return to table of content

Consent-O-Matic – automatically fills ubiquitous pop-ups with your preferences

sgc
15 replies
1d4h

With how aggressive websites are in shoving popups down our throats for every little random thing, we need an in-browser AI bot to get rid of them appropriately.

It's leaking too. I got a popup on my keyboard on my phone yesterday, and literally thought "this is too much, I wish I was dead" (I'm doing fine, just an intrusive thought :). Time to dial it back in folks. It is unbearable.

iwontberude
4 replies
1d4h

To those of us with ADHD this firehose of notifications and distractions feels like a deliberate attack on our agency. It does make me feel like I want to die, not because I’m depressed or suicidal generally but because I can’t imagine aging gracefully with this escalating source of entropy.

fuzzy_biscuit
1 replies
1d4h

This is precisely why I'm sidling up to the idea of an old flip phone. The deluge of "communication" that is force-injected into my eyes every day is an immense waste of my mental energy. I hate this age of attention assault.

zelphirkalt
0 replies
1d3h

May I suggest a well configured uBlock Origin and additionally to cut out some websites completely from your life? Doesn't solve the problem in general, but it will hopefully make you feel better. And it will make your browsing faster, because you are not loading all that crap.

sgc
0 replies
1d3h

I had the thought for much the same reason. It amounts to a denial of service attack on the human psyche.

There are places with laws about advertising pollution in public spaces. That needs to extend beyond advertising to a more general set of aggressive attention grabbing features, and to our digital lives, where we spend a huge amount of our time. It's not going to self-regulate. Ironically, the ubiquitous GDPR popups sort of broke a dam that have led to popups of all sorts being forced on us all over the place.

marcosdumay
0 replies
18h11m

feels like a deliberate attack on our agency

It is.

The idea of pushing more contracts than you can read, all of what you must accept just to survive is a deliberate attack on our agency. You are just more sensitive to it.

drdaeman
3 replies
21h58m

we need an in-browser AI bot to get rid of them appropriately.

Not just popups. We need browsers to die and be reborn as User Agents again.

Currently the best browsers do is some translation and summarization, but there's currently zero automation.

An ability to tell user agent a command, in a natural language, like "go through first 10 pages of those Amazon search results, check every one of them including photos, descriptions and reviews, filter products according to those and those criteria (and not whatever Amazon lets me search and filter on) and give me a nice clean list of images and links with zero extra junk" will be a game changer.

We have all the tools, it's about time we show a middle finger to dark patterns and enshittification. Sure, it'll be a game of cat-and-mouse with websites fighting against robotic agents empowering end users (ad industry is going to hate this so much), but it's a battle worth fighting.

marcosdumay
2 replies
18h12m

We need all of the informatics corporations to die and be reborn as companies that serve their customers.

drdaeman
1 replies
17h46m

Well, they surely aren't committing seppuku. No such thing as a corporate honor or shame, only business interests. At least, not with any large corporations.

And this status quo needs to change. Too much power and information disparity at the moment, the markets are essentially broken.

marcosdumay
0 replies
16h19m

IMO, the easiest and most healthy way to get from here to there is by splitting those companies. There are plenty of ways they can be reborn, many even without hurting anybody.

Double_a_92
3 replies
1d3h

The actual problem is not the popups, it's that websites have so much spyware crap on them that you need all those warnings.

zelphirkalt
0 replies
1d3h

But also that the popups do not conform to what GDPR demands. Remember, rejecting everything should be the same amount of effort as accepting the settings, and by default non-functional stuff should of course be turned off. If websites followed those rules, we would have way less of a problem here.

krageon
0 replies
1d

The actual problem is not the popups

Yes, it is. That's the actual problem and so is everything else about the attention-hijacking industry.

dredmorbius
0 replies
1d2h

If only there were some way to eliminate that need for warnings....

fnordsensei
1 replies
19h35m

Or a standard API whereby a user fills out their preferences once in their browser, and the websites ask the browser for this information.

orbisvicis
13 replies
1d13h

I believe ublock origin blocks these via the annoyances filters, but just the popup element without setting the cookie. I haven't really looked into it.

pbmonster
5 replies
1d11h

It blocks some of them, usually the most basic. I also seem to remember that by not answering those prompts (and hiding them instead), you actually consent until you decline.

