I don't know, before going after that, maybe go after all of the popups you created that are not in the spirit of letting you control who you share your browsing data with.
To consent to sharing, I just have to click the consent button. To reject sharing, I need to
a) click the manage options button
b) click the reject all button (if there is such a button)
c) avoid the "agree to all and confirm" button that is somehow now highlighted as if that would be the logical next button to click after I rejected all
d) click on the "save changes" button, which is really helpfully titled, and greyed out, but thankfully still clickable
None of those popups are required by European lawmakers. Websites don’t need to ask for permission for the essential cookies like what’s necessary to log into an online account or add items to a shopping cart - indeed, many compliant EU cookie popups have “only essential cookies” as the least permissive option.
They only need to ask for permission if they want consent for the kind of invasive tracking that the GDPR and related regulations were intended to discourage anyway. And they aren’t required to use popups or banners to get any consent they might need.
The popups, and especially the quite probably legally invalid common implementation where granting consent is made easier than refusing it, are a frequently bad-faith attempt by the industry to continue tracking-centric business as fully as possible contrary to the policy intention of the GDPR. They are not a requirement of the law.
Legislators don't get to dodge the natural consequences of their legislation. This wasn't an unexpected side effect, it's the only possible outcome of the bill in the world as it actually exists.
Laws should not be written for spherical humans, they should be written for the real-world humans who actively circumvent laws where they can get away with it. And when legislation makes the world worse for everyone because it encourages self-interested individuals and companies to act in a way that is annoying or harmful, legislators don't get to dodge responsibility by saying that it's their fault and they should have just done the right thing.
We have laws precisely because people can't be counted on to do the right thing.
I agree that the law could and should be improved. I feel that having the law is still better than not having it, because there is at least a way to know what awful tracking is occurring, a way to decline it, and a way to assert some rights to at least some partial degree of effectiveness. There is a basis from which to improve the law, instead of having to start from scratch.
Agree, and on topic of Apple, this is also a perfect response to why many of Europe’s regulations against Apple are so bad.
Not all of them; I don’t have an issue with requiring the use of one charging cable standard, but the privacy and user safety side effects of the legislated undermining of security cannot be ignored.
Yes, agreed. Even the title of this piece shows the problem: if Apple isn't meeting the letter of the law, then fine, they need to be punished. But so much of the complaints against Apple are that they're not meeting the spirit of the law, which is a nonsense argument.
Don’t collect PII -> don’t show cookie banners. It really is that simple. You don’t need your visitor’s PII. You don’t deserve it “just because”. The visitor does deserve to choose if they want to consent to it.
> Don’t collect PII -> don’t show cookie banners. It really is that simple.
But I want to collect PII, because then I can sell it to a data broker for $$$ or €€€. So I will get the consent of my users, as requested by law. If users do not want to give consent right away, I'll nudge them through various UI patterns.
> many compliant EU cookie popups have “only essential cookies” as the least permissive option.
It's still an issue that essentially all sites are required* to include a cookie banner of some kind. IIRC the EU law even claims jurisdiction over sites in other countries that only serve local audiences, on the notion that an EU national might visit the website.
* "Required" here defined as "materially everyone, including the web developers at the EU, interprets the law this way."
> It's still an issue that essentially all sites are required* to include a cookie banner of some kind.
Essentially all sites that ship off PII to 3rd party websites or otherwise process PII need to include the cookie banner.
They can also chose not to do those things, yet they do figure it's worth adding a cookie banner instead of changing that practice. So in reality, the websites have themselves to blame here.
The websites, as you note, are not the ones who are hurting from the cookie banners, so they're not looking to cast blame anywhere. The people who are hurting are the users of the internet who suddenly find themselves having to consent to cookies on every single website while still not really having any control over how much tracking is done to them.
This is an entirely predictable outcome of the bill as written by virtue of the fact that it did not require websites to respect settings configured at the browser or operating system level. This was a glaring weakness in the law that was pointed out repeatedly at the time.
> The people who are hurting are the users of the internet who suddenly find themselves having to consent to cookies on every single website
How is more choice hurting users? I thought I'd read arguments against user choice on Facebook perhaps, but on Hacker News?
Companies are now forced to give users a choice if they process/sell PII. Users can then chose to accept/reject this (if the company implementing the choice as the regulation tells them to), where both choices should be as easy as the other, and if they reject it, the company should follow what the user says.
I agree with you though that it's a shame "Do-Not-Track" headers weren't built in into this, since it's already there but poorly supported. But that really should have been a given, as then companies wouldn't have any chance of turning it around. But I'm guessing they lobbied hard against that, and seemingly won.
It absolutely is hurtful to users to have to make a choice dozens of times every day. We were in a better position before, when users could choose to have their browsers just block cookies if they cared. Now I have my browser block cookies and I still have to respond to a cookie banner on every single website.
> It absolutely is hurtful to users to have to make a choice dozens of times every day.
I'd argue that what is hurting the users, are the companies who insist that they need to track individuals in those ways. If they didn't, they wouldn't have to show the banners in the first place, and no user would have to confirm/reject anything.
Maybe I'm alone, but I prefer a choice every day of the week, as then I can at least chose for myself. The alternative is just unchecked privacy-violations, and that sounds worse to me, but we're all different, luckily.
That would be an interesting discussion, but that's not on offer. What is instead on offer is dozens of choices every day of the week. Is any person really expected to read and understand a dozen or more privacy policies every day?
> Is any person really expected to read and understand a dozen or more privacy policies every day?
People are expected to make reasonable choices in their day-to-day life or suffer the consequences, yes. If you don't want to read the privacy policy, click "Reject" and you don't have to. Tired of clicking reject every day? Send an email to the company and tell them to get rid of it. They can, they just don't want to, and prefer to annoy users instead, because that makes them more money.
We give people the option to take a loan. If they take a loan without reading the terms and conditions, and sign up for very unfavorable terms even if it was very clear, then usually you have to stand for that choice.
Why would allowing/rejecting data collection work any differently?
And in fact, it is even worse for people who block cookies, periodically delete cookies, etc. Because you often have to respond to the popup every single time you visit the site, since it uses a cookie to remember your preference.
Storing a cookie to remember a "Reject tracking cookies" is fine. You're allowed to store cookies without consent, the objective of the cookie matters when figuring out if it's allowed to be stored without consent or not.
