28 comments

[ 6.6 ms ] story [ 76.8 ms ] thread
... at the cost of an additional button you have to press every time you have to visit any website.

I get it... it takes few iterations to get it right... hopefully they get it right sometime in the future, right?

If by "they" you mean the webmasters, I agree. Maybe by web 5.0 we have started to respect the user.
Respect should flow both ways. Websites are user hostile, but users are also website hostile. Users want to have their cake and eat it too. Users want everything to be both free and ad free. I can't tell you how many friends I have that use ad blockers in order to watch things like Crunchyroll ad-free...
No one should browse the web without an ad/script blocker enabled all the time at this point. Exposing your computer to the web without one is like unprotected sex given how malicious advertising has become between tracking behavior data and hosting actual malware.
Separate your ads from your tracking, and host them such that you can guarantee they won’t peg my cpu or mine bitcoin on my computer and we’ll talk. If your idea of ads is tracking me all over the web and taking malware risks, then expect me to block you now and forever.
When I was a kid, I was offended that my family members would go to the bathroom while the TV was showing ads. Totally unfair to the TV network... they should have watched all of the ads!
I get what you are saying, but I kind of disagree.

When an advertiser purchases a slot in some broadcast, they are doing so with the guarantee that their advertisement will play during that slot; they do not have the guarantee that the end user's eyeballs will actually be watching the ad.

However, ad skipping and ad blocking technology is making it so advertisers aren't even guaranteed their ad will even play during the slot they purchased - it may be programmatically skipped. If the ad is skipped, someone loses out, and it's (usually) not the end user.

Basically what I'm saying is that if you are watching Crunchyroll episodes with an ad blocker enabled, you are (basically) stealing from either Crunchyroll or the ad network (whoever is swallowing the stolen bandwidth costs). The honest thing to do would be to subscribe to Crunchyroll premium if you don't want to watch the ads.

I know not every site has this option, and I know there's an argument to be made against double dipping (i.e. paying once for cable, and a second time by watching ads on said cable), but for things like YouTube and Crunchyroll which have official ad-free variants, it would be dishonest in my opinion to use the ad supported version with an ad blocker.

Just my opinion, though.

If someone treats you badly, you reach a point where it kind of doesn’t matter what they say they will do if you don’t believe they’ll change. Ad-supported sites are there now. They went wayyyyy too far, treated site visitors poorly with pop-ups, CPU draining, battery draining, data-plan waste, etc. Now they may regret it but many users have moved on. We’re out of the abusive relationship, and it doesn’t matter what sites say anymore. They can’t guilt us into seeing their ads.
> users are also website hostile

What a crock. If someone wants to try making a quick buck by programming their computer to spam machines all over the world with millions of ads, it's absolutely legitimate for people to program their own computers to discard such junk.

If that first person's parasitic activities don't make as much money as they predicted, then the failure lies in their prediction.

> Users want to have their cake and eat it too.

Everyone wants that; yet I don't think it's the users who are actually trying it.

Users who block ads are actually eating the site owner's cake. For example, visitors to my (ad-free) site implicitly rely on me paying the hosting and domain fees, i.e. making my cake available for them to eat. Since the cost is small and the enjoyment I get from running the site is high, I'm happy with this arrangement; and would stop if that were no longer the case.

On the other hand, those plastering their sites with ads to make money are the ones trying to have their cake and eat it: they're trying to make a profit from something that is not profitable. They can't lament any loss of money, since it's their fault for giving it away (either directly via hosting fees, or via the opportunity cost of e.g. creating unprofitable content/services instead of something people are willing to pay for).

As I understand it those forced acceptances aren’t actually GDPR compliant, and are mostly a result of bad business practices on behalf of the companies who won’t comply with EU law.

I might be wrong though, and even if I’m not, it’ll probably still take a few years to actually change because legislators move slowly.

One positive side-effect of using Noscript is that the GDPR pop-ups rarely loads.
> ... at the cost of an additional button you have to press every time you have to visit any website.

It's the website operator that's choosing to put that button there, and they could easily remove it by choosing to respect user privacy by default. They have clear choices in front of them to improve their user experience.

