CyberSecJames
VM (Vicky) BrasseurLet's be clear here: The law is NOT to blame for cookie banners.
The blame lies with companies that would rather inconvenience you with a banner than respect your privacy by not collecting (and selling) your data..
jtonline@vmbrasseur the biggest lie on the Internet is "we respect your privacy". Companies have shown that they cannot be trusted so maybe its time for an outright ban on invasive tracking.
Daniel Schildt@jtonline @vmbrasseur First party tracking is less harmful than 3rd party tracking, but tons of companies run server side proxy applications that send 3rd party tracking data directly from the 1st party servers. That makes it practically almost impossible to block from the client-side (unless stopping to use a service completely).
For example Google Analytics can run data gathering on a website's own servers, hiding the logic from a browser.
Mustapha Hamoui@vmbrasseur why do I need a stupid cookie banner to stay logged in on a website? It’s always about the “selling your data” straw man for you people. Admit it. That was a bad law that made the internet a little worse for everyone.
strifel@Beirutspring @vmbrasseur you don‘t
K~@Beirutspring @vmbrasseur You don't need a banner or confirmation for the kind of cookie you described. If you're seeing a cookie banner, it's because they actually are collecting data to profit from. That's what the banner means.
When the data is only used for the functionality of the site, then no banner is required.
zbrown@Beirutspring @vmbrasseur you do not need a cookie banner to stay logged into a website.
Alexander The 1st@Beirutspring @vmbrasseur What may have happened is that website developers (And especially Website PMs) developed the banner for cases where cookies *are* optional, and required consent to use them, and have reused them for pages where said cookie banners are *not* necessary, because essential cookies to stay logged into a website are still allowed even without asking for consent, as I understand...it's just that they want to surveil data, and do not want to customize their banner every time.
@Beirutspring @vmbrasseur Specifically, they read this:
[
European rulemakers in 2009 revised a law called the e-Privacy Directive to require websites to get consent from users before loading cookies on their devices, unless the cookies are “strictly necessary” to provide a service.
]
And read the "Strictly necessary" as being too onerous on them to determine, and not in their best interests in order to sell tracking data to advertisers - hence the pop-up on sites that do not need it.
Amira Magdalena@Beirutspring @vmbrasseur the shocking answer is you don’t need a cookie banner for that functionality
@Beirutspring @vmbrasseur here is a legally compliant login screen mockup, you only need those stupid banners or similar IF you're storing cookies for ALL users, not just those that login.
Deus Figendi.jwdYou don't need a cookie banner to stay logged in. Not by law neither by technical reasons.
If a website asks you for confirmation, then usually because they a stupid or - more likely - not just to keep you logged it. But whatever reason it is, it should be told you inside the banner because your consent must happen "well informed".
By the way: I just click "don't" every time 🤷
lj·rk@vmbrasseur oof, that's bad reporting by politico here. As you say, the law didn't demand this crap. And the 'proposal' they cite...
> to drop consent banners for cookies collecting data “for technically necessary functions”
... that's already there. You don't need a cookie banner for that. Ugh
Elias Mårtenson@ljrk @vmbrasseur and the banner doesn't even comply. It's designed to be annoying for users and also blame the law.
And that strategy seems to have succeeded given how many people believe it.
@loke @ljrk @vmbrasseur Part of Google services have some of the most annoying "cookie notice" banners that don't allow anyone to modify anything, but only want to show a full screen wide notification that they will track everyone regardless of the laws. At least they are honest about not caring to comply.
DaveyPolitico is comically bad at this kind of thing.
Reg
Desert CamelLike saving your login details, and preferences in cookies on your pc. Yes there are legitimate reasons for using cookies.
Reasons are not interests.
@ReggieHere @vmbrasseur Generally? no, but in this case, yes they are. It is in interest of you and the service provider to reduce friction.
'Legitimate interest' is distinct from other purposes in that users have the right to object to the processing of their data, and while reducing friction no doubt serves the interests of the provider, the user is too often subject to a cumbersome and obstructive process through which their objections can be registered.
2xfo@vmbrasseur
Ok so i started reading this and i understand now that is advertising industry propaganda so of course they have the most obnoxious cookie "consent" screen ever
Ok so i started reading this and i understand now that is advertising industry propaganda so of course they have the most obnoxious cookie "consent" screen ever
Adrian Morales@vmbrasseur Since when have these tech bros ever had any respect for anything or anyone?!
srslypascalYes and no. It would have been trivial to add a legal provision that requires companies to respect the DNT flag sent by the client. Instead, we now have this harebrain "consent provider" bullshit industry.
thomas_shoneFrom the article:
> the Commission is pondering how to tweak the rules to include more exceptions or make sure users can set their preferences on cookies once (for example, in their browser settings) instead of every time they visit a website.
