[kuschku]

How is GDPR ugly? It's easy to build websites, even interactive ones, that comply.

If you build a mobile app, you are also supposed to only ask for permissions once you actually need them.

Replace interactive embeds with a dumb replacement of the actual content and e.g., "we want to show you an embedded tweet here, [allow once] [allow always]".

Don't use CDNs for delivering assets, they've long stopped being useful anyway.

Don't use Google Analytics.

In general, build websites like we used to in the early 2000s.

And yes, you can even do cloud-y stuff like that. You can run k8s on your hetzner dedicated servers, you can run MinIO as your s3 store, none of that is stopped at all by these rules.

You can even run an interactive website like HN without any GDPR violation or cookie prompts at all.

[indrora]

> only ask for permissions once you actually need them

Hard on Android, where "did my wifi go away" means asking "can I have access to your phone's internal state including call logs and if you're in a call right now?"

> replace interactive embeds with a dumb replacement

Sucks when you depend on that content or the content has to be interactive under the TOS of the service you're using.

> [CDNs have] stopped being useful

Not at all. In many a corporate network as well as situations where you're paying for transit (e.g. AWS) they still make sense.

> build websites like we used to in the early 2000s

Ah yes with Flash for our interactivity, __Just throw an executable format that has a hard to render, proprietary ISA running unsupervised__, that worked for us then it should work fine today?

I'd say "Let's build more websites like we did in 2010". That's right around when Javascript peaked.

> Minio

due to their licensing change, a lot of legal departments have banned minio.

[BlueTemplar]

But Android itself is also threatened... (Unless maybe if you're running a Google-free version of AOSP ?)

Google is clearly a company that is in dire straits in the EU, both from its business model that relies so much on tracking people across the Internet, and from its ties to the US intelligence agencies.

As for the apps available on Google Play...

https://9to5google.com/2018/12/31/android-apps-facebook/

https://www.cnet.com/tech/mobile/some-popular-android-apps-a...

[luckylion]

> Don't use CDNs for delivering assets, they've long stopped being useful anyway.

How do you handle large DDOS? Your provider won't, they'll nullroute your IP because they don't want to waste their bandwidth on your issues and impact all their other customers.

Also, using a global CDN with edge caching speeds up loading your site significantly if the user isn't close to the DC.

Regarding Hetzner: what's the verdict on them having to comply with the CLOUD Act via their US subsidiary?

[kuschku]

Of course my provider will handle large DDoSes, as long as they're not hundreds of Gbps large. In which case there's not much anyone can do, frankly.

Regarding edge caching speed: we're in an age where your phone executing the shitty bloated JS is the bottleneck, not actual latency.

[oytis]

So no embeds, no CDNs, no analytics, lots of popups asking for permissions and going back to 2000s (just with cookie banners) in general. Isn't that ugly?

[kuschku]

Of course you can have embeds. Just replace them with a blurhash and make them click to load.

That also avoids pretty much all of the popups.

Sure, no CDNs and no analytics, but that's what I'd call an absolute win. Nothing of value was lost.