Ask HN: A way to adblock “we're using cookies” popups?
Whatever the intent of the GDPR was, the practical result is that now I have to click away the annoying "we're using cookies" popup on every website.
Is there any way to do this automatically? If there isn't - there should be. Maybe people should use some special tag for them, so that it would be easy for users to block them on all the websites, if they want to.
349 comments
[ 3.2 ms ] story [ 353 ms ] threadhttps://www.i-dont-care-about-cookies.eu/abp/
Also on that same page you can enable some of the 'Annoyances' filters. Just be aware that some of them block social media buttons (FB/Twitter like/follow embeds), which you may not want.
I think that if I'm visiting a website and using its bandwidth, the website ought to get paid. If the ads are too egregious, then using the website isn't "worth the cost" and I go to a different website.
I do however pay for Scroll[1], and I use Firefox's Enhanced Tracking Protection. Due to the latter, many websites think I'm using an adblocker and complain, which really irks me.
---
1: https://scroll.com/
Only when you make a purchase based on an ad are you supporting anyone. At that point you should just buy the better product and support the website by sending them money instead of buying a shitty product that has advertising priced in.
Of course, practically speaking it doesn't just "happen" to block ads; that's a major motivation for its development, and so we usually just refer to it as an ad blocker.
To answer your question directly: if you want ads and no cookie popups, disable the ad lists and enable the cookie popup list.
Yes, at that point you may as well just install the other addon, but the uBlock method preserves a key advantage: the ability to combine multiple cookie popup block lists. This is useful in case several people are making lists that cover different corners of the internet.
Example website for which blocking the cookie popup does not work with uBlock Origin: https://tweakers.net/
I tested on Ubuntu and macOS with the latest Firefox (clean profile) and Chromium and i get the cookie popup/wall, even with ALL default uBO filter lists enabled, and also with the IDCAC list enabled in uBO. Screenshot: https://imgur.com/jcr4EuP
However i just tested with https://www.browserling.com/ which uses Windows 7/Internet Explorer 11 and here i do not see the 'cookie popup/wall' but instead i see a blue 'cookie banner' (which is easier to block with uBO.)
Ghostery doesn't have as many bells and whistles, but it does greatly minimize the main annoyances out there, and it doesn't slow anything down noticeably.
It might all be a moot point by this time, since Youtube has changed how they load in such a way that it stutters no matter what because it is so busy downloading absolutely every item on a page all at one time instead of prioritizing the video stream like it did about a decade ago (back when you could pause a video and it would download fully even while not yet playing, thus avoiding the bottlenecks altogether...).
Ironically that puts me back to pausing everything first just to give all the useless off-screen crap enough bandwidth to load without ruining the video experience.
No matter how much faster technology gets, they find a way to make it more and more sluggish every time.
Not recommended over uBO.
https://en.wikipedia.org/wiki/Ghostery#Criticism
Since Youtube chokes anyway nowadays (I did manage to stave it off for a few years), I might as well go back to uBO.
(Disclaimer: I worked there at the time)
If uBO is really responsible for this, you should probably check the box "Ignore generic cosmetic filters" in "Filter lists" pane. For instance, this is the default in Firefox for Android, I consider it's best for less powerful devices.
But now it'll be hard to tell, because Youtube has changed the way it downloads stuff in the background without prioritizing the stream. uBO definitely blocked a whole lot more noise than Ghostery does.
https://forums.lanik.us/
https://medium.com/@jacob.tan.en/floating-elements-on-web-pa...
Which whould break CSS minifiers, but that's the point.
Pretty much any machine generated variations can also be defeated automatically by a machine. If defeating your filters takes a lot of work, and only helps until a few days later you update your filters in a few minutes, nobody is gonna bother.
##div[aria-label="Timeline: Trending now"]
Even better: draw everything in a canvas.
So I would say the filter works pretty well, I didn't get a single popup of any sort ever since.
Yes, I sometimes get some real content removed. If something looks strange, I temporarly deactivate uBlock. Last time it was a GDPR checkbox at a store checkout.
It’s amazing how much of a difference this makes. I was starting to find the web so hostile. Every page an annoying battle with cookie pop ups.
