this post was submitted on 14 Aug 2024
657 points (98.7% liked)

Privacy

32130 readers
747 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

A cookie notice that seeks permission to share your details with "848 of our partners" and "actively scan device details for identification".

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 171 points 3 months ago (4 children)

Hate when they remove the reject all button

[–] [email protected] 143 points 3 months ago (2 children)

In the EU and UK this is also forbidden as rejecting should be as simple as accepting cookies.

[–] [email protected] 77 points 3 months ago

In theory yes, in practice "uh-huh."

[–] [email protected] 37 points 3 months ago* (last edited 3 months ago) (5 children)

The most effective solution is just to wipe all cookies every time you close your browser, or creating strict cookie whitelists. Actually managing cookies on webpages is for normies.

[–] [email protected] 9 points 3 months ago (3 children)

Still doesn't get rid of the popup, for that I use ublock origin.

[–] [email protected] 3 points 3 months ago (1 children)

The only way for the site to know to not show the pop-up again is ironically by saving that information in a cookie

[–] [email protected] 4 points 3 months ago

Or you could block all cookies from all associated domains and use uBlock Origin element picker to hide the popup.

I'm tired of expecting service and site owners to be human beings, and have learned the tools needed to curate my own experience. Hell I used to browse with javascript off for years until every shitbag UI graduate decided to cram it into every single site regardless of applicability.

[–] [email protected] 1 points 3 months ago

And enable the specific cookie alert list

[–] [email protected] 1 points 3 months ago (1 children)

I like grid for that because it's by default per-site permissions and also by default allows the sites own cookies while blocking any cookies for other domains.

It can involve some trial and error to get things working if the site uses a CDN or third party services for functionality, but I've found that it hasn't yet been necessary to enable any 3rd party cookies to get any functionality working (at least none that I wanted to get working, maybe other sites that use Google or fb accounts would automatically log me in if I had those ones enabled, but those are things I specifically want to block).

Usually I'll just need to enable some scripts and media from CDNs.

[–] [email protected] 2 points 3 months ago

I hate nearly everything about web 2.0, if I could thanos snap away Javascript and CSS I would it with zero remorse or regret. Humanity was happier before CDNs.

[–] [email protected] 7 points 3 months ago (1 children)

and then every time you visit that one good news site, you have to go through their cookie banner each time. That or install a cookie-denying addon and hope that they don't sellout or sell your data.

[–] [email protected] 5 points 3 months ago* (last edited 3 months ago) (1 children)

You have a total of four choices:

1a. Wipe all their cookies every time, reject them every time they ask.
1b. Wipe all their cookies every time, accept them every time they ask. 2a. Don't wipe cookies, keep the "essential" ones. 2b. Don't wipe cookies, accept all our most of them.

2b is the only scenario where you might not get asked again. 1b is the easiest no thanks.

I use the duck duck go browser because it makes that the default and offers to whitelist sites for cookies if you log into them (but you can turn that off in settings). It also autorejects a lot of cookies that use common popups.

[–] [email protected] 5 points 3 months ago (1 children)

2a seems the most rational, no?

Also maybe switch to mullvad-browser instead of DDG browser, since DDG has some controversies (search: "Zach Edwards" on the wiki) on what data it saves.

[–] [email protected] 2 points 3 months ago* (last edited 3 months ago)

Thank you. Where can I find the wiki?

Edit: Wired says

DuckDuckGo Created a Privacy Exception for Microsoft Cybersecurity and privacy researcher Zach Edwards discovered a glaring hole in the privacy protections of DuckDuckGo's purportedly privacy-focused browser: By examining the browser's data flows on Facebook-owned website Workplace.com, Edwards found that the site's Microsoft-placed tracking scripts continued to communicate back to Microsoft-owned domains like Bing and LinkedIn. DuckDuckGo CEO Gabriel Weinberg responded to Edwards on Twitter, admitting that "our search syndication agreement prevents us from stopping Microsoft-owned scripts from loading"—essentially admitting that a partnership deal DuckDuckGo struck with Microsoft includes creating a carveout that lets Microsoft track users of its browsers. Weinberg added that DuckDuckGo is "working to change that." (A company spokesperson reiterated in an email to WIRED Weinberg's assertion that none of this applies to DuckDuckGo search, adding that both its search and its browser offer more privacy protections than the competition.) In the meantime, the revelation blew a glaring hole of its own in the company's reputation as a rare privacy-preserving tech firm. Turns out this surveillance capitalism thing is pretty hard to escape.

