Look, Jeff Atwood, it is difficult to take you seriously when you write authoritatively on a subject you clearly don’t understand.
GDPR doesn’t mandate cookie notices.
Cookie notices are *malicious compliance* by the surveillance-driven adtech industry.
If you’re not tracking people, you do not need a cookie notice, period.
If you’re only using first-party cookies for functional reasons, you do not need a cookie notice, period.
If you’re using third-party cookies to track people – i.e., if you’re sharing their data with others – then *you must have their consent to do so*. Because, otherwise, you are violating their privacy. Even then, the law doesn’t mandate a cookie notice.
How would you conform to EU law without a cookie notice if your aim wasn’t malicious compliance?
You would not track people by default and you would make it so they have to go your site’s settings to turn on third-party tracking if, for some inexplicable reason, they wanted that “feature”.
Boom!
No cookie notice necessary.
What’s that?
But that would destroy your business because your business is founded on the fundamental mechanic of violating people’s privacy?
Good.
Your business doesn’t deserve to exist.
Because the real bullshit here isn’t EU legislation that protects the human right to privacy, it’s the toxic Silicon Valley/Big Tech business model of farming people for data that violates everyone’s privacy and opens the door to technofascism.
infosec.exchange/@codinghorror…
Look, EU, it is difficult to take you seriously when you forced all this cookie notification bullshit on us. That feature a) should not exist and b) if it did, should be a BROWSER feature not "every website in the entire world now has to bother everyone forever about this stupid thing" blog.codinghorror.com/breaking…Breaking the Web’s Cookie Jar
The Firefox add-in Firesheep caused quite an uproar a few weeks ago, and justifiably so. Here’s how it works: * Connect to a public, unencrypted WiFi network.Jeff Atwood (Coding Horror)
like this
Ramin Honary, Transbian_Arsonists (Seraphine), Daniel Siepmann, Elena. (she/ her), Glowing Cat of the Nuclear Wastelands and Fleur Bergman like this.
reshared this
Strum, Charlie Stross, TC Won't Give In To Lies, Spookybot, inwit, martin lentink 🇪🇺 🇺🇦📎, Ralf Hüls 📸, Walrus 🏴, Anko Brand Ambassador 🎇, Rupert V/, Dr Emma Kate Ward, rakoo, Ryan Castellucci (they/them), Tim, Inc Hulk 🧪, Perma, Stuart, Björn 🎄 Starkimarm, Tomas Ekeli, Abie, CaveDave, Stryder Notavi, TundraWolf, Ozzelot, Asta McCarthy, The Lost Valley, Rokosun, René Seindal, webhat🔜#39c3, Jan Ainali, Nik | Klampfradler 🎸🚲, Magnus Kronnäs, Ken Milmore, 𝔅icyclet𝓽𝓲𝓷𝓰, ipofanes, Carsten Nielsen 🇺🇦 💚 🇪🇺, tigerpunk, Anne Roth, Declan, Alberto Cottica, FreediverX, Pete Prodoehl 🍕, Ω 🌍 Gus Posey, GunChleoc, חנן כהן • Hanan Cohen, Big George, UkeleleEric, Feisty, Pino Carafa, Szescstopni, fuzzix, Santaji, Innocuous In Innisfil 🇨🇦, Volpeon 🐉, Gerry McGovern, Erebus, Frawst, hex, Olfred, Ciarán McNally, Mim54, Tóth Gábor Baltazár, chiasm, Iwillyeah, Michael Boelen, Transbian_Arsonists (Seraphine), Hubert Figuière, Fluchtkapsel, stony kark, Dominik, it's kat! 🇵🇸✊, axel., Jordi (Potential Jackassery), Bob Jamieson and 112 other people reshared this.
Jonathan Schofield
in reply to Aral Balkan • • •David Chisnall (*Now with 50% more sarcasm!*)
in reply to Jonathan Schofield • • •@urlyman
It's often not even malicious compliance. Most of these banners don't even meet the requirements of the GDPR, specifically that you must be able to withdraw consent at any time and that you mist give informed consent (i.e. that you must know what you have consented to to be able to grant consent).
@noybeu is doing a great job going after some of these people.
webhat🔜#39c3 reshared this.
Aral Balkan
in reply to David Chisnall (*Now with 50% more sarcasm!*) • • •the esoteric programmer reshared this.
