Mastodawn

Jeff Atwood Aug 30, 2025

Look, EU, it is difficult to take you seriously when you forced all this cookie notification bullshit on us. That feature a) should not exist and b) if it did, should be a BROWSER feature not "every website in the entire world now has to bother everyone forever about this stupid thing" https://blog.codinghorror.com/breaking-the-webs-cookie-jar/

Breaking the Web’s Cookie Jar

The Firefox add-in Firesheep caused quite an uproar a few weeks ago, and justifiably so. Here’s how it works: * Connect to a public, unencrypted WiFi network. In other words, a WiFi network that doesn’t require a password before you can connect to it. * Install Firefox and the Firesheep

Coding Horror

I'm in this picture and I don't like it.

@codinghorror how is stack exchange at all involved??

Jeff Atwood Aug 30, 2025

@javier every website on the world is involved

scy Aug 31, 2025

@codinghorror @javier Websites that don't use cookies are not involved. Neither are websites that only use cookies that are _required_ for the website to function, e.g. session tokens.

It's only when you'd like to use cookies to track users and deliver personalized ads that you have to deal with this stuff.

It's a choice.

Most websites simply don't choose the privacy-friendly option.

JdeBP Aug 31, 2025

@scy @codinghorror @javier

And tell themselves the comforting lie that it is the E.U. forcing them to do this.

Veronica Olsen Aug 31, 2025

@JdeBP They peddle this bullshit very deliberately. Far too many users believe it's the EU's fault, when it is the predatory tech industry.

@scy @codinghorror @javier

@veronica @JdeBP @scy @javier
Most people would expect someone like @codinghorror to know better.
So why didn't you know better, @codinghorror ?

fedithom Aug 31, 2025

@scy
THIS!
@codinghorror @javier

Claudius Aug 31, 2025

@scy @codinghorror @javier one of the big problems nobody talks about: tech is largely only explained by entities who have no incentive to explain it *well*.

Google, Meta, large ad networks are all like "stupid EU makes us do Cookie banner".

While the actual regulation is actually pretty good. The regulation is basically "don't fuck around with user data. But if you do, you at least need to tell the user".

RealGene ☣️Aug 31, 2025

@claudius @scy @codinghorror @javier
I had to take a corporate-required online training on the GDPR. It was about 15 slides, very clearly explained what you could and could not collect without permission, and what you had to do to protect and dispose of the data when no longer needed. It took about 20 minutes to complete, and I got almost all of the 'learning assessment ' questions correct, which meant I didn't have to do it twice.

Of course, I wasn't within a thousand miles of working on the corporate websites that the knowledge applied to…

ArneBab Sep 1, 2025

@claudius That’s the best description I’ve seen so far -- thank you!
@scy @codinghorror @javier

older Aug 31, 2025

No. Github is a good example.

cy Aug 31, 2025

@codinghorror @javier No, it‘s not and you know that.

Magnus Ahltorp Sep 1, 2025

@codinghorror @javier This is definitely not true. Good websites don’t have nag questions that don’t even comply with the law, only pretending they do.

Jason Petersen (he)Aug 30, 2025

@codinghorror @Viss the EU reacted to behavior by tech companies. If the tech companies hadn’t have had this behavior, the EU wouldn’t have done this.

buherator Aug 31, 2025

@jason @codinghorror @Viss And they reacted in a way that made said behavior even worse. Well done!

David Karlaš Aug 31, 2025

@Viss @jason @codinghorror @buherator How it made it worse? Less websites use 3rd party tracking cookies, Github is one such example.

buherator Aug 31, 2025

@davidkarlas @Viss @jason @codinghorror I don't have hard data on this unfortunately, but I tend to browse in incognito, so I get all cookie notifications all the time. Based on this experience GH is a rare exception. I must add, that this is in part because the EU is not only failing in proper enforcement, but also communication as I know of multiple well intentioned site owners who implemented this BS because they didn't understand the regulation.

