
Ask HN: A way to adblock “we're using cookies” popups? - rayalez
Whatever the intent of the GDPR was, the practical result is that now I have to click away the annoying &quot;we&#x27;re using cookies&quot; popup on every website.<p>Is there any way to do this automatically? If there isn&#x27;t - there should be. Maybe people should  use some special tag for them, so that it would be easy for users to block them on all the websites, if they want to.
======
gpas
If you are already using ublock origin go to settings > filters list >
annoyances, turn on easylist-cookies.

~~~
hutzlibu
I am amazed, at how much that annoyed me, too - and why I never bothered to
find out, that ublock origin has this as a hidden feature. Awesome. I just
also turned on all of the other annoyance settings. Is there a good chance of
real content getting removed, on occasion, or do they work quite good?

~~~
bashinator
It's pretty easy to make your own, too. I use the element zapper and picker to
block Reddit's incessant demands that I use "new" reddit and get a "premium"
membership. I also use it to block Facebook's "trending" bullshit.

~~~
naravara
Either an element zapper or a one click sticky-header killer should honestly
be standard issue features in browsers nowadays. The web would be a miserable
without them, especially on mobile.

~~~
bashinator
I'm just concerned that's inviting an arms race where unwelcome page elements
get randomized CSS namespaces. Fuck that noise.

~~~
chmod775
In that case we could just match by the CSS rules' content - i.e. match all
elements that have style X, Y, Z applied to them. That kind of arms race would
be over real quick.

~~~
dmurray
The arms race is that the next time you come back to the page, the offending
element has a slightly different style (randomized CSS class name, RGB values
changed by 1, font size changed by 0.1...) and your browser doesn't recognise
it as being the right element to block.

~~~
chmod775
Match by ranges so changing values by 1 doesn't work. At the end of the day a
human would have to come up with an entirely alternative style for the page to
defeat your filters.

Pretty much any machine generated variations can also be defeated
automatically by a machine. If defeating your filters takes a lot of work, and
only helps until a few days later you update your filters in a few minutes,
nobody is gonna bother.

------
Reason077
The EU cookie laws were well-meaning, but have had the unintended consequence
of making the web more annoying, more difficult to use, and more fragmented.
We shouldn’t have to resort to ad blockers just to make the web usable again.

The solution? Cookie consent should be a built-in feature of browsers and
http, not something that is reimplemented in a slightly different way by every
single website.

Your _browser_ should pop up a standardised cookie consent request when you
browse a new site, and enforce your selection as part of its security policy.
If you choose to block all cookies (ie: private browsing mode) then the cookie
consent request wouldn’t need to appear at all.

~~~
MaxBarraclough
> Cookie consent should be a built-in feature of browsers and http

Didn't we have that from day 1? A browser is free to disable cookies.

~~~
phire
Browser only allow consenting between no cookies, first party cookies and all
cookies.

The EU laws are more concerned about the intent of the cookies. Are they
functional cookies or tracking cookies designed to reduce user privacy.

------
markgavalda
Yes, quite easily: [https://chrome.google.com/webstore/detail/i-dont-care-
about-...](https://chrome.google.com/webstore/detail/i-dont-care-about-
cookies/fihnjjcciajhdojfnbdddfaoknhalnja)

~~~
the_pwner224
That is the way, but there's no need to install an extension just for it. Just
add the IDCAC filter list to uBlock Origin (uBO settings => Filter Lists =>
Import, at the very bottom):

[https://www.i-dont-care-about-cookies.eu/abp/](https://www.i-dont-care-about-
cookies.eu/abp/)

Also on that same page you can enable some of the 'Annoyances' filters. Just
be aware that some of them block social media buttons (FB/Twitter like/follow
embeds), which you may not want.

~~~
nailer
Isn't uBlock Origin an extension?

~~~
ryankrage77
Yes, but uBlock and can do everything IDCAC can do, and more, so there's no
point in having both installed.

~~~
nailer
Sure but what if you only care about cookie warnings and use site that are
supported by ads?