If people would just spend like 10-15 minutes reading up what they're arguing about, we'd actually get some substantive discussions on this topic.
I didn't say it wasn't fine. I'm saying that if you set your browser to automatically clear all cookies after a session, every day, etc. Then it will delete the cookie to remember "Reject tracking cookies".
Also, if the site is using a third party service for the cookie banner, the cookie for remembering "reject racking cookies" might be stored as a third party cookie that the browser then doesn't store at all, depending on the browser settings.
> users could choose to have their browsers just block cookies if they cared
1. That would also block functional cookies.
2. That requires users to know that it's a thing they should care about. It's not cool to spy on people just because they haven't realized what you're doing and taken countermeasures.
Agreed. But I don't think this situation is better—users now know about it but are exhausted by it. Having educated them doesn't help if you've also pounded them into submission.
> Having educated them doesn't help if you've also pounded them into submission.
Pounding them into submission also makes their consent legally invalid in many cases, at least by the standard which the GDPR requires. Example GDPR complaint about this problem: https://noyb.eu/en/bereal-app-wont-take-no-answer
This aspect of the law is more an enforcement issue (including national Data Protection Authorities which have effectively been captured by the companies they are supposed to regulate) than a legislation issue.
I'm glad that noyb recently got approved to file something broadly similar to what in the US would be called a class action lawsuit, so that they can do some of the enforcement that the governments won't.
Consider donating to them if you want to see proper compliance. They're doing most of the useful enforcement these days. I have no affiliation myself besides also considering making my own donation.
> Pounding them into submission also makes their consent legally invalid in many cases
Showing a cookie banner on each site is pounding us all into submission. It's not that any single website's banner is too much; it's that we are all clicking them all day long.
Honestly, it would be awesome if there was an effective way to geofence these banners to the EU. However, IIRC the EU law asserts control over websites in other countries, on the off chance that an EU national might access the website.
> Showing a cookie banner on each site is pounding us all into submission. It's not that any single website's banner is too much; it's that we are all clicking them all day long.
Disagree. I have a browser extension installed that makes the repetition across sites irrelevantly easy, at least on my laptop Chrome browser. I don't usually click on them at all except for sites which try to interfere with the browser extension or which try to block access unless I pay them or agree.
Also, for people without such an extension, seeing the banners could be a reason from complaint to the website itself. No law requires them to do the kind of tracking which requires them to gather consent, nor to gather the consent in such an obtrusive way as they often choose when they do want to gather consent. The most effective way to get websites to stop being obnoxious to their users would be if they had to deal with user complaints about it, not anything legislators can do.
> Honestly, it would be awesome if there was an effective way to geofence these banners to the EU. However, IIRC the EU law asserts control over websites in other countries, on the off chance that an EU national might access the website.
I've already explained to you in other comments how that summary of GDPR jurisdiction is wrong. But hey, when I'm in the US and a website lets me deny consent, I'm happy for the extra protection from tracking. Conversely, when I see the difference in banners when I go to the US - yes, most sites do geofence their own banners to EU-based visitors - I am horrified at the tracking people aren't being told about outside the EU.
As a practical suggestion, there are browser extensions that can handle many of these banners. Meanwhile, blocking cookies does not prevent many other forms of tracking to which the GDPR's consent requirements apply just as much as they do to cookies.
I hate the cookie banners too, but I blame the bad actors more than the legislators that at least gave me more information and rights than I would otherwise have had.
> It's still an issue that essentially all sites are required* to include a cookie banner of some kind. IIRC the EU law even claims jurisdiction over sites in other countries that only serve local audiences, on the notion that an EU national might visit the website.
>
> * "Required" here defined as "materially everyone, including the web developers at the EU, interprets the law this way."
This is all commonly believed but isn't accurate. The only reason the web developers at the EU (correctly) feel like they need to ask for some kind of consent is because they want to use that consent to process visitors personal data beyond the scope of the essential cookies which I was describing. For cookies within only the essential scope, they wouldn't need consent or a banner at all, unless some law other than the GDPR requires proactive in-your-face disclosure of the fact that cookies are being set at all.
The relevant consent doesn't have to be gained through a banner, but at least the EU websites' implementation doesn't involve dark patterns of making it easier to grant consent than refuse it.
As for claiming jurisdiction over sites in other countries, a slightly simplified version of the rule in GDPR Article 3 is that they claim jurisdiction over such sites when they are targeting people in the EU, or when they are processing the data in the EU, or when they are an EU company processing the data outside of the EU. They do not claim jurisdiction over foreign sites that only serve foreign audiences, and they even give examples like that in their official guidance.
To give one clear example right here: The GDPR does not generally apply to the case where someone in the EU visits a US-based website of a ski resort in the US, not even if they purchase a ticket via the website from the EU. By contrast, if the ski resort sets up a .eu website, translates their site into major EU languages that aren't very common in the US, allows purchasing in euros and via EU-centric payment methods like SEPA bank transfer and other methods specific to various EU countries, and so on, they're clearly targeting people in the EU so then the GDPR would apply.
And so much unofficial guidance has inaccurately stated that nationality or citizenship is what determines GDPR rights. The most official sources, and the better unofficial sources, are clear that the location of the data subject matters but not their nationality or citizenship. An EU citizen doesn't get any more GDPR rights while in the US than someone who isn't an EU citizen.
Edit: making clearer, including text from the law.
You inadvertently highlight one of the main issues with the GDPR: unclear guidance.
From the "Does the GDPR apply to companies outside of the EU?" page at gdpr.eu:
"If your organization uses web tools that allow you to track cookies or the IP addresses of people who visit your website from EU countries, then you fall under the scope of the GDPR. Practically speaking, it’s unclear how strictly this provision will be interpreted or how brazenly it will be enforced. Suppose you run a golf course in Manitoba focused exclusively on your local area, but sometimes people in France stumble across your site. Would you find yourself in the crosshairs of European regulators? It’s not likely. But technically you could be held accountable for tracking these data."
Even their explanation is not clear. Notably, it's different from your understanding of whether it would apply. Which: I don't blame you, the law is not explained well anywhere I have seen. And their conclusion of "Not likely. But technically..." is not sufficient as official guidance.
What if we go to the law itself?
"
2. This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:
(a)
the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or
(b)
the monitoring of their behaviour as far as their behaviour takes place within the Union.