[–] [email protected] 3 points 3 months ago (1 children)

Sounds like a job for the Mullvad browser, since that clears cookies on every restart by default.

[–] [email protected] 2 points 3 months ago

Firefox Focus does this as well if you’re on a phone!

[–] [email protected] 3 points 3 months ago

No? If you accept tracking while on the page, this has consequences on your current session

[–] [email protected] 2 points 3 months ago (3 children)

Sadly that is not an option for firefox on android yet (while it is on desktop), the only choises you are left with are:

  • Use ff focus that completely resets the browser deleting every cookie in the process
  • Use normal ff and:
  1. Just accept that you have to deal with cookies and care to carefully select Reject on every banner
  2. Turn on delete data on "exit button press" (which sadly deletes everything again, with no possibility to whitelist some websites).

That said, i believe Firefox should have (even on android) their "total cookie protection" thing which puts them in separate containers for each domain, so you are somewhat protected by cookie cross-tracking, but i would still prefer to delete most of them at close.

[–] [email protected] 6 points 3 months ago (1 children)

Sadly that is not an option for firefox on android yet

Eh?

[–] [email protected] 7 points 3 months ago (1 children)

I was talking about there being no option to whitelist some websites to keep their cookies, and as you can see it is not present there, while the desktop versione has it

[–] [email protected] 3 points 3 months ago (1 children)

Having seem the inside of some of these trackers, I can assure you that cross-domain "protection" is a furphy. Also, 848 partners is small fries. For shits and giggles you should turn on network logging on Firefox or Chrome and open any modern news website.

[–] [email protected] 3 points 3 months ago

Yea, 😂, I was very shocked on the amount of server contacted when I first time installed a pi-hole and opened a local news page while being on piHole webUI to test if it works.

[–] [email protected] 1 points 3 months ago

Ghostery has an "auto-reject cookies" setting.

[–] [email protected] 16 points 3 months ago* (last edited 3 months ago) (3 children)

Consent-o-matic browser extension can handle a lot of cookie banners and automatically rejects all possible cookies.

[–] [email protected] 10 points 3 months ago (2 children)

Reject all is actually you agreeing on the legitimate interests loophole so this is also problematic.

[–] [email protected] 5 points 3 months ago (1 children)

Yea.. That is true. But I think, if uBlock blocks the banner, consent would not be able to reject/approve anything. Think of it as a fallback solution 😇well in my case.

[–] [email protected] 2 points 3 months ago (2 children)

But some pages stiff you by disabling scroll capability if you hide the banner

[–] [email protected] 2 points 3 months ago

Yea, I tend to not use those sites and search for alternatives or archived versions. Sometimes you can scroll while reloading the page until scrolling is blocked again.

[–] [email protected] 2 points 3 months ago (1 children)

Javascript is the problem there

[–] [email protected] 1 points 3 months ago (1 children)

Yep, but some pages load the text content programmatically, so even if you switch to reader mode you only get the blurb

[–] [email protected] 2 points 3 months ago

Yeah they get skipped or opened on Brave incognito

[–] [email protected] 4 points 3 months ago (1 children)

I used to rely on Consent-O-Matic a lot, but I'm somewhat uncomfortable by the fact that the extension has full access to all web page content. I mean I understand why, but I'm still uncomfortable with it. In the end I ended up uninstalling it because it broke some sites so that they wouldn't load at all, or got stuck into an infinite reload loop. On majority of cases it works alright though.

[–] [email protected] 2 points 3 months ago (1 children)

Yea, every extension has full access to any website, if you not make use of a whitelist/blacklist.

[–] [email protected] 0 points 3 months ago (1 children)

Some extensions, such as SponsorBlock for YouTube actually limit themselves so they can only operate when the browser is on youtube.com. This can be declared in the extension manifest. It's a separate permission to access data on all web sites vs. access data on a specific website.

[–] [email protected] 2 points 3 months ago

Not helpful when something like Consent-o-matic needs to operate on every possible website with a cookie banner.

I have had the same concerns, since watching it click through things faster than I can see is scary. Maybe some day someone sneaks in a cookie banner detector that activates on banking pages to steal your money? uBlock Origin has similar risks, but at least it's not actively controlling browser inputs.

[–] [email protected] 2 points 3 months ago

Oh alr thank you

[–] [email protected] 5 points 3 months ago

I just implemented a cookie consent bar on my company's website and the agencies/vendors who advertise for us were giving me so much shit for having reject available right away. But thankfully our Legal department said keep it there... Or else. "Hands tied..... Soooooorry!"