I am so genuinely happy
The publisher is trying to adhere to a law (for better or for worse) by giving the user visibility into technologies and data usage.
A plugin hiding that by default can lead to all sorts of nastiness.
The majority still sets the cookie, by using implied consent. In best case they don't set anything if you Decline but most don't even do that. The banner is then merely an information popup about cookies in general.
Example: https://news.ycombinator.com/item?id=23523294
Right click on ad / pop up -> Block Element ( a rule is automatically generated ) -> Create. Voila ! You might have to do it 2-3 times for the same element as it might have several layers. But then you're done and you haven't been forced into clicking "ok"
( With uBlock Origin )
---
Long answer:
The vast majority of sites that show the GDPR "we use cookies" banner remember you clicked "OK" or "Accept" by setting a boolean value, either in its own cookie or as a key-value in your session cookie's storage (whether stored client-side or server-side). The ONLY thing the boolean does is determine whether or not to show the banner. That's it. I've never known of a company or site that changes the privacy/retention behavior of its features based on clicking "OK" or "Accept".
As I understand it this solution doesn't follow the law, as users are supposed to be able to decline cookies and somehow still maintain state; the lawmakers don't understand a session is necessary for things like logins, so of course companies compromise with a simple banner that you need to accept/dismiss to "grant permission". When was the last time you saw a "Decline Cookies" button? If you click it, does the site work as expected? Answer: probably not, or the site uses the same cookie/session strategy anyway without telling you.
Source: I've seen dozens of such implementations, and they're all the same. If the cookie/session value indicates not to show banner, then the layout/view simply skips outputting the banner. No other line in the entire code base ever reads the value of that cookie/session.
GDPR only applies to non-essential tracking & advertising cookies. Login cookies are always allowed, and you don’t need a banner to state that you use those.
The problem is that each site can choose its own text to display, which buttons/options it shows, and how those settings are supposedly enforced. This doesn't belong in the html of a site. This is exactly what a cross-browser preference should be doing. Which should probably be a modern–and most importantly standardized equivalent–of the P3P header. Every site should have a static set of options it can request, so users are used to accepting or declining the same set of permissions regardless of the site that is visited. Otherwise agreeing to the per-site cookie banner is just as convoluted as expecting users to read Terms and Conditions policies. I have never read the text in a cookie banner, and I never will. I click the OK/Accept button immediately, just like any T&C/ULA.
Imagine if requesting webcam, microphone, notifications, or gps/location permissions were possible by a site including its own custom banner, and if you clicked OK/Accept, it immediately got access to those features. Of course browsers don't allow this, because sites would abuse it and trick users into granting permissions when not desired. Instead, your browser provides a standardized prompt for requesting such permissions. There is no reason for tracking cookies to be exempt from being required to follow the same model.
Indeed, there should be an enforced UI, but that’s not how the EU tends to regulate on privacy, and without EU regulation none of the companies currently trying to entirely ignore the GDPR will use it. They have put out guidance that some current attempts at pretending to comply are illegal, and I expect to see fines regarding that in the next couple of years - the difficulty is creating a solid case that isn’t going to undermine the GDPR through case law. I wonder, though, if there were a dirt simple API for consent in the browser, whether independent developers who would honestly like to comply would use it.
If the site's using a common framework, convenient and essential uses will be combined in a "session id" cookie which needs re-developing, or just slap a cookie warning on it.
https://ico.org.uk/for-organisations/guide-to-pecr/cookies-a...
Law is fuzzy by nature, but it seems pretty clear that a shopping cart cookie is exempted from needing consent. Functionality of services that are expressly requested by users do not need consent, and in this case we have users that want to put items inside a cart in order to buy it. If that creates a profile on the server, and that profile is combined with other information, and then used outside the scope of the customer relationship, then we are moving into the area where consent is needed.
We can draw a parallel to data collected offline. A person go to a store and talk to a sales representative about buying a product and having it shipped home. At what point do the sales person need to ask for GDPR consent? The answer is likely the point where the sales person saves a profile of that customer on the computer, and the profile is intended to be used outside the context of that purchase.
The lawmakers do understand that, you are allowed to use sessions and cookies for essential tasks like tracking login state, and no popup is necessary in this case.