"
Section b doesn't have the carveouts you asserted. Is that exemption in one of the other 98 articles, or an amendment, or elsewhere? Or does it not formally exist?
If the hypothetical US ski resort uses e.g. Stripe that allows people to pay in whatever payment mechanisms are common in their countries, does that alone mean I am "targeting" EU residents? What if my billing page allows a customer to select Belgium in the billing address? What if I don't block shipping addresses in the EU?
The intent here is not to litigate this to death, but rather to point out that the reason so much of the understanding of the law is contradictory is that the thing itself is complex. People don't want to get sanctioned, and putting cookie banners on sites is a way to prevent sanctions.
If you want official guidance from the collective grouping of all EU member states' Data Protection Authorities, the European Data Protection Board, here you go, but be aware it's a 28-page PDF link:
Examples 8, 10, 11, 12, and to some extent also example 3 are pretty good examples of the rules discussed at more length throughout the PDF.
The quote you cited from that unofficial page, and the official provision you cited in your edit, is about monitoring the behavior of people in the EU.
Unless the unofficial site has evidence that anyone official is interpreting it in the way they're implying is potentially possible, it's so unlikely as to be scaremongering. So many laws can be interpreted in unlikely ways that aren't worth worrying about without a reason to worry about them.
To be clear, I don't think it's unlikely that the GDPR might apply if the golf course in Manitoba is specifically monitoring the behavior of people in the EU. but if they are monitoring the behavior of their primarily non-EU user base overall, failing to exclude the EU from their statistics shouldn't be a reason for the GDPR to apply.
They are. Pop-ups to allow consent are required to be small enough so usability of the site is not impaired as long as the user has not decided yet. Websites just gamble on the fact that any extra profits they make offset the cost of fines. Or that no entiry reports miss use in the first place.
> Pop-ups to allow consent are required to be small enough so usability of the site is not impaired as long as the user has not decided yet.
I believe you, but can you share the cite for that? Other commenters have implied that it's not true, and I'd like to have the evidence available when I reply to them.
That's rather subjective though. I can argue that any popup impairs the useability of the site, a site owner can argue a popup thay takes up half the screen doesn't, because the site is still useable with it.
Dont ask me why. But that idiotic pop ups come even in the internal portal in out company… is a disaster. Yes they are not required, but OBVIOUSLY are there to make us crazy and make us click whatever make them disappear faster. An nobody is doing NOTHING after years…
> But that idiotic pop ups come even in the internal portal in out company
Wow, talk about misunderstanding how that works. I hope it's not a company based within the EU because if they're so clueless about the regulations they have to follow, I'd be confident they're breaking a multitude of other laws (accidentally most likely).
> They only need to ask for permission if they want consent for the kind of invasive tracking that the GDPR and related regulations were intended to discourage anyway.
This is exactly the problem, and exactly why the EU is to blame for those popups.
Instead of outlawing a behavior they had a problem with, they are trying ti discourage it. The way they try to discourage it is why we have all these stupid popups.
The vast majority that I see give you an easy button on the first screen to grant consent, but then hide the option to refuse consent on a second screen behind something like "manage preferences". That dark pattern is not compliant with GDPR.
I would say the most I see have accept, reject and manage preferences as buttons, normally with manage preferences being a link rather than a button. The dark pattern you describe isn't on any big business websites for example.
Out of curiosity, you mean against the spirit of the GDPR rather than the letter of it, right?
The spirit, and the letter too. (It's quite a well-written law.) Article 7, "Conditions for consent":
> 3. The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent.
> It shall be as easy to withdraw as to give consent.
Being as easy to withdraw as to give consent is technically a different thing from being as easy to refuse as to give consent, since consent that is refused was never given in the first place but consent that is withdrawn was previously given. But yeah, courts have been clear that both of these actions must be as easy as giving consent, and both requirements are too often not complied with.
The law says that it should be easier to refuse consent than give it. That's thoroughly implied (and then there's Recital 43, if the text of the law isn't clear enough for you).
Separate from my other reply to this comment: withdrawing consent and refusing consent are two different things. If it's difficult for someone who previously granted consent to subsequently find the screen where they need to click the reject button, that's not legally compliant.
Nope, including EU big business sites as well. There are also EU big business sites which illegally claim the legitimate interest basis for advertising and tracking purposes of data processing which have already been ruled by the courts as not acceptable justifications for the legitimate interest basis.
> The non EU sites are due to the EU trying to claim global jurisdiction.
The EU is trying to protect the data of the people in the EU. There's no way to do that while allowing companies outside the EU to freely violate the privacy of people in the EU. Otherwise these rules become laughably easy to circumvent for all but the smallest EU companies which are also the least dangerous from a privacy and tracking perspective.
> The EU are very much to blame for the popups, because even the non dark-patterns one are annoying.
Disagree. They're not supposed to be annoying enough to impair site usability. The truly compliant ones aren't.
Maybe some, but generally businesses are not breaking the law willy nilly like that.
> There are also EU big business sites which illegally claim the legitimate interest basis for advertising and tracking purposes of data processing which have already been ruled by the courts as not acceptable justifications for the legitimate interest basis.
And did the EU follow up?
> The EU is trying to protect the data of the people in the EU.
The problem is it's unenforceable nonsense and has led to this foolish cookie popup situation.
If they had limited it to entities with a presence in the EU, it would have worked better. At the moment it applies to some malicious Chinese teenager who blatantly wants to collect and sell the data of Europeans who visit his self-hosted low-traffic blog.
> The truly compliant ones aren't.
Yeah, they really are. It's still something you have to interact with to make it go away.
If your response says something if companies don't track they won't need a popup, then you have missed the point.
> I would say the most I see have accept, reject and manage preferences as buttons, normally with manage preferences being a link rather than a button. The dark pattern you describe isn't on any big business websites for example.
I can accept that our website visiting patterns, and maybe our specific countries of residence within the EU, expose us to different experiences in this regard. I stand by my statement as a description of my own personal experience, but I'm willing to believe your own personal experience too.
It's also possible that I've increasingly realized that "reject" allows the companies to get away with illegally misusing the "legitimate interest" basis for data processing, so I've mentally stopped assuming that it means what it says because it often doesn't. See below for more on that.
> Out of curiosity, you mean against the spirit of the GDPR rather than the letter of it, right?
