SoylentNews is people
SoylentNews
European Authorities Ban Dirty Cookie Practices in GDPR Update:
When GDPR rolled out across the European Union back in 2018, the sweeping legal framework pledged to bring consumer privacy and protection to the forefront. In the years since then, we've seen the adtech industry at large do its collective darnedest to undermine these laws at every turn, and largely get away with it, thanks in part to the squishy phrasing of some of the legislation's most critical clauses.
Now, European authorities are stepping in to cut that squishiness a bit. On Monday, the European Data Protection Board—the Union's oversight committee for GDPR-related issues—released a 31-page manual (pdf) calling out some of the slimier practices used by adtech companies to fudge consent on an internet browser's behalf.
These new guidelines specifically call out the sites that assume a user's agreement to be tracked and targeted based on say, the way they scroll down a webpage, rather than relying on their explicit agreement to that deal. Also called out in the memo are "cookie walls"—a cute name for the not-so-cute tactic where sites bar internet browsers from accessing their content unless they agree to allowing cookies and trackers on the site.
These are both tactics that directly step on the concept of user consent. [...] GDPR was written to require that websites garner a visitor's consent before they handle that visitor's data, and before they pass that data down the garbled supply chain of third parties in the adtech ecosystem. As you might imagine, the GDPR painstakingly lays out exactly what does and doesn't qualify as consent, requiring that, in short, these websites explain the tech used to track the visitors in a clear and upfront way. It also requires that they offer these visitors an easy way to opt in or out of this sort of on-page tech.
(Score: 5, Insightful) by gtomorrow on Thursday May 07 2020, @01:39PM (25 children)
One of the reasons I ♥ EU.
And before all you zombies start talking about paying the bills and making money, let me tell you kids...I remember an internet that was ad-free. And I'm betting a good percentage of the (for lack of the proper term) people here do too.
(Score: 2, Touché) by Anonymous Coward on Thursday May 07 2020, @01:52PM (6 children)
My Internet is still pretty much ad-free.
(Score: 2) by rob_on_earth on Thursday May 07 2020, @02:12PM (2 children)
Not sure if you are referring to adblock/ublock and noscript etc, but there is still a lot of sites (in number) that refuse to have ads. It is lot harder to find them as Google seems to promote the ad laden the highest.
Hmmm, how could I make money on a search engine that only returns sites that have no ads ... ?
(Score: 1, Funny) by Anonymous Coward on Thursday May 07 2020, @02:53PM
You could put ads on your site?
(Score: 0) by Anonymous Coward on Thursday May 07 2020, @03:57PM
It's not exactly going to be a fair fight. Even if you make it work, the bastards will come after you for screwing with "their money".
This I think is how WW3 starts. The EU, trying to do the right thing, annoys too many people with too many rotten interests. Unfortunately including the USA which currently finds itself on the same side as Russia, Hungary and North Korea regarding the Rule of Law. They're for YOU not ME.
(Score: 2) by gtomorrow on Thursday May 07 2020, @02:23PM (2 children)
How many hoops did you have to jump through? Or do you have some magic browser that is just plug-and-play, so to speak, that returns your browsing experience to pre-Google 1990s-level tracking/spying/eternal cookies?
Yeah, maybe I didn't express myself previously in the exacting terms needed to be "understood" by the Autism Spectrum disorder crowd here.
BTW, Firefox here with μBlock Origin/HTTPS Everywhere/Privacy Badger/Disconnect/Decentraleyes >> Not non-trivial.
(Score: 1, Insightful) by Anonymous Coward on Thursday May 07 2020, @04:01PM (1 child)
TrackMeNot, DeCentralEyes, and about 10 FF about:config hacks. Easy peasy.
https://www.youtube.com/watch?v=_Ef5dRyvQ1Y [youtube.com]
(Score: 2) by gtomorrow on Thursday May 07 2020, @05:19PM
You've just illustrated my original point.
And I made a big mistake in my previous comment: I meant to say "Non-trivial" and NOT "Not non-trivial," or as you said, "easy-peasy." Yes, I know DL'ing and installing an add-on isn't bricklaying, but it is a bunch of extra work that requires a modicum of homework before installation.
Look at all the virtual barbed wire we've had to put around our browser's perimeter. And we're using Firefox! Think if we were talking Chrome or Edge! The horror!
(Score: 2) by Runaway1956 on Thursday May 07 2020, @02:53PM (1 child)
Well, I remember that too, but some people say I'm no good, so I can't be part of that good percentage . . .
https://www.youtube.com/watch?v=JuAMm2Ub-60 [youtube.com]
Abortion is the number one killed of children in the United States.
(Score: 2) by gtomorrow on Thursday May 07 2020, @03:28PM
Why do the two have to be mutually exclusive?
