Hacker News new | past | comments | ask | show | jobs | submit login

Its too bad nobody invented a browser header to be sent with HTTP requests for Allow-Cookies: SURE_YES_WHATEVER_OMG_STOP_ASKING_PLZ

It's too bad nobody came up with the simple idea of forcing browsers to ask permission before sending personally identifying information everywhere.

It's amazing what's personally identifiable though. Browser fingerprinting combined with ever present analytics scripts gets you most of the way there.

I need a plugin that spoofs my fingerprint as a 74-year-old shut-in with no money, terrible credit, and no social connections.

Basically someone companies have no interest in advertising to or tracking.

people would just begin to ignore those too, like they ignore app permission grants

That type reductive reasoning can be trivially applied to any proposed solution (for nearly any problem). You can't really force anything, eventually you just have to accept that some folks won't go along with it, and let them make their own mistakes.

How would that solve anything? The comment you are replying to doesn't want to be asked for permission for cookies. The commentor wants all the cookie requests to be accepted automatically.

He's suggesting making the decision once, per-browser, not per-website, whether or not to allow cookies. Then the browser can include this information in the HTTP header, so the website never needs to ask you.

Oh, Ok. I initially read it as the browsers should ask the user whenever they send personally identifying info, which is basically the status quo. Thanks for correcting me.

I mean, making the decision per-website is fine as well if that's what you prefer.

Most importantly though a browser can remember you declined cookies.

There are easy ways to do this though, I use uMatrix.

We could further optimize by just assuming that people are OK with it if they didn't send the header, and then have them opt in to sending it.

Maybe we could call it something like "DoNotTrack", to get the idea across.

DNT was mostly ignored, but if it had the weight of law behind it, it could still be great.

If I remember correctly, one of the reasons for it being ignored was that some browsers (rightly IMO) had the setting enabled by default.

Some places still respect the header. Medium does - you'll get the warning for embedded content.

Because rationally, tracking should be opt in, not opt out. Arguing that customers desire, by default, is shockinging disconnected from reality.

Properties should be defaulted to what is most likely user desire, I think. So for DNT this would mean “true.”

It was ignored because companies that make money from tracking also make browsers and web sites.

And now Safari removed DNT because sites were using it as a part of fingerprinting across websites.

Advertisers couldn’t care less about privacy.

The next best thing is uBlock filter list. What if I told you... [1][2]

[1] http://prebake.eu/

[2] https://www.i-dont-care-about-cookies.eu/

There are browsers addons for removing these annoying notifications, most popular is named "I don't care about cookies"

uBlock cookie annoyance list works too

The name for such a header should have been included in the EU directive about cookies.

HN, can we get a political movement going to make the EU adopt this?

Why would you want such a header?

Would be much nicer if the - already existing! - do not track header was interpreted to mean "Allow-Cookies: HELL_NO_WHY_ARE_YOU_EVEN_ASKING_FUCK_OFF".

Thanks to GDPR, the provider does NOT have to ask for consent for necessary cookies - only for the tracking stuff to which you have no incentive to agree. Every time a page pops up one of those "we value your privacy" screens, they're lying in your face - if they did, they wouldn't have to ask.

Nah, they're being totally honest. You're just confused about which meaning of "value" they're using.

A more wordy version of the sentiment would be something like, "We value your privacy. At about $1.83. Could we have it, please?"

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact