”Cookie banner” is a misnomer. These consent popups are usually asking for you to consent to having hundreds if not thousands of companies build and sell a profile of you. They will combine your behavior and device data from various sources, identify you across platforms by linking device IDs, and ultimately sell your privacy to the highest bidder.
Typically, you can’t even turn these permissions off, nor can you deny consent or object to their purposes: they are increasingly claiming they are for ”fraud prevention” or some other technical purpose which doesn’t land under consent or the ”legitimate interest” umbrella.
I would love for an audit of sites to see if any popular sites still do collect the data when you click no. Or if you just land on the banner page, and close the tab.
... All so I can have ads that are actually more relevant to me.
Sounds horrible. >..<
The (...fortunately a) handful of places I've worked at which dealt with this sort of thing were very strict about removing PII.
I'm more concerned about only being shown information (not just ads for products) relevant to my click-tuned interests as I think that's just contributing massively to political polarization.
Maybe I'm unique in this experience, but the "actually more relevant to me" part is just never true. Most of the ads I see that are delivered via these auctions are just garbage or scams or "relevant" in a tenuous pointless way.
The only really relevant ads I've seen are from blogs that literally just sell ad space to brands and the ad is just a simple image link you can click on. Philosophy blog? Philosophy book ad. High end men's clothing blog? High end men's clothing brand ad.
Simply enable the “cookie notices” list in ublock origin (available on every platform now, even iOS). According to the EU law if you don’t click accept it’s equivalent to denying.
> According to the EU law if you don’t click accept it’s equivalent to denying.
The result is the same. Technically there's no such thing as denying, only providing (explicit) consent. If consent is required and no consent is provided, then there is no ground for processing.
How do you object to the site's legitimate interest use of your personal data? That is a legal grounds for processing, which can be enabled by default as long as you are provided with an option to actively object.
Also: the consent has to be informed consent. Me clicking away a nag banner, even if I click "accept" isn't informed consent by the definition of the law.
You want to share my data with your 300+ "partners" legally? Good luck informing me about all the ways in which every of those single partners is using my data. If you are unable to inform me I can't give consent, even if I click "Accept all". That is however a you-problem, not a me-problem. If you share my data nontheless you are breaking the law.
Breaks many websites though and you'll be wondering why something doesn't work and then you have to remember you checked that ublock checkbox a few months ago.
I think in the last 12 months of using that unlock list I've only counted less than five times where sites have broken with that list enabled, I don't have to even disable the entire list. You just disable u-block for that specific site
Complain and use a different site. There are only few websites which offer a truly unique service. If enough complain and walk away, something might finally change.
This extension gives you more choice than denying or allowing everything though, you get granular choice automatically applied to all websites where it works
But I don't want to auto deny. I want my shopping carts to work. I want websites to save my login and preferences. I just don't want the pop-ups. So this extension is great.
This extension gives me my preferered web experience. Namely it tries to automatically fill in the cookie pop-ups for you, instead of hiding it. You can actually enable functional cookies, which are useful. Then when filling the cookie popup doesn't work, you can fill it in manually. This is a huge improvement over the ublock hiding of popups, which actually breaks sites time to time.
This is why I use it too. UBlock and other options remove the banner or consent screens fine, but this breaks functionality sometimes. Even not accepting the required cookies can break basic functionality.
What works pretty well for me is the "i don't care about cookies" extension for firefox; my default privacy policy is to throw away cookies when the browser restarts, which I do a few times per day anway.
Th consent is about tracking and your data, not specifically cookies. If you accept them tracking and selling your data then deleting cookies only impacts one way that happens.
I disagree with this idea that businesses should have to keep their customers secret. If I go to Wal-Mart, then I should be free to tell my neighbors about what products were on sale and also how the produce was old / left to spoil. I’m not sure why that should be different for the store.
That extension might allow tracking. From their Chrome add-on page:
When it's needed for the website to work properly, it will automatically accept the cookie policy for you (sometimes it will accept all and sometimes only necessary cookie categories, depending on what's easier to do).
Deleting cookies is insufficient because of browser fingerprinting, which you just consented to.
It always impresses me how its actually easy not to need these banners yet everyone will consistently participate in the civil disobedience of annoying their users. No doubt in the hope of making people mad at the EU.
To the point that people are worried when cookie banners are not required now. I have had a few worried conversations on why our site doesn’t have a cookie banner.
The answer is simple, we don’t track our users, and login is explicit consent and functionality which doesn’t require a prompt under GDPR.
If it's that easy to not need the banners, I'd expect EU websites themselves to lead the "no cookies needed" movement.
Yet https://european-union.europa.eu displays a cookie banner for tracking on what is essentially a static informational site. If the EU itself feels tracking is valuable enough to warrant the banner on their own pages, it's hard to fault businesses (whose survival actually depends on understanding their audience) for making the same choice.
At least they're compliant with their own regulation, I suppose.
