[SpicyLemonZest]

Is it the case that "countless websites have none"? Some websites, especially small ones operated outside of the EU, simply don't care about their obligations under European law. But in my experience it's extremely rare for European websites not to feature a cookie banner. It's not like it's just corporations: the official websites of the European Commission (https://commission.europa.eu/), the presidency of France (https://www.elysee.fr/), the chancellorship of Germany (https://www.bundeskanzler.de/bk-de/), etc. all have one.

[mrweasel]

The issue might be that a lot of websites are run by marketing and communications teams, that all have KPIs and metrics, which they need to track (sometimes for no good reason). Some of this could be done without cookies, but that requires an active operations team which can support it, but because these sites a managed solely by non-technical people they don't know what to ask for, they just know that if you slap on the snippet og JavaScript, they get the metrics they "need".

Github is probably the largest site that does not have a cookie banner, because they don't need on. If Github doesn't need a cookie banner, then maybe the EU commission could work on removing theirs as well.

[customguy]

> Some websites, especially small ones operated outside of the EU, simply don't care about their obligations under European law. What about lobster.rs?

Such as HN? Honest question, for all I know they're breaking EU law and nobody cares. Or maybe they don't.

Anyway, pouet.net doesn't have one. It links to a ton of group sites, many European, try to count the ones that don't have a cookie banner.

For fun, I did a quick and dirty test on the HN front page at the time of this comment, out of 30 links, I counted 11 cookie banners. Let's say I missed a few (a bunch of the ones I counted were a small bar at the top or the bottom, easy to miss, not even sure if they blocked the page), let's say it's 20 out of 30. One third of all websites is still a huuuuuuge amount of websites.

I took privacy seriously before I "had to". So for me, nothing changed. Why would it? You can have a link in the footer to opt into tracking. If actually "value consent" and all that. It's a complete non-issue for most sites that have banners, they could just stop being creeps and it'd be fine. But they don't want to stop, they want to annoy users as much as legally possible and then funnel the annoyance at the laws protecting those users against them.

"Have you heard about this new thing, you have to wear something around your ankle and can't be a school teacher and stuff like that? Yeah it's really insane, how will children learn anything, ever again?"

"Wait, what are you even talking about? Have you done something?"

Of course there's corner cases, of course this can also be a hassle for sites that aren't "creeps". But generally? The same generic false claims, over and over? Just no.

[SpicyLemonZest]

HN used to be non-compliant, but does seem to have fixed it, I'm not seeing any cookies in a browser where I'm not logged in.

pouet.net is tracking me. On my first visit they deposited a cookie named POUETSESS4 with a 1 year expiry and a persistent hash identifier in my browser.

I checked a few outbound links from that site to European domains, and it does seem to be about 50/50 on whether they have similar problems, which is much better than any rate I've seen elsewhere. Good on this community for having a lot of folks who care about privacy and roll their own web frameworks. But I doubt it's the case that the other 50% or the parent site intended to secretly track me; they just ended up with a dependency on some tracking framework by accident, and they're too small to get in trouble for it.

[customguy]

> they just ended up with a dependency on some tracking framework by accident, and they're too small to get in trouble for it.

I'd say it's simply not in the spirit of the law. I.e. that cookie could be used to track you, but isn't. Sure, they could be secretly selling your info, but they could also be secretly storing your IP and anything else to fingerprint you. That would also be illegal, and no way you could know from the outside. So why are there not constant raids all over Europe, all the time?

As I said, I do think it's because that law isn't enforced to just waste time on BS. If I walk across a red light in the middle of the night [0], where there's a car every 5 minutes, and do it carefully after looking left, right, left again, and you run up to cops parked nearby who saw that, and insist they do something, they'll laugh at you. If you insist and freak out, you have a bigger chance to get in trouble than I do. But that's not some sinister law that everyone breaks and that is enforced selectively, it really is for what it says on the tin, what a reasonable person would abide by it for.

[0] Or put a session cookie I never use except for logged in users, and without any PII, because the site was written in 2000 and it's fine.

[hdgvhicv]

> If I walk across a red light in the middle of the night [0], where there's a car every 5 minutes, and do it carefully after looking left, right, left again, and you run up to cops parked nearby who saw that, and insist they do something, they'll laugh at you

What country is that illegal in?

[Klayy]

Poland. My friend actually got a ticket for jaywalking at night across a completely empty street.

[customguy]

The US, and that's also besides the point. Why does stuff like this get bickered about, instead of simply showing the vast damages caused by this terrible law? I read FUD about it all the time, I don't know a single case of an actual problem it caused.

[chadgpt3]

HN explicitly breaks EU law. You can ask them to delete your comments because of GDPR, and they will tell you they don't follow European law so they won't so that.