Mastodawn

Those annoying “consent” cookie pop ups that Big Tech has been using as part of their malicious compliance efforts to convince you that data protection law in the EU is a nuisance?

Turns out they’re illegal.

https://www.iccl.ie/digital-data/eu-ruling-tracking-based-advertising-by-google-microsoft-amazon-x-across-europe-has-no-legal-basis/

#TCF #consent #data #privacy #EU #GDPR #BigTech #maliciousCompliance #SiliconValley #adtech #technoFascism

EU ruling: tracking-based advertising by Google, Microsoft, Amazon, X, across Europe has no legal basis

EU data protection authorities find that the consent popups that plagued Europeans for years are illegal. All data collected through them must be deleted. This decision impacts Google’s, Amazon’s and Microsoft’s online advertising businesses.

Irish Council for Civil Liberties

지지 ᚠᚱᛖᛃᚨ Daniel 黄法官 CyReVolt May 15, 2025

@aral always have been... good to see that people keep up the fight against this. 🙅

Limnetic Villains May 15, 2025

@aral Great, those fucking things have been pissing me off for ages now. Maybe now they'll vanish, and if more paywalls come up so be it, I'm rapidly losing interest in bypassing them only to see someone trying to sell me biased info or opinion piece drivel.

Aral Balkan May 15, 2025

@limneticvillains Well, legal clarity is one thing. Enforcement is another. I guess we’ll see.

Limnetic Villains May 15, 2025

@aral Someone needs to open up a website where anyone can drop a url that has these bloody tracking things in em and then if confirmed they get listed on a wall of shame.

pgcd May 15, 2025

@limneticvillains unfortunately said website would run out of disk space well before listing them all

)}]May 15, 2025

@pgcd @limneticvillains @aral
Throw a few spare Google Drive accounts at it, be grand! ;-)

Frej 🇩🇰May 15, 2025

@limneticvillains @aral Already exists, they are called blocklists 😜

https://github.com/easylist/easylist/tree/master/easylist_cookie

easylist/easylist_cookie at master · easylist/easylist

EasyList filter subscription (EasyList, EasyPrivacy, EasyList Cookie, Fanboy's Social/Annoyances/Notifications Blocking List) - easylist/easylist

GitHub

moving_target01 May 15, 2025

@frej @limneticvillains @aral

I don't think that 1 particular block list is effective enough.

I've been running a PiHole with several lists, and uBlock Origin & Ghostery still block even more tracking sites/cookies. And I'm using Firefox with the telemetry disabled, etc (ie. nothing gets reported back to Mozilla).

Frej 🇩🇰May 15, 2025

@moving_target01 never said that one is enough, the link was just an example. Also most cookie notices can't be blocked with DNS

moving_target01 May 15, 2025

Fair point. Sorry for the assumption on my part.

@limneticvillains @aral Thanks for the idea. We'll see if I fix such website.

Dr Andrew A. Adams #FBPE 🔶May 15, 2025

@limneticvillains @aral
AI Slop created drivel. FTFY

EQ May 15, 2025

@limneticvillains @aral

Tip: Install "uBlock Origin" and "uMatrix", both from Raymond Hill. It autohides most of those annoying things, and as a side effect, all ads are gone and webpages loads at lightning speed.

Sure, some pages break but that is what the close-button is for after all.

Lyrial May 15, 2025

@aral Have you tried not using corporate media at all?

Kim Spence-Jones 🇬🇧😷May 15, 2025

@lyrial @aral
Good luck with that!

Lyrial May 15, 2025

@KimSJ @aral It isn't easy. News especially is difficult. I get the bulk of my news from NPR.

Aral Balkan May 15, 2025

@lyrial The idea isn’t to become hermits. The idea is to change the mainstream for the better so we don’t have to become hermits.

Detlef Steuer May 15, 2025

@aral "Applies immediately across Europe" I won't hold my breath, but there is hope for change!

jeancf May 15, 2025

@aral Ironically, the page of the Belgian lawyer that helped win the case... has consent cookie.

Asterisk 🇨🇦May 15, 2025

@jeancf @aral Is that *his* website or just the site of the firm he works for?

Johan Sköld May 15, 2025

@jeancf @aral My understanding from the article is that TCF (a specific framework) has been deemed illegal, not all cookie popups. IANAL though.

Quinn Comendant May 15, 2025

@rhoot @jeancf @aral That’s how I read it too.

The ruling invalidates the IAB’s Transparency & Consent Framework for RTB-style tracking across the EU. It does not outlaw all cookie banners, only those using the TCF without a valid GDPR basis. Lawful, GDPR-compliant consent notices remain permitted.

David May 15, 2025

@com @rhoot @jeancf @aral

Yeah, seems like it will affect those pop-ups that say "we and our 436 partners really value your privacy." And then overload you with choices.

I had no idea about RTB:

"Real-Time Bidding (RTB), the vast advertising auction system that... tracks what Internet users look at and where they go in the real world. It then continuously broadcasts this data to a host of companies, enabling them to keep dossiers on every Internet user."

David Matthewman May 15, 2025

@com @rhoot @jeancf @aral It doesn't even invalidate the TCF. The original ruling took issue with some of the TCF's implementation, but that's already been changed in response to the ruling and other regulatory feedback.

@aral OFC they are...

ribbit May 15, 2025

@aral it doesn't really fix anything, but the consent-o-matic project is an extension that automatically fills those cookie consent forms with the least permissions necessary.