To be fair I also hear marketing crying over constent requirements, which is good, but overall the adtech industry is still thriving while user experience deteriorated. In other words the regulation doesn't have the intended effect, while causing negative externalities, making things worse. (Please don't tell me it should be adtech that should play nicely, while the regulation is there because they don't play nicely in the first place)

Rickyx Aug 31, 2025

@buherator @codinghorror @jason @Viss @davidkarlas this book has like 80 of small written pages of proof that the gdpr is a reaction ( besides the book itself): https://en.wikipedia.org/wiki/The_Age_of_Surveillance_Capitalism?wprov=sfla1
It is a good read that I recommend.

The Age of Surveillance Capitalism - Wikipedia

Zenie Aug 31, 2025

I love that you don't like it.

Stop tracking people. Problem solved.

Tracking is not necessary. It is immoral.
It is tracking that ruins the internet, not cookie notices.

Världens bästa Kille™Aug 31, 2025

@Zenie @codinghorror Funny thing: From a marketing standpoint all that tracking is useless.

It’s good for selling ad space, but worthless for making ads. True story.

Don Marti Aug 31, 2025

@thelovebing @Zenie @codinghorror GitHub managed to get to a compromise: cookie banners only on content for "marketing to enterprise users" but don't hassle most users on most pages https://github.blog/news-insights/company-news/no-cookie-for-you/

(EU law requires consent to be "freely given, specific, informed and unambiguous" and nobody knows enough about today's surveillance business practices to do that in most places, so it's an open question how long these will work anyway. Depends on status of the EU/USA trade war I guess)

No cookie for you

The developer community remains the heart of GitHub, and we’re committed to respecting the privacy of developers using our product.

The GitHub Blog

Michael J. Nicholson Aug 31, 2025

@Zenie
It's not the legislation that's tbd problem. It's the malicious compliance by companies that want dats they have no real need of, either "just in case" or so they csn sell it.

My main hate is the 70+ "legitimate interest" exceptions that need 70+ clicks to disable. I immediately leave those sites. @codinghorror

Zenie Aug 31, 2025

@michjnich @codinghorror

Totally agree. The thing we all know is legitimate
Interest isn't. No cookies would be best. But that means no surveillance.

Aral Balkan Aug 31, 2025

@codinghorror Then change your business model.

@codinghorror Where?

Paul SomeoneElse Aug 31, 2025

I love these responses to famous internet guy playing the victim, and people on fedi
not having it.

John Lusk Aug 31, 2025

This. Came here and glad I found it.

Lori M Olson Aug 31, 2025

So? Stop with the malicious compliance. Fixed!

https://mastodon.ar.al/@aral/115122589711327817

Aral Balkan (@[email protected])

Look, Jeff Atwood, it is difficult to take you seriously when you write authoritatively on a subject you clearly don’t understand. GDPR doesn’t mandate cookie notices. Cookie notices are *malicious compliance* by the surveillance-driven adtech industry. If you’re not tracking people, you do not need a cookie notice, period. If you’re only using first-party cookies for functional reasons, you do not need a cookie notice, period. If you’re using third-party cookies to track people – i.e., if you’re sharing their data with others – then *you must have their consent to do so*. Because, otherwise, you are violating their privacy. Even then, the law doesn’t mandate a cookie notice. How would you conform to EU law without a cookie notice if your aim wasn’t malicious compliance? You would not track people by default and you would make it so they have to go your site’s settings to turn on third-party tracking if, for some inexplicable reason, they wanted that “feature”. Boom! No cookie notice necessary. What’s that? But that would destroy your business because your business is founded on the fundamental mechanic of violating people’s privacy? Good. Your business doesn’t deserve to exist. Because the real bullshit here isn’t EU legislation that protects the human right to privacy, it’s the toxic Silicon Valley/Big Tech business model of farming people for data that violates everyone’s privacy and opens the door to technofascism. https://infosec.exchange/@codinghorror/115120175033311443

Aral’s fediverse server

Tad Fisher Sep 1, 2025

@codinghorror if you don't like it then don't share user data with third parties. It's actually that simple.