[vasco]

This seems contrarian just for contrarian sake, given how much literature there is about this, and the fact that it's almost self evident. Tracking impact of your changes, seeing if your users are getting lost after changing something, understanding where they spend the most time, etc.

Say for example, if all your users start spending 30% more time in your reset password page after you pushed out some changes. How would you know? What could be causes of that? Could something be broken with the login? Apply this to everything.

Not having analytics is literally not caring about what they do in your product, so you're either never changing the product and 100% confident it'll always work, or you're probably giving them a worse experience than you could.

How you do this tracking is another story, but there's ethical ways to do it.

[zelphirkalt]

> Tracking impact of your changes, seeing if your users are getting lost after changing something [...]

The change of adding obnoxious tracking of course accounts for some user loss itself, which it cannot measure. On some of those "modern" websites, that show me a whitescreen without JS, I check my uBlockOrigin and see the domain of that website and some Google shit? Tab closed. No thank you, I will go elsewhere.

[chii]

> adding obnoxious tracking

normal people will not see the tracking. It's when laws force the cookie banners that it starts to become an item in people's minds, because that cookie banner is annoying.

[dgroshev]

Laws don't force the cookie banners, laws force requiring consent for personalised tracking. Banners as we know them are malicious compliance. There's a difference.

[nickpp]

That is simply false. Talk to a lawyer. They advise for cookie banners as good precaution against disproportionate punishment mandated by law.

[dgroshev]

I'm a bit confused. You're claiming what I'm saying is false, but you're just referring to someone advising something as a precaution? Do you have a primary source for a legislation mandating cookie banners? (Also, is there a cookie banner on apple.com?)

There is no "disproportionate punishment" under GDPR in practice, unless you're doing something egregious, and even then (see Facebook). I'm very familiar with the UK regulator, they publish their enforcement actions [1]. I'm not aware of a single case of a cautionary letter, much less "disproportionate punishment", that they sent over a cookie banner on its own. Are you?

Besides, you correctly hinted at the incentive structure. Your lawyer might advise you to slap a cookie banner just because because they have zero incentive not to, they don't care about your users' experience. You might care though. Personally I consulted multiple external DPOs and lawyers, as well as primary sources, before forming my opinion.

[1]: https://ico.org.uk/action-weve-taken/enforcement/

[nickpp]

I take my legal advice from lawyers, not the internet. They are the ones defending us in court if need come.

Their position was simple: my team uses 3rd party analytics tools (no ads or anything) so IPs will be passed and cookies will be stored. We don’t control them, we don’t know what kind, if they can be considered personal info or not (GDPR is intentionally vague - classic bad law). So we need to be extra careful since our regulator is not a sane one like the UK’s. Thus: follow the common practice - cookie banner. End of story.

[raverbashing]

I think you're taking about different things and yes, user tracking inside your site/app is definitely useful, still, it can be anonymous