EDIT: I didn’t realize the anger this would bring out of people. It was supposed to be a funny meme based on recent real-life situations I’ve encountered, not an attack on the EU.
I appreciate the effort of the EU cookie laws. The practice of them just doesn’t live up to the theory of the law. Shady companies are always going to find a way to be shady.
deleted by creator
I’m pretty sure breaking your website with no cookies is against the rules, actually. It’s either serve the EU with GDPR-compliance or GTFO entirely.
Yeah, you could still just break the law, but as usual there’s a cost to that one way or the other.
this. and honestly I wish more websites followed the “serve under gdpr or don’t have a European marker”. A random blog once wasn’t available in the EU because of GDPR. And you know what? It’s better than them violating GDPR and the EU doing nothing.
Tons of companies break the cookie law already, but enforcement seems to be rare
I’ve heard stories about some of the big guys getting hit with sizable GDPR fines. I don’t really know the full extent of what they do but I do imagine there’s someone that makes it their job to prosecute GDPR violations.
Doesn’t enforcement work by letting competitors sue you if you don’t follow the rules for these things?
What’s the cookie law?
No cookies before dinner.
If websites want to track you through cookies, they have to ask for permission.
The cookie consent banner has to allow you to opt out of cookies as easily as accepting them
Almoat true, it actually has to be a opt in system, opt out is illegal already!
Yeah, I think it has to default to off but I believe the banner they show shouldn’t make it harder to continue with it being off rather than turning it on
It’s more about the big boys. If they act in a way that breaks the GDPR, now the EU has a stick to hit them with.
So far I’ve only seen small US newspaper who did this. Is anyone angry about this?
I just happened to run into a few recently. Just venting some frustration.
There’s a medical website that appears in top searches (forget the name) that does it too but yeah, mostly seems to be news websites but not the big ones. In most cases Unlock Origin or the like can hide the panel they throw up to choose if you really need the info or archive or 12ft ladder can get you the info.
deleted by creator
That’s the one!
I love how my description of basically “it’s a website in searches” was enough for someone to figure it out 😄
I dns blocked them after constantly clicking on the first result and it being their site. The “please enable cookies” wall started to get old fast
If only there was a way to store state of that decision…
https://www.tagesspiegel.de has no option to disable cookies without a subscription from contentpass. I think it’s contentpass’s buisines model.
I feel like people would have responded to this meme better if you didn’t depict the European Union as an NPC
Especially compared to some scummy corps.
They’re the ones who made the law. Who else should have been in the meme?
The businesses who are actually doing this shit and not the people actually trying to solve issues in the world lmfao.
People complaining about the cookie law don’t understand the issue.
The law doesn’t state that websites have to show a cookie banner. It states that if a website wants to track you with cookies, they have to ask permission.
You can get websites (like lemmy and wikipedia) that don’t ask for cookies, because none of them try to track you.
So if a websites demands cookies or they don’t allow access, it is a clear sign that the website only cares about your visit if they can invade your privacy for profit.
Meaning it will just be a dumb clickbait website with no decent content anyway, that you should just skip.
Be me, american, using a VPN Visit some fucking webber site to read an article Cookie agreement pops up Has a decline all option pog.png Hit “reject all” New popup appears Says “We’ve detected that you’re in the EU. Due to EU regulations, we cannot display this webpage with the ‘reject cookies’ setting selected. Please accept all cookies to continue” Dafuq
Not at all my experience, but ok.
Clear sign that the only reason that website exist is to extract your privacy for profit.
Just move on to the billion other websites that don’t try to violate you.
deleted by creator
They found a way around: accept all cookies or pay 2€/months. And it was decied legal by GDPR authorities
Some national authorities allow it, most don’t. The final word will be from the CJEU or the EDPB.
The what or what?
The EU supreme court or the EU data protection agency, roughly.