No, I mean against the letter of it as well. The free, informed consent which the letter of GDPR requires according to public and legally binding official interpretations (such as from the European Court of Justice) is not present when those dark patterns make it harder to refuse consent than to grant it.
Similarly, EU courts have been clear that simply wanting to do a bunch of tracking to facilitate more profitable personalized advertising does not legally justify the legitimate interest GDPR processing ground, but so many sites default to allowing processing based on "legitimate interest", including when you click reject for the consent question, for many of the same advertising/tracking partners where the "consent" basis is off by default. They also don't usually have a way to object en masse to these, and it's often tricky to correctly click off every single "legitimate interest" button which is falsely and illegally claimed to be a valid legitimate interest.
Plus, I've heard reports that many sites set these cookies even before consent is granted, and/or don't properly respect the refusals of consent and objections to legitimate interest processing. However this is from memory and I don't have stats or evidence to back up this statement.
The problem in all of these respects is primarily very weak and reluctant official enforcement of the rules by the relevant Data Protection Authorities and very low fines when they do enforce them. It's more profitable for companies to take the risk on genuine GDPR compliance, beyond some mild public-facing lip service and the lowest-effort bit of engineering they can do to underpin the public-facing lip service.
> I can accept that our website visiting patterns, and maybe our specific countries of residence within the EU, expose us to different experiences in this regard. I stand by my statement as a description of my own personal experience, but I'm willing to believe your own personal experience too.
I appreciate your attempting to reconcile different anecdotal experiences. In the spirit of objectivity however, I would insist that big businesses are not breaking the law.
> The free, informed consent which the letter of GDPR requires according to public and legally binding official interpretations (such as from the European Court of Justice) is not present when those dark patterns make it harder to refuse consent than to grant it.
I think here we've shifted the problem to dark patterns. The problem though is with the popups at all, because even when they are compliant, they are no less annoying, just slightly more clear.
> The problem in all of these respects is primarily very weak and reluctant official enforcement of the rules by the relevant Data Protection Authorities and very low fines when they do enforce them.
They probably shouldn't have claimed global jurisdiction then. Since that's a big part of what has resulted in so many poorly done cookie banners.
> I appreciate your attempting to reconcile different anecdotal experiences. In the spirit of objectivity however, I would insist that big businesses are not breaking the law.
Take a look at the many GDPR violation complaints which noyb.eu has filed against big businesses, almost all of which they eventually win in court. Yes, many big businesses are in fact breaking the law in this regard.
> I think here we've shifted the problem to dark patterns. The problem though is with the popups at all, because even when they are compliant, they are no less annoying, just slightly more clear.
The truly compliant ones are far less annoying. They all generally need only a single click to refuse consent, and they are also easy enough to ignore while using the site without ever responding to the banner at all.
> They probably shouldn't have claimed global jurisdiction then. Since that's a big part of what has resulted in so many poorly done cookie banners.
It's also essential to actually achieve the goal of protecting the data of people in the EU, much of which is done by companies which are based outside the EU. Do you not see the big truck-sized loopholes which would exist without that? All they would then have to do is change the website's contracting legal entity to a foreign partner or parent company and then they could refuse data subject access requests, track without consent, and so on if the jurisdiction provisions in Article 3 were as narrow as you're advocating.
> Yes, many big businesses are in fact breaking the law in this regard.
Define big business here. Coca Cola? IBM? Amazon?
> The truly compliant ones are far less annoying. They all generally need only a single click to refuse consent
No, they yare still annoying. It's still something you are forced to itneract with that diverts your attention.
> It's also essential to actually achieve the goal of protecting the data of people in the EU, much of which is done by companies which are based outside the EU.
The problem is it's unenforceable nonsense and has led to this foolish cookie popup situation.
If they had limited it to entities with a presence in the EU, it would have worked better. At the moment it applies to some malicious Chinese teenager who blatantly wants to collect and sell the data of Europeans who visit his self-hosted low-traffic blog.
> All they would then have to do is change the website's contracting legal entity to a foreign partner or parent company and then they could refuse data subject access requests, track without consent, and so on if the jurisdiction provisions in Article 3 were as narrow as you're advocating.
They can already do that because EU has no jurisdiction outside of the EU no matter what they claim.
Also, we are basically having the same conversation in two places. If you want to consolidate your two replies into just one I would not object.
Maybe EU is big mad at Apple because that "Hide Distracting Items" feature of iOS Safari makes those popups go "boom" when they disappear. No need to click through N different popup paths. One method and a satisfactory animation.
A typical HN reply will try to blame the user or regulators seeking to protect privacy and minimise damage from data breaches. It will ignore that the company collecting data from and about users for profit is the root cause of the problem. The company refuses to stop coillecting data. HN replies will often allege Apple does not care about collecting data because it is not in the online ad services business. If that was true, then there would be no harm in stopping the data collection. A read through Apple's latest 10K will suggest Apple is in fact in the online ads business and it is growing. The data collection will continue.
"Services net sales increased during 2024 compared to 2023 due primarily to higher net sales from advertising, the App Store and cloud services."
Indeed, it is something regulators should be hotter on, because that is not only breaking the spirit but the letter. I think they've been trying to go after the bigger fish in this regard (notice that google's box at least has one click to say no now), but it'll take some time for it to filter downwards, and still people will cargo-cult the pop-ups even if they don't actually need them (which, for the average wordpress blog, you don't).
I wish these guys regulated Microsoft even half as much as they go after apple. I dream of a day where I can just walk into the local electronics store and buy a computer with Linux installed. I don't really care about Apple since they're only around 25% of the smartphone market and 10% of the PC market.
Is Microsoft still preventing OEMs from installing Linux? Dell sells one, and I see a couple available on Amazon (not counting Chromebooks). I've assumed that you can't buy them at in-person stores because the demand is just way too low and the shops don't want people coming in to complain that something doesn't work the way they expected.
The general scheme is that they give you a "volume discount" where "volume" is defined as however many computers you're selling, so if you put Linux on more of them then your Windows licensing volume goes down and you lose the discount for all computers.
They used to do this in a way that you basically couldn't sell any computers with Linux, but that got them in trouble, so now you can get Linux from the Dell website if you go out and specifically look for it but anybody who makes it a prominent offering or pays for shelf space at Best Buy would still get punished.