Writing Slowly
in reply to Aral Balkan • • •Aral Balkan
in reply to Writing Slowly • • •@writingslowly There’s an easy solution to that. We pass a GDMR and effectively outlaw their business model (don’t hold your breath).
ar.al/2018/11/29/gdmr-this-one…
GDMR: this one simple regulation could end surveillance capitalism in the EU
Aral Balkanreshared this
GunChleoc and McWabbit 🇺🇦🍋🌻🍉 reshared this.
Georg Weissenbacher
in reply to Aral Balkan • • •@writingslowly There’s a problem with point 1 - who decides what “can be built”? For instance: Many legislators want companies to implement encrypted communication in a way such that they - and only they - can listen in. Numerous experts believe such a system can’t be built (at least not securely).
If I’d run a company I’d rather not end up in court where a lawyer explains to me what can be built and what not.
Aral Balkan
in reply to Georg Weissenbacher • • •@GeorgWeissenbacher @writingslowly I’m one of those experts.
Yes, regulation, like any legislation can be good or bad. That said, if you run, say a construction company, a lawyer does explain to you what can and can’t be built. You don’t just get to dig up a park and put in luxury apartments because you feel like it. You don’t get to construct a factory and dump your sewage into the sea. Or, more to the point, if you run a cinema, you don’t get to put cameras in the bathrooms. There are many things you don’t get to do if you run a company because they would infringe on the rights of others and your right to make a profit doesn’t supersede that.
I hope you’re teaching your students that they should be thoughtful in what they build so that it benefits humanity. We don’t need more things, we need
... Show more...@GeorgWeissenbacher @writingslowly I’m one of those experts.
Yes, regulation, like any legislation can be good or bad. That said, if you run, say a construction company, a lawyer does explain to you what can and can’t be built. You don’t just get to dig up a park and put in luxury apartments because you feel like it. You don’t get to construct a factory and dump your sewage into the sea. Or, more to the point, if you run a cinema, you don’t get to put cameras in the bathrooms. There are many things you don’t get to do if you run a company because they would infringe on the rights of others and your right to make a profit doesn’t supersede that.
I hope you’re teaching your students that they should be thoughtful in what they build so that it benefits humanity. We don’t need more things, we need more things that improve human welfare. And the last thing we need are more libertarian techbros who think they can do whatever they want in pursuit of their gluttonous profiteering and that rules don’t apply to them. That’s how we end up with technofascism.
Ramin Honary likes this.
Fleur Bergman
in reply to Aral Balkan • •Veronica Olsen
in reply to Writing Slowly • • •@writingslowly What annoys me is that they've managed to give people the impression that the cookie banner nonsense is the EU's fault. GDPR has been a huge help, and these tantrums the tech industry is throwing is, as Aral says, malicious compliance.
@aral
reshared this
Atomic Orbitals and Kaspar Rosager Ludvigsen reshared this.
Giorgio Maone 🚫✊🧅
in reply to Aral Balkan • • •TC Won't Give In To Lies
in reply to Aral Balkan • • •🎯
Not enough people understand how techbros choose horrible user interfaces and design/moderation decisions to turn people against even the most basic and essential customer safety regulations.
I believe the current age-gating outrage is astroturfed too.
reshared this
Hamish The PolarBear, Dawn Ahukanna, McWabbit 🇺🇦🍋🌻🍉 and Gurre Vildskägg reshared this.
Marcus Bointon
in reply to TC Won't Give In To Lies • • •Since when is not doing something more difficult than doing something?
TC Won't Give In To Lies reshared this.
Luke
in reply to TC Won't Give In To Lies • • •TC Won't Give In To Lies
in reply to Luke • • •@luke
Make no mistake, those decisions are driven by an overzealous focus on profit and domination that comes right from the top. Those middle managers know what they must do to get/keep the job.
Even the CEO would be replaced in a heartbeat of they every put customer, employees or the environment above profit.
Luke
in reply to TC Won't Give In To Lies • • •Worik
in reply to TC Won't Give In To Lies • • •@TCatInReality I am outraged at "age gating"
On the face of it it is a solution that will not work to a problem that does not exist
In reality it is away of removing anonymous internet access. It will fail there too.
Just stupidity and meanness through and through
TC Won't Give In To Lies
in reply to Worik • • •@worik
I disagree. There absolutely are real world harms by not having age gated spaces.
Age gates are all over the IRL world and we all understand why. Similarly, we have centuries of safety and consumer rights IRL that we understand but fail to apply online.
To me, the issue isn't whether to have these measures online, it is how to get bad faith techbros to do it.