~~~
Fiveplus
Tangential question, but I would _love_ to know if a group of people who
prefer ads but not cookie warnings exist? Do they rank supporting the website
above minor inconvenience of pop-ups and advertisements? That's gotta be a
unicorn in terms of internet users.

~~~
Wowfunhappy
Uh, I'm in this group.

I think that if I'm visiting a website and using its bandwidth, the website
ought to get paid. If the ads are too egregious, then using the website isn't
"worth the cost" and I go to a different website.

I do however pay for Scroll[1], and I use Firefox's Enhanced Tracking
Protection. Due to the latter, many websites think I'm using an adblocker and
complain, which really irks me.

\---

1: [https://scroll.com/](https://scroll.com/)

------
scarface74
So you mean government involvement in tech both didn’t serve its intended
purpose and its an annoyance to the end user? I would have never guessed....

~~~
johannes1234321
The government doesn't enforce cookie banners. They enforce that there
shouldn't be tracking. It's the tech companies who think it's worth while to
annoy the users with coockie banners in order to be able to do more tracking
(my assumption is that some make the banners extra painful as a way to steer
anger towards legislature ...)

~~~
dilap
I mean, still, the practical effect of the govt legislation was to annoy
countless people and waste who-knows-how-much-effort implementing the stupid
banners.

To argue that this leglislation would've had a good effect in some
hypothetical alternative world where businesses had different incentives is
beside the point!

(Side note, if it were not for govt investment in the dentralized, open
internet, we'd probably all be using some ungodly-advanced version or America
Online. So I'm certainly not advocating govt has no place in tech!)

~~~
esperent
Another way of looking at it: the effect of the legislation has been to expose
that just about every website tracks you.

Websites don't have to put a cookie banner for every kind of cookie. They have
to show it whenever they collect identifying data about you. If they choose
not to collect info on their visitors, then they don't have to put a banner.

~~~
berkes
With most of my customers the conversation goes something like:

\- Customer: We must still implement that cookie popup before launch!

\- Me: No. You don't _have_ to. If we just disable SomePerformanceMetrics and
GoogleAnalytics, we're done: we don't need a pupop.

\- Me: who is using the performance metrics ATM? And who is acting on GA? How
do you _use_ them? Would this (shows three really neat Log-analyzers as
alternative) suffice?

\- Customer: We don't use them yet. But we might want to in future. And we
then we might need all that data. So we want to start collecting it now.

Point is: you don't need Google Analytics, you don't need any of those 20+
tracking cookies if you actually look at it. But there's a lot a FOMO,
combined with "but this is how we have always done it, so shut up".

There are some rare cases where GA, new-relic, tagmanager etc are really
_nessecary_ and none of the privacy-friendly (ie no-cookie-popup required)
alternatives cut it. But those are rare. I daresay that a vast majority of
tracking cookies is just there because the developers/business is too lazy to
take a serious look at the problem.

Which is why I truly welcome more legislation that turns "collecting vast
amounts of data" from "free" into a real and looming liability.

~~~
esperent
You don't even have to fully disable GA. You just need to disable individual
level tracking, as far as I know.

~~~
smhg
With the anonymizeIp parameter?

[https://developers.google.com/analytics/devguides/collection...](https://developers.google.com/analytics/devguides/collection/analyticsjs/field-
reference#anonymizeIp)

------
marcrosoft
We should encourage the EU to remove this ridiculous requirement.

~~~
markovbot
We should encourage websites to stop tracking us.

~~~
babarock
The 2 aren't mutually exclusive.

Seriously, I wonder if adding those cookie banner impacted tracking in any
significant manner, because it definitely _significantly_ impacted the
usability of the web.

~~~
markovbot
Actually, it only impacted the part of the web that is trying to track it's
users. Things that didn't have cookies aren't impacted.

The only world in which your statement makes sense in one where user tracking
is assumed to be acceptable and something that must be done. Neither of those
things are true.

~~~
james-skemp
Not OP, but I completely agree with their statement that "it definitely
significantly impacted the usability of the web."

As others have noted, a ton of sites seem to have just thrown the necessary JS
on their site without actually seeing if they needed to, or if they did, if
they could make minor changes that would remove the need.

From a usability/user experience perspective, now users have these popups
displaying on some number of sites that they visit, often developed with the
assumption that they will be accepted by the user.

Based upon some of the experiences I've had, I would say a number of teams
neglect to properly test their sites as a user that has not accepted/dismissed
the pop-up/overlay.

------
TACIXAT
I can't believe this isn't handled by the browser. Make a standard API like
the location or notification pop ups. Have a setting that says I understand
what cookies are and I accept all.