You can see the evidence of this because there are still Linux-specific OEMs who get out of it by not doing business with Microsoft at all (and it's Google rather than Dell paying for the retail shelf space, because they don't sell Windows machines), whereas you would expect the major OEMs would eat their lunch if there wasn't something stopping them.
> Dell website if you go out and specifically look for it but anybody who makes it a prominent offering or pays for shelf space at Best Buy would still get punished.
You think Microsoft is going to “punish” its largest OEM because it sells 2% of its computers with Linux?
Also do you think Linux users are going to Best Buy looking for computers?
Even if they did, do you think the average Best Buy employee is going to know how to sell Linux or that Best Buy is going to go through the trouble of training them?
Apple couldn’t get resellers to learn Macs well enough to sell them and that was there motivation to open dedicated Apple Stores and stores within a store.
The volume discount theory doesn't really make sense, unless both of these things is true:
1) There's enough demand for prebuilt Linux machines to meaningfully reduce your Windows sales such that you fall into a different discount bracket, and
2) A sufficient percentage of those (apparently significant number of) people who want a Linux box will fall back on Windows rather than looking for another OEM.
I'm not buying it. My anecdotal experience suggests that the Venn diagram of "wants an OEM machine" and "wants Linux" has a vanishingly small intersection—the tiny fraction of the population who wants to use Linux are overwhelmingly DIYers when it comes to computers and have opinions about what kind of hardware they use. They might pay someone to build a machine for them, but they're not going to grab one off the shelf.
Obviously there are exceptions, but the key question is if those exceptions are sufficient to account for a reduction in a volume discount that would lead to this kind of behavior from OEMs. I'm just not seeing it: far more likely than there being enough in that intersection to pose a threat to volume discounts is that there are simply so few of them that it's not even worth trying.
Your anecdote at the end doesn't preclude this, because it makes sense that some OEMs would choose to specialize in a very small niche. And the existence of these specialty OEMs reduces the odds of point 2 holding true—the small number of people who really want this have a place to go already, so the large OEMs would likely lose many of these customers anyway!
> There's enough demand for prebuilt Linux machines to meaningfully reduce your Windows sales such that you fall into a different discount bracket
That's the easy one to satisfy when Microsoft is tailoring your discount bracket to be just below your predicted total sales numbers.
> A sufficient percentage of those (apparently significant number of) people who want a Linux box will fall back on Windows rather than looking for another OEM.
Millions of people need a machine to do basic web and email, so they go to Best Buy or similar and buy whatever is on the shelf. They have only weak preferences in either direction and then get Windows by default.
Look at what happened when Google started paying for a tiny bit of shelf space for Chromebooks. Suddenly they're a percentage of the market proportional to how much shelf space they bought. If people actually had a preference for Windows, shouldn't they have rejected those instead of grabbing them off the shelves in proportion to how many of the machines in stock were Chromebooks?
> That's the easy one to satisfy when Microsoft is tailoring your discount bracket to be just below your predicted total sales numbers.
This is rank speculation, and I don't see any reason to believe that Microsoft would need to do this in order to see what we're seeing in the market. Low demand is a much simpler explanation that does suffice (unless you have evidence that it does not suffice?).
> They have only weak preferences in either direction and then get Windows by default.
They have a strong preference for a machine that just does what it's supposed to do without maintenance. Aside from Chromebooks, Linux is not that at the moment. Best Buy in turn has a strong preference for people not returning their machines angrily.
Chromebooks are an exception because they're nominally Linux but the interface presented to users is basically just Chrome. They actually are a general consumer device, which is not what OP is asking for.
It's the thing that came out in the anti-trust trial.
> Low demand is a much simpler explanation that does suffice
If demand is low then why does Linux market share keep growing despite the low level of promotion or retail availability?
> They have a strong preference for a machine that just does what it's supposed to do without maintenance. Aside from Chromebooks, Linux is not that at the moment.
ChromeOS is just a Linux distribution (Debian derivative?) with a UI that emphasizes Chrome. You can run some rolling release distribution if you want to risk breakage in exchange for bleeding edge versions of packages, but there are plenty of boring LTS distributions that require less maintenance than Windows does.
> It's the thing that came out in the anti-trust trial.
The one from 2001? I thought we were talking about the conditions today.
> If demand is low then why does Linux market share keep growing despite the low level of promotion or retail availability?
Because it counts Chromebooks, Android, and Steam OS. Which is fair, those count as wins for Linux, but those also aren't what OP is asking about when they say that they can't find Linux machines. The only kind of Linux machine they can't find is the kind that comes with a distro that is built for power users.
> The one from 2001? I thought we were talking about the conditions today.
They arrived at a weak settlement in that case and have been largely ignored since. Why would they have stopped instead of just being more subtle about it?
Also, if they weren't still doing it then why don't major Windows OEMs also promote Linux machines when non-Windows OEMs do? Specialization doesn't really explain this; they sell Linux machines but don't promote them, so whatever fixed costs they have to pay to do that, they're already paying.
> Because it counts Chromebooks, Android, and Steam OS.
It doesn't. Android has basically zero PC market share, ChromeOS is almost 2% by itself, but regular old desktop Linux is up from ~1% to ~4.5% over the last few years (and it's 6% if you count ChromeOS).
Steam OS is a pretty decent proportion of Linux gaming systems, but most Linux PCs aren't gaming PCs.
> That's the easy one to satisfy when Microsoft is tailoring your discount bracket to be just below your predicted total sales numbers.
And selling 4% less is going to put them in a different “bracket”?
> Millions of people need a machine to do basic web and email, so they go to Best Buy or similar and buy whatever is on the shelf. They have only weak preferences in either direction and then get Windows by default.
Until they realize that the computer they bought can’t run any of their software and they try to return it or get help from the “Geek Squad”.
> Look at what happened when Google started paying for a tiny bit of shelf space for Chromebooks. Suddenly they're a percentage of the market proportional to how much shelf space they bought
Chromebooks have around 2% market share and most of that is schools buying them in bulk. Normal people aren’t choosing Chromebooks. How many college students do you see buying them? 70% are buying Macs
Linux market share keeps increasing over time with a pretty solid growth rate, to the point that Linux + ChromeOS now has the market share that macOS did in 2010 (with non-ChromeOS being the larger portion). For something with minimal promotion or availability in retail stores, what explains that except for increasing numbers of people going out and specifically requesting it?