It absolutely can't block the more advanced, sometimes multi-stage prompts Google, Youtube, and many newspapers use. Consent-o-Matic actually goes through those prompts and declines the maximum possible amount of tracking, while consenting to the necessary options required to make the site work.

Elinvynia
3 replies
1d10h

That is false, you only consent by your explicit action - clicking "accept". If you inspect element and remove the consent popup entirely, you have not consented.

tcfhgj
0 replies
1d9h

At least this the legal requirement

nicbou
0 replies
1d9h

Exactly. Consent is opt-in, not opt-out. That's the law.

If a website does not respect that, it probably won't respect your choices either, so you might as well block the cookie banner and all tracking scripts.

IanCal
0 replies
1d8h

It's not false. You are right that you haven't consented until you actively do so, but that's not the same thing as having the website work.

nicbou
0 replies
1d9h

It blocks pretty much all of them for me. I almost never see a cookie banner, to the point I forget that they exist, just like YouTube ads.

I sometimes forget how bad the unfiltered internet is.

leokennis
2 replies
1d8h

The issue is that some sites will not work until you made a decision in the cookie pop-up. So then I have to reload the page without blocking, reject the cookies, and then reload the page with blocking...

So for now I disabled the blocking of cookie pop-ups and I let C-O-M automatically reject cookies for me.

account42
1 replies
1d2h

The issue is that some sites will not work until you made a decision in the cookie pop-up. So then I have to reload the page without blocking, reject the cookies, and then reload the page with blocking...

My solution in these cases is to leave the website in question and do something that doesn't involve getting abused.

orbisvicis
0 replies
19h15m

I've probably done the same thing subconsciously. Are there any well-known websites that behave like this? I'm curious what I've been missing out.

agos
1 replies
1d10h

Consent-O-Matic runs on recent Safari, while ublock unfortunately does not

nottorp
0 replies
1d7h

That's Apple's fault though, for not offering an API that would support uBlock Origin.

davidd_1004
0 replies
17h43m

I think they have a specific list for cookie banners

bugtodiffer
0 replies
1d11h

Yes of course without accepting the cookie. THis malicious compliance BS has to end. i won't do the 20 clicks I need to deselect legitimate interest everywhere... I'm just blocking your popup.

xnorswap
6 replies
1d3h

And they will mark all the advertising cookies as "Legitimate interest", as they've already started to do that with the confirmation prompts.

The "legitimate interest" of selling you shit you don't want and selling your interests to third parties.

ivann
4 replies
1d3h

Would this get past the GDPR? I get the defeatism, there are powerful actors, but it doesn't mean we shouldn't try to improve the situation.

krageon
2 replies
1d

No, it's not legal. It's clearly not legal, it doesn't need a case. It's well established in the law as it was written.

It's just that the enforcement agencies are large, lazy and won't enforce anything. They don't even enforce when you can prove beyond a shadow of a doubt when and how the corporations have leaked your private information, let alone when their use of cookies is illegal.

krageon
0 replies
19h18m

It depends on the country. When I filter for specific countries, it really can be very rare.

Look at the difference between Germany and say Austria, for example. Or if you must compare two large countries Germany and France. There is quite a large gap between different countries.

whereismyacc
0 replies
1d1h

Isn't this one of those things that is going to require a landmark case?

bradleyy
0 replies
1d1h

Nothing prevents a company from doing this, but it's definitely not GDPR compliant.

franga2000
2 replies
1d4h

The problem isn't lack of a solution, we've had DNT for years. It's that the people who want to track you generally don't want to make it easy for you to opt out.

ivann
1 replies
1d3h

Yes, this will need legislative backing. We had the GDPR since the DNT.

I also just discovered the GPC which seems more interesting: https://globalprivacycontrol.org

bradleyy
0 replies
1d1h

Actually, GPC support is required in CPRA. CPRA, if you're not familiar, is the California privacy law.

fanf2
0 replies
1d4h

I am sure it will be as successful as do-not-track.

pcl
10 replies
1d15h

I’ve been using this for a couple years now, and absolutely love it. Thanks, team!

I also love that it’s owned by the University of Aarhus, as I am more willing to trust academia with something that has a disturbing level of (client-side) access to my browsing data.