I wouldn't be shocked if you are correct and many devs are indeed completely ignoring the legal requirements here, but that may be in part due to developers not understanding the legal requirements or believing incorrectly (as you seem to) that the requirements are not technically feasible.
A simple, GDPR compliant solution would be a tickbox for "remember me across visits" next to the login form. If ticked you get a persistent cookie, if unticked just a temporary session that goes away when the browser is closed. No popup is needed.
If login Cookies are allowed, and your login site already has your profile hence your Ads preference. Why do they still need to use cookies banners?
..while their ads preference dialogue has pre-checked options which is clear violation of GDPR...
Practically I assume most of the sites are breaking the law, because that's how I expect webdev's to think and because most of the cookie banners aren't nearly up to spec to satisfy the law so I assume they aren't being that careful.
Further reading: https://www.dataprotection.ie/en/news-media/publications/rep...
What I wonder is, if you're not going to bother being properly compliant, why bother adding a GDPR banner at all?
You don’t need to be compliant, just more compliant than the worst.
>>>
"No, thanks." - what's that?
Tired of newsletter pop-ups? Chat, feedback and contact boxes? "Install our app" toolbars? "Allow notifications" pop-ups? "Let us know your location" pop-ups? Survey and opinion pop-ups? "Rated by", "Protected by" and similar boxes? Toolbars offering website translation? "Back to top" buttons? Sticky video boxes in the corner?
Install "No, thanks." into your browser, choose what you want to hide and clean your precious screen space!
* Pause your blokcer
* Reload the site and accept/deny cookies
* Resume your blokcer
There are numerous sites I go to regularly incognito to log in as an admin vs. end-user: several have low-profile, low-contrast cookie warnings which disable all other menus until you acknowledge them (without an apparent overlay). Just that little extra bit of friction every day adds up.
On the one hand, these notices are akin to EULAs some programs make you click through when you first run them. We're more desensitized to those now, but they were never mandatory.
On the other, I can't remember the last time an app maker got in trouble for keeping track of what users do. I can see it making sense to know that a single entity has been tracking you through a diversity of websites, but you enabled cookies in your browser for a reason. The site I deliberately chose to download and run the code of shouldn't need my permission to save state for that site.
Android prompts you when an app needs permissions. OSX has started promoting you for permission the first time an app wants to access the filesystem. Seems a bit arbitrary to make websites handle that.
(Not surprising, given that a the largest one, being or close to being a de-facto monopolist, has conflict of interests on the matter of user tracking and profiling.)
We get a legal solution which is poorly understood, has weird unintended side effects (because it was made by non-experts) essentially breaking things (just... non-technically), and doesn't really prevent the bad actors from continuing what they did.
Simpler rules on cookies: the cookie provision, which has resulted in an overload of consent requests for internet users, will be streamlined. The new rule will be more user-friendly as browser settings will provide for an easy way to accept or refuse tracking cookies and other identifiers. The proposal also clarifies that no consent is needed for non-privacy intrusive cookies improving internet experience (e.g. to remember shopping cart history) or cookies used by a website to count the number of visitors.
Browsers have provided this functionality for 10+ years. Why the law didn't target the user/browser level instead of the website level is beyond me.
I guess there's complication zero-knowledge proofs that could solve this problem, but they're too slow right now.
There was a standard for that, too. https://en.wikipedia.org/wiki/P3P. There's no reason why something similar can't be implemented now.
If anything maybe we should encourage having a "master preference" set in the browser, something like DNT (but not so easily ignorable) that just tells all websites on the user's behalf to only allow the absolute minimum number of cookies needed for the site to function. A small message on the bottom of the page could give more details or allow manual changes.
The regulation applies also to all sorts of analytics, fingerprinting, behavior tracking, user tracking, etc., which is far more prevalent and problematic than simple cookies.
How do you "delete" that?
OctoberCMS for example sets a cookie for every user and there's no way of turning this off, and lots of WordPress plugins just don't care with no option to disable this behaviour .
So most banners are just a notification rather than a choice. e.g. Continue to use the site and you automatically opt in. Which is not the intended goal for the law.
