Ask HN: Why don’t web browsers answer cookie questions?

23 points by sagebird ↗ HN
Why can’t my web browser announce that I only accept technically necessary cookies? (So I don’t have to click customize and find that option)

21 comments

[ 3.0 ms ] story [ 54.2 ms ] thread
(comment deleted)
See https://en.wikipedia.org/wiki/Do_Not_Track

I can say that I disable all the cookies that I can disable not because I care about privacy but because as somebody neurodivergent, modal dialogs cause me a lot of distress and I want to punish web sites for distracting me.

With GDPR, the question isn’t so much about cookies but more about getting your informed consent to track you.

It’s not something a browser can do automatically because then websites owners will not listen.

Some time ago, Microsoft did set on the do not track setting by default on one version of internet explorer and it basically killed the do not track project.

Most browsers can do this[1] (it is called "Do Not Track), but many websites will not use this information, because they want you to consent to them tracking you so they will just ask you in a pop up (Cookie Banner). While on the one hand this seems like companies trying to extract the most amount of money out of your website visit on the other hand this setting isn't on a website basis and you might want one website to track what you do while you don't want another to do so, which isn't possible with this setting so far. Furthermore a website might want to give you the option to choose between only necessary cookies, cookies that improve your user experience and tracking cookies arguing that the do not track request doesn't make it clear weather you only want the necessary cookies or also cookies improving your user experience that aren't strictly necessary but don't track you.

[1] how to enable this feature in chrome: https://support.google.com/chrome/answer/2790761?hl=en&co=GE...

Worse, the DNT header is often used as just another metric to fingerprint users.
As others have said, it's not because of a technical reason but instead because companies don't really want to comply with privacy laws. We already have tried this twice: P3P (https://en.wikipedia.org/wiki/P3P) and DNT (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/DN...), and it seems they are trying again with GPC (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Se...). The important point is that this assumes that websites will cooperate, but knowing that advertising companies are actively clogging up EU countries with long-stretching lawsuits just so that they can stretch their time I foresee that GPC will be a failure (like DNT and P3P).
Or limit sites to one cookie?
The only one I want to accept is the one that remembers that I've chosen to block all cookies.
For the same reason the advertising industry came up with "legitimate interest" as a fig leaf which now apparently includes serving personalized ads based on an ongoing profile built of you... you know... the thing GDPR was explicitly supposed to make opt-in and forbid as a default.

Telling advertisers they can't track you is like telling a kid not to eat the candy. They can't not do it.

Unfortunately, when someone thought cookies problematic, instead of a pragmatic solution (such as extending the syntax to support identifying the use-case for each cookie, and allowing browsers to default treatment thereof without other than initial user-intervention) the world decided it was better to panic and put nag dialogs on everything to "show" that they're pretending to be compliant.

Your web browser does not even have to "announce" anything, if there were categories of cookies "required", "optional features", "tracking" then the browser could simply chose to ignore those you don't want..

Sure sites could ignore that and do everything with the "required" ones, but.. they can do that today as well, the nag dialogs are pure kabuki anyway.

To be honest, at this point, I'd much rather have "all you can track" be default if it meant I could avoid the nag dialogs.. It's not like they can't track me without cookies, and I can always browse in privacy mode and use different browser profiles to isolate cookies in the rare cases where I actually care.

But the nag dialogs are actually there and actively annoying every time I visit some site. They make my everyday experience worse, where even the evilest of tracking wouldn't even be very visible to me..

I don't know why they're still tracking us. I never ever has consciously clicked in an ads banner. All my ads clicks have been my mistake.

They never get it right with the products they offer me. If I buy a car, why are they still offering me more cars? It's clear that I will not buy any more. There is no way they can track that I have already bought a car.

Every time I try to see a YouTube video and I have to wait because of the ads, I got angry. The product I'm seeing on the screen is associated with my anger and makes me hate that product even more.

There is a whole industry around tracking users that, I think, simply does not work as they sell, and it will never do.

You are making the mistake of assuming that the average internet user behaves in a similar way to you. However, the fact alone that you are using HN suggests that this is likely not the case.

I used to have a similar sentiment to you, based on my own behavior on the internet. But I did have a few eye opening moments.

Back in school I frequently got asked for help with computer stuff. While I usually denied, I did help some close friends out occasionally. At some point a friend came to me with a software issue and brought her notebook. She had so much stuff installed, was using Edge without any adblocker and she somehow managed to install three antivirus programs (one of which I am 90% confident was a virus itself). Until that point I always assumed that basically anyone of my peers would at leset have an adblocker installed (this was four years ago and I am 23 now). I’ve had similar experiences since that have proven my ignorance.

And regarding how ads work: my grandfather used to sell glasses and watches for a living. While the watches are mostly sold shortly after his death, the glasses were quickly out of fashion and were laying around for decades now. Since these kind of glasses are now seeing a comeback I tried to sell them. I opened an eBay shop and listed two frames, both of which were sold but for a laughably small amount. I listed two very similar frames and ran some ads (mostly instagram) targeting the demographic I assumed would be willing to buy frames like these. I sold the ones advertised for 17 times more than the ones that were „organically“ discovered.

TL;DR: just because you think ads don’t work on you does not mean they don’t work on others. Advertisers aren’t dumb, they measure the success of their campaigns (hence the tracking) and it does work with large parts of the population

Something like that, I see ads before a yt video I get pissed and will out of spite not ever buy that product, although I try not to pay attention to the content.

There are 2 phases, 1 is ignore mode and wait for the skip button to appear, the other is I can't skip and have to wait, which makes me angry for them wasting my time, so if it's a product I'll remember to never buy it. However I found that if you navigate back and forth a few times the ads are gone and you can't watch without.

That's of course only for platforms where I can't adblock.

Why can't the EU clean up its mess and forbid cookie banners? Why do politicians meddle in areas they have 0 expertise in?

Questions over questions

I had a misconception that “hackers” had an out-sized influence in tech standards.

But the case of ad cookies / tracking is a nice sort of counter example to balance that notion.

Looking through these replies, it seems the overwhelming feeling is that good solutions have been proposed and anti-user policy was adopted anyways for profit motives.

Thank you for all the kind and thoughtful replies. I could have done a much better job in informing myself - though I hope this collection of replies serves to spark interest in others like myself that wasn’t aware of “do not track” efforts.

My naive first instinct is that if you want to win, you have to speak the language companies speak - by a stick like jeopardizing their profits, or a carrot like rewarding compliance with new customers.

IE- a browser extension that automatically composes a negative review for websites that do not respect do not track and are worth more than 10 million (no need to start by punishing smaller companies.) If you visit Nike, and they do not respect do not track requests, it also suggests Sauccony and Addidas if they do respect it.

On second thought… not evough people would install that sort of extension, on enough devices, for long enough to make an impact. It would only have an effect if an employee at these companies mistakenly took it to be a big deal and was able to spread unfounded fear. Kind of like an employee that hyperventilates if their company does not send out plain text versions of emails. Yes- you are supposed to do that but no — one graybeard Unix admin customer complaining that they can’t read an email sent to a million people doesn’t really matter.
I just installed Brave this week and it has a setting to simply mute the cookie questions (and others) while, at the same time, maintaining your privacy.