I really wish the browser vendors would develop better permission models to guarantee my data can’t be exfiltrated by a malicious plugin (aka a once-good plugin that got bought out by a bad actor).

For example, I’d love to see the browser impose a policy of “no outbound network requests except to pre-registered endpoints with pre-defined headers and data payloads”, so that plugins could fetch allow lists but could not exhilarate my browsing history.

jitl
5 replies
1d14h

It is very hard to prevent exfiltration by code that is allowed to write to the DOM in today’s browsers.

There is Content Security Policy (csp) which applies to the whole page and sometimes governs scripts injected by extensions but not the extensions themselves.

I would love to see browsers add a chain-of-custody to scripts and DOM nodes, so it is easy to tell which nodes were added/touched by a script, and if a script adds a script tag, that newly loaded script would show up as branches in the custody tree. Then we could say, “no nodes or scripts in this tree may trigger requests to unauthorized domains”. It would be sort of like CSP, but with a runtime-tracked implicit capability/taint for extensions.

jraph
3 replies
1d12h

Add some sort of signing process and call this Secure DOM.

ronsor
1 replies
1d3h

No, then people will mistakenly think it is 100% secure.

whereismyacc
0 replies
1d1h

Securer DOM.

aristus
0 replies
20h11m

Browser DOM Security Mechanism.

xelamonster
0 replies
21h52m

I'd like to see a separation between read and write permissions to the DOM for plugins personally. I would feel much better if I didn't have to give any plugin that might need to modify parts of a limited set of pages the ability to silently manipulate anything and everything I see in the browser. Read-only access could be granted by default, then only when a plugin sees something it wants to act on it could pop up and request my approval before doing so. The current approximation of that by disabling the plugin globally and enabling it on specific pages is so clunky and adds so much extra friction that I don't ever bother with it.

sciolistse
3 replies
1d14h

while we're wishing for impossible things i'd also love if the consent dialogs were an actual standard. if sites could describe a list of what they needed consent for and the browser supplied the actual dialog, so i could just configure it to always allow all if i wanted to, that would be fantastic.

paulryanrogers
0 replies
1d7h

Or even better a header to signal the wish to not be tracked. We could call it "Do Not Track", and enforce with laws.

joshuaissac
0 replies
1d

if the consent dialogs were an actual standard. if sites could describe a list of what they needed consent for and the browser supplied the actual dialog

There is a standard for this called P3P, which was implemented by Netscape, Firefox, Internet Explorer and Microsoft Edge before eventually dropping support for it. But there was nothing requiring website owners to use it. Various data protection regulations across the world require them to obtain consent for collecting data, but they are not required to recognise consent or non-consent expressed via P3P settings.

These standards will only get used if the website owners are forced to use them, either by regulators or by monopolistic/oligopolistic market forces.

https://en.wikipedia.org/wiki/P3P

buzer
0 replies
22h43m

As far as I understand at least some businesses in California are required to honor GPC.

https://oag.ca.gov/privacy/ccpa#collapse8b

Under law, it must be honored by covered businesses as a valid consumer request to stop the sale or sharing of personal information.
alkonaut
9 replies
1d10h

It should be called Reject-O-matic or you might get the impression that it’s ever used to consent to anything…

Drakim
8 replies
1d9h

While you aren't wrong, somebody might get the dumb idea that "If a tool instantly rejects the consent then the user hasn't truly consciously made a rejection."

This is the flimsy excuse made not to respect the Do Not Track header. By making it so that it's a tool for expressing the user's opinion, be it negative or positive, it becomes harder to spin it as being a tool that does not actually embody the user's view.

MereInterest
6 replies
1d8h

For the GDPR, that argument would fail immediately. Since the GDPR requires consent to be explicitly granted, and neither conscious rejection nor automatic rejection would constitute an explicit granting of consent, the site would not have a consent to track.

paulryanrogers
5 replies
1d7h

DNT could be mandated as a prompt instead of ever included by default. Or does the GDPR require explicit consent prompt and selection per domain?

troupo
4 replies
1d5h

GDPR requires explicit informed consent for data not strictly required for the working of a <website|app|store|organization|anything>

A user giving consent to <site|app...> A does not translate into consent for <site|app...>.

