[mschuster91]

Well, given that some sites employ hundreds of trackers and other barely-above-malware stuff, it does make sense for these requests to take ages.

Unfortunately, many people simply click on the "accept all" button and don't care about their privacy that much.

The idea of GDPR was that consumers would be hesitant upon seeing the massive amount of third parties that use your data and demand change from the providers, turns out people don't care / providers rather let privacy-oriented customers suffer than to take a hit on their advertising profits.

[ratww]

> Well, given that some sites employ hundreds of trackers and other barely-above-malware stuff, it does make sense for these requests to take ages.

Last time I checked, there were no requests being made client-side in the 1-2 minutes it took to cancel. It was pretty much the same number of requests for both accepting and denying. Maybe they changed it since it's too blatant.

Also, since it should be opt-in, then accepting should obviously take longer.

[pta2002]

But what requests would it even make? If you opt out you're effectively telling it to _not_ make any requests.

[privacylawthrow]

If it's the TrustArc Ads Compliance Manager, it makes a call to all the ad networks requesting the network's opt out cookie. The opt out cookie prevents the user from being tracked by that ad network across all sites. Cookie banner opt outs usually only prevent tracking from the site you are one.

Unlike GDPR, which uses a website as the gate for all cookies, the ad industry also has self-regulatory programs. Participation in these programs require that a website allow a user to opt out of all ad networks present on their site. TrustArc built a module to do that: https://preferences-mgr.truste.com/.

If you run the tool there, it will make a call to the ad networks listed. Of course if you're running an ad blocker, the call will get blocked and it will look like the tool doesn't do anything.

[iankp]

The problem is you're being presented a mandatory popup for what appears to be used as GDPR compliance but realize that it isn't because real ones are instant. This is fake GDPR in the sense that it isn't (compliant); it's other things, as you note. If the purpose is to facilitate GDPR, that opt-out time shouldn't be conflated (the ad stuff shouldn't be bundled), given that GDPR appears to have a requisite "It shall be as easy to withdraw as to give consent.". Is that a correct interpretation? You're suddenly notified you can't operate for minutes (unless you opt-in), which is definitely dark, and unnecessary (unless you want to achieve the action they're doing, but you didn't; you just need GDPR). Sitting captive for minutes is not a modern day web experience anyone finds acceptable, that's why Google is so focused on empowering loading speed inspection/resolution. The experience made me wonder if they use users who don't opt out (I almost gave up just to get out of being locked out) as a selling point. There wasn't, that I could find, an instant GDPR-compliant way around this obstruction. Why would any company care for this experience? If they wanted to be polite and do extra action (this ad network regulations thing), they have the tech to do it asynchronously/unobtrusively, right?

[iankp]

The problem is their competitors manage to accomplish opting-out near instantly.