I am very tired of the cookie/tracking popups on many websites that don't have option to "reject all" but just "accept all" and "customise". Main example being Google Search.
Looking at this, I am hopeful but not too optimistic.
> I am very tired of the cookie/tracking popups on many websites that don't have option to "reject all" but just "accept all" and "customise". Main example being Google Search.
The people writing the articles are different from the MBAs forcing the financial and technological decisions.
“Integrity” has different meanings for each group. For the latter, the meaning is likely closer to “bring in enough revenue to keep the publication running.” Applying dark patterns does not conflict with this.
Don't let the prose fool you. They're doing this because what they did before was in violation and the walls were closing in.
This reminds me of supermarkets in Germany loudly announcing that they would abandon plastic bags to save the environment ... a few weeks before legislation came into effect banning them from selling plastic bags.
Why wait until you're potentially facing fines if you can move slightly ahead and sell it as a voluntary good thing you do for your users/customers?
That's basically WAI though. Plastic bags were banned because of the environmental impact. For some particularly naive customers they might think it's a feel-good initiative from a brand they now love a little more, but at the policy level it's really not important how various implementers want to spin it. What's important is that the outcome is a reduction in plastic bag use.
Oh, I'm not saying any of these are bad. I'm just saying you shouldn't thank Google (or the supermarkets) when they try to spin this as charity. Some people might not want to hear this, but the thing doing this is not corporate volition but regulations.
Exactly. It's rich for the EU to regulate dark patterns when their own laws is the reason they're so rampant on the web today. I guess it's good that they're finally waking up to this, but they're so far behind what's going on in adtech that their actions seem almost intentionally slow.
The solutions to this aren't regulatory, but technical first. Monetary fines to tech giants are mere slaps on the wrist. We, and by that I mean the web developer community, need to make technical solutions that make it impossible for companies to infringe users' rights. I guess we should first start by defining what those should be on the web. Those solutions then need to be presented to lawmakers and companies forced to adopt them. This is not rocket science; there are already solutions to these problems that just aren't adopted (e.g. the {ab,un}used Do Not Track header).
All this "behave this way or else" regulation is just reactive, and usually takes years to even pass into law, by which point tech giants are way ahead of it anyway.
"their own laws is the reason they're so rampant on the web today"
Really? Which dark pattern would bever be created if eu didn't exist?
"We, and by that I mean the web developer community, need to make technical solutions that make it impossible for companies to infringe users' rights. I guess we should first start by defining what those should be"
So, in this process, most of the population will get told what their rights are?
Since you complain that the regupation is slow, any ETA when the technofix will be ready?
The cookie consent forms that were a direct response to EU laws.
> most of the population will get told what their rights are?
Internet users need to be a) educated about the value of the data they produce (and ideally compensated for it[1]), and b) be provided with tools that safeguard this data and give them absolute control over it. So, yes.
The web should be user friendly, not hostile and scammy at every turn. It should be impossible for companies to abuse user data, and regulations are clearly too slow and ineffective.
> any ETA when the technofix will be ready?
Some already exist, and others can be built. The incentives are just not there, as tech giants rule the web and law makers are both influenced by and playing catch up to their schemes.
Cookie consent forms were a response to the "cookie law" passed in 2009[1].
If they're now illegal, that's on the EU for making them vague or not strict enough.
But my point is that fighting this with laws is:
- too slow, since by the time governments catch up that something should be done, a lot of harm has already been inflicted upon users. And by the time laws do come to pass, tech companies have grown in power and already have alternatives to keep growing. Governments are constantly playing catch up, which was a problem even with Big Tobacco/Pharma, but the speed of innovation of Big Tech is unparalleled.
- too ineffective, as breaking these laws is too slow/difficult to prosecute, and even when companies are fined, it's mostly symbolic to even matter. I.e. to them it's just the cost of doing business.
> Cookie consent forms were a response to the "cookie law" passed in 2009
> were a response to the "cookie law" passed in 2009[1]
Your link clearly states: "Receive users’ consent before you use any cookies except strictly necessary cookies".
For everything else you need to ask for consent with "No"/"Reject" being clearly labeled and being the default option.
Yes, it's that easy.
> too slow, since by the time governments catch up that something should be done, a lot of harm has already been inflicted upon users.
So, what eactly is your proposal except "law is bad"? How do you propose law should work to minimize harm?
To be clear: I think that EU is too slow and too lenient when prosecuting things illegal under GDPR, and that they should pick up the pace. However, "omg this law makes the web bad" is in itself is a very bad take. Because it takes responsiility from those who are actually responsible for making the web bad. They are now exposed... but managed to persuade people that it's not their behaviour that is blatantly evil, but that "the law exposing them is bad".
I'm not saying "law is bad". I'm saying that the process of prohibiting a behavior after it happens is too slow and ineffective for Big Tech. As it was for many other industries before, but particularly now for Big Tech.
What needs to happen is for privacy-minded tech people to propose and lobby solutions to governments that make it impossible for companies to violate these rights in the first place, and then governments making it a law for this technology to be used by all companies. E.g. the DNT header could've been one such solution, but the fact it was never made part of a law is what led to it being abused for ironically tracking itself, and now abandoned altogether.
We're in this mess because governments fundamentally don't understand technology and how to police it. Either that, or they're willfully complacent with the status quo because it benefits them as much as the corporations.
> I'm saying that the process of prohibiting a behavior after it happens is too slow and ineffective for Big Tech
Do you realize that all laws happen after something happens? Even your proposed solution of tech people coming up with something would also happen after the fact?
> What needs to happen is for privacy-minded tech people to propose and lobby solutions to governments that make it impossible for companies to violate these rights in the first place
Ah yes, the magical technical solution that is impossible to violate.
Good thing that you mentioned DNT. Do you know that DNT ended up being used for browser fingerprinting and hence tracking?
Had DNT been codified into law, you'd be complaining on HN that the law is bad and governments don't understand technology.
> Either that, or they're willfully complacent with the status quo because it benefits them as much as the corporations.
wat. GDPR is literally aimed against the status quo. I wish it was more rigorously enforced, of course.
Also, it doesn't apply just to the web. It asserts right to privacy as a fundamental right.
This requires that you use special containers for things you do wish to have cookies for such as HN for the login. Other than that, you can safely click accept for all websites, since it won't persist anyways.
Extensions aren't a reliable solution to privacy and security. Why would you give access to all websites you visit to a 3rd party? I barely trust browser developers these days, let alone some 3rd party developer.
And, no, I can't be bothered to review their source code if it's available, or to trust that I'm actually running said code, that it won't become malicious eventually or bother with building it myself. Unless it's run on demand and for a single purpose, I suggest avoiding extensions altogether.
Looking at this, I am hopeful but not too optimistic.