And yes, the default for such consent questions must be "no"

paulryanrogers
3 replies
1d4h

Perhaps I was unclear. IMO someone picking "sure fine everyone track me" when setting up browser (DNT preference) first time should count as explicit consent for every site. And similarly choosing DNT for all should legally count as telling site not to track and not to ever prompt.

MereInterest
2 replies
1d

In addition to being explicit, consent must also be informed in order to be valid under the GDPR. This is not a blanket understanding of "I may be tracked on the internet." but a specific "X information may be used by Y data processors for Z purposes." If somebody is not informed of X, Y, and Z prior to giving consent, then it doesn't count. A browser-wide preference from years ago is not informed consent.

There is one and only one legal default under the GDPR: Do not track.

anticorporate
1 replies
1d

There is one and only one legal default under the GDPR: Do not track.

This is immediately followed by every head of marketing (at least for US-based companies) asking "Okay, so how do we track those people?"

I'm not saying this is right. But it is reality. We normalized for two decades marketing leadership having the expectation that they can track every interaction, and prying that data away has been painful, especially for folks who really want to do the right thing but are told otherwise by their managers.

MereInterest
0 replies
20h44m

I agree, and that's why I try to avoid any prevarication on the point. Because the head of marketing will at some point ask developers to break the law. Treating privacy law as a grey area gives the marketers more room to pressure developers, and more room to throw developers under the bus afterward.

weberer
0 replies
1d6h

This is the flimsy excuse made not to respect the Do Not Track header.

Not exactly. The issue was that a specific version of IE enabled that header without giving the user a choice. If a user explicitly chooses to toggle the header, or install an add-on, then that argument would not hold up.

sonium
7 replies
1d13h

I’d like the option to automatically choose the LEAST privacy conserving option, because

1. I don’t care

2. It should work better since it aligns with the goal of the site

creshal
4 replies
1d11h

Regarding 2: That's the fun part! Manual consent isn't required for functional cookies, only for marketing garbage that doesn't help you at all.

bhawks
3 replies
1d11h

What if the goal of the site is to monetize views so it is economically viable to produce content?

Then GP's point towards 'it should work better' implies it works over the long-term and not a single interaction.

I find ads frustrating as well, but it is a powerful monetization strategy and that doesn't have a substitute.

xigoi
0 replies
1d9h

Hot take: People who produce content with the goal of getting money should just do something else.

troupo
0 replies
1d5h

You don't need invasive and pervasive tracking and wholesale trade of user data to display ads.

Google earned billions of dollars doing contextual ads before tracking user's every motion became the norm

alkonaut
0 replies
1d10h

This comes up every time gdpr or ads are discussed. But it’s pretty simple I think: not enforcing privacy regulations forces site owners to break them.

The reason is that so long as some sites show tracking ads, the monetization possible by privacy-friendly ads is almost nothing.

The long term goal must be that no one cheats, so that ad the revenue from well-behaving advertising can go up.

Remember the consent dialogs aren’t ever asking permission to show ads.

seanhunter
0 replies
1d11h

That is an option with consent-o-matic. You just go to the first page of the preferences and turn everything on.

kevmo314
0 replies
1d12h

The extension allows you to choose what settings you want.

aucisson_masque
7 replies
1d7h

'I still don't care about cookies' works on almsot every website I browse.

This extension on the other hand used to work maybe on a third, don't know if it improved but I would suggest the first if you're fed up with the cookie popup.

Macha
3 replies
21h1m

Note "I don't care about cookies" and "I still don't care about cookies" will accept tracking if that's the easiest route to get rid of the popup, which is a significant difference to the extension in this topic.

aucisson_masque
1 replies
19h47m

I understand the shortcoming but to be fair, if a website owner wants to track you he can do it even without cookie. I appreciate the gdpr for many reasons but the cookie banner constant spam is not one of them, I believe people just want to get rid of it even if it means agreeing to everything.

akvadrako
0 replies
17h59m

It has nothing to do with cookies; the popups are about accepting any form of tracking.

lolinder
0 replies
17h50m

Pair it with uBlock Origin and Firefox Enhanced Tracking protection and it doesn't matter.

I don't have a plugin for disabling the banners, but I accept them if that's the easiest thing because I can already see that uBlock Origin blocked all their trackers anyway.

