> In europe, all websites require you to accept cookies
It is always worth pointing out that the complex dark-pattern filled forms that many sites use are there choice and not impressed by the relevant legislation.
They could just make it all opt in/out with a single click, but they know that without the trickery very few users will do opt in to being stalked so instead they try make it as difficult as possible in the hope that you agree to everything either accidentally or just because you are such of it and want the form to go away. I just back away from sites like that and in particularly egregious cases I've blocked them at the network level with a DNS blacklist: the information I'm looking for has always also been available somewhere else less irritating.
I want to reject all of them, at a protocol level, and never see another one again. That this wasn't written into the "Cookie Law" is proof to me that GDPR and Schrems II are largely written by people who don't understand the technical ramifications of pushing legislation like this through.
They literally are. If a consent form has an “allow all” button but no “reject all”, as many do, then it is not compliant. Likewise for “legitimate interest” (that one really gets my hackles up: it basically says “we see your preference, what would you think if we didn't give a crap?”).
There have been some fines related to this sort of thing, and over time some of the dark patterns are getting a little less common, but enforcement thus far has not been sufficient to make the less dark variants the norm.
They can order people what not to put on their web site. Unless they put in a notice. Just like in the US, where if you advertise sports betting, you have to point at the hotlines.
It's kind of terrible that you can use extensions XOR your own browser on iOS. One of the many things that drove me back to Android after a good three years using an iPhone.
I have an iPhone for testing stuff for work, and the lack of addons for Firefox on iOS would be a dealbreaker for me if I was going to use it as my daily driver.
Could someone build a large list of such cookies or local storage objects, that I can simply import into my browser and it will remember that I already clicked the consent button? It should be a standard feature of adblockers by now, it has gotten completely out of hand. A billion people losing 10 billion seconds of productivity per day, a handful of lifetimes wasted.
> I don’t know why decades later after this law came into play, nobody at Mozilla or Chrome teams thought of pushing that as a web standard, it just seems so obvious to me: if it’s something every website has to build it over and over again, let’s make it a standard. This way the browser itself could handle it, and so much better
They did. There was the do-not-track header. Of course nobody used it. Sites don't want to make it so you can automatically opt out of cookies. The only way they'll use some standard system that allows that is if the law forces them to.
I did vaguely hear that that may happen. Presumably the bureaucrats that wrote that bit of the GDPR (apparently without consulting anyone who knew anything about the web) do use the web and they must have noticed how annoying it is.
> Presumably the bureaucrats that wrote that bit of the GDPR (apparently without consulting anyone who knew anything about the web) do use the web and they must have noticed how annoying it is.
The GDPR mandates that non-functionally-essential tracking (regardless of whether it’s done via cookies or other means) should be strictly opt-in and the consent process shouldn’t annoy or trick the users into opting in. Pre-ticked checkboxes or making the opt-in button more prominent than the decline button aren’t allowed.
The problem is that up until now enforcement has been non-existent. Thankfully this seems to be changing - the Internet Advertising Bureau’s “consent” framework has recently been ruled non-compliant so hopefully there’s going to be some financial pressure (in the form of fines that everyone has been fear-mongering about) to fix this properly.
> the consent process shouldn’t annoy or trick the users into opting in. Pre-ticked checkboxes or making the opt-in button more prominent than the decline button aren’t allowed.
I wish that was true but the GDPR doesn't actually say that as far as I know. There's official advice to that effect, but it's not written in the law. IIRC it just says it must be a "fee choice" which is way more open to interpretation.
I think it's pretty clear that whomever wrote the cookie consent law didn't know the first thing about cookies. Though I'm not completely discounting the possibility that ad companies are deliberately obtuse.
Why law makers decided people should be warned about the websites storing data client-side with users having full control over the content and who it gets shared with, is something I will never quite understand. Though I do recognise that some of the blame lies with most user-agents storing these cookies indefinitely and sharing them without question, by default, to this day.
> Though I'm not completely discounting the possibility that ad companies are deliberately obtuse.
They are definitely being deliberately obtuse. Nothing in the relevant legislation requires anything like the party of dark patterns we see in many sites, in fact many of the consent forms are not conformant with the legislation at all anyway.
Please read my other comment in this thread - the vast majority of cookie consent modals aren’t actually compliant with the GDPR. The problem is that there’s been zero enforcement.
It really doesn't matter. It wasn't written to be enforced at the protocol level and that was its biggest mistake. The amount of life it has extracted from me is worth far more than the abuse of the data.
Yep and the feature is just rule based auto-clicking elements after the page loads. So it can skip other annoyances like newsletter or app download prompts too.
>Don’t get me wrong, I admire the spirit of the law, that people should know how they are being tracked, but I don’t know why decades later after this law came into play, nobody at Mozilla or Chrome teams thought of pushing that as a web standard, it just seems so obvious to me
They did. It was called Do-Not-Track. The ad industry barely gave a care about it. Microsoft got the bright idea to make it opt-in, but they aren't iOS, so the ad industry responded by ignoring DNT entirely and that was that.