For more: mastodon.social/@TCatInReality…
TC Won't Give In To Lies
2025-08-05 23:33:16
Worik
in reply to TC Won't Give In To Lies • • •TC Won't Give In To Lies
in reply to Worik • • •@worik
Yes, I've heard the architecture argument and it (conveniently) ignores the front and end points of delivery.
It's the equivalent of saying a bullet does not know who shoots it or where, while ignoring all the other possible points of safety. It's a common gunmaker defence.
The internet is a service and common service safety and liability rules should apply. There's nothing special about it - except billionaires skewing the discussion.
Worik
in reply to TC Won't Give In To Lies • • •@TCatInReality
> For more: mastodon.social/@TCatInReality
I read that thread.
I remain unconvinced that it is possible to have privacy preserving age verification protocols. I think it is a contradiction. To be of any use the age ID must be attached to a personal ID and that musf be associated to a real person.
To use the vape shop example it is like having to sign a register to enter.
It is not hard to imagine being reluctant to sign in to R18 places.
TC Won't Give In To Lies
in reply to Worik • • •@worik
So, your best counter-argument is that some people will be "reluctant" to provide age verficiation?
OK, two lines of reply:
1) Implied is that the reluctance is due to fears of data misuse. I get that, which is why I argue we need much better regulation and enforcement of data privacy - because that has been a problem long before (and indep of) age verification.
Con't
TC Won't Give In To Lies
in reply to TC Won't Give In To Lies • • •@worik
2) market forces will then create more all-age sites to capture as much "reluctant" audience as possible. Of course, it won't provide everything age gated, but most. And surely more all-age sites is preferable (and safer), therefore a good trend to be encouraged.
There is something seriously rotten in the online business model if a company can only make money with data theft, exploitation and extreme content. IMO, we change the dynamic through better regularions.
TC Won't Give In To Lies
in reply to TC Won't Give In To Lies • • •@worik
A third response to the "reluctance" argument.
There was a time where porn was not online and you needed to show ID to buy a magazine or *register* at a video store to get adult titles.
Were some people "reluctant" to do so? Sure. And the world went on.
No one is entitled to a life free of uncomfortable experiences. But the market, and a functional democratic system, will do all it can to consider the tradeoffs and make it easy *and* safe.
Stephan Eggermont
in reply to TC Won't Give In To Lies • • •Fabien
in reply to Aral Balkan • • •Aral Balkan
in reply to Fabien • • •NKT
in reply to Aral Balkan • • •Knud Jahnke
in reply to Aral Balkan • • •I'm running a website for a science consortium and we don't track, we don't sell anything, and we don't have to worry about visitor data storage and protection, and we do not need any cookie clicked on the site. Very simple, very relaxing.
It also prevents the need for a data protection responsible person, because no data is being collected.
Brad Rosenheim reshared this.
Je ne suis pas goth
in reply to Knud Jahnke • • •@knud but even if you sold something, you would not need to put up a cookie banner : to sell something you require some information to complete the sale (address where to ship, and/or info about the means to pay for the good or service sold). None of that would be illegitimate.
@aral
michel v
in reply to Je ne suis pas goth • • •Aral Balkan
in reply to michel v • • •michel v
in reply to Aral Balkan • • •Aral Balkan
in reply to michel v • • •michel v
in reply to Aral Balkan • • •Aral Balkan
in reply to michel v • • •Knud Jahnke
in reply to michel v • • •@michelv @jenesuispasgoth
How about leaving me out of this thread continuation, thank you.
Aral Balkan
in reply to Knud Jahnke • • •Knud Jahnke
in reply to Je ne suis pas goth • • •@jenesuispasgoth
Absolutely. And the best online shops for me don't even require me to provide data - they take name and address from Paypal (yes, I know, that company has it's own issues) and use that to send me stuff.
The bad ones want phone numbers, some birthdates and whatnot. Nothing to do with my purchase.
Je ne suis pas goth
in reply to Knud Jahnke • • •@knud lots of physical, brick-and-mortar shops also try to ask me for my email address or phone number. I either give a wrong one or flat out refuse (depending on the urgency of what I'm trying to purchase – sometimes I the cashier tells me they *have* to input something, and they're not responsible for terrible customer care practices where they work).
@aral
FreediverX
in reply to Je ne suis pas goth • • •I will not jump through hoops for retailers. My response to requests for my email or phone number is always “absolutely not.”