Of course they do, or one of their superiors does. Computers are physical devices that do what their operators tell them to do; it’s entirely reasonable to hold the operator responsible for what the computer does at their request. That includes the overt behavior of any software they choose to run, and they always have the option to choose different software or, in the extreme case, unplug the server and discontinue service.
Then the solution is simple: Stop using those CMSes.
>So most banners are just a notification rather than a choice. e.g. Continue to use the site and you automatically opt in. Which is not the intended goal for the law.
That is breaking the law. Generally, people should not do that.
Now we have GDPR which is legally enforceable (officially) so we could use the technical implementation that can automate applying it.
Normal cookies required for the functioning of the website - e.g. session tracking, user input, etc. are exempted and don't require user consent.
See for ex. here (the official cookie guidelines for EU institutions' websites): https://wikis.ec.europa.eu/display/WEBGUIDE/04.+Cookies
Don't blame these BS popups, interstitials, click-through wrappers etc. on Europe, that's purely site operators' laziness, legal CYA (force these wrappers even where not required) and greed where various analytics and tracking cookies (which do require consent) are being deployed.
It isn't incidental that the penalty for being accused of willfully screwing it up is quite high: having to defend oneself against a 20 million dollar judgement.
You can't act surprised when people drive 55 in a 65mph zone because 'no one gets a 20 million dollar ticket for accidentally doing 5 over.'
When the world disagrees with what you think should be happening the problem is not with the world but with your understanding of it.
subjective and at the discretion of the accuser.
There's a saying somewhere:
Simple rules give rise to complex behaviour.
Complex rules give rise to simplistic behaviour.
I worked in web dev when these regulations were introduced, and any idiot could see that most companies would take the laziest, safest route to complying with them, in a way that would put a massive burden of inconvenience on the user.
If the EU was competent, they wouldn't have needed warning about this outcome. But they were warned, again and again and again. They chose to ignore it and screwed over their constituents for nothing.
What the EU did wrong is not the design of the law, it's the lack of enforcement. Enforcement of the law will fine anyone requesting consent in an annoying/obnoxious way and will clean up the current mess we're in.
If I happen to click a link on a news aggregator website like this one, then why would the website I visit (possibly for the first time) require my browser to accept cookies?
I don’t think GDPR demands “consent” for this though.
Seriously, I wonder if adding those cookie banner impacted tracking in any significant manner, because it definitely significantly impacted the usability of the web.
The only world in which your statement makes sense in one where user tracking is assumed to be acceptable and something that must be done. Neither of those things are true.
As others have noted, a ton of sites seem to have just thrown the necessary JS on their site without actually seeing if they needed to, or if they did, if they could make minor changes that would remove the need.
From a usability/user experience perspective, now users have these popups displaying on some number of sites that they visit, often developed with the assumption that they will be accepted by the user.
Based upon some of the experiences I've had, I would say a number of teams neglect to properly test their sites as a user that has not accepted/dismissed the pop-up/overlay.
Through enough repetition the act of opening a new website and immediately clicking away the cookie popup becomes so automatic that people don't bother to read the disclosure, think about whether XYZ site should be tracking them, whether they want to consent or not, etc.
I myself am guilty of just clicking the damn thing without really thinking, and then I realize in horror that I opted-in by accident.
Replace it with a single "session token" value that you are allowed to set. Can only be created in response to a form post. No cross domain.
Make all the other web API stuff an smartphone-style opt in. "This app requires the following permissions: "Store private data in your browser. Only do this for site you trust as this can be used to track you." etc.
Maybe all the above can be made into an extension as a stop gap.
I'd imagine a flood of junk data would increase the cost of tracking.
Functional cookies like shopping carts, logged-in user sessions, etc do not require disclosure nor consent.
Furthermore consent is only valid if it's opt-in (and not opt-out, so pre-ticked checkboxes are not compliant) and if it's just as easy to decline as to accept (so if it takes more clicks to say no than yes then they're in breach already).
Don't blame the EU for this, blame the website operators and their broken business models.
I believe the problem here is wrong advice leftover from the previous "cookie law" (which I agree is completely stupid) being repeated endlessly (either honestly or maliciously from the adtech/spyware industry to try and make the GDPR look more annoying to the users). I sometimes even see this wrong "advice" here on HN on GDPR-related threads.
