I suggest UA string be a bitmask of features. Then feature detection should stop being broken
Extra bits could be used for js-on/js-off, and is-bot/is-human
Ah I see they're kind of doing the bitmask, but keeping a round-trip, and making things complicated (though I realize latest http standards can probably remove those round-trips in the average case)
I'd still suggest the bitmask for non-sensitive information, and have everything else simply js-tested as it currently is
Maybe is-user-blind might be a nice bit too, since canvas based websites could switch to the dom, or whatever
If we have those bits, then the user can make a set of choices once, for every site, and we get rid of cookie pop-ups
-- Websites could still ask if they want/need to do something that violates those choices
> every website ask for permission in order to enable basic functionality
I don't believe that purely functional cookies require GDPR permission - that's covered by "provide services to the user". It's the ones which are functionality to third parties not the user which are the problem.
Ah, I didn't realize that. Well, that does sound much more reasonable.
> Necessary cookies
> Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.
> Analytics cookies [toggle On/Off]
> We'd like to set Google Analytics cookies to help us to improve our website by collecting and reporting information on how you use it. The cookies collect information in a way that does not directly identify anyone. For more information on how these cookies work, please see our 'Cookies page'.
The implication is that a consent dialog would not be required if they weren't using Google Analytics or any other third-party.
I typically read those warnings as reminders that I should open the site in a FF container.
That one was tried with the DNT bit - of course users ended up en masse setting it to "do not track" by default. Sites won't accept that.
This is exactly what you aren't supposed to do
Either send the wasm optimistically & fallback to js on error, or send it reactively with js+branch
But avoid the js, and making a second trip to the server