3
nitnip
3y

do GDPR compliance pop ups actually do anything?

When a website obstruct 70% of my screen with one of those I just remove the div element from the html and everything seems to work fine.

Comments
  • 2
    I feel like a lot of GDPR has its heart in the right place, but really isn't connected to user behavior / how users operate and etc.
  • 6
    @N00bPancakes I don't know anything too specific about it nor have I had to implement it in any way.

    I understand websites use cookies and those cookies are stored in my computer depending on my browser's settings (I could wipe every cookie every time I close the browser for instance).

    I just honestly don't understand why that ever became a problem. It's not like having a no-cookie policy will stop websites from collecting your data and storing it in their own databases, then having those databases breached and leaking everything out.
  • 4
    The issue is that many of those popups are just for show
  • 3
    @nitnip Thank you! That's exactly what I think. Why the fuck does the content need to tell you it is content? Just turn off fucking cookies in your browser. Done.

    I don't get it at fucking all.
  • 4
    @nitnip it's not the website that's the problem.

    Say, an ad plants a cookie on you from website X.

    Then you navigate to website Y, and that website uses the same ad company for ads, this ad company now knows you were on both.

    Let's say both websites or even pages you visited contain Nike Shoes, now the ad company is aware you're looking at something specific and can start throwing up ads targeting you and your current behaviour.

    Google / Facebook being implanted on virtually every website creates this problem at mass scale, but as you said "it's just a cookie" it's also a unique identifier that's accessible on every website you visit and your anonymous visit is now targetable.

    Deleting the cookie doesn't help, your IP and browsing behaviour, even browsers fingerprint can be all used at length to identify you even without that cookie.

    The GDPR popups are merely an awareness effort gone horribly wrong.
    The fact that most are "accept or fuck off" rather then "I don't want your useless cookies" is just meeting a requirement and pissing everyone off in the process.
  • 2
    @C0D4 but I don't think even banning cookies altogether would fix this. If cookies were not a thing, ad companies could still get your information in another way.

    For example, by making the website you're visiting call an endpoint on their server with all your request information (ip, user-agent) as well as the site's keywords (shoes, nike, shopping, etc).

    It would mean a bigger load for the ad company but nothing would change in the grand scheme of things.
  • 3
    @nitnip exactly, rendering cookie the blocking approach useless.

    There is the cluster approach which chrome (not Google) are looking at bringing in, but it's already been proven to still be identifiable.

    https://privacysandbox.com/
  • 3
    @C0D4 the problem is that the gdpr if I read it correctly actually disallow barring users that say no to cookies or storing of data.

    You classify the cookies into necessary, functional and marketing.

    And gdpr requires you to be able to reject all but the necessary and still use the site.

    But I do not think they have really started to enforce it, and for sites outside of EU that does not have any legal representation it might not even be possible to enforce.

    The idea is good but implementation is still a bit grey in many areas.
  • 3
    There are mainly two problems with cookie banners:

    1) About 99% of them are actually not done correctly. If it doesn't have a "reject all" button right at the start (and that actually works!) they violate the rules.

    2) The way it's done now is shit. The right way to handle this would have been browser-side permission dialogs like we get when a site wants the user's location etc. But for such practical solutions the EU leaders are a bit too incompetent and a bit too corrupt.
  • 2
    @deadlyRants nothing prohibits browser devs from making 2) and websites from adopting it.
  • 1
    The GDPR dialogues are just compliance theater.
    Use the "I don't care about cookies" extension and disable third-party cookies completely.
    That - together with uBlock Origin - should actually be enough to prevent most tracking (and ad displays).

    If you want more "protection" it gets real dirty real quick - uMatrix, while discontinued, still works...
  • 2
    @Voxera GPDR does not talk over cookies at all, and neither about "necessary" and "marketing".

    It rather has the justifications "required", "legitimate interest", "informed and free consent" (and "required by law" obviously).
    What data is processed with what justification, is _generally_ up to the company to decide - if the company gets it wrong, it has to pay a fine (and the law defines rules for each category).
    Only for "informed and free consent" such banners are required. First party analytics can usually be passed as "legitimate interest".
    Only if a company wants to process data based on a "free and informed consent" it has to show a popup with a "reject all" button. As it is "free" consent, users may not be locked out of the site or have disadvantages.

    Back to cookies: The distinction necessary/optional is from e-privacy, which disallows storing *any* unnecessary information (not just PII!) on a user's device without consent.
    Unfortunately both laws apply...
  • 0
    @electrineer Websites wouldn't adopt this unless they were forced to. There's a reason 99% of sites employ dark patterns and other tricks to get users to accept cookies.

    They don't want users to reject cookies, and want it to stay as complicated as possible. Just look at how Facebook panicked after Apple made all users explicitly choose whether they want to get spied on, and 75% of users disallowed it. They profit from users getting angry at cookie banners, they sure as hell won't give that up voluntarily.
  • 0
    GDPR generates more billable hours. That's all that matters. I'm wasn't using the "frontend" of the internet myself anymore anyway.
Add Comment