But it turns out that 100% OK is still not good enough. This whole thing should really be managed either by the browsers or by an extension and the consent request should come in a standard, machine digestable way (XML, json, what not). You could then just set your preferences once, that should work for most sites and every now and then (but less and less frequently) you'd be asked about what to do with unknown cookies on unknown sites.
In short, just because part of the industry is trying to circumvent regulation and because the current implementation is not the most efficient, we should not give up on the whole idea.
There are probably some context where “informed consent” is a sensible legal basis for processing data. But no-one in their right mind would freely agree to all this tracking that those pop-ups are trying trick you into. So instead of trying to make “consent” easier to give, just assume that is wont be given.
I can think of two or three entities I interact with for whom I might enter such a consensual agreement with. Neither are “sites”, and the web is not the primary way I interact with them, so a browser would not be to tool to maintain those agreements.
But I might not know what exactly 'consensual agreement' as a legal expression means.
BTW, this is pretty much the same issue as with ToS's. Some sites will try to DoS you.
Tracking required to provide a service for the user don’t require consent f.ex. So you could still get personalized ads from Amazon as service provided for you without needing explicit consent for the tracking as such.
Similarly “non-tracking” analytics don’t require consent either. If you by non-tracking mean more or less anonymous.
You only need consent to for processing PII that you don’t have a a legitimate interest to process.
Amusingly I've just followed a link on HN to The Economist [https://www.economist.com] - their popup offers a link to "manage your cookies" where you can untick huge numbers of them or click "Opt Out All". Great - did that, however on returning to the page found the popup still covers part of the page :-)
However, we must remember Hanlon's Razor.
The GDPR is pretty clear that opting out must be the default choice, but it wouldn’t surprise me if some use a system that only follows that if it is actually shown.
On a related note, has anyone ever seen the corresponding consent popup that would let me opt back out of tracking cookies? I haven't. Which strikes me as weird, since consent was supposed to be as easily to rescind as it is to grant it.
So not only do they not inform the user about the risks associated with this invasion of privacy which is a prerequisite for informed consent, they also take away the option to explicitly say no.
Even though opting out of tracking is the default, sites are probably placing cookies and fingerprinting the user's browser on their first visit anyway before they even see the consent pop up. So ignoring the pop up is probably not a real option either.
I have but only once, I don't remember where, it was probably an obscure site that didn't have whatever I was looking for. The pop-up was a big list of third party companies with checkboxes (Android style, slide left to uncheck) that had to be disabled individually. I don't think that was legal, consent was given by default unless I manually unchecked each box. There was of course no "uncheck all" button.
If that doesn't work, I use a bookmarklet called "Remove Sticky"[2]. I type "bre" and hit enter when sticky things pop up to get them gone.
[1]: https://chrome.google.com/webstore/detail/vimium/dbepggeogba...
[2]: https://news.ycombinator.com/item?id=23446504
HN has a way of defending Trump and quickly down voting direct criticism of conservatives, at least in my own n=1 experience.
edit: ...and this comment was flagged. Case in point.
(1) conservative ideas don't depend on Trump for their origin or continuance
(2) Trump isn't really that conservative anyway, and
(3) he is such a polarizing figure that it's almost impossible to have a rational conversation (with either side) once you mention him.
I can give you long, long lists of commenters complaining with complete certainty in the bitterest terms that HN is extremely biased in favor of $side and the mods are totally biased in favor of $side, but $side varies entirely with the political feelings of the perceiver. This is one of the most reliable phenomena that exists on HN.
I wrote a long thing about this earlier today: https://news.ycombinator.com/item?id=23530467.
I believe it 100%, which is why I tried to discount my own claim too ("n=1" etc).
>We don't see the world as it is, but as we are.
I've also seen some weird post score swings, like mildly pro-Trump things going down to -3, then back up to +3. We know there's a lot of orgs out there actively trying to influence social media, I wonder if any of them have downvote farms or bots pointed at HN? I'd be disappointed to learn that real HN regulars just reflexively downvote like that.
I don't see the suspect downvotes that grandparent sees though. Maybe gone already?