And who told you that anyway? I'll take 'em outside and teach 'em a lesson! ❤️😄
(Score: 0) by Anonymous Coward on Thursday May 07 2020, @04:58PM (2 children)
oh yeah, thanks for saving me from my own freedom to make decisions. sycophantic slaves.
(Score: 5, Interesting) by gtomorrow on Thursday May 07 2020, @06:00PM (1 child)
While there are volumes and volumes of questionable laws and regulations on the books of every region on this planet, I respectfully submit that the subject at hand is not one of them. I don't want to be sold out and spied upon nine times over just to read an article on a website...but you do? Are robocalls a good idea in your opinion? I guess you have the freedom to not answer the phone, even 20 times a day. It's your "choice," right?
Wait a minute...I bet you're one of those "people" more concerned with going to the beach instead of not spreading a devastating virus. Freedom over stupidity uber alles, damn the consequences! NB: I didn't say "Security over freedom," just to be crystal clear.
(Score: 0) by Anonymous Coward on Saturday May 09 2020, @06:32PM
no, i won't visit those sites anyways, b/c i'm not an ignorant slave.
robocallers can't get my number b/c i run my own pseudo phone company using voip.
Regarding the beach, i don't know why you twist the point by acting like just b/c people are in favor of freedom , they must also in favor if irresponsibility.
I'm for people keeping their natural born rights. That does not mean i advocate that they should be able to violate your rights.
I am not responsible for dictating how you raise or don't even birth your kids.
that's on you.
i'm also not responsible for invisible viruses and your immune system.
(Score: 0) by Anonymous Coward on Thursday May 07 2020, @05:13PM (9 children)
Well done for supporting legislative overreach for a non-issue when the client side was already 100% under user control. The end result of this stupidity is that server-side geofencing is widely used to restrict access to connections from the EU, meaning people employed abroad or with dual citizenship need a VPN to get hometown news. Yay freedom?
(Score: 0) by Anonymous Coward on Thursday May 07 2020, @05:50PM (8 children)
You think you are in control? Think again.
(Score: 2) by gtomorrow on Thursday May 07 2020, @06:21PM (7 children)
Thank you, AC, for replying for me to the AC above you.
(Score: 0) by Anonymous Coward on Thursday May 07 2020, @06:54PM (6 children)
Avoiding the argument by siding with an idiot who doesn't understand the difference between having control of your own affairs and permitting psychopaths to control you? More telling than you realize.
(Score: 3, Informative) by gtomorrow on Thursday May 07 2020, @07:37PM (5 children)
...says yet another psychopath looking to control me.
Look, I've said what I've had to say. Entertain yourself by reading my other comments...or don't.
(Score: 0, Disagree) by Anonymous Coward on Thursday May 07 2020, @09:37PM (4 children)
Why am I looking to control you? If you want to believe the EU enacted GDPR for your benefit rather than to ringfence commerce and information, that's okay. It's okay to be wrong!
(Score: 0) by Anonymous Coward on Thursday May 07 2020, @10:08PM (3 children)
"ringfence commerce and information"
You'll have to provide better support for your argument than that.
(Score: 0) by Anonymous Coward on Thursday May 07 2020, @11:33PM (2 children)
You should Google the term "trade block". It's going to blow your mind!
(Score: 0) by Anonymous Coward on Friday May 08 2020, @12:13AM (1 child)
-1 doesn't know what they're talking about.
(Score: 0) by Anonymous Coward on Friday May 08 2020, @05:56PM
IKR and after I'd pointed them in the right [hbr.org] direction [taxamo.com]
(Score: 1, Interesting) by Anonymous Coward on Thursday May 07 2020, @05:48PM (2 children)
I remember it too. Remember when Web Crawler and Ask Jeeves were the best searches available (there was a reason early Google took over... and I maintain an early Google would steal a large market share from modern Google with its bubbling and inconsistent search results...)? Remember when you followed web rings, hoping to find another interesting website? Remember when if you were lucky, you might have a phone number for a nearby store so you can call them to see what they had in stock?
The inclusion of advertisement money has done much to make the current web as great (and terrible) as it is. I'm not even 100% convinced we'd have the cheat bandwidth we have (remember when a T1 line was that expensive thing people aspired to?) if it wasn't for the money advertisement brought with it.
I hate ads as they currently are, but let's not imagine that the introduction of big-money has done nothing for the benefit of the Internet.
(Score: 2) by gtomorrow on Thursday May 07 2020, @06:17PM
Okay, Grey...move away slowly from the computer with your hands up...
I will concede some of your points regarding "the big money;" I'm not that naive to think the infrastructure grew out of nothing. That said, at what point does the intrusion stop? I just want to read a recipe and not submit to a virtual cavity search. I used to see it as (antiquated example) that guy on the subway reading your newspaper over your shoulder. It's long gone beyond that: that guy is reading your newspaper over your shoulder while you're on the toilet at home...and he knows what brand of toilet paper you buy.
