from Hacker News

I found a loophole to prevent those pesky cookie notices

by Mojah on 2/27/20, 12:16 PM with 59 comments

by gnicholas on 2/27/20, 12:56 PM
Unfortunately this is not what I anticipated based on the title (a user-based tool that circumvents pop-ups). It is a suggestion for website owners that they not use any tracking pixels or analytics on their websites.
I’m sure that works great for this guy’s blog, but I’d guess that it would hobble a startup’s ability to understand/optimize their customer funnel to abandon tracking entirely.
by davedx on 2/27/20, 12:57 PM
While I agree with the sentiment the title is very clickbaity, can it be changed?
by oefrha on 2/27/20, 1:03 PM
Save yourself two minutes of reading:
> Want to know why I don’t have a cookie notice on this site? It’s because I don’t track you.
Obviously doesn’t work for any website that requires creating an account and logging in.
Thanks everyone for upvoting a nothingburger to the top of front page.
Edit: Okay, I didn’t know cookie notice isn’t required for login cookies (apparently I never used a cookie banner on my sites anyway, cookie law be damned). Anyway, the nothingburger point still stands.
by desmond373 on 2/27/20, 1:04 PM
Could privacy based browsers implement a way of giving bad data to cookies? Poison the cookie jar, so to speak. An add-on would be nice but being able to point to a browser and say "this is attacking the issue" would be nice.
by superboum on 2/27/20, 1:51 PM
I find the way the article is written interesting. Indeed, the title is misleading and you will learn nothing on the technical part. However, the idea here is to be vocal about what society we want.
The goal is to say, as an individual:
```
  - I am not ok anymore that so much sensitive data are collected
  - I know data collection had negative impacts on individuals and society      
  - I can, and we should live without collecting so much data    
  - Individuals and society should come before companies    
```
And I definitely relate...
by njitbew on 2/27/20, 12:57 PM
I'm not sure if the author is trolling or actually presenting this as some groundbreaking insight. I thought it was obvious to anyone that no cookies means no cookie notice (and there are plenty of static websites that do this). The point is that most websites try to make money, and making money means advertisements, and advertisement (often) means tracking.
by Udo on 2/27/20, 1:12 PM
I do support this stance, but depending on your setup, there are gotchas website operators should be aware of. I see CDNs as a major hidden aspect: for the government, it looks like you're tracking people, even if you're not. So you'll need to host those JS and CSS frameworks on your own server, which I think is not that much of a problem, just something to be aware of.
However, the next issue is using Cloudflare or similar front ends. For example, I use their free tier on most of my websites. These reverse proxying services / DDOS mitigators / TLS terminators tend to set identifying cookies which website operators have little to no control over.
My point is that the web ecosystem contains lots of integration points that could lead to operators being liable in the eyes of the law, even if they're not actively tracking their users themselves - the services they use, do.
by simonblack on 2/27/20, 9:23 PM
Perfection is not when there's nothing more to add, it's when there is nothing more to take away.
My website is also 'bare-bones'. What do we need all that extraneous crap for? People who want to look at it will. People who don't want to look at it won't.
Want more eyes on your site? Make it more interesting.
by nkozyra on 2/27/20, 12:59 PM
There's obvious merit to this, and it harkens back to a 'purer' day of the internet.
But, big - huge - businesses exist (often exclusively) on the internet in 2020, and suggesting that nobody should worry about collecting metrics on traffic/usage is really not feasible when your bottom line depends on making sure those numbers are moving in the right direction.
Don't get me wrong: those companies collect too much. There's no need to do some of the deep, cross-site data sharing that most big web sites do. But analytics? Advertisements? Seems like fair game. Even if you run a boutique blog, you're going to want more real-world feedback than "hit me up on Twitter."
The larger complaint here (at least in the first half of the article) seems to be the lack of elegant ways to present this compliance. Nobody seems to do it in a way faithful to the law without ruining your browsing experience. Maybe that's the point.
by Avalaxy on 2/27/20, 12:55 PM
Great for your personal blog, but let's not assume this works for most businesses.
by triiif on 2/28/20, 7:55 AM
lost 2 min of my life reading this shit.
install the extension 'i don't care about cookies' if you don't care
https://chrome.google.com/webstore/detail/i-dont-care-about-...
https://addons.mozilla.org/fr/firefox/addon/i-dont-care-abou...
by faintrain on 2/27/20, 1:04 PM
Ha. I see what the writer did here. I was expecting a legal or technical solution of a different kind lol.
Now if I were to send this article to the business team at my company in order to make a point about privacy I’m sure it would result in one way.
They’d be pissed I wasted their time telling them not to track based on the views of the author who clearly doesn’t understand and hasn’t fully articulated the business implications of not tracking which are numerous.
No track is like security regulations in healthcare. Yes it makes sense but when you think about the implications to the system as a whole there will be negative impact.
1. Loss of jobs (lack of data collection in business)
2. Loss of lives (greater security requirements in healthcare)
Why loss of jobs? Because guys like Jeff Bezos will lay-off staff before impacting his and his shareholders wealth in any significantly negative way.
Tell me why I’m wrong.
by Nasrudith on 2/27/20, 1:13 PM
Lets start with an analogy. Solving noisy fans via a specially designed radiator case is clever. Saying "just don't use fans" is useless smugness. This "article" is useless smugness.
Yes, not using cookies is a way to avoid it. To be useful for anything but personal satisfaction the function fulfilled needs to be solved as well. Even if it is a niche and highly qualified solution like "a low bandwidth largely plain HTML website with lower yielding non-tracking ads or a donation page can actually yield more money per hosting cost but results in far smaller websites" would still be infinitely better.
by bouk on 2/27/20, 1:05 PM
What a lot of people don't know is that you're allowed to use cookies for analytics purposes with GDPR, as long as you're anonymizing and as long as they're not used for cross-site/device tracking and advertisement.
The Dutch personal data authority even published a guide for Google Analytics explaining exactly what to do: https://www.autoriteitpersoonsgegevens.nl/sites/default/file... and they ruled that you don't need permission to enable the cookies when you do. You do need to have a privacy policy however.
by enriquto on 2/27/20, 1:06 PM
Notice that browsing without cookies nor javascript makes such notices invisible and most sites much faster and usable.
by SimeVidas on 2/27/20, 1:11 PM
I found a loophole to prevent corruption
Stop. Wanting. Money. All. The. Fucking. Time.
In case it’s not obvious, the article is a publicity stunt.
by smoyer on 2/27/20, 1:00 PM
I've eliminated cookies from my systems too ... I just put my tracking information in local storage.
by Grumbledour on 2/27/20, 1:05 PM
I do wonder why so many big websites have chosen to present huge annoying cookie banners to people that are still, at first glance, a clear violation of GDPR. (Like having no explicit opt-in, often not offering an opt-out besides the notice to close the site etc.)
Why annoy your users if your are not compliant anyways?
by toxicFork on 2/27/20, 12:57 PM
What happens if you use cookies but for non tracking purposes?
by tedk-42 on 2/27/20, 9:12 PM
Clickbait title as it's not a loophole.
by bil7 on 2/27/20, 12:57 PM
i hate tech blog clickbait so much
by therealmarv on 2/27/20, 12:58 PM
Haha, I discovered this loophole too when GDPR was introduced. I also removed all tracking code especially from smaller sizes. I don't care about tracking users there.