~~~
julianlam
The problem is you're expecting the developers and website owners to
voluntarily opt-in to this browser standard.

It'll probably have about as much adoption as Do-Not-Track...

~~~
fourstar
So show a warning when it’s not detected like SSL.

~~~
lopis
Wouldn't that hurt simple websites which don't track by default?

------
swixmix
I use vimium[1] to close _most_ pop-ups by typing "f" and then hitting the
letter that pops up next to the close button.

If that doesn't work, I use a bookmarklet called "Remove Sticky"[2]. I type
"bre" and hit enter when sticky things pop up to get them gone.

[1]:
[https://chrome.google.com/webstore/detail/vimium/dbepggeogba...](https://chrome.google.com/webstore/detail/vimium/dbepggeogbaibhgnhhndojpepiihcmeb)

[2]:
[https://news.ycombinator.com/item?id=23446504](https://news.ycombinator.com/item?id=23446504)

~~~
behnamoh
That's actually a smart way of using vimium, thank you! I'm gonna set more
bookmarklets for various tasks now.

------
thiht
I feel like something should have been implemented at browser level through
HTML meta tags to display the cookie banner. This would allow websites to
declare technical cookies that cannot be blocked and other cookies that can be
blocked by the user. We could even have a standardized, native cookie banner
in the same way as the permissions asked by the browser.

Any idea if there's a chance to get this one day?

~~~
akvadrako
That won't work because most people will want to just permanently block
tracking cookies. You could legislate it, but it would effectively kill
targeted advertising.

The dialogues are only necessary because the website owners want to send you
tracking cookies. If they choose not to, there is no need for any kind of
banner, native or otherwise.

~~~
thiht
> That won't work because most people will want to just permanently block
> tracking cookies. You could legislate it, but it would effectively kill
> targeted advertising

So? The only difference between what I suggest and what we have is user
friendliness. The law is already here.

~~~
watwut
Yeah, but technical obtuseness is intentional. First, to force users to click
"accept all" and second to make users hate the law.

It could be more user friendly, but that is not desired political/economical
result.

------
mrweasel
There’s an “I don’t care about cookies” plugin for Firefox, it just hides the
cookie popup. It’s not perfect but works well enough.

~~~
qxxx
I use this on all my machines. I even donated to support the project. It works
like a charm. It removes most of these cookie popups. I wish there was a
better version like someone stated directly in the browser - currently this is
a mess.

------
dificilis
For people who are disabled, dismissing cookie dialogs is one extra difficult
pointless thing they have to do _every_ time they visit any website.

Is this a violation of human rights?

~~~
smabie
Yeah, just like how movies existing that blind people can't watch is a
violation of human rights.

------
talideon
I would recommend the Consent-O-Matic ([https://github.com/cavi-au/Consent-O-
Matic](https://github.com/cavi-au/Consent-O-Matic)) plugin. It doesn't get rid
of everything, but it does automatically fill in the forms on practically
every website, and you can submit an issue to them when it misses one. I have
it set up to automatically deny.

------
TechBro8615
I’ve always thought this should be a browser feature. It would be more useful
than the DNT header, anyway...

~~~
drdaeman
This is what happens if browser vendors don't solve the issue with technical
measures, being too afraid to break things.

(Not surprising, given that a the largest one, being or close to being a de-
facto monopolist, has conflict of interests on the matter of user tracking and
profiling.)

We get a legal solution which is poorly understood, has weird unintended side
effects (because it was made by non-experts) essentially breaking things
(just... non-technically), and doesn't really prevent the bad actors from
continuing what they did.

~~~
anoncake
This issue can't be solved purely with technical measures, unless you're
willing to accept major loss of functionality. The GDPR is fine, enforcement
is what's awful.

------
jimnotgym
There is a really frustrating thing happening on this thread where people are
downvoting answers that are technically correct, which suggests they must be
simply disagreeing with the writers opinion on underlying politics. That is a
sad way for hn to go.

~~~
ARandomerDude
It's been that way for a very long time. I get down-voted if I say anything
from a conservative perspective here.