(Score: 3, Insightful) by sjames on Thursday May 07 2020, @09:01PM
The thing is, ads are quite possible without darting and tagging you like a wild bear. There's no need for them to jump out at you from every corner.
(Score: 4, Informative) by pkrasimirov on Thursday May 07 2020, @01:44PM (1 child)
> and largely get away with it
There's the problem right there.
(Score: 2) by DannyB on Thursday May 07 2020, @03:58PM
Trust but verify?
Would a Dyson sphere [soylentnews.org] actually work?
(Score: 5, Insightful) by Anonymous Coward on Thursday May 07 2020, @01:48PM (3 children)
I've tried to say "No" a number of times, and the process I needed to go through was far, FAR from easy. One site had a checkbox form where I had to remove consent from each item on their list - the list had 100's of items to uncheck. That, right there, is BS.
Easy is ONE button that says, "yes, I consent", and ONE button that says, "no, I do not consent". Simple. Anything more is pure BS.
(Score: 3, Interesting) by Fishscene on Thursday May 07 2020, @01:56PM
I know I am not God, because every time I pray to Him, it's because I'm not perfect and thankful for what He's done.
(Score: 3, Insightful) by pkrasimirov on Thursday May 07 2020, @01:59PM
It's even simpler. It should be opt-in only. Then they can put 1000s of switch-boxes if they want.
Also no question should be asked twice. If I give an answer and change my mind later, it should be by my initiative to find where in the web page to change that answer.
(Score: 2, Informative) by khallow on Thursday May 07 2020, @02:01PM
Name names! Who put out such a shoddy trap?
(Score: 5, Interesting) by rob_on_earth on Thursday May 07 2020, @02:07PM (1 child)
By the time the page has loaded far enough to load the Cookie message, numerous requests have been made to numerous ad agencies and each HTTP/S request is sending cookies.
I had to debug a slow page load and found a single tracking pixel that ran a bid system through many ad agencies including Google and Yahoo. Watching the traffic in a trace was mid blowing. 12 times it redirected and each time cookies were sent/received.
The whole GDPR side of this should be on the user. They are the ones deliberately sending requests to the webserver via their browser and then allowing the same browser to include cookie information.
(Score: 3, Interesting) by krishnoid on Thursday May 07 2020, @06:27PM
Are there tools out there for visualizing or logging/reporting these chains of events during web page loads? It seems like that would be really helpful [www.zeit.de] in watching/replaying these.
(Score: 5, Insightful) by Mojibake Tengu on Thursday May 07 2020, @02:09PM (5 children)
The wrong is on browsers mechanics and crappy protocols design.
Web transfer logic has no proper topological closure. That leaves user vulnerable to unwanted information flow.
A consistent page should never allow loading any of out-of-domain resources.
The edge of 太玄 cannot be defined, for it is beyond every aspect of design
(Score: 1, Disagree) by gtomorrow on Thursday May 07 2020, @02:27PM (2 children)
Thus negating the entire concept of hypertext. Nice!
I think Rupert Murdoch was also in favor a similar design.
(Score: 5, Informative) by Mojibake Tengu on Thursday May 07 2020, @03:04PM (1 child)
Not true. A hyperlink is a transfer of location, and should not be misused as a transfer of data.
Its meaning shall be "let's go there" and not "throw at me whatever you want".
The edge of 太玄 cannot be defined, for it is beyond every aspect of design
(Score: 2) by gtomorrow on Thursday May 07 2020, @03:37PM
You are absolutely correct. I had forgotten that that was the original intent before it got subverted/subjugated.
(Score: 1, Interesting) by Anonymous Coward on Thursday May 07 2020, @02:54PM
Which is how several of the plugins I use work, only load third party content if I have consented.
But if the target web server would tunnel the traffic to ad and tracking services, most of the browser privacy tools would be bypassed. I don't know why sites would not be doing some of this.
(Score: 1, Insightful) by Anonymous Coward on Thursday May 07 2020, @05:32PM
"The wrong is on browsers mechanics and crappy protocols design"
There have been people saying that since the 90's, and it's true. People don't understand the value of what they've lost. I'm sure in China they already use cell phones to round up dissidents and stick them in concentration camps. Probably other countries too. The inability to communicate anonymously chills speech. I remember the crazy shit people used to say on usenet. These days, it is rare to find people speaking openly in a dissident way online. We aren't at risk of having chilled speech, we already have it.
Eventually some nutroll is going to take their personal privacy seriously. There will be blood and a great deal of wrending of garments. The news will call the person insane, and attribute the event to the person not being adequately tracked by the state. They will be famous and the same people who have been actively subverting civil rights in the press, will then write books about the whole thing. It will be a best seller for a while.