Je ne suis pas goth
in reply to FreediverX • • •@knud @aral
MidgePhoto
in reply to FreediverX • • •(Some part of that is that occasionally the manufacturer realises that under certain circumstances the Evaluatronic Instantiator(TM) you just bought might develop a fault in its Ingenuity Engine causing it to catch fire, and would like to/has a duty to tell you that and provide an Imaginative Dedeflagrator to plug into it to prevent that.
#SafetyNotice #dedeflagrator #Evaluatronic
Stuart
in reply to Aral Balkan • • •Vassil Nikolov | Васил Николов
in reply to Aral Balkan • • •Indeed.
Now, how to make Jeff Atwood and those who listen to him take heed?
Regrettably, I don't know...
🙁
@aral
Aral Balkan
in reply to Vassil Nikolov | Васил Николов • • •Frank Zimper 🕯️🐘
in reply to Vassil Nikolov | Васил Николов • • •@vnikolov
It would be a start to tag
@codinghorror and/or link to his post
infosec.exchange/@codinghorror…
@aral
Jeff Atwood
2025-08-30 22:54:27
webhat🔜#39c3
in reply to Frank Zimper 🕯️🐘 • • •NKT
in reply to webhat🔜#39c3 • • •Aral Balkan
in reply to NKT • • •TC Won't Give In To Lies
Unknown parent • • •@shaknais
I completely agree. That's why we need to improve regulation to remove for-profit companies from key control points.
For example, I think the gov should fund 3-4 non-gov, nonprofit age-checking bodies led by privacy rights people, so there is choice in how to validate and no profit motive.
Aral Balkan
Unknown parent • • •Diogo Constantino
in reply to Aral Balkan • • •Coral (bleached era)
in reply to Aral Balkan • • •Aral Balkan
in reply to Coral (bleached era) • • •Aral Balkan
Unknown parent • • •Walter van Holst
Unknown parent • • •Bodo Tasche
in reply to Aral Balkan • • •Don Marti
in reply to Bodo Tasche • • •@bitboxer @geeksam @codinghorror DNT is gone but the technically similar but legally required (in some jurisdictions) GPC is back.
Right now it's not clear what a GPC should mean in the EU but @robin explained how it could work: berjon.com/gpc-under-the-gdpr/
(good intro from the POV of an ad-supported site adexchanger.com/data-privacy-r… )
If You’re A Publisher And You Don’t Know What A UOOM Is, Then Read This
Allison Schiff (AdExchanger)Sass, David
in reply to Aral Balkan • • •this is why #GitHub was able to remove the banner back in 2020 - the good old days.
github.blog/news-insights/comp…
Funny enough, 5 years later the banner is back on $GitHub Blog, I guess being owned by $MSFT changes things...
No cookie for you - The GitHub Blog
Nat Friedman (The GitHub Blog)FreediverX
in reply to Sass, David • • •He also fawns over Bill Gates. The level of tone-deaf cognitive dissonance is astonishing.
Rune
in reply to Aral Balkan • • •Aral Balkan
in reply to Rune • • •@praerien 1. You don’t need third-party cookies for analytics. Services exist that provide analytics without third-party tracking.
2. The “UX” (design) of cookie consent banners is anti-pattern implemented by the adtech industry exactly to invoke this reaction and misdirect your ire from the tracking itself to the law meant to protect your rights.
3. Your suggested solution would, indeed, nip this in the bud. This is why the surveillance industry made sure to remove Do Not Track the moment they realised it could be used for this purpose. (After all, it has served Mozilla/Silicon Valley’s purpose of delaying regulation for a decade and now had become a liability.)
mkj
in reply to Rune • • •@praerien Install uBlock Origin and turn on at least the "EasyList - Cookie Notices" list.
@aral
mathew
in reply to mkj • • •Pēteris Caune
in reply to mathew • • •@mathew @mkj @praerien some do, some don't. Some don't because they're oblivious, some intentionally.
You can check in Chrome: load a page in Incognito window, then press F12 to open developer tools, then go to Application > Cookies, and see if there's _ga, _fbp, or any of the other usual suspects.
Pēteris Caune
in reply to Pēteris Caune • • •@mathew @mkj @praerien
I made a script that tracks Latvian websites that have the "load cookies first then ask for permission" problem: https://sīkdatnes.lv
For problematic sites, I send an informal email explaining the problem and asking to fix it. In case of no action, I send a formal, signed complaint. And then in case of no action, I report them to our country's DPA.
In quite a few cases the informal email is enough, and the issue gets acknowledged and fixed.
reshared this
GunChleoc, Claus Cramon Houmann and Jon W reshared this.
