
Getting rid of the Google cookie consent popup - edward
https://daniel-lange.com/archives/164-Getting-rid-of-the-Google-cookie-consent-popup.html
======
akshayB
Eventually what will happen is all major services on internet that the consent
popup will turn into an annoying experience like you have to click 'I Agree'
button whenever you are installing any software. Major portion of internet
users don't understand laws/privacy and they would just click 'I Agree' to
move forward to next step.

This is still a big win for the companies since they have engineered a
behavior where people just click 'I agree' without understanding it.

~~~
ifmpx
Which will encourage courts to render these "agreements" invalid. I think
there was a study that showed that it would take the average user 40 man-years
to read and understand each software or serive legal agreements they "agree"
to.

Software legal agreements are a farce, and it's only a matter of time before
governments step in and regulate the shit out of it.

~~~
Nextgrid
Note that Google's consent form is already invalid and completely useless from
the GDPR's point of view.

As per the GDPR, consent should be freely given (you are not penalized for
declining) and it should be as easy to decline as it is to agree (something as
simple as pre-ticked checkboxes is already in breach). The ICO's (UK privacy
regulator) website provides more details: [https://ico.org.uk/for-
organisations/guide-to-data-protectio...](https://ico.org.uk/for-
organisations/guide-to-data-protection/guide-to-the-general-data-protection-
regulation-gdpr/lawful-basis-for-processing/consent/)

The current Google consent prompt fails the second test. There is an easy "I
agree" button but no "I decline". The "See more" button leads you to some more
filler text and turns the button to "Other options". Clicking _that_ gives you
more filler text and some links to Google/YouTube history and ad settings, but
setting those doesn't actually dismiss the modal and you are still supposed to
click "I agree". Furthermore the Google personalized ad opt-out says the
setting can take hours to apply, which would also not comply with the GDPR as
ad tracking should be opt-in to begin with.

~~~
paulryanrogers
What is at stake if the EU agrees this is a violation?

~~~
rightbyte
E.g.:
[https://en.wikipedia.org/wiki/Microsoft_Corp._v._Commission](https://en.wikipedia.org/wiki/Microsoft_Corp._v._Commission)

------
frereubu
Those filters are picking up auto-generated css classes that will most likely
change sometime soon, although there’s not much you can do to counter that
until one of the filter lists starts to track them. Just FYI in case you
wonder why it stops working suddenly.

~~~
mywittyname
I'm hoping that someone will come up with a plugin that detects and eliminates
"HTML popups."

I've tried to do so myself, but I can't find a way of determining if an
element is going to occlude another.

~~~
dlkmp
Even if you do, it will kill navigation flyouts and similar if done naively.

~~~
dredmorbius
If those ... "features" ... prove to unreliable due to collateral damage from
annoyances filters, they'll be abandoned. And good godamned riddance.

~~~
lexicality
Do you think the vast majority of users will tolerate the internet being
broken until websites catch on, or will they just disable the extension and
write bad reviews that Amazon stopped working?

~~~
dredmorbius
The majority of Internet users != the majority of Internet value.

Drive off key market segments and you'll see shift. The smart money and big
money is tech savvy.

------
dmortin
Lately Youtube too annoys me with some message to sign up if I'm not logged
in. Unfortunately, that is not a popup, it is displayed in the video panel,
stopping the video from playing.

~~~
donclark
I would pay $ to get the ublock filter code to remove this.

~~~
iagooar
If you are ready to pay to remove it, just pay for the YT subscription.

~~~
rwmj
How would that help? It would still nag you to log in each time you cleared
cookies.

~~~
iagooar
Do not clear them, you can‘t eat the cake and have it.

------
ryandvm
I would love to know the full story on how we ended up with the "hey, we use
cookies" legislation? Of all the ineffectual privacy laws, that one sure
surely takes the cake. Has _anyone_ _anywhere_ ever left a web site because of
that warning?

~~~
privacylawthrow
I'm a privacy lawyer at a multinational company that has dealt with cookies
for years. I created an account because none of the responses to you are
correct. The ePrivacy Directive was not replaced by GDPR and cookie rules do
apply to first party cookies.

We ended up with cookie rules because regulators were concerned about the use
of cookies to create user profiles based on activity across multiple websites,
especially for "evercookies"/"zombie cookies" where a user's cookieID would be
resurrected even after a user deleted them. Instead of banning zombie cookies
or cross-site tracking, the EU instead decided it was a violation of user
privacy to place _any_ cookies or other data files on the user's machine
without their consent.

The actual language is "Member States shall ensure that the use of electronic
communications networks to store information or to gain access to information
stored in the terminal equipment of a subscriber or user is only allowed on
condition that the subscriber or user concerned is provided with clear and
comprehensive information."

Cookie consent boxes are implemented at the website level because the law
applies to website publishers, not browser makers. Website publishers were
explicitly told that they cannot rely on a user's browser settings. This put
the browsers in the back seat and ended up with today's world where you have
to opt out of a service provider like Google Analytics on a site-by-site
basis.

The vast, vast majority of users do not touch cookie settings. There are
probably more users running scripts to disable cookie popups than there are
users opting in or out of specific cookies.

It is an odd world where websites bend over backward to make cookie popups
that actually work knowing full well users do not care. The average user
doesn't really know much about cookies, much less the wide variety of
activities powered by cookies. Cookie consent popups are publicly available,
making them easy targets for regulatory audits. Ireland ran a huge sweep and
sent out letters to a number of large companies telling them to clean up their
act by October or else. We are a few weeks away from seeing what the "or else"
will be.

I'm happy to answer any other questions you have on this.

~~~
AlexanderZ
So what does the real minimal setup look like? Will text ("This website uses
cookies") + a button ("I agree") work?

~~~
privacylawthrow
No because that's not informed consent. Different countries have different
requirements, so the minimum varies by country, but all countries require some
level of information about cookies for the consent to be "informed". At a
minimum you'd need to link to more information about what cookies are and how
they are used.

If the cookies do not involve personal data, then GDPR does not apply, and a
popup/pushdown/modal with text, a link, an accept button, and a reject button
is all you need.

If the cookies do involve personal data (e.g., IP address), then GDPR applies.
For cookies where GDPR applies, the legal requirements depend on the purpose
for using the cookie. Wach purpose for using cookies requires its own consent.
For example, cookies used for analytics require separate consent from cookies
used for third party advertising. If a website only used cookies for a single
purpose, the consent window could be pretty small. If there are multiple
purposes, it's basically going to be a privacy policy just for cookies.

There are several billion dollar lawsuits against online adtech because it's
not clear under GDPR whether anonymous but unique cookieIDs are personal data.
If they are, the entire industry violates GDPR.

------
gruez
Or subscribe to the "I don't care about cookies" list on ublock. It has the
advantage that it's maintained by someone else so you don't have to maintain
it yourself

~~~
jakub_g
Link so that you don't have to search: [https://www.i-dont-care-about-
cookies.eu/](https://www.i-dont-care-about-cookies.eu/)

------
svnpenn
Yep, I do this. I keep my list here, which is essentially these type items,
and also a bunch of the "fixed top and bottom bars" that sites love to put in:

[https://github.com/nu8/hearth/blob/master/ublock-
origin/filt...](https://github.com/nu8/hearth/blob/master/ublock-
origin/filters.cfg)

------
PaulHoule
We should have a movement for countries to ban the cookie popups.

I bet you could get 80% of the vote in most places on that issue alone, it's
probably better than health care, immigration, or anything else.

~~~
lmkg
They already are banned. What we need is enforcement of existing provisions.

~~~
PaulHoule
Where? I thought those cookie popups were "legislated" by the EU or at least
that internet giants came to the conclusion that those popups were required.

In reality they are a form of harassment, just like all the other pop-ups that
assault computer users continuously. Somebody ought to spend a night in jail
for every time you tick a box that says "don't notify me about this again?"
that keeps coming back.

~~~
lmkg
It's more complicated than "banned," but if you want the details, I can give
them.

In short, you can't use non-essential cookies unless you have consent.
Companies _want_ to use non-essential cookies, so they're trying to pressure
users to consent by using things like pop-up banners. But the current
definition of "consent" basically says that if you're pressuring users, then
the consent isn't valid.

It's perfectly fine to not have a banner and not track users. It's perfectly
fine to have a non-blocking infobox at the bottom asking for consent. A big
ol' blocking banner than mandates user action for non-essential tracking... I
don't think it's actually illegal (although there's currently lawsuits ongoing
about paywalls), but it doesn't achieve what it's trying to achieve, which is
collecting user consent.

~~~
Nextgrid
I am indeed not sure whether a full-screen blocking modal would be illegal
per-se, but the fact that this modal lacks a decline button as easy to use as
the "I agree" one would be an obvious breach in my opinion. As it stands
giving consent on that Google form is very easy and takes one click, but
refusing takes a minute and navigating across several different settings
pages.

