This is your cue to remove the extension from your browser immediately. I've been developing extensions for years, and I've never seen an extension acquisition done by a company like Avast not transform the extension into a data harvesting operation.
Judging by the size of the user base the author was paid at least 100k USD, all for an open source project that is free to fork. Avast has acquired you, the user, and the original maintainer continuing to work on the project is just a ruse, the new owners prefer to do it this way to reduce user loss until the business end of a future extension update is pushed out to your devices.
I use it to dismiss the popups, and the cookies get deleted after. So actually I do care about data harvesting, but I also care about a popup free internet.
I use the "close tab" feature, which saves me a lot of time I'd otherwise spend reading or watching low-quality content, which I have found to correlate with cookie popups and newsletter modals.
Bookmarklets are an under appreciated part of web browsing. Here's one to tell you if the current article you are reading is posted on HN so you can read the comments:
I don't but they're pretty easy to explain. Create a new bookmark. Give it a name. In the url field instead of a standard url in the form "https://website.com" you put JavaScript in the form "javascript:(function(){...})();
They're bookmark buttons that execute Javascript on click. You need to put semi colons at the end of all lines since they don't preserve new lines. Bookmarklets should validate the URL if they are specific to a website or page. For larger ones, keep a source file since editing a single line of Javascript is not fun.
Just so I get it right: Adding this javascript into the URL of a bookmark, then saving the bookmark, will remove cookies popup on any page going forward?? I am missing how this works.
The "element picker" feature of uBlock Origin makes it generally easy to manually remove these sort of annoyances too. It can also do things like remove floating headers that follow you when you scroll down the page, covering article text you're trying to read (such as the one that is on the OP blog post.)
I use an add-on called "nuke anything" which lets you just rightclick on anything you don't like and get rid of it. Works great for most things, but element picker works well too.
When I see a youtube embed, the frame for which is blocked by default using umatrix, I right-click it and open it with mpv. With my configuration, mpv performs better at video playback than any browser, saving me battery life. It also lets me use keybindings I'm familiar with, easily screenshot the video with a single press of the s key, and make video clips of the video too. This also bypasses youtube's age gating, without requiring me to have an account.
The same works for vimeo, dailymotion, etc. Even if the video embed doesn't even get created in the first place because I didn't run that page's javascript (I only run javacript on a whitelist basis), I can usually watch a video that would have been embedded in it by simply directing mpv to the hosting page itself. This even works for most local news websites (which seem to be the trashiest sort of pages on the web.)
I use https://addons.mozilla.org/en-US/firefox/addon/send-to-mpv-p... for this (can also be configured to use other media players). My only complaint is that the extension looks for video elements (when invoked for the active page rather than on a link) and if it finds any it sends those URLs to mpv instead of the page URL. This is great when you need to run some JS to get to the URLs which yt-dlp? does not understand but mostly is just annoying because it manages to break things when mpv with just the page URL works fine.
Nothing "just" about that. Right click -> open in MPV is low friction. Launching MPV, arranging your windows so that both MPV and the browser is visible at the same time and then doing a drag-and-drop is much higher friction.
Which makes me wonder, if you use the multi-container and cookie autodelete extensions do you need to be concerned about this acquisition, even in the advent of Avast harvesting data?
If you agree to the GDPR "cookie" popups you generally also agree to other data harvesting that requires consent but which you cannot clear because it is not stored locally.
Not necessarily. I use an other extension to delete cookies and data from every website and uBlock Origin blocks connections to trackers. So all I used to get with this extension was a way less cluttered user experience. I will now replace it with a simpler uBlock list.
It's not just browser extensions, but any popular software project that has no stable funding source. This extension has been maintained for years, and it requires a lot of effort to keep updated because it interacts with websites.
These developers are then offered funds for perhaps a new home, and they can hardly be faulted for taking the deal. This issue can only be solved by finding better ways to fund the development of popular software projects that serve the public good.
I actually prefer the funding model where occasionally these free software developers do receive a big payday without any shame or stigma and a fork of their project is almost instantly launched under different branding. So Avast gets a one time user network buyout but the functionality of the tool persists in availability. Better funding for the project while it remains free is never a bad thing though, if you get a lot of value out of some free software you use please never forget to tip or even patreon/other-subscription-payment-plan its continued development!