Aral Balkan
in reply to Pēteris Caune • • •conejo 🐰
in reply to Aral Balkan • • •FreediverX
in reply to Aral Balkan • • •Thanks for this response. That post pissed me off and I was wondering how long I’d have to wait for someone to call out the Benevolent Plutocrat on his bullshit.
Velocipede Rider
in reply to Aral Balkan • • •True, load Vivaldi.com or our forums or indeed any site we run. No cookie banners. We have been asked before how we manage to do this but it ain't rocket science.
Also look at all the Mastodon sites, no banners, unlike X, Threads, etc. How? We all know how. 😉
FreediverX
Unknown parent • • •Garbage in, garbage out.
Florian Zumkeller-Quast
in reply to Aral Balkan • • •Pino Carafa
in reply to Aral Balkan • • •exactly. The EU needs to mandate that
1. Every browser needs to, by default, be set to allow "strictly necessary cookies" only.
2. Every site that wants to serve EU users must honour this setting.
3. Impose massive fines on sites that don't do this or that choose to interpret "strictly necessary only" in "creative" ways.
So that anybody who does not want other cookies has to do exactly nothing to achieve that.
reshared this
Aral Balkan, TC Won't Give In To Lies and lashman reshared this.
Aral Balkan
in reply to Pino Carafa • • •GDMR: this one simple regulation could end surveillance capitalism in the EU
Aral BalkanPino Carafa reshared this.
TC Won't Give In To Lies
in reply to Pino Carafa • • •@rozeboosje
Yes!
And not only massively fine, but introduce criminal liability for executives that fail to implement -- and the ability for the EU to shut down repeat offenders.
Claudius
in reply to Pino Carafa • • •Aral Balkan
in reply to Claudius • • •IzzyOnDroid ✅
in reply to Pino Carafa • • •Pino Carafa reshared this.
Piggo
in reply to Aral Balkan • • •Leeloo
in reply to Aral Balkan • • •Even simpler: Look at the DNT http header.
Only fall back to cookie notices when the browser doesn't send it.
It was interesting how quickly Mozilla deprecated the DNT header after an EU court ruled that yes, it is a valid answer.
reshared this
Aral Balkan and 🤯Matera the Mad🤯 reshared this.
Aral Balkan
in reply to Leeloo • • •ikuturso
in reply to Leeloo • • •Leeloo
in reply to ikuturso • • •Loïc Denuzière
in reply to Aral Balkan • • •Really the main problem of this enforcement is that it came too late, when (almost) everyone was already dependent on collecting private data. That made it easy for the industry to collectively decide that intrusive popups would be the simplest way to comply.
What were people going to do, take their business to the competition? Doesn't matter, they do it too.
If regulation had come earlier, then the first ones to use popups would have been seen as obnoxious assholes and lost visitors.
Simon Eilting
in reply to Aral Balkan • • •all correct.
My own criticism of that EU law is that they didn't bother to check if there were ever any reason to let yourself be voluntarily tracked - there isn't. The whole thing should've been a law that makes it illegal.
Aral Balkan
in reply to Simon Eilting • • •@eseilt Couldn’t agree more.
ar.al/2018/11/29/gdmr-this-one…
GDMR: this one simple regulation could end surveillance capitalism in the EU
Aral BalkanVirginicus
in reply to Aral Balkan • • •LiquidParasyte
in reply to Aral Balkan • • •"Yes, you can naively argue that every website should encrypt all their traffic all the time, but to me that's a "boil the sea' solution."
Talk about takes that didn't age well
Vex
in reply to Aral Balkan • • •Aral Balkan
in reply to Vex • • •Bleep
in reply to Aral Balkan • • •Aral Balkan
in reply to Bleep • • •CockneyLaurie
in reply to Aral Balkan • • •It's worse than that for many sites...
Many offer a "Decline all" button or equivalent but some list dozens of "Legitimate Interest" trackers you have to uncheck individually to keep your privacy.
And even then the button that's highlighted is "Accept All" rather than the "Confirm Choices"
And there is no "Legitimate Interest" that involves advertising
Pino Carafa
Unknown parent • • •Zuri (he/him) ❌️👑 🕐 CET reshared this.
PhreakByte the Octopus
Unknown parent • • •europa.eu/youreurope/business/…
Online privacy: How to use cookies on your website - Your Europe
Your EuropePino Carafa
in reply to Pino Carafa • • •NKT
in reply to Aral Balkan • • •Yes, many sites are using it for adverts, but lots are also trying to sell a product that isn't the browser.