The reason why GDPR plagues the Internet with maliciously designed and legally non-compliant pop-ups everywhere is because of a small exception for "user consent" as a lawful basis for data collection. I imagine the intent was for things like opting into telemetry and error reporting[0], with the idea that if someone tried to ask for consent for ad tracking it'd be rejected.
The ad industry is vehemently opposed to opt-in consent because of two reasons:
- People don't change defaults, so making tracking opt-out means most people get tracked while making it opt-in means most people don't get tracked.
- Nobody will consciously opt-in to ad tracking, or at least they assume nobody will do so.[1]
Since GDPR more or less forces ad companies and web publishers to actually provide user-visible controls for tracking, they've generally agreed upon circumventing the spirit and letter of the law by blasting people with illegal dark patterns to create a veneer of compliance. This is something the EU will need to enforce (and is doing so).
The rest of this article is great, BTW - not a lot of people actually go through the effort of modifying FOSS on iOS to do what they want, and I think more people should. In fact, you might even be able to get this work upstreamed, assuming Apple doesn't have a problem with bundling anti-tracking tools like this into a third-party browser.
That being said, I really wish most FOSS projects on this platform had build systems friendlier to third-party builds than Xcode projects are. The whole "wipe all the team IDs and change the bundle identifier" dance is annoying, and you always have to remember not to commit those changes in Git. I really wish we could make all that information separate from Xcode so it could be properly gitignored.
[0] I generally draw a line between telemetry and ad tracking. As far as I'm concerned, using my data to improve the product I'm using is legitimate. The only concern I have there is who stores the data. Using my data to make your ad sales more lucrative is not. And I imagine if you forced users to make an educated decision they'd be more OK with the former than the latter.
[1] I have heard of people who consciously prefer relevant advertising. You could pitch it to users on that basis; however, ad tracking goes way beyond interest targeting. A huge segment of the ad industry is remarketing: selling ads to people who have recently visited another website. I've found that nontechnical users find these ads to be incredibly annoying, if not creepy, but just assume there's no way to turn them off because the option to do so is intentionally buried.
It can sync your history and bookmarks with desktop Firefox. I think it's also affected by any ad blockers used by iOS Safari such as AdGuard, so there's very little disadvantage.
> I think it's also affected by any ad blockers used by iOS Safari such as AdGuard, so there's very little disadvantage.
It’s definitely not affected by AdGuard (as a content blocker) it’s only affected by AdGuard as a dns Adblocker, and if you see no difference between content blocker and a dns blocker I envy you and you have a way higher tolerance for web bullshit than I do.
You’re right, it isn’t. I haven’t used the iOS Firefox much but I did notice some ads were blocked. I thought that was AdGuard but it might be the privacy/tracking settings in Firefox.
aside from the fact that as others have pointed out there is more to firefox than the engine (though I wish I could have that too) such as firefox sync and a UI that better suits my taste, it also signals interest in using a different browser which hopefully will push apple to allow full 3rd party web browsers at some point.
The hassle of no adblockers (or extensions), bookmarking/read listing/redirecting/etc. from in-app webviews, inability to add a website to Home Screen, zero PWA support (even if Safari's is limited), and I'm sure there's others.
It's not Firefox's fault. It's just that Safari has system-level privileges that Firefox can't have, despite just being Safari under-the-good.
With that said, I'm not the person you replied to and wouldn't argue against someone using Firefox on iOS. The above are just my reasons for not using it, so it's understandable if those things don't matter to others.
Part of the impression that iOS is dominant comes from usage stats. Last I had insight into the stats (maybe three years ago? Four?) iOS users spent way more time using their devices than Android users, it had been that way basically since iOS and Android had existed, and that state showed no signs of changing. Web browsing? Average iOS user does more of it. Time in apps? Ditto. So they have a much larger usage footprint, are more visible in hands as you're out and about, et c.
Or you could just download Firefox Focus and enjoy ephemeral browsing sessions where all traces can be eradicated at one touch of the little trash icon.
The goal isn't to hide from cookies, it's not having to click through cookie consent modals. Having ephemeral sessions actually makes this problem worse because sites actually use a cookie to track whether you've consented to the other cookies the site wants to use. So not having the "has/has not consented" cookie causes the modal to appear, making you set your preferences every time you visit the site instead of just the first time.
It is always worth pointing out that the complex dark-pattern filled forms that many sites use are there choice and not impressed by the relevant legislation.
They could just make it all opt in/out with a single click, but they know that without the trickery very few users will do opt in to being stalked so instead they try make it as difficult as possible in the hope that you agree to everything either accidentally or just because you are such of it and want the form to go away. I just back away from sites like that and in particularly egregious cases I've blocked them at the network level with a DNS blacklist: the information I'm looking for has always also been available somewhere else less irritating.