[plastiquebeech]

Interesting. One quirk of browsing sites with JS disabled is that the cookie banners rarely show up. Often, they are implemented as scripts loaded from a site like "cookielaw.org".

I've long suspected that these sites default to dropping cookies when my consent is neither asked for nor received, as MS appears to have done here.

It's good to hear that such behavior is probably illegal in the EU.

[thaumasiotes]

> I've long suspected that these sites default to dropping cookies when my consent is neither asked for nor received, as MS appears to have done here.

> It's good to hear that such behavior is probably illegal in the EU.

Huh? What's the problem supposed to be?

[esperent]

It's in violation of various EU privacy laws like GDPR and the ePrivacy Directive.

They get discussed a lot here on HN so it's easy to assume everyone's familiar with them, but if you're not then you should search up a summary on them.

[thaumasiotes]

Defaulting to no cookies is a violation of privacy laws? How?

[ajdude]

I read the comment "dropping cookies" Not as "defaulting to none" But rather "adding them , drop as in airdropping or dropping a payload.

That's how I read it at least, which would mean they're defaulting to cookies when no consent is reached, but I could be wrong.

[thaumasiotes]

That would conflict with normal cookie terminology, where cookies are "set" and packets are "dropped".

But much more importantly, it is completely impossible in the context of the thread:

> [Accusation 3.] On their cookie banner, rejecting took two clicks while accepting took one.

> On 3, Microsoft argued that (a) rejecting was not actually required to be as easy as accepting and that (b) since the default was no cookies and it took a click to get cookies that rejecting was easier than accepting. The CNIL disagreed on both.

[jefftk]

"Dropping cookies" is one of those fun phrases that is commonly used to mean two opposite things.