You don't have to put any new buttons if you are not harvesting data.

Apparently, the pre-GDPR business model and UX was built around the user's ignorance and when you're compelled to inform the users and give them a choice, you mıght chose to change your business model or introduce a UI to inform the users and ask for permissions.

I really don't see how this is GDPR's fault. Businesses might have chosen not to harvest user data, therefore not introducing GDPR compliant UIs for informing the users.

And the buttons and popups required to browse those websites has doubled.

With the euro websites - it's gotten to the point where you could put anything in those terms, and folks would accept them - they are so used to just clicking through to read things.

Well, legally speaking you can't. Anything but boilerplate ToS or agreement terms would be thrown out in any sensible court. And folks do read them at times and click "I don't want tracking".
Then why even bother with terms if nothing matters? Oh right - because at least in the US it DOES matter. Courts have upheld some key elements of these.

For example, a court ruled that "employee had the apparent authority to bind his employer to a clickwrap agreement simply because the company had provided him with a computer and the Internet access."

Are you following this? Arbitration agreement, prohibitions on patent litigation, sharing your data widely as a condition of accessing a website all have been upheld based on "I Agree" clicks.

You bother because even the Boilerplate is still legally valid and boilerplate does include sharing data with 3rd parties for most courts.

Point being is that you can't just do what you want in the ToS. You have to include some form of boilerplate, ie, no surprising / only standard terms of usage.

(comment deleted)
> And the buttons and popups required to browse those websites has doubled.

I'd blame those websites for that, since they're the ones who made the decision to track you regardless of how bad it made their UX.

Remember: all they need to do to get rid of those buttons and popups is to respect your privacy by default.

If the popups were actually following GDPR then people wouldn't accept. But 90% of these popups are not. It is clearly stated in GDPR that it should be as easy to opt-out as opt-in, and it is my firm belief that if this was implemented a lot more people would probably opt out. Oh well, the fines will hopefully start rolling out and maybe we get less asshole design.
>It is clearly stated in GDPR that it should be as easy to opt-out as opt-in The opt-out being leaving the site. Fines to companies outside the EU are probably going to be fruitless.
> It is clearly stated in GDPR that it should be as easy to opt-out as opt-in

Can you point to which article of the 99 [0] that you are referring to because I have heard this claim multiple times and yet I cannot seem to find it on my own.

[0]: https://gdpr-info.eu/

The most "clearly stated" is I think the following:

> Art. 7, paragraph 3: "It shall be as easy to withdraw as to give consent."

Although it sounds like this is about withdrawing previously given consent, not rejecting the request for consent at all.

> Recital 32: "If the data subject’s consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided."

Perhaps it could be argued that having to click through multiple menus to reject the request is not concise and is disruptive to the use of the service?

> Recital 42: "In accordance with Council Directive 93/13/EEC a declaration of consent pre-formulated by the controller should be provided in an intelligible and easily accessible form, using clear and plain language and it should not contain unfair terms."

Again, I'd argue that having to click through multiple menus isn't exactly "easily accessible form".

You can opt out usually, but then you can't access the website. I'm not sure GDPR says that you must be allowed to access site if you reject terms?

Could you cite that - this seems to be a false claim that comes up a lot.

And my browsing of sites with malicious compliance has dropped 100%. I don't agree the tracking, and if there isn't an easy way to dismiss these popups, then I'm going to pass.

The worst are the sites that include a 3rd party script to handle tracking opt-in for them. They haven't learned anything.

> And my browsing of sites with malicious compliance has dropped 100%

Wouldn't you want to boycott sites that are also non-compliant? How do you know which sites are truly maliciously complying or are non-compliant? Meaning, if you only know the ones that tell you so, you may even be disincentivizing transparency or at the least sites that have ignored the GDPR altogether probably still have your support? Or if they don't and you are somehow able to tell whether a site is violating the GDPR, why could you not have put your boycott into practice without government assistance?

> In April all of the top ten companies tracked at least 50% of pages, whereas in July only five companies do so.

Looks like the people who predicted this would lead to consolidation among the biggest players were correct.

How does that imply that? It seems to imply that less companies are tracking not that they combined.