~~~
ciarannolan
I believe you when you say that you notice you get down voted for expressing a
conservative view on HN, but I seem to notice the opposite.

HN has a way of defending Trump and quickly down voting direct criticism of
conservatives, at least in my own n=1 experience.

edit: ...and this comment was flagged. Case in point.

~~~
dang
You guys are probably both running into the notice-dislike bias:
[https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...](https://hn.algolia.com/?dateRange=all&page=0&prefix=true&query=by%3Adang%20notice%20dislike&sort=byDate&type=comment)

I can give you long, long lists of commenters complaining with complete
certainty in the bitterest terms that HN is extremely biased in favor of $side
and the mods are totally biased in favor of $side, but $side varies entirely
with the political feelings of the perceiver. This is one of the most reliable
phenomena that exists on HN.

I wrote a long thing about this earlier today:
[https://news.ycombinator.com/item?id=23530467](https://news.ycombinator.com/item?id=23530467).

~~~
ciarannolan
That's interesting, thanks for linking your comment.

I believe it 100%, which is why I tried to discount my own claim too ("n=1"
etc).

>We don't see the world as it is, but as we are.

------
atleta
They most of the time shouldn't be "we're using cookies (and we've planted all
of them without your consent, oops)" anyway, but consent managers.

But yeah, this could be handled in a more user friendly way, if there was a
standard way to express the consent options (with the cookies and their
functionalities) that the browsers could parse. Then the page could check if
the browser handles it or if it has to fall back to what they're doing now.

~~~
pythux
As mentioned in another comment, it’s actually possible:
[https://news.ycombinator.com/item?id=23524626](https://news.ycombinator.com/item?id=23524626)

~~~
atleta
Makes sense. Actually it could very much work without the active participation
of the web sites, at least for cross-site tracking. Because we can collect and
identify and categorize those cookies.

And now that we're talking about it, Firefox does have something similar
accessible from the URL bar, called "Enhanced tracking protection".

~~~
pythux
Well, enhanced tracking protection is closer to what an adblocker/content
blocker would do as far as I know. They classify some domains as trackers
based on a static list from Disconnect then use that information to either
block requests or enforce extra restrictions on those (like blocking
cookies/storage).

------
TooKool4This
Any solutions for mobile (iOS)? This problem is really painful on mobile
devices where (in Safari) the popup takes up half the screen after the url+nav
bars takes up a quarter leaving you with 25% of the screen to look at the
actual content (with autoplaying ad videos every few paragraphs if you are
lucky!) until you dismiss the popup.

Argh, makes me angry just thinking about it. The web is becoming increasingly
painful to use through a UI browser.

~~~
Nextgrid
AdGuard on iOS works well for those (in addition to ads, social media and
other trash).

~~~
TooKool4This
Wow that was awesome and super easy. Thanks for the tip, didn't know iOS
Safari had an API for content blocking, I will need to explore that more.

------
jgimenez
I'm tired or ad blockers, they make the page usually slower to load. Even if
they save you some downloading, they usually block the loading pipeline, so
they end up costing you more time. I use a combination of "I don't care about
cookies" to automatically accept all cookies, so websites are free to show the
ads they want and send me the cookies they want. Then I use Firefox Enhanced
Tracking Protection in strict mode to delete all tracking cookies as I go. It
has worked great so far. Yes, I see ads, but they're not targeted and the page
loads fast.

------
myfonj
For "manual" cleanup I'm using slightly extended universal "Sweep Stickies"
bookmarklet [1], based on idea taken from "Kill Sticky" [0]. Removes generally
all those banners and overlays obscuring content and eating viewport.
(Userscript available [2], but I prefer good old bookmarklet way for this.)

It literally crawls all elements in page, tests their computed style and
removes those with sticky position (and a bit more). Works quite well for me.

[0] [https://alisdair.mcdiarmid.org/kill-sticky-
headers/](https://alisdair.mcdiarmid.org/kill-sticky-headers/) [1]
[http://myfonj.github.io/utils/bookmarklets/sweep-
stickies.ht...](http://myfonj.github.io/utils/bookmarklets/sweep-
stickies.html) [2] [https://greasyfork.org/en/scripts/370572-sweep-
stickies](https://greasyfork.org/en/scripts/370572-sweep-stickies)

------
Brajeshwar
Try These,

\- For Safari, if you're using 1Blocker, in "General" > "Block Annoyances".

\- For NextDNS, I thought I saw "Annoyances" but could not find it now. Should
have it somewhere.

\- Chrome have a plethora of Extensions that "don't care about cookies" or
similar. Other than that, as someone else commented, uBlock Origin > Settings
> Filters List > Annoyances

