from Hacker News

Cloudflare launches easy to set up consent manager that respects users

by kuba-orlik on 4/23/23, 7:59 AM with 92 comments

  • by kotaKat on 4/23/23, 12:25 PM

    Hold on, Cloudflare building a tool that respects users?

    Checking to see if that statement is secure.

    refreshes

    Checking to see if that statement is secure.

    refreshes

    Checking to see if that statement is secure.

  • by harry8 on 4/23/23, 11:55 AM

    Does cloudflare respect users? They don't even respect the intent of "do not track" enable it and you can do cloudflare captchas in an infinite loop which doesn't seem so respectful in my understanding of that word.

  • by jacquesm on 4/23/23, 12:32 PM

    I would love an option that allows me to set defaults for all websites that I visit. Such as to reject marketing and tracking cookies and other mechanisms used for that purpose globally and to allow me to fine tune functional stuff on a per-site basis.

  • by codegeek on 4/23/23, 2:49 PM

    We are betting more on Cloudflare as a company lately. Our static website was just moved to Cloudflare Pages and it is working really well (we have over 200 Pages and counting). We were trying to figure out how to handle the Cookie/Consent stuff and this comes along. Would love to try and see how it works out.

    Btw, if you haven't tried, give Cloudflare pages a shot if you are looking for a no nonsense static website tool. Combine it with Cloudflare workers, you can add dynamic features as needed. I don't work for them but just a happy customer.

  • by TekMol on 4/23/23, 11:00 AM

    Is anybody here monetizing their web projects with Google Adsense?

    If so, how do you manage consent?

    I tried to build a simple modal that asks the user if they agree to ads+cookies, with a link to a privacy policy which explains that I use Adsense and a link to their privacy policy. And only loaded Adsense if the user agreeed. But Google never accepted that. They never gave an explanation why.

  • by snowstormsun on 4/23/23, 2:48 PM

    What's the difference between "Reject All" and "Confirm My Choices" (with nothing ticked)? Could be a subtle dark pattern...

  • by donohoe on 4/23/23, 1:07 PM

    Many folks here asking about ads, AdSense, etc…

    The issue with this and all consent mangers is always ads.

    It is impossible to know all the potential ad vendors, ad tech, and what other devices ads will load in advance.

    Googled consent framework, the IAB framework, etc, all fail to address this.

  • by evntdrvn on 4/23/23, 1:58 PM

    If anyone from CF is here, could you please add a standard “X to close” button (reject all) at the top right?

  • by jacooper on 4/23/23, 4:07 PM

    Even though I'm wary of the centralization of the internet under cloudflare, I can't deny their products are awesome

    My rule of thumb is just never to use them as a proxy, CDN through R2, static pages etc are okay. Unfortunately Zaraz requires your website to be behind CF proxy.

    > And if you've ever clicked something other than Approve you'll have noticed that the list of choices about which services should or should not be allowed to use cookies can be very, very long.

    There should be a reject all button, right?

  • by time4tea on 4/23/23, 5:15 PM

    How about just use cookies for strictly necessary purposes. Then you don't need to ask, and the Web will become better

    It's only because sites are jam-packed with spyware that all these horrendous popups are everywhere.

    If you need a complex consent manager, it's a signal that you're doing the wrong thing.

    Ads are not strictly necessary, nor visitor tracking, btw.

  • by JCWasmx86 on 4/23/23, 2:48 PM

    Does it respect DNT headers? If no, it does not respect users.

  • by syndacks on 4/23/23, 2:55 PM

    Anyone know if this can be used as replacement for OneTrust?

  • by skrebbel on 4/23/23, 1:42 PM

    Is there any jurisdiction where you actually need a visitor's permission to count pageview stats? Seems pretty far-fetched to me.

  • by sylware on 4/23/23, 11:16 AM

    Namely it defaults to supporting noscript/basic (x)html browsers?

  • by mhils on 4/23/23, 5:10 PM

    Not supporting GPC (the DNT successor) directly contradicts the "respecting users" marketing fluff. I suspect the main reason why there is a "reject all" button is that Cloudflare folks rightly figured out that they are too big to get away with not providing one. Otherwise noyb.eu will say hello. OneTrust etc. are doing the same, there's nothing more user respecting about this solution.

    If Cloudflare is serious about privacy here, they should at least respect GPC and not provide customers with an option to disable it.

  • by PoignardAzur on 4/23/23, 10:35 AM

    That's nice, but Cloudflare seems to be missing the point.

    No consumer is going to say "oh, now that you've provided me such a streamlined tracking consent experience, I'll give you consent to track me across sites to show me personalized ads". They'll just click the "reject all" option you're legally compelled to give them.

    Also, the example includes a consent option for anonimized pageview counts data, which under GDPR you don't need consent for.

    An approach that would really respect user would be to store traffic analytics anonymously (in a way that resists trivial de-anonimization, so with binning and stuff), and throw away the rest. There, no consent popup needed.

  • by hammyhavoc on 4/23/23, 4:04 PM

    Has anybody switched from Complianz on WordPress to this? Any thoughts?

  • by blibble on 4/23/23, 1:45 PM

    you're still proxying through servers/systems controlled by a US corporation

    and the US is not considered to have adequate data protection laws under the GDPR