Would you still feel the same way if you were hacked because of such a sale?
Linux distros manage fine without such sales - and this kind of behaviour would get a maintainer kicked and probably marked for life. Too bad that Browsers have chosen a free for all store model instead a maintained distro model. Meanwhile Mozilla keeps locking down installing extensions outside their store for "security".
> would get a maintainer kicked and probably marked for life
For trying to cash out and retiring for maintenance they'd be excluded from ongoing development? This is precisely what I meant by not shaming people for selling off their product.
There are a lot of assholes out there that are far more worthy recipients of your ire - I'm sure this extension wasn't acquired for 1.2 billion.
For selling out users they'd be excluded from positions that require user trust, yes. I'm all for rewarding open source developers and maintainers but let's not destroy the software in the process.
And yes, there are always bigger assholes - that's never an excuse.
How would you reward open source maintainers? Donations can rarely sustain a project, so my own solution was to also start selling my work on app stores, but that may not work for everyone.
This is why I generally only use ones that are approved by mozilla that I have researched. Of course I currently have 5 extensions because I'm pretty cautious.
I just turned of auto update for the "I dont care of cookie" addon, just as a precautionary measure to see how this ends and until there is an good replacement.
You can still use the official IDCAC list or another one in uBlock. It’s not as good in big companies’ websites (like google) that show their own interactive multi page banners bc the filters can’t simulate clicks, but it’s still good enough for an uncluttered navigation in most websites.
My web browsing just got interrupted by a new tab that opened without asking me, informing me of this acquisition. I have a 'one strike' rule for abusive behavior in extensions, and immediately removed it.
Then there is someone nearly the same who cries foul when they aren’t told a new company owns the extension. What if Google bought it and was going to harvest that “ability to read and change website data” permission?
Yeah, I dislike the intrusive nature of the notification, but I can't really think of a better way off the top of my head. The notification API could work in theory, but if you don't already have that permission it would be odd to request it just for a one-time message like this.
I'm assuming that an extension update is precisely what triggered this behavior. It sounds like the extension had no need for alert functionality, and that this was a first occurrence, so I'd also assume they had to add code to trigger an alert rather than just blasting a brand new alert to users via written but previously-unused code.
Sublime Text extensions do this too, quite annoying when you open an editor for for a quick note and several seconds in the typing focus switches to a new tab. Of course, browser extensions that do this are annoying too, especially when you get bombarded by new tabs if you didn't use the browser in a while. This is so user-hostile, how come the issue wasn't tackled by browser vendors yet?
several seconds in the typing focus switches to a new tab
I've never understood why operating systems allow focus switching.
It's always been a pox on Windows, but macOS does this more and more these days. Just this morning, I plugged in a USB hard drive, then returned to my other work while it mounted. Suddenly, I'm typing a memo into Finder's password field to unlock the drive. Just. Stop. It.
If you need my attention, there is no shortage of methods to do that — Beep. Bounce the icon in the dock. Notifications messages. Your stupid program is not more important than whatever I'm doing at that moment in time.
> Suddenly, I'm typing a memo into Finder's password field to unlock the drive. Just. Stop. It.
Normally I would lol at your misfortune but I actually got bitten by this too.
I restarted after a macOS update (remember when they used to update in the background and now every one requires a restart like Windows?) and 1Password needed my master password to unlock in the browser but apparently Messages app took a few seconds to load and when I saw the notification to enter my 1Pass master password I started typing and at that moment Messages took focus and I typed my master password into a message and hit enter to send.
Thankfully it was to my girlfriend, but still wtf.
The worst is when the application activates itself but isn't actually done loading or ready for user input. It's like the spam call I received once that immediately asked me to hold for the next available operator when I picked up the phone.
microsoft teams is the worst for this. It'll be loading for 10s, during which it will actually steal focus _multiple times_! (and then I have to login to my university account in order to logOUT of my university account so that I can login to my work account. What a marvelous piece of engineering.)
Agree, but the flip side of this is that occasionally Windows will prompt for admin access in the background, I won't notice, and a hour later wonder what happened to that app i tried to install.
I'm not a regular Windows users, but I believe Windows has lots of other ways to get people's attention, other than stealing it. Isn't that what the icon tray is for? Or blinking the program in the task bar?
No, when windows pops the admin auth prompt into the background the best and most reliable way to notice is to intuit that such a window should have appeared by now and go looking for it.
