrong: Skype, Spotify, Revolut, Zendesk, Transferwise... There are quite many European unicorns too (less though than US and Chinese companies) which are operating as SaaS. Some of them got acquired or re-based to other countries though
For the low price of $20/1000 clicks, I will provide you with a stabbing consent banner, fully compliant with upcoming EU and CA regulations on web-based stabbing.
I'm sold, the distinctions between "necessary", "targeting", "performance" and "functional" stabbings are such a minefield. Not to mention how I'm supposed to properly disclose the 846 different stabbing brokers I work with. How's a man supposed to make a living stabbing people with all of this red tape in the way?
By the way, studies show users only opt in to stabbing with our competitors banner 95% of the time, but they opt in with ours 98% of the time, thanks to our banner taking 50% longer to properly opt out of, so you should really go with us.
This website appears to be part of a webring (how delightful!) made up of MtF trans people, furries, self-identified robots (some of which exclusively use third person pronouns) and sometimes a mixture of these. All appear to be some form of sysadmin or programmer.
This isn't my tribe, but I'm incredibly pleased to see a beautiful reflection of the old internet within this webring.
The Do Not Track header was originally proposed in 2009 by researchers Christopher Soghoian and Sid Stamm.[2] Mozilla Firefox became the first browser to implement the feature.
I wonder how many web developers actually honour Do Not Track. I do, in all the websites I've made for my employer too, but I think I'm only getting away with it because my employer doesn't know. I've even made it so that browsing with Do-Not-Track enabled also skips the cookie consent banner and just assume the user wants no cookies other than the strictly necessary ones (like their session/login cookie), and doesn't include Google Analytics, instead just upping a single view counter on the page, with no PII in there.
A better option would be to just make tracking illegal, and heavily fine companies that are found to be doing it. And make it strict liability, so intent doesn't matter.
You're taking exactly the right approach in my book. Thank you!
I don't know if they still do it, but last time I browsed Medium I found that it claimed to respect DNT, which is quite nice.
Lots of self-hosted analytics software also respects DNT out of the box and I don't think site administrators often bother to turn that off.
Still, the vast majority of websites probably ignores the header, especially since it's been deprecated as a standard. If you care about such things, maybe also consider looking into Sec-GPC, its intended replacement.
There was a much more elaborate standard called P3P recommend by w3c in 2002. It apparently defined a description of how business can use personal data.
But apparently it was considered too complex and "lacking enforcement".
Now maybe if it survived till GDPR it could have it's enforcement, but Mozilla yanked support before that...
No, they love the money they can make about you. I don’t know anybody giving their money to these people. It is other shady companies buying the data about for, shady companies that have collected. All of this is offered to you free of charge.
Relax, folks, entities have plenty of other options, there still won't be support for Do-Not-Shoot, Do-Not-Rape, Do-Not-Stone, fun for the whole family.
Readit News
IMO we need to start normalizing being militant about this stuff again, to aggressively and adversarially defend the freedom to use your computer the way you choose to use it
I'm dubious about people becoming militant about this when the software engineering industry gave Chrome a red carpet by using it and installing it on their relatives' computers while knowing very well it's adware and when switching to the alternative is incredibly cheap.
It's almost as if Steve Ballmer and the legendary "developers developers developers" speech still rings true today - the key to getting people to use your software is to make life as easy for the power users as possible, let them spread the word. And it's ironic how Microsoft lost its ways there... a lot of people I know have gone from Windows to Mac and convinced their close relationships (aka those whose computers they fix) to do the same. It's just so much more relaxing to boot into an OS that doesn't try to shove advertising down your throat at every turn.
HN is not a hive mind. There are people here who love Firefox, people who despite it, and everyone in between. It’s tiring to always be reading your type of comment, as if everyone is a hypocrite. Maybe, just maybe, the people making those contradictory comments are not the same individuals.
And it’s not like Mozilla is free from controversies, including several of betraying user trust. If every major browser maker is going to break your trust and sell your data, I can see why people choose their poison based on other factors.
I use neither Firefox nor Chrome. Is Safari any better? Or Brave? In some areas yes, in others no. I don’t think there’s a single browser vendor which gets it unambiguously right.