Clu | #RipNatenom 🕯May 15, 2025

Now we just need someone to explain it to them in language they can understand. So don't charge them peanuts or “I'll pay out of my petty cash as a tip”, but in a way that has a real learning effect or, even better, a deterrent effect for these grifter actors.

Melvin Gundlach May 15, 2025

@moskitokoenig @aral The GDPR has proper fines, so that should work.

slazer2au May 15, 2025

Check out the Consent-o-matic plugin for Firefox. It will deal with the majority of those for you. addons.mozilla.org/en-US/…/consent-o-matic/

Consent-O-Matic – Get this Extension for 🦊 Firefox (en-US)

Download Consent-O-Matic for Firefox. Automatic handling of GDPR consent forms

Kim Spence-Jones 🇬🇧😷May 15, 2025

@aral
This is a really big deal!

Canadian_Cabinet May 15, 2025

Ublock has an “annoyances” filter section that removes 95% of these

Azutsune the stargazer May 15, 2025

@aral please please please america follow suit

moving_target01 May 15, 2025

It's great to see it being actively called out in a court of law. How will this be enforced? Companies will not comply unless compelled to do so.

It would be great if part of the requirements on these companies is that they're already collected databases (and any/all backups) had to be 100% wiped.

Along with that, a respected tech outlet should detail how the average person can install add-ons (Ghostery, uBlock Origin, etc) to their browser to help negate this sort of thing from happening again.

Then offer a more advanced method (ie. PiHole with suggested block lists) for those more savvy.

EQ May 15, 2025

@moving_target01

Just ask the ISP's to run Pi-Hole on their DNS...

moving_target01 May 15, 2025

Yeah, somehow I don't think any would do that. 😁

That's part of the reason why I do that myself, and do not use my ISP's DNS.

EQ May 15, 2025

@moving_target01

Well, I did that to our customers (very *very* small ISP) long before Pi-Hole existed. Was much easier at that time to manually block the usual domains directly in the DNS... Also saved on our bandwidth.

Not very likely nowadays though, but if enough customers ask for it mabe it becomes optional at least?

moving_target01 May 15, 2025

@eq
That would be fantastic.

Sadly that is a revenue stream for ISPs that requires near zero effort on their part, hence thinking they would not do that.

stux⚡️May 15, 2025

@aral I see those warnings as:

"Don't visit this site"

It often works since my mouse clicks on the little cross 😀

Aral Balkan May 15, 2025

@stux Yep :)

Tom 🇵🇸 🇺🇦 🏳️‍🌈 🏳️‍⚧️May 15, 2025

@aral This is the first time I've encountered the phrase "malicious compliance", and it's so concise, descriptive and accurate. Thanks!

FiXato May 15, 2025

@tom it's also known as malicious obedience: https://en.wikipedia.org/wiki/Malicious_compliance @aral

Malicious compliance - Wikipedia

Collette Lynner May 15, 2025

@aral keeping all weblings employed

Pierric May 15, 2025

@aral i'll confess to ignorance here. I see a lot of popups and I know the big lines of gdpr, but I don't know what TCF actually is. I couldn't understand from the link or a quick search. Is there a 5-year-old-with-IT-background explanation somewhere?

FiXato May 15, 2025

@PierricD the culprit's website has a blurb about it: https://iabeurope.eu/transparency-consent-framework/

From what I understand, it's basically a framework for 'complying' with the EU GDPR regulations (to the bare minimum and in a deceptive way); except it isn't actually complying. ;) So, comply-lying.
@aral

TCF – Transparency & Consent Framework - IAB Europe

The General Data Protection Regulation (GDPR), which came into force on 25 May 2018, changed the data privacy landscape in Europe. GDPR was designed to harmonise data privacy laws across Europe, giving individuals greater control and transparency over their personal data while raising the bar for businesses to achieve lawful…

IAB Europe

Andy Flisher May 15, 2025

@aral Looking forward to the EU Internet becoming more user friendly again if nothing else.

Dave May 15, 2025

The "cookies" thing is a red herring.
Two observations:
* Most sites have already set cookies before the pop-up. After it, they set at least one more.
* The cookies themselves are fairly harmless. The harm comes from the 3rd-party objects that many web pages pull in. google analytics, google fonts, facebook icons etc. I've even found banking web pages that access google even though (or before) you decline.

grue May 16, 2025

I can’t remember if the latest recommendation is that using LocalCDN or Decentraleyes is good because it blocks those CDNs from tracking you, or bad because it makes your browser fingerprint more unique.

Witty Dragon May 15, 2025

@aral
So is a huge fine being sent to all of them or just a slap on the wrist?
#Google, #Meta, #Amazon, #Apple, etc don't care about #EU ruling. Until fines TRULY hurt their pockets, they prefer to continue with their profits and pay the price once in a while.
How many of these companies have been fined for similar behaviour in the past? Have they changed it? Yes, they are making their malpractices more hidden and sophisticated.
Bureaucrats don't understand tech well enough to punish them.

Licho May 15, 2025

@aral @panoptykon ❤️🙏

DrYak May 16, 2025

@aral "- What pop ups?"
...says the guy using consent-o-matic.

Seriously: i recomend it, it's a great tool directly addressing such malicious compliance and associated dark patterns.
https://consentomatic.au.dk/

(note: on mobile you have to use FireFox as other mobile browsers do not support extensions)

Consent-O-Matic

aburka 🫣May 16, 2025

@aral interested to see what advertisers will come up with next to attempt to change nothing while pushing the burden onto consumers