To name one use case off the top of my head. I use KeePassXC's autotype feature to fill in passwords all the time. That wouldn't work if it was prevented by the OS from switching focus.
It's like with phone apps. Every single phone app thinks it is the centre of the universe and is "only" sending you a few notifications per day, but if you extend this to every app on your phone you'll get hundreds a day and the only recourse is to disable them entirely.
Teachers: "My students are smart and diligent, 30min of homework per day should be well within their abilities"
Students: have 4 hours of homework per day
The latest app that needs their notifications disabled on my phone is Amazon. Shame really, knowing about packages was useful. But I really don't need spam about "Hey this thing you glanced at is on sale now" every 2 days.
DoorDash is terrible at this too. Notice that when you turn notifications off on these apps then every time you open them to use them, you get popups "please enable notifications to keep up to date on your orders!!" and the options are always "Yes enable notifications!" or "Remind me later" Excuse me, I disabled notifications for a reason, don't make me disable usage of your app completely.
Oh yeah UberEats was one of the first notification permissions to go. Sorry I’d rather check my phone every 2 minutes when awaiting delivery than deal with you on the other 95% of days.
Why not disable all notifications by default? Is there something you actually really want to get interrupted by? I want to know when I get a call or an text, but pretty much everything else can wait until I'm actively engaged with it.
Every new app I installed gets every permission I can disable disabled including notifications and if it continues to function well enough for my needs why let it do anything more? Why even give new apps opportunity to be obnoxious?
> Every single phone app thinks it is the centre of the universe and is "only" sending you a few notifications per day, but if you extend this to every app on your phone you'll get hundreds a day and the only recourse is to disable them entirely.
Is there a general name for this sort of bias? It's not just phone apps and notifications; I notice this center of the universe attitude in developers of all kinds of auxiliary programs. Chat app programmers who think that quip "unused ram is wasted ram", which they learned in the context of the OS caching files in ram, gives their chat app license to use as much ram as the user may have. It ignores all the other programs the user is probably running that are much more important than their chat app. To the chat app developer, the chat app is the center of the universe and the user has no use for any of their ram besides running the chat app.
Why much I jump through countless hoops just to make it so a third party doesn't have the ability to take over the full screen and audio of the device I was actively using?
Ideally an incoming call would only vibrate the device briefly and put an icon in the status bar. That's it.
Instead, I don't remember what I did anymore but it's completely suppressed on my device now. It's actually worked out OK because I don't give my number to anyone new and anyone who does know it also knows by now that I don't pick up and to contact me some other way. Means that ~100% of incoming calls are spam and my device is correctly filtering them all to /dev/null
In my experience this is fairly common for "what's changed" listings for extensions. It's probably mostly to do with how browsers don't provide any good native mechanism for that.
It's a pretty safe bet you can throw any mail that has "IMPORTANT" printed on the envelope in the trash.
Every online store, software vendor and web site wishes they could get my attention for an "IMPORTANT" message at least 100x more often than I wish they did.
Browser extensions already have access to privileged APIs that websites cannot use, however, so providing this ability to extensions !== providing it to medium.com.
The kind of company that would abuse an extension API like this for marketing is just the kind of company I wouldn't trust for extensions, so even spammy marketing messages would still be a useful signal (to uninstall).
I do care - I install tools because they're useful, and if they become more useful from new features, that's useful to know. I've definitely found some good gems to improve my workflow that I don't think I'd have discovered without the changelog.
What I don't particularly care about is "performance optimizations and bug fixes". If that's all you have to say about your latest release, just don't bother telling me. I suspect that's where some of the fatigue from release notes comes from.
I recently received a phone call from Dexcom, since they make a continuous glucose monitor that I wear. The call was to warn me not to upgrade to iOS 16 as their app would immediately crash and I wouldn’t be able to view my blood sugar. I was told a fix was being deployed and I would receive an email when it was safe to upgrade.
Sure enough, a week later I received an email saying it was safe to upgrade to iOS 16, provided I updated the app in the App Store first.
And as frustrated as I was that a company that large with a product so safety critical had waited literally months after the iOS betas before testing iOS16, I was more frustrated when I read the release notes for this incredibly important update:
In most cases yes, but a change in ownership is definitely something I want to know about.