> Whatever the intent of the GDPR was, the practical result is that now I have to click away the annoying "we're using cookies" popup on every website.
"Whatever the intent of docker was, the practical result is that now my computer runs slower. (Thanks Obama.)"
It literally crawls all elements in page, tests their computed style and removes those with sticky position (and a bit more). Works quite well for me.
[0] https://alisdair.mcdiarmid.org/kill-sticky-headers/ [1] http://myfonj.github.io/utils/bookmarklets/sweep-stickies.ht... [2] https://greasyfork.org/en/scripts/370572-sweep-stickies
Argh, makes me angry just thinking about it. The web is becoming increasingly painful to use through a UI browser.
To argue that this leglislation would've had a good effect in some hypothetical alternative world where businesses had different incentives is beside the point!
(Side note, if it were not for govt investment in the dentralized, open internet, we'd probably all be using some ungodly-advanced version or America Online. So I'm certainly not advocating govt has no place in tech!)
Websites don't have to put a cookie banner for every kind of cookie. They have to show it whenever they collect identifying data about you. If they choose not to collect info on their visitors, then they don't have to put a banner.
- Customer: We must still implement that cookie popup before launch!
- Me: No. You don't have to. If we just disable SomePerformanceMetrics and GoogleAnalytics, we're done: we don't need a pupop.
- Me: who is using the performance metrics ATM? And who is acting on GA? How do you use them? Would this (shows three really neat Log-analyzers as alternative) suffice?
- Customer: We don't use them yet. But we might want to in future. And we then we might need all that data. So we want to start collecting it now.
Point is: you don't need Google Analytics, you don't need any of those 20+ tracking cookies if you actually look at it. But there's a lot a FOMO, combined with "but this is how we have always done it, so shut up".
There are some rare cases where GA, new-relic, tagmanager etc are really nessecary and none of the privacy-friendly (ie no-cookie-popup required) alternatives cut it. But those are rare. I daresay that a vast majority of tracking cookies is just there because the developers/business is too lazy to take a serious look at the problem.
Which is why I truly welcome more legislation that turns "collecting vast amounts of data" from "free" into a real and looming liability.
And yeah, doesn't work for all sorts of things, but as a site operator I would be careful in giving away that information out of self interest already ...
https://developers.google.com/analytics/devguides/collection...
You mean... no opt-in popup is required for logfiles? Isn't it also PII? IP + browser + timestamp + referrer? It's almost enough to identify unique visitors.
GDPR could have added a law against misrepresenting the profiling under the umbrella of a "cookie consent", but that would just be Whac-A-Mole legislation. Companies would just wrap the consent banner under some under pretense.
A govt legislation that would actually work in practice would be to ban the practice of collecting and selling personal data. No consent, no popup, just a law making it illegal. That would have the desired practical effect and no annoying banners would ever be written. It would also be much harder politically to get accepted and people would complain that EU are draconian for not allowing consenting adults to go into an agreement where they trade personal data for service.
Personally however I would prefer if EU did just that. Ban it. Make databases of personal data toxic to have and the liability if anything leaks be high enough that in practice a company like a news papers will do something else in order to earn profits.
The reality is even worse. The site operators would have to say "we want to give your data to google and others so they can create a profile of everything you do online."
If an individual site would track how one navigates their site and see click paths that might be tolerable to some degree. (Till they use that to increase dark patterns like booking.com's "only 2 rooms left and 5 people looking at this") But giving it away, into central databanks is baaaad
Liability doesn't work with a lack of enforcement.
Doesn't the 2009 ePrivacy directive exclude "strictly necessary" cookies [1], not "non-tracking" cookies? Like GDPR, I think no website wants to be the first to test what falls under "strictly necessary", under the EU directive and every country's specific implementation.
They really should have listed specific exemptions on the directive. Here's hoping that the new ePrivacy regulation will have them and/or just repeals the cookie popup.
[1] https://wikis.ec.europa.eu/display/WEBGUIDE/04.+Cookies
Cherry picking an outlier, then attributing one side of the relationship as completely as fault and sarcastically implying it's generally representative isn't an honest depiction of reality.
I've seen lip service to this clear misrepresentation of reality my whole life. I don't let it slide anymore. We can do better.
