[Cyberdog]

I've been using the annoyingly-named superagent for a while for the same task, but it often seems to fail to detect some of these annoying boxes. I'll definitely give this alternative a try and see if it works any better.

Thank you so very, very much to the EU and whatever other government agencies are responsible for making the web more annoying to use.

https://super-agent.com/

[notpushkin]

> Thank you so very, very much to the EU and whatever other government agencies are responsible for making the web more annoying to use.

They didn’t make the web annoying – advertisers did. They were the ones who chose the most annoying way to comply with the laws.

[hnbad]

They're also violating the ePrivacy directive with any consent dialogs that don't give at least equal weight to the "Reject all possible and continue" option or hide it behind extra clicks.

Sadly the ePrivacy implementations were a bit lacking in some member states and the EU directive to replace them with a direct EU-wide law doesn't seem to be fully in effect just yet but I have high hopes we'll see companies fined over these deliberate misdirections soon and that will hopefully put an end to it.

[jitl]

Sure, for advertiser thingies. But website features like optionally storing your preferences in localStorage, or assigning device IDs to be able to understand and optimize website performance both require consent pop-ups.

[dzikimarian]

Preferences and other things required for site to work do not require a consent.

[jitl]

Some preferences are not required for the website to work, but do improve the experience. These are classified as "functional cookies", "preference cookies", or "user interface cookies" in ePrivacy Directive and UK GDPR literature, examples like remembering your selected language, and still require consent. See https://ico.org.uk/for-organisations/direct-marketing-and-pr....

Consent-o-Matic uses this text to describe this category of cookies (for me, it's the first item in extension's config UI):

> Preferences and Functionality: Allow sites to remember choices you make (such as your user name, language or the region you are located in) and provide enhanced, more personal features. For instance, these cookies can be used to remember your login details, changes you have made to text size, fonts and other parts of web pages that you can customize. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information in these cookies is not used to track your browsing activity on other websites.

[hnbad]

These require consent if, for example, they involve the use of a third-party service. Setting a first-party dark mode cookie does not require opting in even if it's "non-essential". It does however require disclosure.

The jury's also still out to what degree third-party cookies need to be disclosed in detail (e.g. whether you really need to keep track of the dozens of cookies Google Maps or YouTube sets or whether you can just refer to their privacy policy for the details). But embeds for YouTube, Twitter, Facebook or Google Maps, or the use of Google Fonts or the use of third-party CDNs for non-essential functionality definitely do require consent (i.e. opt in).

[notpushkin]

I’m wondefing if those embeds would work in an `<iframe sandbox="allow-scripts" />`. This prevents them from reading/writing cookies, but everything else should work fine.