I'd prefer a less intrusive way of notifying me of the change, but in this case the extension in question is one that works passively in the background, and doesn't have a UI that users regularly interact with. I can't really think of a better way to inform people, except maybe via the notification API?
Do you have push-to-talk enabled, or a keybind for toggle-mute? That's a super abusable permission and this isn't to say they aren't abusing it, but there is a reason for it to exist.
Part of that is handling the Discord overlay. So, when you are in a game, and you are in a Discord VC, you can display who is talking. There are keyboard shortcuts that come along with that which you can use if you want.
In order to detect those keyboard short cuts, they need to listen for them.
You are free to not give them permission.
Posting about asking permission under a comment talking about "abusive" behavior is a bit odd.
Opening a new tab telling you about changes in the ownership of a piece of software that has the ability to open tabs autonomously is not abusive. Moreover it is not even a problem with the extension, it is a problem with the opersting system it runs on.
Analogously, i am sure that discord would have preferred to have finer control over the permissions it requests, but Apple's mission is security theater. If apple exposed a set of "application specific out of focus keybinds". The security breach would not be necessary.
As it stands lots of software in the apple ecosystem has identical permissions to discord, but those don't get scary warnings associated to them. This constitutes a (clearly illegal) competitive advantage for Apple and they have no interest in removing this advantage by offering finer permissions controls, even in the case where they do not offer competing software.
What an odd complaint. The annoyance of 1 pop-up is negligible compared to the extreme usefulness of letting me know that the extension was acquired. That is what makes me uninstall the extension.
That sounds like somethign that should happen on new window launch or after a relaunch of app kind of thing. For the browser to just randomly open a tab is very uncool
I can think of lots of nefarious reasons why a company would buy a browser extension, but I’m having a hard time thinking of a a potential good outcome of this. If we put on our optimism hats, why would Avast buy an extension? What benefit could they possibly get from it?
Browser extensions were main data source for their analytics subsidiary Jumpshot [1], which was shutdown for privacy reasons. Before that, when Mozilla and Opera started asking about their extensions, they rather removed them [2].
In this case yes, it sounds like the pessimistic viewpoint may be the right one. However, for a while now HN has been going downhill with armchair analysis that inevitably concludes that any action taken by a business is wrong/harmful/bad, so I am thankful you took the time to be thoughtful before reacting.
whenever it comes to web/data/privacy, default should be to not trust anyone, block all requests, deny deny deny. if and only if a company can prove they can be trusted, then on a compay-by-company/site-by-site basis should they be allowed to do things. that should be a very steep hill to climb.
blanket optimism sounds like a nice lifestyle of the young, but with age comes realization the world only takes advantage and wisdom leads to being more pessimistic. question everything including authority is how i was raised.
It’s too early to make any definitive judgements on the future of this extension. There are many obvious ways that this acquisition could—and let’s be honest, probably will—go badly for the end user. I was hoping that someone could come up with a plausible optimistic outcome.
We will know definitively when the next updates to the extension comes out. Until then we are all just speculating.
Avast has its own browser, maybe they wanted to implement this feature natively in the browser and figured it would just be easier to acquire an already working solution.
There's no utility in trying to steel-man the actions of a known bad actor. Avast is a malware company. Would you try to guess at the optimistic reasons a gangster like Al Capone has for buying all the businesses in your neighborhood?
I have one question: Why THE HELL isn't this a part of all browsers already? Why does it have to be some obscure 3rd party extension? And I don't mean just Chrome, I mean all of them. All browsers should have this option: "I don't care about gdpr cookies". Set a window object window.dontcare and done. Sites can check this and automatically comfirm or don't even show gdpr banners if window.dontcare is set. This cookie bullcrap has been a forced on all of us from the bureaucrat bastards in the EU, and now everyone has to click on what are essentially popup banners of the 2000s every time they visit a new site (or even the same site a bit later!). Fuck that. No, let me say it again: FUCK THAT.
Implementing this into a browser would be the biggest QOL improvement any web browser could possibly do at this point.
Waah the big bad EU forced companies to disclose how they are using my data!
What I would like to see browsers do is grow a feature that tells web servers what uses of my data I consider acceptable, so that I don't have to waste my time every time I visit nearly every site on the entire damn Internet.