GDPR enforcement is left to the member states. The EDPB isn’t an agency, its more like all the national data protection authorities in a trench coat.
even worse offenders are the ones with tick boxes for “Legitimate Interest”, since legitimate interest is another grounds for processing (just ads freely given consent is one), the fact you got a “tick” box for it makes it NOT legitimate interest within the confines of the GDPR.
it also doesn’t matter what technology you use whether its cookies / urls / images / local storage / spy satellites. its solely about how you use the data…
Then half the web violates it or there is One Pixel button that closes the damn popup.
IIRC the EU also ruled that burying the rejection options under additional links counts as a violation. Hence why Google now has a Reject button next to the accept button. Most sites still do that.
deleted by creator
I mean almost all websites fall foul of that. You often have to bury deep and end up with a palette of complicated choices and acceptances of individual tracking companies. It’s a bloody mess. The EU should just have mandated “do not track” adherence. There’s already a standard; just enforce it.
Do you know if there is a EU-wide place to report such behavior?
The biggest privately owned TV channel in my country not only does that, but actually just redirects you to a pdf file if you want to “manage cookies”. And it’s not like I can submit a complaint on a national level, as the ruling party’s website uses google analytics without a cookie notice at all.
I think you report to your nation’s Data Protection Centre, each member has their own that takes the reports. If I was still in the EU I would have put more time into finding out how reports work.
Yeah, either of the nation or your nation may have data protection officers for individual states/regions.
https://dataprivacymanager.net/list-of-eu-data-protection-supervisory-authorities-gdpr/
Here you can find the GDPR authority per EU country.
Most sites definitely don’t do this
I encounter something similar to this often.
There’s a lot of cookie banners where “Accept All Cookies” is a single button but in order to reject cookies you have to press a “Manage Cookies” link which will have something similar to a “Reject All Cookies” button in it.
It’s very annoying.
Yeah this is very common, I don’t know why other people on here are gaslighting like it doesn’t happen. It’s this way for major sites like YouTube/Twitter/Twitch/etc too. Hell even embedding a YouTube video on a site is violating GDPR. It’s a good idea, but needs a version 2.0 patch to fix some exploits.
There is also a name for these kind of psychological tricks and pressure. It’s called nudging.
I found a small report on this by the EU Commission’s science and knowledge service. https://publications.jrc.ec.europa.eu/repository/bitstream/JRC127856/JRC127856_01.pdf
There are surely even better resources.
They’re still widely used for some (illegal) reason
Because they rest safe in the knowledge that you rarely if ever get taken to court for it. There are millions of web pages, it needs people to take action to do something about it, and just clicking “Yes all of them” to access the content you were just trying to get to is a far better solution in most situations than hiring a lawyer and investing a few years of legal proceedings, nevermind the money.
There is an organization called nyob (I think) pushing back against that and going through the courts to have more sites penalized for their violations. The process is slow, but I see more and more pages adopting the required “reject all” so there seems to be some pressure on them.
But what are they going to do about it?
“Here’s a fine, if you don’t pay it your site can no longer operate in the EU”
“… ok”
The EU is an important market for many websites, so yeah, that is usually what happens.
We’re specifically discussing websites that refuse to load in the EU anyways as per the post
I understood the post as those webpages only refusing to load, if the user declines Cookies. So, they do still want to benefit off of those EU users, who click “Accept”.
Ah, I think I misunderstood then.
Those pages can just fuck off. There are many more pages.
Of course that’s just my opinion.
why are the EU the only people that bother to actually govern in a modern and helpful way
Yeah being unable to open… checks notes local news websites from the US has been a real deal breaker
Frankly I wish I could fit more US politics into my life, so it’s been hard, I tells ya.
Then you’ve picked the right place my friend!
In my experience it seems to be medical websites and recipe websites
I have run into this recently on several non-US, non-news sites. I have actually never run into it on US local news sites, so I don’t know what you’re on about.
Yeah it’s a tragedy
Sometimes its relieving when you go to do something and you find out that you have already finished, lol.