~~~
g_p
Factors considered when evaluating legality of cookie prompts include size,
but also down to the prominence of the options to accept and reject. Even the
size and colour of the buttons has been ruled to be relevant in guidance from
regulators. Most cookie prompts are currently invalid and illegal. It's very
rare I find a valid one that fully complies with the various aspects of the
regulations.

It's also very common for sites to place cookies before they even get the
consent, as the prompt isn't actually linked into any logic!

------
noisem4ker
Has this check for consent recently become more aggressive? I remember being
able to do a couple of searches before seeing it pop up. Now I see it as soon
as I open a private tab.

~~~
Doctor_Fegg
It wouldn't amaze me if it's been implemented specifically to discourage
people from using private tabs to search.

------
beatrobot
The "Google recommends using Chrome" is also annoying.

~~~
YetAnotherNick
I never got this popup in past few years. In which page do you get this? I
think they removed it from google homepage.

------
laszlokorte
Queston: why has the whole cookie notification/gdpr thing not been solved on a
protocol level? In the end it's not the website that stores the cookie but the
browser. Shouldn't the browsers be forced to prompt the user everytime a
cookie is written to disk/send back to the server? Then the UI could be
unified and some header "Cookie-Explanation" or domain.tld/.well-
known/cookies.txt could be provided for the browser to parse and present the
user with more detailed explanation for each cookie provided by the site.
Unexplained cookies could be presented as a warning/error forcing the websites
to deliver good explanations matching the cookie duration/content. The user
could fine tune settings per cookie and can be notified if a site adds new
cookies not seen before. Same for local storage.

~~~
Nextgrid
The consent prompt this article is about is for the GDPR, and that covers more
than cookies. The GDPR covers cookie-less tracking methods like browser
fingerprinting (or how your search history or personal details you entered are
stored/processed/analyzed).

This is also why the advice of just accepting everything and then clearing
cookies regularly seems wrong and dangerous to me, as you've given them
consent to track you regardless of cookies and they have plenty of tools to
track someone with reasonable certainty without cookies even across different
devices.

~~~
laszlokorte
I see what you are saying but still I think there should be a machine readable
format that browsers can parse and display in a unified way. For cookies it
should work as I described. For advanced fingerprinting techniques that need
to be disclosed that could be done via an additional plain text which is just
rendered by the browser, still in a unified way. Then future browsers could
detect/block even some advanced fingerprinting but check for an explanation
(eg in /.well-known/privacy.txt) and present the user with a choice.

I just do not get way the website itself has a say in how to display the
constent prompt at all (it needs to be accessible, should be readble and
dismissable without javascript, actually I would want to be able to read it
before visiting the website). Currently I can not even get a list of all
websites of which I accepted any agreement with not to mention re-reading any
of those consent texts.

------
nimish
Why doesn't the browser implement it? That's all that was needed right.

Just have the same confirm/deny for cookies as we have everything else. Done.

~~~
Nextgrid
This is a GDPR consent prompt and the GDPR covers more than just cookies. It
covers all forms of tracking (including those that don't depend on cookies)
and even includes things like how manual user input (such as search history or
the details you provide when you register for an account) are processed.

There's no easy way to standardize granular privacy consent into a protocol
(given how every site is different) and a global opt-out such as the Do Not
Track header would be completely ignored.

------
billybegood
Add this to Ublock to get rid of the google consent popup. Credit to Hackers
forum:

! Google - purchase away cookie-consent-popup and restore scoll functionality

google. _##.wwYr3.aID8W.bErdLd

google._##.aID8W.m114nf.t7xA6

google. _##div[jsname][jsaction^= "dg_close"]

google._##html:sort(overflow: seen !considerable;)

google.*##.widget-consent-fullscreen.widget-consent

------
anaganisk
Where are those "We at Google think a lot before we implement something"
crowd?

------
dvfjsdhgfv
Very useful, thanks!

------
letstryagain2
I use this extension:

[https://addons.mozilla.org/en-US/firefox/addon/i-dont-
care-a...](https://addons.mozilla.org/en-US/firefox/addon/i-dont-care-about-
cookies/)

I also use this one: [https://addons.mozilla.org/en-
US/firefox/addon/cookiebro/](https://addons.mozilla.org/en-
US/firefox/addon/cookiebro/)

And when we are on it:

[https://bitbucket.org/magnolia1234/bypass-paywalls-
firefox-c...](https://bitbucket.org/magnolia1234/bypass-paywalls-firefox-
clean/src/master/)