But we've been there before - P3P, Do-Not-Track, and now Global Privacy Control. Until regulators force web sites to obey signals from browsers, we're going to be stuck with these bloody popups.
I'd go for a much simpler solution. Make the cookie tracking opt-in, no popups or other barrier allowed. If the added value is supposedly so significant for users then surely those 0.1% of people will open the settings and enable cookies.
The popup is the difference between opt-out and opt-in.
Opt-out means the website loads, creates all the cookies it wants unless you find some hidden option to disable cookies.
Opt-in means the website loads, it does not create cookies, but because the website wants to create cookies it will show a popup asking permission (opt-in), because it is illegal otherwise. The website does not have to create cookies. The creators of the website could simply choose that cookies are not necessary and in that case they are not required to show any consent request. The EU cookie opt-in legislation works as intended.
We are stuck in this adversarial environment unfortunately.
> Waah the big bad EU forced companies to disclose how they are using my data!
The people that should be mocked are the EU bureaucrats that thought this was a good idea and the people that defend it.
It's a idiotic legislation that does NOTHING to protect your data. It's feel-good nonsense that EU can occasionally use as a club to extort business corporations that they want something from.
The only thing that it accomplished is to create a false sense of security in the public.
These companies are not trustworthy and neither is the EU government.
The correct solution to this problem is at the browser level and at the human level. Don't disclose information to the internet you don't want to show up on the internet.
> It's a idiotic legislation that does NOTHING to protect your data. It's feel-good nonsense that EU can occasionally use as a club to extort business corporations that they want something from.
Absolute nonsense. Tracking has to be disclosed, and is only permitted after obtaining informed consent from users. Without the law I'd have no idea what thousands of companies are doing with my data, without my consent.
Big bad from the EU from forbidding your solution. Website have to receive informed and specific consent.
This means that before getting your consent, each website has to show you the text. And they cannot get your consent from a setting that does not correspond to them, specifically.
So if you tell your browser: « I accept that website track me on what I do on them, but do not allow marketing related stuff », website are not allowed to recognise that level of consent, skip the banner and act accordingly.
In that case websites will absolutely show you a banner and/or intentionally make their services more difficult to use.
Any website showing a cookie banner already prioritizes their ad revenue over your convenience of not seeing a banner. So why would they implement any extra work to spare you that banner, if you're one of those customers that won't drive ad revenue?
How can you tell "absolutely not" without going through the 37 pages of their policy, to make sure you understand exactly what you say "no" to ? Maybe there is something different about this specific website that might make you say "I usually say no, but this time, I'll say yes".
So, please read those pages - on every website - then systematically click on "Reject all". That's what the law asks you to do, and it is indeed absolutely nuts.
Any website that's asking for your permission upfront is not getting informed and specific consent; it's getting general consent.
A decently-designed website would just tell you it's about to set a cookie with a “more info” link. If you choose to go ahead, that's informed specific consent.
Besides, under the GDPR companies can collect and store personal data without needing consent if it's for one of the listed permitted purposes. They only need consent at all if they have no good reason to collect the data — consent is really supposed to be the excuse of last resort.
> What I would like to see browsers do is grow a feature that tells web servers what uses of my data I consider acceptable, so that I don't have to waste my time every time I visit nearly every site on the entire damn Internet.
cookies are local storage. cookie prompts are you telling the server how you'd like it to instruct your client to behave. it's so weirdly roundabout: if EU wanted this regulated why didn't they just tell browser vendors that they need to implement cookie control as a 1st-party feature?
AIUI the law doesn't focus on cookies alone but on tracking. Tracking must be disclosed and the user must be able to opt-out. This includes server-side tracking such as log analysis.
If I recall correctly, Vivaldi has this feature built-in, though as part of the ad-blocking feature (the "Cookie" list is classified as "Ads", not "Trackers"). Vivaldi's list defaults to IDCAC and EasyList Cookie, though, so we'll have to see whether Vivaldi will continue to use IDCAC list or switch to other solution.
I fully agree with you BUT you proposal is actually not allowed by the GDPR law. The legislation forbids website to trust a global setting when choosing how to handle cookies.
In other words: browsers are perfectly allowed and capable of implementing the setting, but websites are forbidden to use it.
Yep, it’s that crazy. The legislator really likes blocking banners.