> Also a Windows license is actually more or less free to OEMs since they can bundle crapware with it and get paid by third parties.
That's not "free". They could be bundling the crapware with Linux and then keeping the money instead of forking it over to Microsoft.
> ChromeOS is no more what people consider “Linux” than iOS, MacOS etc is considered BSD.
ChromiumOS is a Linux distribution and ChromeOS is basically ChromiumOS with Google Play etc. Whereas macOS isn't just FreeBSD with the App Store and Safari and in particular it's only licensed to run on Apple's hardware.
> Linux is at less than 5% and was at around 1% in 2012.
It was around 1% forever, until recently it wasn't.
> ChromeOS is at less than 2% and most of that is in schools. Macs had much more than 2% in 2010.
Macs had 6% in 2010, which is the same as Linux has now. And the Macs were disproportionately in schools too. Now the Mac market share is above 20%, because eventually the people using it in schools start using it somewhere else, so if people are using non-Windows systems in schools now...
> What company is going to pay for Linux Crapware?
The same ones paying for Windows Crapware, presumably.
> Now the Mac market share is above 20%, because eventually the people using it in schools start using it somewhere else
Absolutely no kid says “I love these shitty Chrome OS laptops that I have to use in schools. Can I have one at home!” When they get to choose a computer for college at least in the US, they overwhelmingly choose Macs.
And Dell overtook Apple in schools in 1999.
Even back in 2010, 70% of students were choosing to buy Macs for college
And saying that Linux grew from 1% to 5% in 10 years means it’s going to grow to 25% reads like every startup pitch. “We doubled from 1% to 2% in a year. At this rate we will have almost 70% of the market in 6 years!”
The “Year of the Desktop Linux” has been a meme for over 25 years.
> Absolutely no kid says “I love these shitty Chrome OS laptops that I have to use in schools. Can I have one at home!” When they get to choose a computer for college at least in the US, they overwhelmingly choose Macs.
The value of ChromeOS to Linux in general is that it has no Windows-specific dependencies. They don't have to like the hardware, Linux runs on all kinds of hardware. But if they cut their teeth on Windows then they're trained on MS Office etc., and on ChromeOS they're not.
Then they get a job and don't expect MS Office, so a work PC running Ubuntu is just fine.
> And saying that Linux grew from 1% to 5% in 10 years means it’s going to grow to 25% reads like every startup pitch. “We doubled from 1% to 2% in a year. At this rate we will have almost 70% of the market in 6 years!”
Except that it was from 1.x% to 4.x% in four years, as a result of a confluence of factors that continue to be present: Historical Windows-specific software is declining as it's converted to web and mobile, Valve continues to increase the viability of Linux gaming (which is the largest remaining holdout in the former category), users are increasingly frustrated with Microsoft who is now making more money from Azure than Windows and increasingly unafraid to piss people off with start menu ads and dark patterns, Windows 10 is about to go EOL and with it the vast quantities of PC hardware that don't officially support Windows 11 but run Linux just fine, etc.
Is it going to continue to increase at >50% a year forever? Probably not. Is it going to keep going up? It certainly seems that way.
> The value of ChromeOS to Linux in general is that it has no Windows-specific dependencies. They don't have to like the hardware,
Linux runs on all kinds of hardware.
And none of the hardware that Linux runs on runs 15 hours on a battery, quiet and fanless. In the US people with money (or student loans) have a choice, they have been actively choosing Macs since 2010.
> But if they cut their teeth on Windows then they're trained on MS Office etc., and on ChromeOS they're not.
And they can go to Walmart and buy an $850 M1 MacBook Air that can run MS Office, all of the other commercial software, still have a faster quieter ARM based Mac and it integrates with their other Apple devices - iPhone has a 70% market share in the US.
> the vast quantities of PC hardware that don't officially support Windows 11 but run Linux just fine, etc.
And what’s more likely? They put Linux on their old slow laptops that run hot, loud and with piss poor battery life - all of which is worse with Linux - or they just buy another Windows computer or Mac that runs all of their software?
If they are using Office365, they don’t have to buy new software even if they do switch to Mac.
And the ones with such low power consumption are either fanless or the fans don't run anyway because you don't need a fan to dissipate two watts.
> And they can go to Walmart and buy an $850 M1 MacBook Air that can run MS Office, all of the other commercial software
But they don't need any commercial software. All of that stuff is dead and dying, replaced by web pages. Whether that's good or not, it's certainly happening.
> still have a faster quieter ARM based Mac
That $850 M1 is five years old. For the same price you can get a faster Ryzen laptop on a newer TSMC process. Meanwhile if you want a higher end machine, Apple overcharges so much for RAM that most people can't afford it. Notice how much lower Mac market share is than iPhone.
> it integrates with their other Apple devices
This is not a reason for anybody to use Windows, and Android has 70% global market share, so by this logic the global PC market should be trending toward 70% Linux and 30% Mac.
> And what’s more likely? They put Linux on their old slow laptops that run hot, loud and with piss poor battery life - all of which is worse with Linux - or they just buy another Windows computer or Mac that runs all of their software?
People have a random laptop which is 80% as fast as a new laptop and gets 6+ hours of battery life under Linux, but doesn't support Windows 11. Option one is they keep it and put Linux on it, which saves them hundreds to thousands of dollars for a new laptop, which is a pretty big advantage. Option two is they sell it and buy a new laptop, and then someone else buys it to put Linux on it and the installed base of Linux users still goes up.
> If they are using Office365, they don’t have to buy new software even if they do switch to Mac.
> Of course it does? People have reported 20+ hour battery life on Linux laptops:
With a poor trackpad and only if you use the low quality screen?
> But they don't need any commercial software. All of that stuff is dead and dying, replaced by web pages.
Who are these people in the mainstream that don’t want any commercial software?
You better tell Microsoft and Adobe that native software is dying…
> For the same price you can get a faster Ryzen laptop on a newer TSMC process.
And then you lose the whole better battery life, cool, quiet and fanless. Also the M2 MacBook Air is $999 with 16 GB RAM and faster.
> Meanwhile if you want a higher end machine, Apple overcharges so much for RAM that most people can't afford it.
