Hacker News new | ask | show | jobs
by y04nn 2019 days ago
DNT is too simple, there should be new better standard integrated in web browsers. The never ending popups with absolutely 0 constancy across sites is atrocious, moreover if I rejected a cookie for a domain on site A I will be prompted on site B if I want to reject it again.

For every domain that wants to create cookies, I should be prompted by the browser (like I allow camera access) if I authorize it to do so, we can even imagine that each domain would have cookies purpose information ('mydomain.com/cookies_policy') in JSON that the browser is able to present to the user (describing each cookie of the domain). Then the browser would be responsible to never create cookies that I rejected.

The main advantage would be that in incognito mode I would not have to repeat myself 10 times a day.
2 comments
Macha 2019 days ago
If you want to see an example of a more granular policy that the browsers (well, Internet Explorer, but it was the majority browser at the time) implemented also being ignored, see P3P: https://en.wikipedia.org/wiki/P3P
link
aenario 2019 days ago
Ultimately the only cookie an users will willingly accept is the sessionid/rememberme. And the "remember me" checkbox is consent enough under the GDPR.

Behing all the legalese and marketing-speach, all the other purposes boils down to :

    - We are too lazy to setup a matomo, so we are giving google your browsing pattern. 

    - FB is forcing us, so we can pay ever so slightly less for ads

    - Google is offering to tell us your sex and age

    - If we dont track you, we will show you a viagra ad.

    - Through 4 intermediaries, we can pay this totaly-objective-blog which sent you here.
I'd love to hear from someone with a complex cookie consent pop-up, but i'd bet there is about 80% "accept all" (because the users have been trained to do it) 19% "reject all", and no-one is mixed.

So the do-not-track would have been accurate enough.

link
LunaSea 2019 days ago
I asked this elsewhere in the thread as well, but what about tracking done through the session cookie?

e.g: Tying together two browsing sessions by one user on two different devices.

link