Refusing23
2 replies
1d5h

'I still don't care about cookies'

if i recall this just closes the cookie popup

but if you want some functionality you may need to accept some basic cookie like "remember me" for logging in, etc?

this is what the extension is great for

not sure if you can use both

account42
0 replies
1d2h

Sites do not need to ask for consent for a login cookie or anything else that is strictily required to provide the asked for service.

Double_a_92
0 replies
1d3h

The problem is that it needs to be manually adapted to each side that doesn't have a well known cookie banner... So if you mostly visit "exotic" pages it doesn't work.

Cyberdog
7 replies
1d14h

I've been using the annoyingly-named superagent for a while for the same task, but it often seems to fail to detect some of these annoying boxes. I'll definitely give this alternative a try and see if it works any better.

Thank you so very, very much to the EU and whatever other government agencies are responsible for making the web more annoying to use.

https://super-agent.com/

notpushkin
6 replies
1d14h

Thank you so very, very much to the EU and whatever other government agencies are responsible for making the web more annoying to use.

They didn’t make the web annoying – advertisers did. They were the ones who chose the most annoying way to comply with the laws.

jitl
4 replies
1d12h

Sure, for advertiser thingies. But website features like optionally storing your preferences in localStorage, or assigning device IDs to be able to understand and optimize website performance both require consent pop-ups.

dzikimarian
3 replies
1d12h

Preferences and other things required for site to work do not require a consent.

jitl
2 replies
1d12h

Some preferences are not required for the website to work, but do improve the experience. These are classified as "functional cookies", "preference cookies", or "user interface cookies" in ePrivacy Directive and UK GDPR literature, examples like remembering your selected language, and still require consent. See https://ico.org.uk/for-organisations/direct-marketing-and-pr....

Consent-o-Matic uses this text to describe this category of cookies (for me, it's the first item in extension's config UI):

Preferences and Functionality: Allow sites to remember choices you make (such as your user name, language or the region you are located in) and provide enhanced, more personal features. For instance, these cookies can be used to remember your login details, changes you have made to text size, fonts and other parts of web pages that you can customize. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information in these cookies is not used to track your browsing activity on other websites.
hnbad
1 replies
1d10h

These require consent if, for example, they involve the use of a third-party service. Setting a first-party dark mode cookie does not require opting in even if it's "non-essential". It does however require disclosure.

The jury's also still out to what degree third-party cookies need to be disclosed in detail (e.g. whether you really need to keep track of the dozens of cookies Google Maps or YouTube sets or whether you can just refer to their privacy policy for the details). But embeds for YouTube, Twitter, Facebook or Google Maps, or the use of Google Fonts or the use of third-party CDNs for non-essential functionality definitely do require consent (i.e. opt in).

notpushkin
0 replies
16h36m

I’m wondefing if those embeds would work in an `<iframe sandbox="allow-scripts" />`. This prevents them from reading/writing cookies, but everything else should work fine.

hnbad
0 replies
1d10h

They're also violating the ePrivacy directive with any consent dialogs that don't give at least equal weight to the "Reject all possible and continue" option or hide it behind extra clicks.

Sadly the ePrivacy implementations were a bit lacking in some member states and the EU directive to replace them with a direct EU-wide law doesn't seem to be fully in effect just yet but I have high hopes we'll see companies fined over these deliberate misdirections soon and that will hopefully put an end to it.

alok-g
6 replies
1d4h

Asking genuinely as I never experimented myself -- Does the Internet experience in general cripple if one rejects the cookies on all websites? Or there is very little loss of functionality? I often allow 'essential cookies'. Would go to 'reject all' if that works fine.

Double_a_92
1 replies
1d3h

Not really. You might need to login everytime, or on shops you will lose your cart.

nani8ot
0 replies
1d2h

Storing login tokens and cart information falls under "legitimate interest", which does not need consent. They just aren't allowed to use that information to do anything else with it.

I've rejected all optional cookies/tracking for many years and I've never noticed any missing functionality.

gleenn
0 replies
1d4h

I reject-all as often as possible and they just make me log in more.

dredmorbius
0 replies
1d2h

For years my own practice on sites that impose cookie pop-ups has been:

- Zap that element (uBo element zapper or custom CSS style rule via Stylus).

- Globally deny ALL cookies for that site, via uMatrix.

Note that uMatrix (and AFAIU Fireox) already block all third party cookies. This just makes that prejudice global to the site itself.

