@marix You‘re correct on a wholly different level.

GDPR doesn’t mandate cookie notices.

Actually, the GDPR isn’t relevant regarding cookies at all. But Regulation 2002/58/EC as lex specialis to the GDPR is.

@codinghorror Are we sure that Jeff Atwood isn't an early LLM experiment? The straight-up overconfidence as he spouts completely incorrect and ignorant shit feels an awful lot like ChatGPT and its coterie of concussed digital parrots.

Oh, wait. The "voice" of these is modelled after what techbrodudes think sounds smart. I may have put the teleological cart before the horse.

Indeed.

Now, how to make Jeff Atwood and those who listen to him take heed?
Regrettably, I don't know...
🙁

@aral

@knud but even if you sold something, you would not need to put up a cookie banner : to sell something you require some information to complete the sale (address where to ship, and/or info about the means to pay for the good or service sold). None of that would be illegitimate.

@aral

this is why #GitHub was able to remove the banner back in 2020 - the good old days.

github.blog/news-insights/comp…

Funny enough, 5 years later the banner is back on $GitHub Blog, I guess being owned by $MSFT changes things...

No cookie for you - The GitHub Blog

The developer community remains the heart of GitHub, and we’re committed to respecting the privacy of developers using our product.

^{Nat Friedman (The GitHub Blog)}

True, load Vivaldi.com or our forums or indeed any site we run. No cookie banners. We have been asked before how we manage to do this but it ain't rocket science.

Also look at all the Mastodon sites, no banners, unlike X, Threads, etc. How? We all know how. 😉

exactly. The EU needs to mandate that

1. Every browser needs to, by default, be set to allow "strictly necessary cookies" only.
2. Every site that wants to serve EU users must honour this setting.
3. Impose massive fines on sites that don't do this or that choose to interpret "strictly necessary only" in "creative" ways.

So that anybody who does not want other cookies has to do exactly nothing to achieve that.

Even simpler: Look at the DNT http header.

Only fall back to cookie notices when the browser doesn't send it.

It was interesting how quickly Mozilla deprecated the DNT header after an EU court ruled that yes, it is a valid answer.

Really the main problem of this enforcement is that it came too late, when (almost) everyone was already dependent on collecting private data. That made it easy for the industry to collectively decide that intrusive popups would be the simplest way to comply.

What were people going to do, take their business to the competition? Doesn't matter, they do it too.

If regulation had come earlier, then the first ones to use popups would have been seen as obnoxious assholes and lost visitors.

all correct.

My own criticism of that EU law is that they didn't bother to check if there were ever any reason to let yourself be voluntarily tracked - there isn't. The whole thing should've been a law that makes it illegal.

"Yes, you can naively argue that every website should encrypt all their traffic all the time, but to me that's a "boil the sea' solution."

Talk about takes that didn't age well

@codinghorror

Well said @aral 👏👏👏

That’s the problem with theory and practise : in real life an army of lawyers and „experts“ advice you to behave exactly like all the others. And all the public services provide bad examples since they behave exactly in the same wrong way.

In reality, GDPR brought the opposite results of what we wanted to achieve.

small correction. You can still track people, just not share it with everyone and their dog.

If you have data in your system you're free to use it for analytics. As long as it's anonymized, so, properly aggregated.

No consent needed.

Genuine question:

If I hosted my own private analytics tracker (something like Matomo (née Piwik), e.g.) just so I could have funny numbers to look at because I like to look at numbers but do nothing meaningful with them, would that require a cookie banner?

I'd pondered about just having a static notice in the footer of my site that just says "This site uses some functional cookies and one (1) tracking cookie for a self-hosted analytics dashboard because I like to look at Numbers™."

@urlyman
It's often not even malicious compliance. Most of these banners don't even meet the requirements of the GDPR, specifically that you must be able to withdraw consent at any time and that you mist give informed consent (i.e. that you must know what you have consented to to be able to grant consent).

@noybeu is doing a great job going after some of these people.

HEAR! FUCKING! HEAR!

DEATH TO CAPTCHA!!!

LONG LIVE THE FREE INTERNET!!!

Misleading. If you implement first party cookies for your own analytics to improve your website (like... what content is more popular, what pages are broken from UX standpoint), you still have to show the cookie notice.

Whether it's first or third party is not part of the equation.

@codinghorror I remind you that this is Jeff Attwood you are finger wagging at here. He is wrong on this take. But if you really think this invalidates his critique of capitalism or his significant charity work then I think you might consider reappraising your position.

And picking a better target next time.