The M2 MacBook Air comes with 16GB RAM now. But you were talking about people who are okay with an old laptop and not running commercial software. Are they really going to run anything so intensive that they need more than 16GB RAM?
> Notice how much lower Mac market share is than iPhone.
And notice how much higher it is when people have a choice and have money - ie college students and professionals and even developers? How many companies are going out of their way serving people who are poor or cheap?
> it integrates with their other Apple devices
This is not a reason for anybody to use Windows,
We are talking about people who have to buy computers anyway because as you said W10 is EOL or children growing up with Chromebooks.
They aren’t buying Windows computers for the most part.
> and Android has 70% global market share, so by this logic the global PC market should be trending toward 70% Linux and 30% Mac.
And see what people with money are buying globally - Macs and iPhones. They definitely aren’t buying Windows computers.
How many of those computers were sold to businesses? Why would anyone buy computers with Linux?
> People have a random laptop which is 80% as fast as a new laptop and gets 6+ hours of battery life under Linux. Option one is they keep it and put Linux on it, which saves them hundreds to thousands of dollars for a new laptop,
You can buy a cheap Dell for $400 and it can run all of their software or a Macbokk Air for $899 when not on sale or even a Mac Mini for $699.
> Option two is they sell it and buy a new laptop, and then someone else buys it to put Linux on it and the installed base of Linux users still goes up.
People aren’t selling old useless PCs for the most part nor or people buying them over a sub $500 PC
> If they are using Office365, they don’t have to buy new software even if they do switch to Mac.
They're not using Office365, that's the point.
They are using something besides a web browser, if they are just using a browser, why not just use an iPad or even their phone - and most people are doing that. You can see by the number of computers sold each year compared to the number of phones
You mean legally mandating all electronics stores to stock computers with Linux installed regardless if there is demand for that or not? Because how else exactly could this work?
> I wish these guys regulated Microsoft even half as much as they go after apple.
Kinda sounds like a "show me the man, I'll show you the crime" kinda policy. What specific rules are Microsoft breaking? Just at a high level I would expect less issues from Microsoft because they dont produce as much hardware and windows is more open by design.
Microsoft's Windows monopoly in desktop computers is far less irelevant today, as desktop computing is less relevant compared to the past due to mobile, and also not a walled garden since you can install apps on Windows outside the Windows Store unlike on iPhone. The things Microsoft is being investigated for is the Monopoly on Office365 services such as bundling Teams by default.
Oh and your numbers are totally wrong. iPhone market share is over 80% on US teens making them a dangerous monopoly since teens tend to become grownups at some point.
The numbers are right, you just moved the goal post. Look up the numbers for the EU among all age groups, which is what this regulator has jurisdiction over.
Additionally, most system builders will have no issue doing a custom request for Ubuntu or Fedora on a computer they build for you.
Probably won't come with the same warranty or support as if it came with Windows, but no one is preventing you from buying a computer with Linux pre-installed...
What are you even talking about? The vast majority of hardware that can run Windows has no technical measures in place to prevent some other operating system from being installed. Windows itself does not prevent third party applications from being installed without Microsoft's permission. Most computers not coming with Linux preinstalled is not because of Microsoft doing anything to achieve that, it's because desktop Linux is just not popular enough for stores to stock systems with it preinstalled.
They've been building and tending the exact same pay-to-enter garden for 16 years, and even that garden initially — for a year — started with the equivalent of a padlock and "no-entry, no exceptions" sign on the gate itself because iOS was originally "just Apple's Apps, nobody else"*.
Took a long while before Apple was big enough that people cared about the walled gardens, before "smart phones" as a market opportunity were dominant enough that them having one was even capable of hurting anyone's economy.
* if you want to find exception, consider if the exception would also inherently reject the idea that what currently exists is a walled garden
> If the customers prefer the walled garden then what’s the big deal?
What the customers "prefer" and what's good for society are two very different questions. Anti-competitive behavior for one, like charging your direct competitors a 30% tax on their revenue because you own the platform, ensuring that you always come out ahead.
> There are a number of other phones people can buy
I don't understand this argument. For smartphones there's just one viable alternative which is itself trending in the walled garden direction. Google has been imposing additional restrictions for sideloading and adding various roadblocks that are slowly reeling back user freedoms.
Both companies have a long list of customer-hostile behaviors and we have to pick one of them because interoperability is dead. Because we have to pick one, there's no real pressure to address those grievances on either side.
It's always "just use Android" when we complain about Apple and "just use iOS" when we complain about Google. It's like that scene out of South park with the Cable company people rubbing their nipples listening to disgruntled customers.
There are Apple phones and there are Android phones, that's pretty much it. It's a duopoly. It is practically impossible for a third player to enter the market. This circular logic of "if Android does not offer enough liberties, use an Apple phone" and "if Apple does not offer enough liberties, use an Android phone" doesn't make any logical sense and everyone who uses your argument knows it, but chooses to continue making it to push an agenda.
Compliance is a very binary thing in this matter. Either Apple complies, or they don't. It's the the EU'a job to fix the legislation, the legal system does not care about "not faithfully honoring the spirit/intent".
Which is why they will get away with it. It is why others people get away with similar behaviour in general in many jurisdictions. One legislation (which is slow to change and can be opposed by lobbying) catches up with one thing they do something new.
Legislation can be worded more generally though, which helps. Regulators and judges can be given some discretion.
When would we say this started, year-wise? As in the past, most of the technology/innovation came from Asia and Europe, and it seems not until after computers (or earlier perhaps?) did the US start to catch up with the rest of the world, but haven't really done a deep dive into it.
Well, until it doesn't, which seems to be edging closer and closer every day.
Not sure where you are located, but as I'm within the EU, I'm quite happy with the approach we take, I'd prefer that to the capitalistic hellhole the US seems to be. If that means I have to decline cookies when I visit websites who misunderstand regulation, then so be it, totally worth it.
At least someone is setting limits, Biden noted in his farewell address how America is being shaped by oligarchs which has echos of Eisenhower's farewell address warning of the forming of a 'military-industrial complex'.
> Europe understands that innovation is not good per se
Same applies to economic growth and higher disposable incomes I presume?
> and that an economy should follow the people, not people following the economy.
It's not exactly working though is. Or are you saying that Europeans are somehow "stagnant" therefore the economy should also be stagnant? Which doesn't sound that reasonable or a nice thing to say...