The number of sites for which I require some level of state preservation is parlous few. Hacker News itself is most of them, my Fediverse home the other.

(I largely don't use the Internet for commerce. That's always struck me as a bad idea, getting worse. If I cared ... another very small number of exceptions would deal with that.)

Macha
0 replies
20h59m

Generally, no. Despite the claims that "this will not cause you to see less ads", sometimes it even does cause you to see less ads as ad slots are less likely to fill if they have less user info. (Sometimes the opposite happens and you get the shittiest weight loss ads however). That said, I assume most people likely to use this extension already run an ad blocker.

Sometimes it breaks youtube/twitter embeds.

1oooqooq
0 replies
1d4h

Given that the average person visits a site once. No.

xelamonster
1 replies
22h4m

Sure, if we're really lucky that'll be implemented before 2030 and maybe a handful of us will still be alive to see the day most of the mainstream web actually gets rid of all their obnoxious dialogs :)

It is great to see but I'm also happy if we can have even half a solution like this in the meantime.

quitit
0 replies
18h3m

The entire thing has been performative regulation.

Did asking honest businesses to restrict how they use cookies protect users from invasive tracking? Nope. Data brokers simply employed other methods or bent the "legitimate interest" exception.

Did all websites provide a single button to reject tracking, with equal prominence and proximity to the accept button? Years on this is still rare, despite being the rule.

Did data brokers find new ways to obtain the same data? Sure did and more.

Was the end result a disproportionate burden on users, including those not even in the EU, while not delivering the intended benefit. Sure is.

Do entire websites, particularly those in the USA, simply geo-block all EU countries. Yep.

Did European-based services and news websites switch to a "let us track you or pay now" model. Yes.

Did data brokers exploit the EU's inability to police the matter by incorporating dark patterns, artificial pauses, and obnoxiously long lists to stymmie user's attempts at refusing tracking? Yep.

Did bad actors ignore the regulations. Yep. Was the EU toothless to stop that? Also yes.

So what did happen?

Instead developers of web browsers incorporated anti-fingerprinting technologies to negate the problem, a part of browser development that continues to be an on-going arms race.

rlt
0 replies
23h2m

And hopefully the EU has learned a valuable lesson.

Not holding my breath, though.

riedel
0 replies
22h32m

The upcoming e-privacy directive will most certainly solve all problems, except that it remains to be just that: upcoming for years

IshKebab
0 replies
21h15m

Are you sure? Can you tell me which part of the regulation tries to do that because I couldn't find it.

londons_explore
4 replies
1d6h

I like this, but would like it to avoid the loading time of the consent popups.

Too often, the consent dialogue takes over a second to load, and when you finally click 'accept' there is a little spinner for what seems like ages before the dialogue goes away and you get to see the content you came to see.

Can we simply detect the "<script src=consent.js..." tag, and simply not load it for the most common and annoying types of popup?

MostlyStable
1 replies
1d2h

In the case that the popup doesn't load/the user never makes a choice, what is the cookie behavior?

How about if you hit the "x" button on the cookie popup instead of either "accept all" or "reject all"?

My assumption is that, despite what the law says/is meant to do, doing anything than going through the checklist will result in all cookies being enabled.

londons_explore
0 replies
11h48m

Since you'd probably do this for each of the big consent-popup-providers, you could simply have custom javascript for each which sends off the necessary ajax call to disable cookies in the background (although personally, I don't really care - if I wanted to disable cookies, I would do it client side. I trust the tech more than I trust their accurate following of the law)

worble
0 replies
1d6h

uBlock origin with the "annoyances" list blocks 90% of these I find

weberer
0 replies
1d6h

1. Open the uBlock Origin dashboard in your browser (click the little gears icon)

2. Navigate to the "Filter Lists" tab

3. Scroll down to the "Cookie notices" section

4. Check the box that says "EasyList/uBO – Cookie Notices"

k__
3 replies
1d8h

Brave simply hides these popups.