Aral Balkan
in reply to NKT • • •@Dss In my world, which the same world you live in, if a person provides their phone number to have a sales person call them, they are consenting to have the sales person call them and you can use their phone number for the purpose of having a sales person call them which is what the person has given you permission to do.
Do you need a cookie notice for that?
No.
(That said, it’s not my job to fix toxic business models.)
Don Marti
in reply to Aral Balkan • • •Lin et al. found that ad blocker users are more satisfied with the products and services they buy than non-users. There _is_ a theoretical economic role of advertising but surveillance advertising is failing at it
Lots of pro-surveillance advocacy from academics, but they don't cite some of the best sources in their own field, or some of the best points in the body copy of the papers they do cite—even Google refers to de-personalizing the ads as a "protection" blog.zgp.org/advertising-perso…
advertising personalization: good for you?
blog.zgp.orgAlex@rtnVFRmedia Suffolk UK
in reply to Don Marti • • •@dmarti @Dss
there's a simple way for any website and their associated business to sell products - have clear and honest/accurate descriptions of them, real humans (in preference to AI) to answer queries, and take ownership of the sales process so it works fairly smoothly (which many businesses struggle with, hence the domination of Amazon/Ebay etc)
Cold calling/emails rarely work - I get the most bizzare ones (such as for hardware big enough for the village Telephone Exchange when the marketers should *know* my employers are only a medium size business), and constant sales pitches for large motor vans for a small trade association I occasionally do IT work for (which has an office with only 5 people who use their personal cars for transport)
NKT
in reply to Alex@rtnVFRmedia Suffolk UK • • •Don Marti
in reply to NKT • • •living with a bigger ad duopoly
blog.zgp.orgAlex@rtnVFRmedia Suffolk UK
in reply to Don Marti • • •@dmarti @Dss
I can't see how it is sustainable.
There must be a fair bit of resources poured into trying to sell my work vans, blade servers and other things we have 0 use for, on my personal devices I get ads for a new car every week (when the adtech companies surely *know* I am single and live in a suburb where i only have the space for one car - I get cat food ads when I don't even have a cat (I did befriend a few I met in the street and took photos of them) - the marketing companies are pissing millions up the wall and surely that can't last for ever?
NKT
in reply to Alex@rtnVFRmedia Suffolk UK • • •If the advertisement still cost money, they'd be more careful.
Don Marti
in reply to NKT • • •picking up cheap shoes in front of a steamroller
blog.zgp.orgAlex@rtnVFRmedia Suffolk UK
in reply to Don Marti • • •@dmarti @Dss maybe this is a consequence of GDPR, but I've noticed the "personalised" ads I get are of poor quality/relevance, or just wishful thinking (such as trying to sell me a car, days after I just bought one!).
The few ads which do get through my security software (such as on Meta where they stall the FB timeline if you use too aggressive adblocker settings) are from sketchy businesses with worse customer service than those who don't use the FB ads, and the sponsored ones which are supposedly from my area are picked by an algorithm that doesn't realise that my region is physically large by the standards of England and you aren't normally going to drive 60 miles to buy something..
Don Marti
in reply to Alex@rtnVFRmedia Suffolk UK • • •some ways that Facebook ads are optimized for deceptive advertising
blog.zgp.orgNKT
in reply to Don Marti • • •Don Marti
in reply to NKT • • •@Dss @vfrmedia if yes, I were in the UK right now I would be concerned -- Meta is trying to finagle themselves a surveillance advertising monopoly in the UK ("increased adoption of PETs across the industry" is code for all ad measurements feed into _n_ data centers, for small values of n)
ico.org.uk/for-organisations/a…
There is a public comment form, but it could be that the fix is already in
ico.org.uk/about-the-ico/ico-a…
ICO consultation on a new chapter within the draft updated guidance on storage and access technologies
ico.org.ukAlex@rtnVFRmedia Suffolk UK
in reply to Don Marti • • •@dmarti @Dss the worrying thing I'm noticing is the Meta ads often are for genuine local business - the only flaw in the delivery is applying "USA scale" of distances to the UK (for instance I'm not going to drive 70km to a repair garage to get my car serviced when there are other garages far closer!)