Yes. As a millennial the times of civil disobedience was better. Not only did we get a better internet for consumers, but better companies were rewarded and won. Rose tinted glasses? Possibly, but there’s another reason for disobedience: the other side does it, and they do it just for money.
Concretely, is there something like Adblock that can be done for cookies? I don’t think blocking is as effective as poisoned data though. They ask for data, they should get it. If you don’t get consent, poisoned data is merely malicious compliance.
It could even be standardized as an extension to DNT: “if asking for consent after a DNT header, a UA MAY generate arbitrary synthetic data”.
I use a combination of two browser extensions: Cookie AutoDelete[0] and I don't care about cookies[1]. The second hides any GDPR 'compliance' popup; the first deletes any cookies set by a website when you close the last tab with it open. Both extensions have whitelist functionality.
[0] https://github.com/Cookie-AutoDelete/Cookie-AutoDelete
[1] https://www.i-dont-care-about-cookies.eu/
Sadly even if you’re inclined to do this, it’s always a war of attrition, and corporations seem to realize they can just up the cost of your resistance in terms of time/frustration, and that’s enough for them to win in the long term. The history and trajectory of platforms, from browsers to AppStore’s to SaaS-all-the-things, is just tragic, with the amount of user control on a downward slide at each stage. The big question now is whether / how / to what extent AI is going to be corporate or democratized, but it’s hard to be optimistic.
Or, you know, if Clicking do-not-stab for 60 more years sounds like it sucks, you can try to become a shepherd or something. Works great for ~10 years, and then you can’t use cars, dishwashers or light switches without clicking do-not-stab, at which point they finally win and you say, you know what? I should be grateful they asked before they stabbed me, I practically owe it to them anyway, and I can’t wait to see all the love/cash rolling in after I’m a big shot shepherd influencer. Like and subscribe y’all and as always, hail corporate
But perhaps it really only succeeded, because that Microsoft was like the Boeing of today, a company where Pournelles second type (the institutionalists) had taken over and was just riding out the momentum, allowing the upstart unfunded open source hippies to actually have success.
I'm just going to click "yes," stop asking.
For netizens, the idea that the use should be able to opt out of logs about their interaction with the service the operator owns is novel (because they always had the option of not using the service if they found the pattern distasteful).
However the EU dropped the ball by not making it mandatory to respect this flag. If they had we wouldn't have had the huge cookiewall mess we have now.
Deleted Comment
If anything the shift is going the other way, with some of the more busy-body jurisdictions trying to take things that are properly enforced by the user's user-agent and instead making them officially the responsibility of the other party.
Because of legal requirements, the General Assault Control header may not be enabled by default, as American states like Colorado require explicit opt-out (rather than explicit opt-in). This protects Colorado's thriving stabbing and shooting industry as most users will never want to opt into being stabbed.
Despite the feature being forced to be disabled by default, the organisation behind the spec is pushing hard for customers to download fringe browsers that implement the feature (though you may need about:config to enable it). Because of the small user base, the request not to be assaulted can be used by websites not willing to follow the standard to make their stabbings and shootings more precise. End users can request a JSON file from the web server containing the supposed support for the GAC header, but requesting this URL may be used to kick the user in the teeth by non compliant servers.
https://news.ycombinator.com/item?id=41818459
This isn't my tribe, but I'm incredibly pleased to see a beautiful reflection of the old internet within this webring.
https://en.wikipedia.org/wiki/Do_Not_Track#:~:text=The%20Do%....
I can dream...
I don't know if they still do it, but last time I browsed Medium I found that it claimed to respect DNT, which is quite nice. Lots of self-hosted analytics software also respects DNT out of the box and I don't think site administrators often bother to turn that off. Still, the vast majority of websites probably ignores the header, especially since it's been deprecated as a standard. If you care about such things, maybe also consider looking into Sec-GPC, its intended replacement.
But apparently it was considered too complex and "lacking enforcement".
Now maybe if it survived till GDPR it could have it's enforcement, but Mozilla yanked support before that...
They don't actually hate you. Rather, they love your money and they have a depraved indifference for you.