Works pretty well.

recursive
2 replies
21h13m

It only works because no-one* is developing to Brave. If Chrome tried that, it would be reverse-engineered or otherwise worked-around.

mp3geek
1 replies
21h7m

Brave uses Easylist/uBO Cookies list. Everyone develops for it.

recursive
0 replies
21h5m

If that was true, then Easylist/uBO Cookies list wouldn't work, as the thing they're blocking would have been developed not to be blockable by those things.

dns_snek
3 replies
1d8h

I love the idea but giving "root access" to an extension that's "not monitored for security" is a non-starter. I wish Mozilla would step in and do something good for a change.

nottorp
1 replies
1d7h

Would you like an "ecosystem" where you can't publish anything that the gatekeeper doesn't like?

I believe there's one over there <looks at Apple>.

dns_snek
0 replies
1d4h

I don't like "ecosystems" where a gatekeeper decides what we can and can't do with our own devices, browsers, etc. That's different from a software repository guarding users against malicious updates, e.g. due to compromised extension publishing account. The blast radius on extensions with permissions like that is huge, they could steal all of our session cookies and login info, for example.

My comment was a bit harsh, and that harshness wasn't aimed at authors of this extension. I'm merely asking Mozilla to be more proactive with extensions that are extremely security sensitive, but also further their own purported mission, like this one.

Fethbita
0 replies
23h28m

Check out this feature from Firefox then: https://bugzilla.mozilla.org/show_bug.cgi?id=1783015 Apparently can be turned on with the following:

cookiebanners.service.mode = 1 cookiebanners.service.mode.privateBrowsing = 1 cookiebanners.ui.desktop.enabled = true

dns_snek
0 replies
1d8h

Not in this specific case, they agreed to those terms when signing up for a Disney+ account, this extension only helps with regular consent pop-ups.

What would've helped is not signing up to Disney+ and pirating all of their content instead.

account42
0 replies
1d2h

Is there even a Disney defense here? Lawyers can bring all kinds of arguments, what matters is if they are upheld. Note that in this case Disney didn't even own or operate the restaurant so it's questionable why they even are a defendant here.

zelphirkalt
1 replies
1d3h

With GDPR conform cookie consent popups/banners, managing ones preferences is actually very easy. First time visiting a website just click decline and all is good. Unless of course we are talking about websites, which only pretend to be conforming, but are actually intentionally not. I say intentionally, because it is way more likely, than everyone responsible at a company having lived under a rock for the last ... what? 10 years now? ... and not actually knowing better. Nope, we have widespread shameless blatant violation of the law at our hands.

cbeach
0 replies
1d1h

On my pension provider's website I get the cookie consent warning every time I visit (whether I decline or accept). Even more annoyingly, this happens in the iOS app of the provider (which has a webview).

EU regulations like this are so poorly thought-out. They should have just banned nefarious tracking cookies outright. The EU never seems to understand the practical consequences of their technical regulation.

turblety
1 replies
1d5h

I just installed it on Chrome, and it hasn't worked on a single site, but upvoting as I love the idea as horrible as the whole consent banner thing is :(

For example bing.com, britishairways.com all show their consent popup. It does try and do that minimize thing, as something flashes to the bottom right. But the model still appears in the same place as always.

willks
0 replies
1d4h

I've been using this on mobile for a couple of years now, I've noticed it failing in the way you mention quite often in the last 3 months or so. I'm not sure how maintained the rules are, they might need updating. Previously it was working nicely, although probably only on 40% or so of pages. I've also used ublock to block cookie consent popups, which catches more but occasionally has to be disabled as sometimes it will break scrolling or interaction with the page.

mrtksn
1 replies
1d8h

The tracking pop-ups used to be the scapegoat of UX but these days the experience is broken by "are you a robot" walls, subscribe to my blog walls, paywalls, your ip is from the wrong country walls, login walls and other all kind of wall.

These days when I see a link to a news outlet or a blog that intend to consume seriously, I just use archive.is. It removes all the annoyances, it's brilliant.

account42
0 replies
1d2h

... except when archive.is itself presents you with one of those walls because you are using a browser that is not the latest Chrome.

more_corn
1 replies
1d1h

Shouldn’t this just be called “no”? Or “I do not consent”?

Anyone who cares enough to automate this will disable all optional cookies.

Also, don’t we all think the law should have simply required websites to respect the browser setting for this instead of requiring it every goddamned time?