~~~
pythux
It’s pretty unlikely that a DNS blocker (like NextDNS or others) can
effectively remove cookie notices since content blockers rely on injecting
custom style sheets in practice to tackle them (which a DNS blocker absolutely
cannot do).

------
rajangdavis
Depending on how bad the warning is, it might be easier to disable javascript.
Have found that this gets around some noiser news sites.

------
rhardih
Still have to click to remove it the first time, but I made an extension for
this very purpose:
[https://chrome.google.com/webstore/detail/ekill/lcgdpfaiipae...](https://chrome.google.com/webstore/detail/ekill/lcgdpfaiipaelnpepigdafiogebaeedg)

------
ghostwords
Check out Cliqz Autoconsent: [https://github.com/cliqz-
oss/autoconsent](https://github.com/cliqz-oss/autoconsent)

 _This is a library of rules for navigating through common consent popups on
the web. These rules can be run in a Firefox webextension, or in a puppeteer
orchestrated headless browser. Using these rules, opt-in and opt-out options
can be selected automatically, without requiring user-input._

 _This library is primarily used by the cliqz browser in order to automate
user-consent, and make a cleaner browsing experience. There is also a
standalone addon that can be installed in Firefox._

------
atirip
I use Safari User Stylesheet. This is mine:

    
    
      /* "custom" */
      [class*="as-oil"]:not(body, html),
      [class*="optanon"]:not(body, html),
    
      /* "generic" */
      [class*="consent"]:not(body, html),
      [id*="consent"],
      [class*="gdpr"]:not(body, html),
      [id*="gdpr"],
      [class*="announcement"]:not(body, html),
      [id*="announcement"],
      [class*="policy"]:not(body, html),
      [id*="policy"],
      [class*="cookie"]:not(body, html),
      [id*="cookie"] {
       display: none!important;
       visibility: hidden!important;
       transform: scale(0)!important;
       opacity: 0!important;
       width: 0!important;
       height: 0!important;
       z-index: -1!important;
       background: transparent!important;
       color: transparent!important;
       font-size:0!important;
      }

------
jeff3dx
1Blocker for iPhone filters most “we’re using cookies” annoyances.

------
inimino
At this point we're better off building a _samizdat_ -like shadow WWW which
simply loads the genuine content by using the URL as a content identifier, but
without relying on the HTTP server on port 443 on the A or AAAA record
mentioned in the domain. URLs are also URIs, after all, and nobody said we
have to put up with broken servers being the only content resolver available.

------
BurningFrog
I never get Jehovah's Witnesses knocking on my door to talk about Jesus
anymore.

Instead I have the EU asking me about Cookies on every other web page.

------
Good_Karma
Yes. Install uBlock Origin. Right click on ad / pop up -> Block Element ( a
rule is automatically generated ) -> Create. Voila ! You might have to do it
2-3 times for the same element as it might have several layers. But then
you're done and you haven't been forced into clicking. "ok"