I mean come on! We had it all ready to go with DNT and they dropped the ball by not mandating it. Let's see of how bad the proposed implementation looks once "industry interests" get involved in the design.
TrimTab 🇺🇦@vmbrasseur
Or cookie whitelisting and browser tab containers could make the entire question moot.
In firefox, i use containers to control cookie scope, and all cookies i haven't white listed are nuked when the tab or browser closes.
The sites i trust remember me. Everything else forgets me. Can this not be baked into default browser behavior? (Takes 2 plugins in firefox, impossible in chrome.)
It would make this entire topic irrelevant.
James Edwards@vmbrasseur It’s malicious compliance through and through, for sure. But they’re not gonna stop unless they have to.
So legally mandated browser-based control would be the best way I think, most of that’s already built-in, so it would need integration with content policy, and a more friendly and discoverable browser UI, which is all technically doable.
At this point I’d almost rather stop requiring consent if it gets rid of the fucking banners.
Caden@vmbrasseur the thing is much of the time the cookie banner doesn't even work, and they apply cookies before you even consent
FediThing 
@vmbrasseur If the banners were honest it would say "Can we track you?" instead of using a cover story about cookies.
Grumpy Old Techie 🕊️@vmbrasseur I use an "add blocker" that can be set to auto decline all cookies. It also blocks most trackers, on some sites it can be more than 50. The ones that really want to track you use other methods that are almost impossible to block, no cookies involved.
The blocker I use is Ghostery, I'm sure the other popular ones work just as well.
I do see the occasional cookie banner when I visit non english sites but I almost forgot they exist.
The blocker I use is Ghostery, I'm sure the other popular ones work just as well.
I do see the occasional cookie banner when I visit non english sites but I almost forgot they exist.
Martin Rust@vmbrasseur I know a website that has a banner that says "This site uses no cookies". You have to click to make the banner go away.
tecteun@vmbrasseur I'm waiting for the moment apps get the same banners 🙈
Greg Walker 
I didn't bother reading most of the article because of this
Also, cookies are not harmless. If they were harmless, websites would not deploy them. I
Veza85UE@gregsie @vmbrasseur I didn't click because #PoliticoIsTrash and its European version is owned by Axel Springer (Thiel supposedly dumped them a few months ago, but they're no better). Of course they would frame the issue like this...
Clive 🏳️🌈🏴☠️@vmbrasseur I wonder how many oxygen tanks my sighs could've filled by now from every time "manage cookie choices" has meant "have fun turning off legitimate interest for each of these 92857 different ad companies!"
troy_friz_zell
Maarten Pelgrim@vmbrasseur Hi Vicky, I get your point, but I still think it would be better if Europe would pass laws making tracking completely illegal. Right now, we still have a kind of half way there system, which still says (kind of) that it's okay to track people as long as they agree.
remoteControl@vmbrasseur I believe this a manipulation. There are other options how to solve it but companies CHOSE ugly banners instead. But good luck to people who want to fix current state.
David@radekcrlik @vmbrasseur Yes, they all chose to disregard the Do Not Track standard, for example.
@vmbrasseur The cookie banners are also created as a dark pattern. One click to accept, multiple clicks to deny consent. Some refusal systems also seem to want entering a credit card number.
CubeOfCheese@vmbrasseur sure but also, a law should account for possible side effects. If there are unintended negative consequences, it is up to the law to address those (by amending or passing a new law)
True, the EU could prohibit tracking in general and justify that with "you were not able to inform people sanely to get their confirmation, instead you decided to bother folks. Now you have no insentive to get their consent, because they cannot longer consent".
Or you can replace it by written consent, on paper… that would be nice "before you start using our website, we need you to send a postcard with the consent to track you and your behavior on our website…"
Oggie@vmbrasseur
Fucking malicious compliance, wish it got called out better.
Fucking malicious compliance, wish it got called out better.
Q&A Anon@vmbrasseur And Springer Press has always the best bad framing.
Joe Julian@vmbrasseur Seems like that classic, "You show me the rules, and I'll show you the behavior."
Kevin Karhan 
@vmbrasseur PRECISELY THAT!
They could do it like my website and have 0 cookies and 0 trackers…
- They CHOSE to be assholes and not respect users' #HumanRight to #privacy instead!
@vmbrasseur They could have respected “Do Not Track” in browser settings if they didn’t want to display cookie banners.
DJ Sexy Fresh@vmbrasseur "empowering our customers with fine grained privacy customization via popup, every time they open any website" is the dumbest, fakest shit ever
Matt@vmbrasseur it's 100% to blame, which is easy to prove: Would those banners exist without the law? No they wouldn't.
Sam Deane@vmbrasseur it’s too simplistic to say the law isn’t to blame. Yes it’s malicious compliance, but it could have been foreseen.
It is incumbent on the legislature to make good law, that is enforceable, and to think through the likely consequences. This was a massive failure on that front.