A notice asking if you want only necessary cookies or all cookies, including ones that profile you, is like a maître d’ asking you “would you like to dine with us or would you like to dine with us and have your organs harvested?” What about my entering your restaurant prompted you to think I’d ever want the latter?


@aral I think the intention behind the laws protecting privacy online is good, but the implementation has just made things worse, in that most people will just click agree to get to the site, so they are legally agreeing to something that was just happening without agreement before.

@aral It could have been done in a different way, where the law set out different classes of tracking that you could agree to or not as a policy that was set in the browser. E.g. no tracking, only tracking within this domain, and any tracking. Then people could set a global policy they were happy with and the browser would negotiate with the individual sites. That way you could make a meaningful decision when you set the policy rather than having to read (or not read) all these notices.

@highfellow @aral

There is already a do-not-track setting in most browsers, since it's part of the html standard.

Two things which I wish the GDPR had done was:
1: Make it mandatory to respect the DNT setting. If it's set, that means no tracking.
2: Make it mandatory to have a "no" option equally visible and just as quick to select as the "yes to all" option.

That would have removed a lot of the hassle which companies are now annoying us with.

@Mr_Teatime @aral thanks for letting me know about the do not track option - I didn't know about that. I agree that it would have been good if the EU had made it mandatory for companies to respect that setting. My idea was for a more fine grained set of choices as to what level of tracking you were willing to allow and for what purposes,but a simple yes or no would be okay too.

I suppose there would have been a case for extending DNT to more fine-grained settings -- if it had ever been actually used for its purpose.

Although: That would require people to configure those settings. And if you want to allow a particular website to keep you logged in or similar, you could still click on a button there to confirm a DNT exception that lets them set a cookie which contains that information (and is only readable by them)


@highfellow @aral

I don't see the implementation of the law as the issue (although it could have probably gone a lot further), but really all thos dark-pattern cooky banners are simply a passive-aggressive way of companies to respond to the law.

"oh, you want the ability to choose? Right, here's five pages of options, have fun choosing (or just say yes to everything). Wanna know what we do with the harvested data? Here's 10 pages of ambiguous legalese, hope that makes you happy, punk!"

@Mr_Teatime @aral my point was that if you could make a meaningful decision once that you had spent time thinking about, when you set your tracking policy in the browser, and if the law had made it mandatory for companies to respect the policy you had set, then we could have had better privacy rights without the passive aggressive cookie queries you are talking about.

Yes, makes sense.
I think I misread part of your toot. Sorry about that.
I'm hearing too many complaints about "making those annoying cookie banners mandatory", when 90% of the annoyance is the choice of the companies who make them. Like they could present the same choices in a straightworward manner if they wanted to. The remaining 10 percent is mostly due to companies choosing to track users without technical necessity.

Biggest fault of GDPR is it came too late.

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!