Alas, this means Meta are increasingly getting buy-in and support from local businesses (some of them are entirely dependent on FB/Instagram for their marketing and even much of their customer service communications)
Don Marti
in reply to Alex@rtnVFRmedia Suffolk UK • • •@vfrmedia @Dss Yes, that's a huge problem for those companies—Meta investors expect it to grow an order of magnitude faster than the economy as a whole, which means that a legit business has to keep paying more and more to get a new customer mylesyounger.substack.com/p/zu…
But right now the UK looks like they're on track for something like the advertising version of the old mandatory MSIE in South Korea situation ( en.wikipedia.org/wiki/Web_comp… )
Zuck Says AI Will Make Advertising So Good Its Share of GDP Will Grow. Is That Really Possible?
Myles YoungerPino Carafa
in reply to Pino Carafa • • •Su_G reshared this.
child of baphomet
in reply to Aral Balkan • • •Aral Balkan
in reply to child of baphomet • • •webhat🔜#39c3
in reply to Aral Balkan • • •Simon Cox
in reply to Aral Balkan • • •@codinghorror
Well said @aral 👏👏👏
Rigo Wenning
in reply to Aral Balkan • • •zbrando
in reply to Aral Balkan • • •Nicole Parsons
in reply to zbrando • • •@zbrando
#pluralistic calls it the "fatfinger economy" (deliberately redesigning an interface to increase the likelihood of clicking on the wrong thing)
doctorow.medium.com/https-plur…
pluralistic.net/2022/05/15/the…
On occasion the consequences can be huge.
en.m.wikipedia.org/wiki/Fat-fi…
Flash Crash - a human error magnified 100-fold by AI
verifiedinvesting.com/blogs/ed…
bloomberg.com/news/articles/20…
Fatfingering a cookie banner might also be a security flaw, can be used for ransomeware.
Flash Crashes and Fat Fingers: When Technology Disrupts Markets
Verified InvestingSu_G
in reply to Pino Carafa • • •@rozeboosje
Continue flogging them until behaviour improves. It’s starting to sound like a well designed & functional system now.
#ReconnectingConsequencesToCauses
@nieldk @aral
Thorsten Butz 🎗️
in reply to Aral Balkan • • •That’s the problem with theory and practise : in real life an army of lawyers and „experts“ advice you to behave exactly like all the others. And all the public services provide bad examples since they behave exactly in the same wrong way.
In reality, GDPR brought the opposite results of what we wanted to achieve.
Hyperlink Your Heart
in reply to Aral Balkan • • •mx alex tax1a - 2020 (5)
in reply to Aral Balkan • • •Szymon Nowicki
in reply to Aral Balkan • • •small correction. You can still track people, just not share it with everyone and their dog.
If you have data in your system you're free to use it for analytics. As long as it's anonymized, so, properly aggregated.
No consent needed.
Aral Balkan
in reply to Szymon Nowicki • • •@hey Yes, aggregate analytics – what you describe – does not constitute tracking.
(That is different from anonymised data; anonymised data can be deanonymised using other data sets – a common practice within the people farming industry.)
Szymon Nowicki
in reply to Aral Balkan • • •Anton Gerasimov
in reply to Aral Balkan • • •Aral Balkan
in reply to Anton Gerasimov • • •Veronica Olsen
in reply to Aral Balkan • • •Pteryx the Puzzle Secretary
in reply to Veronica Olsen • • •And some are so malicious that there *isn't* an actual way to not say yes. "By clicking Accept or X on this banner [with no Reject or even Preferences button...]"
Aral Balkan
Unknown parent • • •@uncanny_static @disorderlyf It’s worse than that: this was a feature spearheaded by Mozilla (Silicon Valley’s acceptable face) and it had the very real effect of staving off regulation for a decade (“look, we are self regulating”). The moment people realised it could be used to communicate consent within the framework of GDPR, the feature was deprecated.
Sadly, some folks still think Mozilla are the good guys.
Hannah
Unknown parent • • •@disorderlyf This feature already exists. It is just that ad-tech ignored that users were sending a do-not-track request and instead they opted for trying to nudge everyone into accepting their surveillance, by making obnoxious cookie banners.
en.wikipedia.org/wiki/Do_Not_T…
proposed HTTP header field that requests web applications to disable individual user tracking
Contributors to Wikimedia projects (Wikimedia Foundation, Inc.)Walter van Holst
in reply to Aral Balkan • • •Queen Calyo
in reply to Aral Balkan • • •Genuine question:
If I hosted my own private analytics tracker (something like Matomo (née Piwik), e.g.) just so I could have funny numbers to look at because I like to look at numbers but do nothing meaningful with them, would that require a cookie banner?
I'd pondered about just having a static notice in the footer of my site that just says "This site uses some functional cookies and one (1) tracking cookie for a self-hosted analytics dashboard because I like to look at Numbers™."