A corporation doesn’t have the power of the state to threaten to take away property or liberty.
Questionable, and to the extent that this is true, it is because of power given to governments to ensure those rights.
Corporations on the other hand are effectively vestigial 21st century monarchies, with all the cost and benefits that comes with that.
I've ran a few small ones and believe in private industry. I'm not anti corporation, but let's call a spade a spade here. Believing in bullshit never helps you in a competitive marketplace, don't do it.
It’s not libertarianism. It’s seeing the history of biased enforcement when it comes to the “War on Drugs” among other things but even with tech, we see the government would love to get access to data and in the case of the current administration “shut down Twitter”.
If the government had more control over the tech industry, who do you think they would go after?
They could easily raid the ICANN and IANA offices in playa vista and shut down global DNS in about an hour if they wanted. It's just a single floor, you could probably do it with 2 police officers.
The chains that bind them from doing so are those of public accountability.
A diligent public strangles the powers of a revanchist government.
Again I agree with you there are regrettable policies that should be addressed. Governance offers us that mechanism. That's why it's preferable as an institution in deciding public policy.
I'd rather have our imperfect government with their awful War on Drugs running the show than say Beyer, who marketed heroin to kids for mild ailments, or Purdue pharma which peddled opioids, you know, as late as last year, or the huxster Elizabeth Holmes or the price gouging Martin Shkreli or RJ Reynolds or any other profit seeking unaccountable entity.
Replacing the FDA with say a board of Shkreli, Holmes and Purdue? Yeah, I'm sure that'd go just great.
I doubt people in the inner city or the people who “fit the description” wouldn’t feel the same way about the “War on Drugs”.
The system as it stands is designed for people to "be as greedy as they can possibly get away with."
Then there's this theory that is everyone is exclusively a conniving bastard trying to double cross everyone and snatch profits by stomping on everyone else, the world will be a functional happy place.
Building a society by incentivizing what basically every religious text says leads to crime is a big mistake.
You have been watching what's going on with the police haven’t you?
What corporations don't have is any obligation to cede to the public demand or be held accountable for their actions. There's no democratic control, no way they can be fired by the voter nor do they have any responsibility of transparency.
Voting systems, red light cameras, municipal water, nearly every aspect is controlled by private corporations shirking responsibility oftentimes for decades. Polluting a town's water supply and walking away pretending they didn't - there's even many well known movies about things like this with academy awards. Often the criminals get away with it having hid under the legal fiction of the corporation.
If a secretive unaccountable private corporation determining the outcome of an election and claiming the audit trail is a trade secret doesn't ruffle your libertarian feathers then there's something seriously wrong.
What you claimed is yet another silly thing I've been hearing my whole life. It's totally wrong. Any inspection would immediately reveal this
How well has that whole accountability thing worked out for the police department and the American military? The justice system?
There's no democratic control, no way they can be fired by the voter nor do they have any responsibility of transparency.
Nor can judges with lifetime appointments.
Voting systems,
Where conservative states consistently disenfranchise minority voters by closing polling places, passing voter id laws but then make it harder for minorities to get an ID and they count gun registrations as valid Id but not college IDs...
Polluting a town's water supply and walking away pretending they didn't
See the government run water supply in Flint Michigan.
Humans can be real bastards and governments aren't magical solutions just as corporations aren't magically evil.
The question is about who can be held more accountable, who can be more feasibly removed from power and what kind of institution can be more promptly remedied.
We as moral actors could potentially change the laws of governance probably far easier than we could form a corporation to defeat ExxonMobil in the marketplace. Both should be easier, but that's another discussion.
Both governance and private capital are imperfect and both deserve criticism. Being a fan of either is a mistake.
We just saw the government stripping rights of transexuals with regards to health care. What would they do if they had more access to data? If you were a Muslim America would you trust the government in its current state to have more access to your data?
https://www.ewg.org/agmag/2018/05/thank-you-subsidizing-smok...
How many decades did it take the government to rule that it was discrimination not to allow gay people to adopt kids? Get pregnant by in vitro insemination? If you aren’t in the affected group it’s easy to tell those who are to be patient.
Mine is there's endless propaganda depicting corporate America as bright shiny perfect perfection and government as slow clunky incompetence and I'm really really tired of the bullshit.
