A notice asking if you want only necessary cookies or all cookies, including ones that profile you, is like a maître d’ asking you “would you like to dine with us or would you like to dine with us and have your organs harvested?” What about my entering your restaurant prompted you to think I’d ever want the latter?

@aral Now here's a form, please put an X in the box next to each organ that you do not give consent to us harvesting. If you put the form in this pile it means you consent to having all you organs harvested. You can find the other pile on your own.

@robby @aral joke's on you, we only listed "kidney", so we're totally going for the other one.

@aral what annoys me is the "always active" "legitimate interest" cookies, like, I don't care if you think your interest in my personal life is legitimate, piss off. Thankfully I block all the things anyway but arrrgh.

@martyn @aral it’s so very very annoying. My internet browsing has decreased A LOT due to terrible cookie management.

@aral And these ads now won't be "tailored to our preferences and interests" either!? Whatever will we do?

@aral I’ve started looking at so-called essential cookies and imo these companies are simply breaking the law. Surveillance Capitalism needs to be burned to the ground.

@dch @aral You can you give concrete examples?

Session cookies for logging into sites and things of that nature don't require you to show a silly cookie warning under EU law.

Not that cookie warnings are required at all, it's a client-side feature. It's up to you and your browser.

@aral I think the intention behind the laws protecting privacy online is good, but the implementation has just made things worse, in that most people will just click agree to get to the site, so they are legally agreeing to something that was just happening without agreement before.

@aral It could have been done in a different way, where the law set out different classes of tracking that you could agree to or not as a policy that was set in the browser. E.g. no tracking, only tracking within this domain, and any tracking. Then people could set a global policy they were happy with and the browser would negotiate with the individual sites. That way you could make a meaningful decision when you set the policy rather than having to read (or not read) all these notices.

@highfellow @aral

There is already a do-not-track setting in most browsers, since it's part of the html standard.

Two things which I wish the GDPR had done was:
1: Make it mandatory to respect the DNT setting. If it's set, that means no tracking.
2: Make it mandatory to have a "no" option equally visible and just as quick to select as the "yes to all" option.

That would have removed a lot of the hassle which companies are now annoying us with.

@Mr_Teatime @aral thanks for letting me know about the do not track option - I didn't know about that. I agree that it would have been good if the EU had made it mandatory for companies to respect that setting. My idea was for a more fine grained set of choices as to what level of tracking you were willing to allow and for what purposes,but a simple yes or no would be okay too.

I suppose there would have been a case for extending DNT to more fine-grained settings -- if it had ever been actually used for its purpose.

Although: That would require people to configure those settings. And if you want to allow a particular website to keep you logged in or similar, you could still click on a button there to confirm a DNT exception that lets them set a cookie which contains that information (and is only readable by them)


@highfellow @aral

I don't see the implementation of the law as the issue (although it could have probably gone a lot further), but really all thos dark-pattern cooky banners are simply a passive-aggressive way of companies to respond to the law.

"oh, you want the ability to choose? Right, here's five pages of options, have fun choosing (or just say yes to everything). Wanna know what we do with the harvested data? Here's 10 pages of ambiguous legalese, hope that makes you happy, punk!"

@Mr_Teatime @aral my point was that if you could make a meaningful decision once that you had spent time thinking about, when you set your tracking policy in the browser, and if the law had made it mandatory for companies to respect the policy you had set, then we could have had better privacy rights without the passive aggressive cookie queries you are talking about.

Yes, makes sense.
I think I misread part of your toot. Sorry about that.
I'm hearing too many complaints about "making those annoying cookie banners mandatory", when 90% of the annoyance is the choice of the companies who make them. Like they could present the same choices in a straightworward manner if they wanted to. The remaining 10 percent is mostly due to companies choosing to track users without technical necessity.

Biggest fault of GDPR is it came too late.


Ohh, but analysing your organs will make it much easier for the restaurant to better adjust their menu to your preferences!

Also (sorry: it's on youtube. and it's also a little bit gory), this may be relevant:

@aral The reduction of humans to cookies was predicted in this old science fiction movie:
Soylent Green (1973)

I also hate that "dine with us and have your organs harvested" is the default. Makes you question "Am I being served previous careless customers' organs as meal?".

Sign in to participate in the conversation
Aral’s Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!