CalRobert
0 replies
23h9m

The law states all of this should be opt-in. Website operators just ignore it.

marsh_mellow
1 replies
1d7h

This is great. Is there any work being done to make something similar part of the browser API?

troupo
0 replies
1d5h

There was the Do Not Track header that this great industry of ours immediately used to track users

jmorenoamor
1 replies
1d3h

We should kill cookies once and for all.

Put on a scale what we gain and what we loose, and just let it sit.

account42
0 replies
1d3h

Cookies are a tool, this is like saying we should ban knives because they can be used to stab people.

Login sessions is one thing that cookies solve well - we'd have to go back to session IDs in URLs with all the problems that causes.

... which also shows that cookies are not the problem because you can track users using an infinite number of different ways.

Now stricter enforcement of consent laws as well as regulating in which ways consent can be asked for, that would make sense.

dspillett
1 replies
1d7h

I keep considering this and similar tools, but I have a concern that they will miss things and effectively opt-in when I want them to opt-out.

For instance: if the code/config for a particular site or family of sites becomes out of date for a while due to said site(s) adding a bunch of “legitimate interest”¹ checkboxes, then I may have just given consent (or passed by the opportunity to object) without knowing.

----

[1] In other words “we see your preference not to be stalked by our partner(s), but fuck you and your preferences we want to let them anyway”.

netsharc
0 replies
1d6h

I just came to the realization how ducked up things are, that right now every website view involves solving a stupid puzzle of toggles... that the privacy-conscious think might help them protect some of it, but I have a suspicion will do duck-all for said privacy anyway.

beefnugs
1 replies
1d11h

Sadly this is the wrong solution: proper solution is to create generic "get to the base information" solutions to get past all dark pattern bullshit.

Trusting advertisers, web developers under coercion, annoying paywall based sites has been proven to be a bad choice over and over in history repeating itself hellscape.

Firefox's "reader view" was the right idea, that doesn't quite go far enough. We need options like "i just want text, non ad pictures, and original videos".

Any higher layers where we allow these brutal dark patterns are too much work to track and fix every little thing they can do with code

TeMPOraL
0 replies
1d9h

We need options like "i just want text, non ad pictures, and original videos".

That's called an ad blocker.

This is touching on the larger battle for control over user experience, that has been going on since the birth of the WWW.

Most of the sites want you to see everything other than "text, non ad pictures, and original videos" - the latter is a bait and a vector to expose you to ads, dark patterns, and other marketing shenanigans. They'd serve you their page as a PDF if they could get away with. They almost did get away with Flash. They do get away with this with mobile apps. About the only thing stopping them from replacing websites with some ungodly mix of canvas, WebAssembly, and React-like frameworks, is accessibility[0].

Point I'm making is, it's not a PvE game, it's a PvP one. A beefed up Reader Mode is not a solution - try to build one, and half the industry will cry foul, and proceed to invent workarounds. The Web, as we know it today, is funded by the enemy.

--

[0] - specifically, the legal requirements in some scenarios and jurisdictions, which create a sort of back pressure on the industry that keeps the web from full-blown appification.

seanhunter
0 replies
1d11h

I've been a very happy user of this plugin for some time and it works great for me. I'm always bewildered by how many cookie consent dialogs I see on my work browser which is locked down so doesn't have this plugin.

layer8
0 replies
1d3h

How does this compare to the similar functionality in Ghostery?

laborat
0 replies
1d4h

THANK YOU for letting us know that this exists

junto
0 replies
16h39m

I increasingly just reject all cookies and it doesn’t seem to make much difference on the vast majority of websites I’ve simply said no to.

fifteen1506
0 replies
1d10h

Global Privacy Control should provide a global control that should work better than DNT ever did.

arendtio
0 replies
23h19m

I wonder how many websites declare the Google Tag Manager a technical necessity (as part of the consent layers). In my world, it is a tool to manage different tracking and ad tools, far from being technically necessary to host a website.

arduanika
0 replies
1d15h

Gives a new meaning to "manufacturing consent"

WesolyKubeczek
0 replies
1d3h

A very nice extension, but mobile Safari is a pig and somehow it fails to close the popup on roughly half of the sites I visit. :-(

CalRobert
0 replies
23h10m

Worth noting that GDPR says all this crap is opt-in anyway, and everyone is just breaking the law. But the law isn't enforced :-(.

AgentOrange1234
0 replies
1d15h

This sounds awesome! Thanks! It is very tiring to click through every single site.