> The us vs them in your comment feels quasi-political and unfounded.
Yeah, I've noticed there's a lot of virtue signaling form some Europeans, especially amongst the wealthier Germans, Benelux, and Nordics who have this "holier than though" posture on how much better they are than Americans(wide brush stroke here) for being non-materialistic (also copium for their low skilled wages), while coasting on generational wealth inherited from those before them.
Well if you're so non-materialistic, why aren't dropping the prices of your housing so other people can actually afford to buy something instead of hoping to profiteer from them like those "greedy" Americans?
As always, the people lecturing you on how money doesn't matter, are those who already have money.
Just like those Germans laughing at Trump when he warned them about Germany's dependence on Russian energy in 2018. [1] They can be so smug and full of themselves sometimes.
I dunno — in the torrent of sludge that came and will come from the Trump administration, how is anyone supposed to distinguish an occasional nugget of truth?
Easy, you use your brain and critical thinking to process the message separately from the messenger and then do your own fact checking. But that's hard and your avenge person is too retarded to do any such research and it's easier just to laugh at Orange Man while being smug.
Like if the Germans would have invested as much brain power to look up where the energy of their industry is coming from and asses the threat of being depended on Russia, as much as they used to laugh at America's big military and at Donald Trump, they'd be in a better state.
Anyone with two working braincells knew Germany's position was vulnerable to Russia. Even EU leaders told them that, not just Trump but also Obama.
Maybe he would like to pretend he's surveyed 330+ million individuals and has assessed each with respect to materialism and ability to understand life.
On the one hand yes, on the other, why would we care about a "stronger" tech sector, if the majority of that tech strength is based on stealing people's private data to monetize it, getting them addicted to digital crack to view ads just so that a small handful of bibliomaneres can get richer while the societal damages are being socialized? What would we gain from it? More "line goes up" nonsense that don't matter to the average person? Does the average American also care?
"So look, you can't afford rent, you can't afford groceries due to inflation, your student loans and medical bills are crippling, but the good news is tech stocks are up 200% since last year"
I also don't want to be on the public roads swarmed with flaky alpha stage self driving cars just so some billionaire nut job can flex on is social media platform and get richer. That kind of "innovation" that I'm glad is regualted.
> "So look, you can't afford rent, you can't afford groceries due to inflation, your student loans and medical bills are crippling, but the good news is tech stocks are up 200% since last year"
You can compare the disposable incomes in Europe and the US. I mean a median American can afford a whole lot more of those things than a median European.
PPP adjusted median household disposable income per capita (with social transfers like public healtchae and stuff) in US was $62k back in 2022. West Virginia is ~72% of the national median. So Sweden?
Of course, money obviously isn't everything (not /s). And income inequality is much higher in WV than in Sweden. It's actually higher than in any European country. Which makes comparisons like this rather tricky (it's not even rich vs poor but median vs poor which is the problem in the US when you compare it to Europe).
The most equal US state (Utah) is still more unequal than the EU country which has the highest income inequality ( Bulgaria).
Interestingly enough before taxes France, Finland, Italy, UK etc. have comparable income inequality to the US.
West Virginia isn't the poorest state though (e.g. it's about on par with New Mexico). Mississippi and Louisiana are.
>The most equal US state (Utah) is still more unequal than the EU country which has the highest income inequality ( Bulgaria).
That can be true while at the same time the 3rd percentile of income earners in the US earn more after taxes than the 3rd percentile in Europe, ditto for the 4th percentile and so on up to the 99th percentile (since the average income in the US is significantly higher).
It can but I don't think it is. I can't find direct stats (I mean I can find nominal but not equivalized/ social transfer adjusted figures) to compare but e.g. 1st quantile income cut-off in Sweden is 64% of the median while for first decile it's 49%
Utah on the other hand (surprisingly or not) has the highest first quintile mean (yeah.. slightly apples and oranges but gives an advantage to Utah) in the US, yet it's still only around 25% of the state median.
it's 62.30 * 1.28 (Utah vs US median in 2022) * 0.25 = $19.936
Sweden:
43.9 * 0.49 = $21.51, so a 1st decile Swede has higher PPP + social transfers adjusted income that the first quintile mean in Utah.
If course it's rather convoluted since I'm too lazy to find directly comparable data. Disregards (uses US PPP + social transfers instead of just Utah's etc.).
However I think it's broadly accurate(ish), considering that Utah has higher than average median income and the highest first quintile income all other states would do even worse.
Of course Eastern European states are poorer but Sweden is closer to the EU average than Utah is to the US average (and Sweden's GINI is around average in Europe while Utah's is the lowest in the US).
>The most equal US state (Utah) is still more unequal than the EU country which has the highest income inequality ( Bulgaria).
This is one of the most shocking things I've read in relation to this. I knew it was bad, I didn't know it was THIS bad. Do you have any sources for this? I need to spread this fact if it can be easily verified.
Taking your comment as more of a zeitgeist-y vibe-y thing that something literal, I still disagree.
Apple's walled garden is more your definition of European than American. Apple sharply limits (or regulates) what you can do on your phone because they think they have a better idea of how you should live your digital life.
Android's openness fits your definition of American with their anything-goes, let's see how far we can take this, approach to mobile computing.
> Apple sharply limits (or regulates) what you can do on your phone because they think they have a better idea of how you should live your digital life.
I think that it's Apple's bottom line that dictates how Apple corral people to live their digital lives. It's not because they are benevolent dictators, inspired geniuses, altruistic utopians or whatever. It's just a way to make more money for themselves. They perfected the walled garden, made huge profits out of it and will fight to keep those walls standing.
There's nearly always an adequate fix. In this case I took the HTML doc title and appended the advocacy groups to it. This fits easily within the 80 char limit.
I wonder if we could be spared the next few rounds of US "innovation" while we take a breather and fix the stuff that broke during the last few fast-moving rounds.
It's worrying that it's only considered annoying to US companies; after all to them it's just a fine, if it even comes to that. A fine is only a punishment for poor people, for rich companies it's a one off expense.
a) click the manage options button
b) click the reject all button (if there is such a button)
c) avoid the "agree to all and confirm" button that is somehow now highlighted as if that would be the logical next button to click after I rejected all
d) click on the "save changes" button, which is really helpfully titled, and greyed out, but thankfully still clickable
e) pray that all of that made a difference