It's not academic, it's not scholarly, it's mindless partisan cheerleading, some kind of religious orthodoxy, a blind adherence to something that's obviously nonsense.
It's just endless streams of nonstop crap from places line heritage, hoover, heartland, aei, cato, they're overflowing bullshit factories. Enough of that nonsense already.
Governments do incorporated things and corporations do governance - they are different structures of cultural institutions that interact with each other all the time.
Given a choice between trusting Big Tech and Big Government. I trust Big Tech a lot more.
Non anecdotally, who were the first to recognize the rights of LGBTQ? The government or Big Tech?
When do you want to start this? Maybe 20th century instead? The October Revolution in 1917, Poland 1932, Denmark 1933?
Oh you're talking LGBT protected class discrimination for employment! Pennsylvania, 1975, Wisconsin 1982?
Maybe you're talking about Bostock v. Clayton County(2020) which got to the SCOTUS because a private corporation, in 2019, fired an employee for being gay. That's how it got there, a private company not respecting LGBT rights.
So maybe you mean the courts? When was the first case in lgbt's people's favour? One, Inc. v. Olesen 1958. Nineteen fifty eight.
So yeah, probably government. Feel free to move the goalposts around if you want. I'm pretty confident on this on wherever you decide to place them
Still, why corporations are internally so much better by nature than governments, in that world-view, I don't see.
The oil wars were done for the oil companies
There isn't this mysterious firewall between government and business. They're different departments of the same thing.
Nor is there any mutual exclusivity. The absolute dictatorship of Pinochets Chile is also where the most radical forms of Milton Friedman's free market capitalism was tried.
They're two interacting institutions of power that can exist in many forms. Free business doesn't guarantee free societies.
There is no silver bullet
This is less true than you might realize. Consider that if a friend of yours is on Facebook, they might upload photos of you and tag your name, allowing Facebook to build a profile of you regardless of whether you use Facebook or not.
Consider that credit rating agencies buy your loan history in order to rate you as a customer, regardless of whether you check your credit history with them or not. Consider that Google buys your credit card purchase history to build a profile of you.
Consider that Google takes pictures of your house regardless of whether you search for it on Maps. Consider that GM and Ford collect and sell your location data from your vehicle. Note that vehicles that don't do this are getting more difficult to obtain because the price of vehicles is becoming increasingly subsidized by surveillance.
Technology is ubiquitous. Not all technology is a product sold to consumers, and you don't always have a say in how it's used. GDPR covers all of the above situations. Its effect on websites is peanuts.
> A corporation doesn’t have the power of the state to threaten to take away property or liberty.
Automated systems are currently part of the decision-making process in hiring, firing, choosing to loan, choosing to rent, policing, and determining prison sentences. A corporation that offers "fraud detection" services has a surprising amount of power over your liberty and property.
Why isn't there a law to prevent this while there's a law that accomplishes nothing except guarrantied annoyances? Is not the government that makes laws?
Government is responsible for both its own misconduct and companies'.
But yeah, this could be handled in a more user friendly way, if there was a standard way to express the consent options (with the cookies and their functionalities) that the browsers could parse. Then the page could check if the browser handles it or if it has to fall back to what they're doing now.
And now that we're talking about it, Firefox does have something similar accessible from the URL bar, called "Enhanced tracking protection".
It'll probably have about as much adoption as Do-Not-Track...
The DPAs often only work off consumer reports.
You need to know that these popups are a result of two separate laws: The ePrivacy directive aka Cookie Law, and GDPR. GDPR is enforceable one that you care about. A web site can process your data (e.g. for personalized ads) for one of the explicitly given reason, the most common ones being "legitimate interest", "fulfillment of a contract" and "consent".
There have been a couple recent statements about what counts and doesn't count as legitimate interest, fulfilling a contract, and consent.
You also have the right to ask the controller of the data (not the processor) for a list of data stored about you. Try it with one of said web sites! Make a clean cookie jar, use the site and only the site, send them the cookie jar, and see what data they store. (If they don't, file a complaint with the DPA)
Is this a violation of human rights?
Instead I have the EU asking me about Cookies on every other web page.