The EU websites require the cookie consent due to this section of the cookie policy:
> Third-party providers on Commission websites
* YouTube
* Internet Archive
* ScribbleLive
* Google Maps
* Twitter
* TV1
* Vimeo
* Microsoft
* Facebook
* Google
* LinkedIn
* Livestream
* SoundCloud
* European Parliament
These third-party services are outside of the control of the European Commission. Providers may, at any time, change their terms of service, purpose and use of cookies, etc.
——
In other words, due the embeds that track users, consent is needed.
They also have their own analytics in the same section, by the letter of the rules: they indeed need explicit consent, which would be obviated if they didn’t run analytics and didn’t embed stuff.
It's really enraging. Even EU's official sites use the banners, and probably for sites where they wouldn't (or at least shouldn't) even be needed.
It seems that very few, even lawyers, really understand when explicit consent is not needed, and instead we get cargo culting of pointless consent banners everywhere.
The situation has become such that "consents" aren't really meaningful at all, as people just want to get rid of the banner, and it becomes US style contract theatre.
>No doubt in the hope of making people mad at the EU.
We should be mad at the EU. They could have easily written a clause into the law saying companies must respect the Do-not-track header from the browser. But for whatever reason, they chose not to.
I've seen that in a few places, yeah! I think I personally would just put something in the footer and have a specific page for it that I can link people to.
I really hope that I never end up in a situation where someone tells me "well the conversion rate would be much higher if you just stopped fighting it and put up the damn banner".
Same with https actually. I still reach some home made website or paper published in this or that legit small university or department without a certificate. Most browser send messages like this is a life threatening move.
Regular user here. Cant live without this addon, I absolutely love this. Its been a while since I have to manually dismiss a consent popup. Although the redirects from Google and company can get a bit annoying.
Readit News
Typically, you can’t even turn these permissions off, nor can you deny consent or object to their purposes: they are increasingly claiming they are for ”fraud prevention” or some other technical purpose which doesn’t land under consent or the ”legitimate interest” umbrella.
As far as I'm concerned, that doesn't constitutes consenting to anything whatsoever.
Sounds horrible. >..<
The (...fortunately a) handful of places I've worked at which dealt with this sort of thing were very strict about removing PII.
I'm more concerned about only being shown information (not just ads for products) relevant to my click-tuned interests as I think that's just contributing massively to political polarization.
The only really relevant ads I've seen are from blogs that literally just sell ad space to brands and the ad is just a simple image link you can click on. Philosophy blog? Philosophy book ad. High end men's clothing blog? High end men's clothing brand ad.
The result is the same. Technically there's no such thing as denying, only providing (explicit) consent. If consent is required and no consent is provided, then there is no ground for processing.
https://noyb.eu/en/your-right-object-article-21
You want to share my data with your 300+ "partners" legally? Good luck informing me about all the ways in which every of those single partners is using my data. If you are unable to inform me I can't give consent, even if I click "Accept all". That is however a you-problem, not a me-problem. If you share my data nontheless you are breaking the law.
- https://addons.mozilla.org/en-US/firefox/addon/cookie-auto-d...
- https://github.com/JobcenterTycoon/cookie-auto-decline
Not sure if it's as advanced, but does a good job at declining or simply hiding the banners.
https://news.ycombinator.com/item?id=30625218
https://news.ycombinator.com/item?id=41479882
https://news.ycombinator.com/item?id=35562230
Instead i use this https://github.com/OhMyGuus/I-Still-Dont-Care-About-Cookies
To the point that people are worried when cookie banners are not required now. I have had a few worried conversations on why our site doesn’t have a cookie banner.
The answer is simple, we don’t track our users, and login is explicit consent and functionality which doesn’t require a prompt under GDPR.
Yet https://european-union.europa.eu displays a cookie banner for tracking on what is essentially a static informational site. If the EU itself feels tracking is valuable enough to warrant the banner on their own pages, it's hard to fault businesses (whose survival actually depends on understanding their audience) for making the same choice.
At least they're compliant with their own regulation, I suppose.
The EU websites require the cookie consent due to this section of the cookie policy:
> Third-party providers on Commission websites
* YouTube
* Internet Archive
* ScribbleLive
* Google Maps
* Twitter
* TV1
* Vimeo
* Microsoft
* Facebook
* Google
* LinkedIn
* Livestream
* SoundCloud
* European Parliament
These third-party services are outside of the control of the European Commission. Providers may, at any time, change their terms of service, purpose and use of cookies, etc.
——
In other words, due the embeds that track users, consent is needed.
They also have their own analytics in the same section, by the letter of the rules: they indeed need explicit consent, which would be obviated if they didn’t run analytics and didn’t embed stuff.
It seems that very few, even lawyers, really understand when explicit consent is not needed, and instead we get cargo culting of pointless consent banners everywhere.
The situation has become such that "consents" aren't really meaningful at all, as people just want to get rid of the banner, and it becomes US style contract theatre.
We should be mad at the EU. They could have easily written a clause into the law saying companies must respect the Do-not-track header from the browser. But for whatever reason, they chose not to.
I really hope that I never end up in a situation where someone tells me "well the conversion rate would be much higher if you just stopped fighting it and put up the damn banner".