A cookie notice that seeks permission to share your details with “848 of our partners” and “actively scan device details for identification”.
You must log in or register to comment.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 57 users / day
- 383 users / week
- 1.5K users / month
- 5.7K users / 6 months
- 1 subscriber
- 2.81K Posts
- 70.6K Comments
- Modlog
We all have a fundamental right to privacy, which is constantly violated. Not just on a daily basis, but on a minute by minute basis.
But to play devil’s advocate for a moment to assuage some FUD around posts like this, how many of the absurd amount of cookies overlap in otherwise innoculous ways. For instance, product tracking cookies. Say you bought a pumpkin on Amazon, and that drops a gorde cookie, a pumpkin spice cookie, a cornucopia cookie etc.
That’s certainly not the same as buy a pumpkin, track your location around the nearest pumpkin patch, read your grandma’s emails about pumpkins, and collect information to determine your likelihood of buying another pumpkin based on your sexual orientation.
The latter certainly exists, but does anyone know much about the former? How prevalent would they be in that 850?
2 days and this post has fewer likes than number of companies that get your data for visiting the Verge. Holy crap, that’s terrifying
Don’t worry bro, its just me and 2000 of my closest friends. Totally legit.
Me: *logs on to their website*
Them:
Remember when they passed laws protecting our library and video store rental histories instead of letting data brokers hoover up every song you listen to and every news article you read?
If you’re referring to the US’ Video Privacy Protection Act, it was passed only because it slightly embarrassed a Supreme Court nominee.
So for there to be half-decent online privacy laws in the US, first someone will have to leak Clarence Thomas’ Pornhub search history or something like that.
Yea because I want a news site to have my precise geolocation data.
https://github.com/OhMyGuus/I-Still-Dont-Care-About-Cookies
Alternative if the first one doesn’t tickle your fancy.
https://github.com/cavi-au/Consent-O-Matic
Well. I appreciate the honesty… I guess.
As someone who works in tech, I can confidently say that many people plainly do not understand what cookies do and why they exist. There are plenty of cookies that are good and useful, but third party advertising tracking cookies are the devil folks don’t like. Necessary, performance and functional cookies are all chill.
A question: What is preventing the site using one huge cookie for all purposes, thus preventing fully functional use of the site without also enabling all other forms of tracking?
Same thing that’s preventing them from ignoring your choices or not offering them in the first place: nothing technical; it’s all up to the legal system.
I’m not sure how sites generally do it, but from my web dev experience in the past, I wouldn’t be surprised if it is actually implemented as one giant cookie. Iirc cookies are attached to domains and one domain can’t access another’s cookies. So if they are sharing the data on their end, I’d guess it is one big cookie. If they have their site set up to make the clients share the data themselves, I’d guess there’s a cookie for each partner’s domain.
It’s even possible that the information is shared without using actual cookies at all, since data can be sent to servers using the http get request. If you see ? in the url, everything after that is a list of arguments and values… Though the entire URL (after the domain, which maps it to that server) is data and doesn’t have to map to a directory structure and file on a server. Maybe this falls under the umbrella of “cookie” despite technically not being a cookie.
Or maybe it’s a loophole where the legislation focused on just cookies and falls back to these methods. Probably not, because if it’s done on the client side, it would be easy to detect by anyone who knows how to look. But who knows what’s going on on the server side of things?
Edit: my knowledge here is dated and outside of my specializations, so consider this more technically informed speculation than necessarily applicable to how things generally work. I say this because I see another comment came in while I was writing this that contradicts mine about a giant cookie being technically possible. My own use of cookies was to store a session id so that php could find the data that was being stored server side that was necessary for site functionality (like storing logged in state, user id, and other internal stuff we don’t want users being able to change by editing a cookie). They worked like maps iirc where you just give them key:value pairs, thus could store an arbitrary amount of data.
Cookies are very small snippets of code that have a specific purpose. Making a one-size-fits-all cookie would make them complicated and much harder to track - which goes against the point of a cookie. Also, cookies are often independent of each other because they are from different providers/different tools. Having a one-size-fits-all cookie would also present a security hazard and make laws similar to GDPR about cookie tracking difficult to implement. An example of a tool that actually does use one cookie is Adobe’s Marketo. You can read some more about them here. https://termly.io/resources/articles/types-of-internet-cookies/
Like the cookie that stores the “Reject All the cookies” response for your next visit 😇
Exactly - which would likely be a persistent necessary cookie on most websites.
And the EU has forced us to answer that goddamn “do you accept cookies?” question on every frigging website. How many people just click “accept all” to get on with things?
THAT IS A BIG FAT LIE! The EU did not force any such thing. The EU simply said that people’s data cannot be used without consent. This is the website asking for consent.
Website developers have a perfectly valid choice not to collect any data. They chose their profits above your privacy.
I have a website and I don’t have a popup asking for consent, because I don’t need to, because I don’t collect any data.
Cookie Auto-Delete helps with that.
There’s cookie lists in uBlock Origin. Just enable them.
The EU has forced them to give us the option. Previously, they’d do all of that shit without telling you.
Previously I just opted out of all cookies as a browser setting.
ok to be honest i’d rather have the choice to accept or decline it and waste a couple seconds then having all of that enabled by default with no way to reject them
I have the ghosrtery extension on Firefox, I have it set to auto reject all tracking cookies, and reject all third party “legitimate interest” cookies. I’ve heard there’s other extensions that do the same, and maybe better, but I already have it set the way I want.
I just occasionally wipe everything. I have to reenter passwords and such but it isn’t a big deal.
Check out the Snowden movie. That’s so much worse.
I’d like to see a cookie notice that just says “it’s your browser, figure out how to get it to handle cookies however you want. If you accept cookies we’re gonna use them and you can safely assume we’ll use them for anything and everything they might be useful for. European regulators can eat a bag of dicks.”
848 partners? Damn I hope y’all got tested.
Now name them all.
I feel there’s inflation over the word ‘partners’
STD: site-transferred data
I think you actually usually can get them to list them all, never much interested, they’re all going to be completely random names you never heard of, just so long as I can reject them all, that’s all I care about, otherwise I have to browse a different website on principle.
This is for legal reasons mostly. They don’t think anyone reads this so they went for the most blunt and transparent language, which also gives them the most legal certainty. The banner is missing the reject all button though, which in Europe is seen as required by many of the privacy regulators.
deleted by creator
Why did you edit your comment? At least own it.
Big oof here. Maybe make sure you understand what you’re talking about before criticizing others?
You underestimate people’s laziness and their burn out. An extra click to reject all is an extra click people won’t bother with. I literally used to go all the extra steps to reject these things, even when a reject all button was not provided. Plus I’ve found that sometimes the reject all button doesn’t actually reject all, and there are a few hidden settings still left to uncheck. It’s ridiculous. It should be 1 click, just like hitting accept is 1 click. The ease of use should be 1:1. I was getting burned out by those extra clicks and all that manual checking that took like 20s-2mins of my time. That adds up. All to read a single paragraph on some website? Bruh. Used to do this until I discovered ublock origin has settings that can be used to block cookie consent forms.
To you, one extra click is no big deal, like a paper cut of inconvenience. To me, it’s the thousandth papercut I’ve received. I am tired of it.
How is it nonsense?
The EU law is that the reject all should be exactly as easy as the accept all button. 1 extra click, however minor of an inconvenience it is, is extra effort. And therefore strictly speaking in violation of the law.
Nothing will ever happen but it’s valid criticism.
Reject all will most likely be in the settings submenu. Websites are annoying and hide that function as far away as possible.
It is.