Shrewd businessmen: 1
tyrannical big government: 0
Road to hell, good intentions and all that. Government fundamentally misunderstanding the role of cookies and the fact that browsers can handle user privacy with trivial effort by default rather than having every single website annoy the fuck out of you with a million goddamn notifications before actually showing you what you want to see.
The annoying popups are an act of malicious compliance from data harvesting companies. The tracking industry wants people to associate the right to privacy with stupid annoyance, so that people will stop demanding privacy.
The legislation does not say anything about cookies. It’s about rights and responsibilities in data collection (no matter how it’s done technically). The “consent” part of it exists as a compromise, because there has been heavy lobbying against the legislation.
This is not a technical problem — we’ve had many technologies for it, and the industry has sabotaged all of them. There was the P3P spec in 2002! It has been implemented in IE that had 90%+ market share back then. And Google has been actively exploiting a loophole in IE’s implementation to bypass it and have unlimited tracking. Google has paid fines for actively subverting Safari’s early anti-tracking measures. Then browsers tried DNT spec as the simplest possible opt-out, and even that has been totally rejected by the data harvesting industry. There are easy technical solutions, but there are also literally trillions of dollars at stake, and ad companies will viciously sabotage all of it.
Well said, appreciate the write up ☺️
That’s literally the point though…
No? If a website refuses to load because you refused tracking cookies, it’s still illegal under GDPR
Serious question: I know that there are tracking cookies and the user should be able to decline those,but most sites have an auth cookie that stores you’re credentials. The devs can store it in a different place like local storage but thats really unsecured.what can the devs do in this situation when the user decline all cookies?
The EU is not stupid. They categorized cookies into the necessary ones for site-usage and those that aren’t. So developers just categorize their session cookie (rightfully) as necessary and that’s it.
Cookies that are crucial for the functioning of the website cannot be disabled by the user.
well, they can be disabled by the user and the site simply won’t work.
He means they are exempt from the EU law that says the use must be presented with the option to disable it
Usually the prompts are specifically for tracking cookies, not essential ones for login. Alternatives without cookies:
- URL sessions
- Tokens
- OAuth/OIDC third party
- Local/Session Storage (ditto - mind the risks)
The eu rules are mostly about unnecessary cookies. Most web devs just copied whatever everyone else was doing and now there’s this standard of having to accept cookies but the EU doesn’t really enforce it like that
it’s not up to the EU to enforce it.
not sure why you’re downvoted. of course member states enforce it.
deleted by creator
The GDPR is not “cookie law”, it only prohibits tracking users in a way not essential to the operation of the site using locally stored identifiers (cookies, local storage, indexed DB…)
Storing a cookie to track login sessions, or color scheme preference does not require asking the user or allowing them to decline.
Any website that does that I just close the tab.
I’m working hard to make sure all websites do that.
You will be internet free in 5 years. Yes, I wear a cape
Than I will go without internet. I’m over 40 I know how life was like before internet. I’ll be that crazy old man in someone’s neighborhood. So kindly please accept my GO FUCK YOURSELF award for your efforts.
I thought you didn’t care. Now you do?
Nah I just wanted to touch grass…
Display name does not check out as a matter of fact
We will all touch grass
my brother in christ there wont be any grass to touch soon
A world full of only ass and gas is not a world I want to be in
In THIS economy?!
Are you… the hero or villain. I don’t even know anymore
They’re anti-anti >!(like anti-hero or anti-villain)!<, their goals transcend understanding
I think we should ban trolls like this on sight.
I propose we ban /u/Touching_Grass
No you see he has grass growing in his keyboard so he can touch grass without going outside
You should travel to Europe sometime and try to use the web
I also live in Europe and almost all websites display a dialog that asks you to choose cookie preferences. However, it seems that some few websites, mostly german (spiegel.de, gutefrage) that give you the opetion to browse with ads and cookies or pay. I do not use those websites and I imagine it is not legal.