This is why I want a browser with an extension repository that is managed in the same way linux distros like debian manage their repositories. It should only allow open source extensions in the repository, packaged by employees or volunteers known to the organization. If the upstream gets sold to a malware company like Avast, that package is forked or simply removed from the repositories if a trusted maintainer for a fork cannot be found.
I mean, take a look at how many projects recommend curl | sh as the official way of installing their software and how many "alternative" package managers there are, where devs can just push updates directly.
The desire of developers to get around distro maintainers and grab full control of update distribution is strong...
I don't care about that. I am not asking for a browser or a linux distro that forbids the installation of extensions not in the repository. I want a browser that has a repository I can trust, as already exist for linux distros.
I cannot trust either Mozilla or Google's extension repositories, they are 'managed' in a substandard manner relative to Debian or android's F-Droid. Both of these extension repositories are managed so poorly it seems farcical to say they're managed at all.
In the current case, the extension used to be perfectly trustworthy, then it got sold with the full permission of the author.
I'd like such a repository too, but the "extensions going bad" dynamic usually happens with the full cooperation of the extension's developer, so I could imagine many extension developers would be actively opposed to such a repo. Therefore, the browser would have to possibly act against the wishes of the developers here and e.g. keep an earlier version of an extension available even if the developer would like to remove it.
The problem is when the extension owner is the same as the extension packager, and the repo doesn't enforce any meaningful review or standards before allowing an updated extension to be pushed to their repo.
If this extension were a program packaged by Debian or F-Droid, this wouldn't happen. The upstream can sell out and start publishing malicious updates but they can't push those updates to Debian or F-Droid, because they don't have the necessary permissions to do so. They would need to buy out or trick the Debian or F-Droid package maintainers, which I generally trust to not happen (and I haven't been burned by this trust before.)
This scheme works fine for the majority of software I give a shit about. Some developers don't like this scheme and that's fine, for the most part I simply choose to not use their software. I don't want this scheme forced on either users or developers, it's entirely voluntary on both ends. It could exist for browsers just as it does for linux and android, but as far as I know it presently doesn't.
nixos with home-manager does some of this. my browser config points to a few repos which package an assortment of browser plugins and my `~/.mozilla` folder gets populated statically/read-only from the subset of plugins i choose from this list.
there's loads of UX improvements to be made. i update the plugins with `nix flake update` and `nixos-rebuild switch` and that process tells me which repos have new commits, but getting to a changelog for the relevant plugins is manual enough that i skip it. but it very much seems like a good direction to me.
I am not well versed in open source licensing but I believe the GPL3 gives me permission to do this. Please could someone more knowledgeable confirm this for me.
I am not a web developer, I'm hosting the code in the hope that someone else will take it and fork it. It's one of my favourite extensions and a day 1 install on any new machine, along with UBO
No, you only have the license, not the copyright. So you are permitted to redistribute the code as stipulated by the license, but you are not allowed to, for example, relicense existing code to something else like BSD (except for modifications that you made afterwards).
THIS. Which is why we don't recommend extensions on privacyguides.org besides uBO (uBlock Origin). If that ever gets bought, you'll hear about it everywhere and there will most likely be a fork.
> The uBlock project official repository was transferred to Chris Aljoudi by original developer Raymond Hill in April 2015, due to frustration of dealing with requests. However, Hill immediately self-forked it and continued the effort there. This version was later renamed uBlock Origin and it has been completely divorced from Aljoudi's uBlock. Aljoudi created ublock.org to host and promote uBlock and to request donations. In response, uBlock's founder Raymond Hill stated that "the donations sought by ublock.org are not benefiting any of those who contributed most to create uBlock Origin.” The development of uBlock stopped in August 2015 and it has been sporadically updated since January 2017. In July 2018, ublock.org was acquired by AdBlock, and since February 2019, uBlock began allowing "Acceptable Ads", a program run by Adblock Plus that allows some ads which are deemed "acceptable", and for which the larger publishers pay a fee. uBlock Origin remains independent and does not allow ads for payment.
"IDCAC" doesnt have much to do with privacy, its about convenience. uBO filters dont help you there, as they cant click buttons for you on all the different cookie forms.
If there’s no buttons to worry about clicking (because uBO removed them), what does it matter? GDPR requires you to actively consent, so if you ignore the cookie banner (or block it) advertisers can’t track you.