Aral Balkan
in reply to Queen Calyo • • •Ignacio Torres
in reply to FreediverX • • •Parade du Grotesque 💀
in reply to Aral Balkan • • •Elric
in reply to Aral Balkan • • •Aral Balkan
in reply to Elric • • •Peter Atwood
in reply to Aral Balkan • • •Aral Balkan
in reply to Peter Atwood • • •Elias Mårtenson
in reply to Peter Atwood • • •Ensō
in reply to Aral Balkan • • •Elena. (she/ her) likes this.
reshared this
Aral Balkan, smeg, Daniël Franke, Will Tuladhar-Douglas, jonathan, Perma, Alex@rtnVFRmedia Suffolk UK, Jeremy le fou, Bolo Lacertus and FreediverX reshared this.
Daniël Franke
in reply to Ensō • • •FreediverX
in reply to Daniël Franke • • •But then there are those who don’t leave; those who thrive and flourish at deplorable companies and rise to become fascist CEOs who go around writing manifestos on how the world should submit to their greed and immorality.
Daniël Franke
in reply to FreediverX • • •FreediverX
in reply to Daniël Franke • • •Sure but my point is that the corporate world rewards and promotes the worst people.
Daniël Franke
in reply to FreediverX • • •NymanTech
in reply to Aral Balkan • • •John-Mark Gurney
in reply to Aral Balkan • • •joriki
in reply to Aral Balkan • • •Jeff Atwood
in reply to Aral Balkan • • •see infosec.exchange/@codinghorror… and infosec.exchange/@codinghorror… and infosec.exchange/@codinghorror… and mastodon.social/@JeffGrigg/115…
Jeff Atwood (@codinghorror@infosec.exchange)
Infosec ExchangeJeff Atwood
2025-08-31 21:37:57
Andrew Kelley
in reply to Jeff Atwood • • •@codinghorror
you make money from ads on stack exchange so you are biased in the conversation.
switch business models to be ad-free and then I want to hear your perspective after that.
Jeff Atwood
in reply to Andrew Kelley • • •Aral Balkan
in reply to Jeff Atwood • • •@codinghorror @andrewrk I think what people are trying to tell you is that you’re part of the problem.
You’re not just any “user of the internet”, you’re a developer. You have agency. Don’t like cookie banners? Great! Lead by example: remove them from the sites you own and control (i.e., stop tracking people on the sites you own and control. Find other ways to make money.)
William Pietri
in reply to Aral Balkan • • •@codinghorror @andrewrk
reshared this
padeluun ⁂ and ghooffacker reshared this.
Orman
in reply to Aral Balkan • • •Andrew Kelley
in reply to Jeff Atwood • • •tecteun
in reply to Aral Balkan • • •Pino Carafa
in reply to Su_G • • •Su_G reshared this.
Mirko
in reply to Aral Balkan • • •Elias Probst 39C3Ticket wanted reshared this.
Matias N. Goldberg
in reply to Aral Balkan • • •Misleading. If you implement first party cookies for your own analytics to improve your website (like... what content is more popular, what pages are broken from UX standpoint), you still have to show the cookie notice.
Whether it's first or third party is not part of the equation.
Aral Balkan
in reply to Matias N. Goldberg • • •@matiasgoldberg Yes it is very much part of the equation.
A first-party functional cookie (e.g., to store log-in state): no consent necessary.
First-party *aggregate* statistics: no consent necessary.
Matias N. Goldberg
in reply to Aral Balkan • • •Aral Balkan
in reply to Matias N. Goldberg • • •Grievous Angel
in reply to Aral Balkan • • •@codinghorror I remind you that this is Jeff Attwood you are finger wagging at here. He is wrong on this take. But if you really think this invalidates his critique of capitalism or his significant charity work then I think you might consider reappraising your position.
And picking a better target next time.
stony kark
in reply to Grievous Angel • • •Jeff Atwood
in reply to stony kark • • •craignicol
in reply to Aral Balkan • • •craignicol
in reply to Aral Balkan • • •if GitHub doesn't need a cookie banner, there's no technical reason for a site to have them, it's always a privacy reason
techcrunch.com/2020/12/17/gith…
GitHub says goodbye to cookie banners | TechCrunch
Frederic Lardinois (TechCrunch)Robert Schuurmans Stekhoven likes this.
Stephan Eggermont
in reply to Pino Carafa • • •John Ulrik
in reply to Aral Balkan • • •