Ask HN: GDPR pop-ups are getting so annying, what should we do about it?
Lately, I close every website that shows me a big, junky, stupid GPDR cookie consent (e.g. https://www.runnersworld.com/), but honestly I don't find many websites that has a reasonably small and well-designed cookie consent (e.g. https://www.rei.com/).
It seems that these pop-ups are designed to annoy users to force them to click on the Accept button right away, and most of them hide the rejection button somewhere, or make it difficult to find.
The reader mode on the browser works well sometimes, but it's not a permanent way to get rid of those pop-ups.
These pop-ups are making it hard to enjoy the Internet, what do you suggest to do to get rid of these pop-ups?
Thank you.
50 comments
[ 4.4 ms ] story [ 157 ms ] threadAs a consequence, IMHO the only way to get rid of those pop-ups is to change the GDPR to mandate a simpler format. But that's not straightforward when there are potentially cookies for different functions and each requires specific consent... We're touching a fundamental issue with wanting to regulate the way the GDPR do...
Another problem is the imprecise language of GDPR. "It's mostly not enforced for small businesses" doesn't cut it when it comes to adherence to law. Businesses need assurance, not ambiguity.
The second part of my comment is about businesses going though GDPR checklists. I did one for my firm. It’s not too bad but if you read the entire GDPR booklet, there are varying levels of adherence to GDPR. Most small businesses check off things but the boots-on-the-ground effects are negligible. On the other hand, you could technically be liable for lawsuit, but what I hear is that GDPR isn’t enforced for small businesses like mine. That’s troubling.
Between the GDPR and other cookie laws, explicit consent for each specific use is required, as far as I understand. If so, pop-ups are an unavoidable consequence because, again, websites don't really want to ask you they want you to consent (obviously since they rely on this)
For non-essential uses.
Honestly, I'd like to see more people follow that. I got the idea from others and it seems like a perfect solution.
People who can't/don't want cookies cannot really use any site I've ever worked on. It makes no sense building things for people who won't ever be customers.
Of course, people should be able to disable tracking more like: i don't want to be tracked by alphabet and Facebook, rather than turning it off for every website separately.
I do however treasure privacy rights. That's why I don't use cloud flare. It blocks TOR, and many VPN's.
I've almost built my site to favour those methods of privacy, and I highly recommend them to people
I have paid the price of being on TOR often enough. Heaps of sights are beyond my reach.
People have the right to avoid cookies, but those rights come at a cost.
Oddly most of my users are from the EU, they just use VPN's
It's really not. Don't collect or process personally identifying information, and you're in immediate compliance.
Embrace them. Learn to love them. They're a good feature. Making websites explicitly require permission to do (subjectively) negative things like tracking users is a massively positive step in the right direction towards us all having ownership and agency over of our lives as we spend time online. Sure, it means we have to do a little work to say yes or no when a site wants to do something, but that's the cost of privacy. It's not very high.
There could be technical solutions (eg browsers could sent a header to automatically consent with the initial request) or you could use a plugin (eg consent-o-matic), but really, this stuff is important enough that "Eurgh! I had to click a button again! I'd sacrifice my privacy not to have to do that any more!" is a really bad take in my opinion.
I assume you don't surf in incognito mode. The collective amount of hours wasted clicking those popups must be enormous.
You can't add them up and use that time though. That time is always going to be fragmented in to unusable bits. Millions of people wasting 2s each is not equivalent to thousands of hours of lost productivity. Likewise, one person wasting 2s many of times a year can't be replaced with a useful hour.
The 'lost time' argument doesn't make sense.
But that's already happening. Your browser just sends the data automatically. Putting this burden on the website just means that an actual nefarious actor will track you anyway. After all, how are you going to check that they actually don't save all that data your browser vomits at them?
If you want privacy then you have to make sure your browser doesn't send out that information in the first place. Once you've done that then GDPR is useful for plugging the holes for the non-bad actors.
I do not know any non techy who gives them more than 1 second of thought. They annoy everyone without doing anything good. My hope is the EU passes real privacy regulation at the company level. This cookie popup accomplishes nothing beyond annoying everyone.
People get accustomed to it just like those California cancer warning labels that are basically useless and nothing but a waste.
So they don't comply with the law. People working for these sites choose to make this difficult and harder than its supposed to be.
And, if I may add that, its some kind of a new understanding I got for other systems as well. Releated example: There will - over time - no better google "competitor". Know why? Because if there is, at some point, then SEO will optimize the f** out of that competitor, too and make it maximally worse for everyone. Just like the optimization in the example above with the data. Except that the GDPR is a law for EU Citicens while google/the competitor only has to make it tolarable for them and their ad renvenue.
I find that perspective incredibly frustrating: Systems will get worse to a point of equilibrium, but its not the kind of "nice to work with" you and I have in mind. (Edit: Spelling)
https://www.europa.eu
>Third-party cookies
>Some of our pages display content hosted by contracted services on domains external to europa.eu, for example our contractor who helps operating the Europe Direct Contact Centre. The external hosting may need cookies in order to function.
>Name of the cookie: PHPSESSIONID
>Service: Europe Direct contact form
>Purpose: Session info (random number), used for dealing with multi-language forms. No additional information stored
>Cookie type and duration: Third-party session cookie, set by our contractor. Deleted after you quit your browser
>Some of our pages display content from external providers, e.g. YouTube, Facebook and Twitter.
>To view this third-party content, you first have to accept their specific terms and conditions. This includes their cookie policies, which we have no control over.
>But if you do not view this content, no third-party cookies are installed on your device.
The user experience is shit so don't send them any traffic.
It should be a browser feature but chrome has dominant market share and why would they do anything in the interests of their users’ data security (which of course jeopardises their adtech empire).
We need a better browser…. Don’t say Firefox. Brave could be it I suppose.
Brave is just based on Chromium... it might have lots of different features, but still Chromium it is under the hood.
They are a requirement of the ePrivacy Directive from 2002.
Well, can't we build the similar addon and the crowd-sourced database, but one that would submit specific rule (page elements, and click order) to block everything - incl. "legitimate interest" bullshitery- except the barest of essential cookies?