Yeah, it is great here.
Either the website is great and doesn’t ask anything.
Or it asks for cookie consent, which you can decline in 1 click.
Or it pulls one of those “break the website” tricks which will get them sued sooner or later.
Or they block access to EU members, at which point you know they only exist to extract your data anyway.
I think it would be a worthwhile research project to find out how many users just click through these, accepting what the website wants you to accept by default. It effectively operates like a EULA for every single website, which produces overall fatigue and lack of care. When you’ve visited 20 sites in one day, you just start being irritated by having to constantly make a decision before you can view any content, and just mash whatever button you need to proceed.
Like I care. I’ve got a plugin that automatically accepts all cookies, and another one that deletes cookies when I leave the page.
Wait doesn’t it automatically deny them?
The “I still don’t care about Cookies” extension does not, no.
This extension can do that: https://addons.mozilla.org/firefox/addon/consent-o-matic/
However, since many webpages have illegally made it so refusing consent is more difficult than giving ‘consent’, that extension is significantly more complex and in my experience doesn’t work as reliably, unfortunately.
Yeah, sometimes websites have so many hidden checkboxes, that consent-o-matic has a rough time going through all of them. Takes like 10-20 seconds to disable them all at computerized speed.
Imagine doing it by hand, lol.
Is there any extension for android that can do that?
Well, you can install both of these add-ons via this workaround: https://blog.mozilla.org/addons/2020/09/29/expanded-extension-support-in-firefox-for-android-nightly/
(I have used both. Both work. Although, again, I’d rather recommend I Still Don’t Care About Cookies + Cookie Auto-Delete.)However, Mozilla plans to make much more extensions available for Android soon, so you might see these regularly available before the end of the year. This is what we know for now: https://blog.mozilla.org/addons/2023/08/10/prepare-your-firefox-desktop-extension-for-the-upcoming-android-release/
The above is wrong, the add on attempts to hide the prompt. It doesn’t accept nor reject it.
I Still don’t care about cookies? From its description:
In most cases, the add-on just blocks or hides cookie related pop-ups. When it’s needed for the website to work properly, it will automatically accept the cookie policy for you (sometimes it will accept all and sometimes only necessary cookie categories, depending on what’s easier to do).
So, yeah, doesn’t accept everything, but might accept some.
By accepting everything, you are also sending most of the time extra data to third parties. What you are doing is ill-advised if you care about privacy.
Not really. If you’re using an adblocker, it’s the best option. It’s the path of least resistance, and tracking is blocked regardless if it’s tracked it not. No server will see if you pressed accept or decline. That’s why this addon exists.
Just because your browser doesn’t show ads doesn’t mean you don’t get profiled.
Yes it does. Open up your adblocker to see the tracker domains blocked.
How does that work though? The cookies are presumably based on things like your IP and browser metrics, which a site gets from your browser. If your browser throws away the cookies then on your next visit you aren’t volunteering that you’ve been there before. But the site can still likely figure it out, but without the cookies it isn’t as certain. With well-constructed cookies they can be almost 100% sure you’re the same visitor.
Cookie consent is actually supposed to be about all data tracking.
There are quite a few analytics that do fingerprinting “because it’s not a cookie, it’s not covered by Cookie Consent”. But it is still covered.
Some of them respect the fact that declining cookies is about declining tracking.So, if you consent to all cookies, you are also consenting to any fingerprinting that doesn’t rely on cookies. So deleting cookies wouldn’t remove that fingerprinting data.
Gotcha, responsible site owners should not be tracking you if you decline cookies.
Better to use consent-o-matic, which blocks all possible cookies instead of accepting them.
The websites still work perfectly anyway, it only preserves your privacy.
Your meme is funny, but people genuinely use these arguments to be against sensible EU laws, hence the response I imagine.
That’s fine. People who don’t care about cookies will accept them anyway and those who do care about cookies will know not to visit that site anymore.
