[ricardo81]

> It's incredibly unlikely that millions of innocent users have been blocked

Is there a 'town square' where we can talk about being presented captchas and similar things from 3rd party intermediates.

I think it's incredibly likely that millions of hours have been wasted on such challenges.

[amatecha]

On that note...

https://www.folklore.org/StoryView.py?project=Macintosh&stor...

"Well, let's say you can shave 10 seconds off of the boot time. Multiply that by five million users and thats 50 million seconds, every single day. Over a year, that's probably dozens of lifetimes. So if you make it boot ten seconds faster, you've saved a dozen lives. That's really worth it, don't you think?"

Imagine if people still thought like this about computers and software.

[ricardo81]

Yes. And cookie splash screens! I admire GDPR's intention but hasn't it been a massive human time sink.

Not to take away from your point, just that it's all a hindrance.

[_v7gu]

That's more on the websites that track your personal data for non-essential purposes. No tracking means no banners are necessary.

[ricardo81]

Finer points, my point is just about people wishing to view web pages.

[shadowgovt]

I don't know that most web admins can tell if they should float a banner, so vague is the law.

Technically, I think if you have the default Apache logging configured and you read those logs, you should probably float that banner.

[denton-scratch]

I believe you're mistaken. GDPR allows you to record IP addresses for normal operation of a site, which specifically includes logging. No banner is required.

GDPR is not "vague" about this; perhaps you haven't read it (as laws go, it's pretty easy to read).

[shadowgovt]

It's easy to read because it's vague, and it's going to allow some regulator to decide whether my use of IP addresses constitutes "normal operation." Puts a hell of a lot of trust in government officials to decide who is worthy of prosecution.

It reminds me of the war on drugs in a lot of ways.

[rvnx]

@adammartinetti : maybe you could consider developing a new product where you display a GDPR consent banner once, and then these settings apply to all Cloudflare-proxied websites (by passing this consent information as an additional header to the proxied site)

[meltedcapacitor]

Sounds inferior to the "no cookies no banner" solution.

The GDPR does not mandate gratuitous and pointless personalised spying, which is the only case that requires consent. Normal operations (say a shop collecting payment details and shipping address to fulfil an order) do not require a consent banner.

[grishka]

Those can at least be blocked with ad blockers and/or disabling JS.

[shadowgovt]

ReCAPTCHA was designed with this in mind: given that we had the need to distinguish humans from bots, it presents problems that are hard for bots to solve, where the resulting output is valuable. So the time consumed isn't wasted.

[wrkta]

It's wasted from the perspective of the end user.

[shadowgovt]

Not when the end user turns around and uses Google Maps which is now populated with higher quality fine feature information due to the training of the machine learning system on what traffic controls look like.

[denton-scratch]

Valuable to whom?