------
lazyjones
I use "Banner Hunter" for Safari which does just this and nothing else.
Unfortunately it will sometimes leave the websites unusable because it removes
the modal cookie banners but not the "greying out" layer over the content that
disables it while the banner is visible...

~~~
MaxikCZ
"Behind The Overlay Revival" Firefox addon solves this!

------
vz8
Thank you.

There are numerous sites I go to regularly incognito to log in as an admin vs.
end-user: several have low-profile, low-contrast cookie warnings which disable
all other menus until you acknowledge them (without an apparent overlay). Just
that little extra bit of friction every day adds up.

------
tgsovlerkhgsel
In addition to taking whatever technical measures you are taking, if you're in
the EU, consider also grabbing one web site that has a particularly bad
consent flow (e.g. a dozen clicks to not get tracked, or a "click or scroll
anywhere to consent"), and report them to the appropriate DPA.

The DPAs often only work off consumer reports.

You need to know that these popups are a result of two separate laws: The
ePrivacy directive aka Cookie Law, and GDPR. GDPR is enforceable one that you
care about. A web site can process your data (e.g. for personalized ads) for
one of the explicitly given reason, the most common ones being "legitimate
interest", "fulfillment of a contract" and "consent".

There have been a couple recent statements about what counts and doesn't count
as legitimate interest, fulfilling a contract, and consent.

You also have the right to ask the controller of the data (not the processor)
for a list of data stored about you. Try it with one of said web sites! Make a
clean cookie jar, use the site and only the site, send them the cookie jar,
and see what data they store. (If they don't, file a complaint with the DPA)

------
aembleton
Import the following filter list into uBlock Origin: [https://www.i-dont-care-
about-cookies.eu/abp/](https://www.i-dont-care-about-cookies.eu/abp/)

------
alkonaut
When my browser just hides the popup or banner, which setting did I choose?

The GDPR is pretty clear that opting out must be the default choice, but it
wouldn’t surprise me if some use a system that only follows that if it is
actually shown.

~~~
TeMPOraL
I wish member nations were more proactive in fining people over this, because
I'd then happily report every system like that.

On a related note, has anyone ever seen the corresponding consent popup that
would let me _opt back out_ of tracking cookies? I haven't. Which strikes me
as weird, since consent was supposed to be as easily to rescind as it is to
grant it.

~~~
livre
>has anyone ever seen the corresponding consent popup that would let me opt
back out of tracking cookies?

I have but only once, I don't remember where, it was probably an obscure site
that didn't have whatever I was looking for. The pop-up was a big list of
third party companies with checkboxes (Android style, slide left to uncheck)
that had to be disabled individually. I don't think that was legal, consent
was given by default unless I manually unchecked each box. There was of course
no "uncheck all" button.

------
sneeuwpopsneeuw
Most cookie popups are using javascript so when one is popping up i use the
chrome extension "Quick Javascript Switcher" to toggle the Javascript off.
This does not always work but it works in most cases.

I tried external list for Ublock as well. They say they will remove those
things but they sometimes break things. Video's or slideshows for example did
not seam to work when Ublock removed the cookie pup-ups.

------
mD5pPxMcS6fVWKE
I use "I don't care about cookies" extension for Firefix, seems to work well.

~~~
CawCawCaw
This is a great extension and also available on Chrome.

------
spartas
Don't drag the GDPR through this mess. It's not the fault of the GDPR that
everyone decided that these cookie consent walls are the new normal.

[https://techcrunch.com/2020/05/06/no-cookie-consent-walls-
an...](https://techcrunch.com/2020/05/06/no-cookie-consent-walls-and-no-
scrolling-isnt-consent-says-eu-data-protection-body/)

------
blacklight
1\. Cookie policy management should be done at browser level with using
standard HTML/JS constructs. Instead, everyone nowadays is doing it by adding
custom HTML to their own pages to handle the panel/popup logic: they're doing
it wrong, because it makes it much harder to detect which part of the page
hosts the cookie settings panel.

2\. Also, many of those panels have "Accept all" as a default option. Many
make it purposely hard to disable some trackers without going deep down into
crowded cookies preference pages. This is also the wrong way of complying to
GDPR, and the sites that do it must be appropriately punished. The default
should be "Deny all except for non-third-party functional cookies".

3\. In the meantime, NoScript helps blocking some of that crap. If you never
whitelist domains like cookielaw.com you're unlikely to see many of them.

------
Angostura
> The EU cookie laws were well-meaning, but have had the unintended
> consequence of making the web more annoying, more difficult to use, and more
> fragmented.

Not really. GDPR says that non-transactional cookies should default off.

------
082349872349872
My heritage is of a web that worked just fine without cookies at all.

------
ajimix
Contact the EU and tell them to remove that non-sense rule as it makes the
internet waste time clicking annoying things that nobody reads or cares.

~~~
happymellon
On the contrary. I love it, because now it is illegal for me to be tracked
without my consent (and my not clicking on decline is not consent), which is
why American news sites block EU IPs because they can't just data mine me
without my knowledge.

~~~
number6
Works as intended. It's not the regulators task to put the law in a nice UX.

