[onion2k]

It's spying if you didn't consent to it.

There's no explicit consent but the fact you've told your computer to download some code and run it looks a lot like implied consent.

[cousin_it]

I think that argument proves too much. To a user browsing the web, clicking a link that says "check out this nice article" signifies intention/consent to read that article, not to suffer the effects of all possible JS tripwires including pwning their computer and such.

[onion2k]

This is the point I was making about misuse of data. Thinking usage analytics on a website is a tripwire is quite extreme. Thinking that building a complete profile of someone based on their activity on lots of websites is a tripwire is quite reasonable. Hence the difficulty in defining what 'spying' really is.

[cousin_it]

If by analytics you mean something like a hit counter from the 90s, which doesn't require recording user sessions, then I agree with you. But if it's recording user sessions, I think it's a good idea to require consent for that.

[eadmund]

Sure, but all this tracking isn't a product of JS tripwires pwning computers: it's a natural result of downloading an article from a server.

[TeMPOraL]

No, it's a result of the article telling the browser to also download and execute analytics scripts. It's abusing the good faith HTTP protocol was built upon. That's why I consider ad/content blockers OK and desirable. They're a way for users to express that they don't consent to loading and execution of some resources.

[kazagistar]

That's true of malware too. Consent is different from actions.