The thing is, it is kind of hard to make a villian out of a vigalante if everybody hates the guy that got whacked. That is why it will make such a good story. I know I will buy a copy.
(Score: 0) by Anonymous Coward on Thursday May 07 2020, @03:39PM (1 child)
Need tracking consent?
Oh, hey, I don't need your website.
Oh, you really have my nuts in a vice?
*sigh* fine, let me dig up that bootable CDROM ...
(Score: 2) by DannyB on Thursday May 07 2020, @04:02PM
but . . . they're baked by little elves in a hollow tree!
Would a Dyson sphere [soylentnews.org] actually work?
(Score: 4, Insightful) by ilsa on Thursday May 07 2020, @04:56PM (3 children)
Considering how much effort the ad industry is going through to circumvent the laws, it's clear that they know exactly what they're doing, have no qualms about doing so, and are just going to do more of the same even with the tightened up regulation. There is no law that can be circumvented, especially when you throw in creative uses of technology.
User tracking should be outright banned, and it should be made clear that the ban is in place specifically because these douchebags (who should be called out by name) refuse to act like decent people. Just as spoiled entittled toddlers get their toys taken way, the same should occur for these spoiled entitled corporations.
(Score: 2) by gtomorrow on Thursday May 07 2020, @05:25PM
Hear, Hear!
Now I'm just repeating myself! Hehehe. But IMHO you're absolutely right! Eloquently put! Hear, he...oops.
(Score: 3, Informative) by sjames on Thursday May 07 2020, @09:13PM (1 child)
This. I remember well when the "ad industry" offered up Do Not Track, claiming most people didn't mind being tracked. It took about 2 months for every single web ad provider to break their promise when they saw how many people selected Do Not Track.
Then, of course, there's all the drive by trojans and viruses that the ad providers utterly fail to screen out and disclaim any responsibility for.
(Score: 5, Insightful) by NCommander on Thursday May 07 2020, @11:20PM
Not running ads on SoylentNews is one of the best decisions we ever made as a site, and one I'm happy remains possible. We're one of the very few places on the "modern" Internet where something like Ghostly reports zero. Even most modern one-man blogs either have ads, or trackers of some sorts.
Still always moving
(Score: 3, Funny) by krishnoid on Thursday May 07 2020, @06:35PM
Sadly, if there was ever a time for Cookie Monster to allegorically explain something to me, this is probably it.
(Score: -1, Troll) by Anonymous Coward on Friday May 08 2020, @10:22AM
Do not blindly think that it's a good idea as it is not!
I'll tell you how it really works:
1. The cookie notification is more than half screen, covering 90% of content and the rest is a menu and title.
2. If you turn your cookies storing off, you cannot get rid of the message.
3. To close the message... no, not a Netscape's minimizable iframe! That would be incompatible! You need tons of JS which profiles you nevertheless. So as I block cookies and JS, I also block divs with cookie agreements.
4. In some sites, the agreement window is made the way that using site with it takes 100% of CPU - it is forced for example by CSSing in the animation for the rest of screen.
5. And if you don't agree for cookies and remove the window with userscript, the page will write HTML5 local storage happily.
So this is a typical effect of, what I say, trying to stop the seasons with written law. The true answer to the problem would be to anonymize traffic, force accepting the traffic from VPN and similar solutions and supply scripts with fake data on the browser level. But we say about modern browsers in which it is impossible to block domains "because security" (or, what's more logical, because CF, a Firefox new master, needs to fill their pockets).
(Score: 2) by VLM on Friday May 08 2020, @03:01PM
If it hits the ground for less than three seconds then its still clean enough to eat
(Score: 3, Interesting) by Bot on Friday May 08 2020, @07:03PM
The EU, and the system in general, approach to privacy is a joke, either to let the friends spy on people, or to make everybody so angry that they invoke a privacy which helps evil actors continue acting even in the age of information. So, a joke on us.
The defence of privacy is a matter of adding layer over layer of bureaucracy and adherence to the demands of the day. You must tell people you are using session cookies? one more popup to click through? what for? have the internet police load the page and see what cookies persist.
But even that is a reactive strategy. You usually lose the war with reactive strategies. Proactive strategies are:
1. sites must be explorable through anonymous proxies (tor et al.)
2. sites must not require personal info
3. sharing of internet connection is allowed by any ISP.
Now, this comes with drawbacks. But you can't have it both ways. Either choose total transparency and track every cent (yes, the elite wants this but they will not track the most dangerous people, i.e. themselves), or have a big cauldron of anonymity and hope to catch criminals when their crimes filter to the real world.
Account abandoned.
(Score: 0) by Anonymous Coward on Saturday May 09 2020, @06:37PM
I will not comply with web design orders from professional parasites. Come get some, motherfuckers!