However it was revealed not long ago that a lot of the third party cookie consent forms used by the majority of sites don't actually have any effect when you interact with them... i.e they tracked everything whether you consented to it or not, I think it was a combination of negligence (incomplete software) and betting on the fact that the vast majority of people just hit accept due to dark patterns that make it extremely inconvenient to do otherwise.
I think using uBlock etc is more likely to result in preventing tracking through blocking known urls and code etc compared to hiding consent forms... I know it's far from infallible but currently most trackers don't bother going to extremes if you block them.
I have (had, soon) this add-on and I very much care a out privacy. Blocking all cookies from non-whitelisted sites is more or less impossible with all the consent pop ups. Ant many of those pop ups make it really hard to reject cookies.
So I went for a solution that makes browsing less annoying, whithout storing many cookies:
- Have this add on accept all cookies
- Block third party cookies
- Delete cookies from websites as soon as I close a tab
I (and you) don't know if many users of this add on do something similar, but it is what's recommended on the website
> Please educate yourself about cookie related privacy issues and ways to protect yourself and your data. For example, you can block 3rd party cookies, install ad blocking extensions and then block tracking tools, delete browsing data regularly, enable Tracking Protection in your browser etc.
You got lied to. The popups are rarely about cookies, and mainly about tracking. The GDPR barely even mentions cookies for a reason. With this addon, you say "Hey, use whatever method you’d like to track me in whatever way you want". But then you delete the browser cookies. I mean, that’s nice, but that doesn’t remove your tracking consent freely given.
I know that that's what GDPR is supposed to be about, but it's not what the fast majority of the pop-ups are about. Most pop-ups I've encountered are explicitly about cookies, not about any other kind of tracking.
And besides that, I think it's really naive to assume you've got any influence on tracking that sites do on their site. With cookies I know I can choose to save them on my machine or not. If a website uses the fingerprint of my computer to identify me, they'll almost certainly keep doing that after I've rejected their cookies.
You can already see it with Google Ads. Some ads don’t get delivered if you don’t allow "create a profile on me". Now, if you think companies will ignore even explicit laws every time instead of finding loopholes, then yes, it’s useless. But at least for some part of it, it’s easily provable that they don’t.
Consent-o-matic is the extension that people use that do care about tracking (or believe that most companies will mostly follow the law, I guess).
Yeah, Consent-o-matic is what I've started to use after today's news. Didn't know it existed until a couple of hours ago. I'm just not convinced it'll be a huge improvement over using (pre Avast) I don't care about cookies. And I still think that saying "This was an extension for people who don’t care about privacy" is a pretty big overgeneralization.
I decompiled the extension a while back and it is a series of custom JS code for each website or CMP provider with matching rules.
Only checked the bundled version but the code seemed very custom and labor intensive to keep up with website changes. Best of luck to future forks and maintainers.
I didn't spend too much time on it, because a filter based approach seemed more maintainable.
1. Can we somehow get Mozilla/Firefox ban/de-list the extension from the extension store so Avast doesn't get the user-base this extension has/had?
2. We should be able to get the author to publish the source code of the latest version licensed under GPLv3, any way to do this, except asking on Twitter/LinkedIn?
I think Firefox extensions are just archives. So with that license it should be allowed to simply download the extension, unpack it and throw it on Github.
That only applies to redistributors, not to the original author. The way the GPL works, is that the author absconds some of the copyright they hold by default, in exchange for people taking advantage of that committing to publishing even modified source code whenever they redistribute it.
Abscond means to hide or steal away. I think you mean abdicate? That would make more sense in this context. It's still not quite right though, the author of a GPL work fully retains the copyright of their work, and merely give a license to others.
Oh sorry yes, I'm not a native speaker, thanks. And yes, they commit to not exercising some of the rights they have been granted as part of the copyright they do indeed still hold.
They also let you block rather tham accept all cookies. Wild to me that the accept all cookies extension has been the winning one, but they have a cute name. You should care though, caring is cool & good, & you should care about privacy online & reducing the vast capitalist-survelliance machinery. It's easy, just use a non apathetic extension instead of one whose whole premise has been apathy.
(I hear uBlock Origin has an anti-annoyance filter or filters that does something to deal with cookie banners but unsure what.)
Feels almost like the end of that part of the internet to me. ;) Or like with electricity or even drinking water, where you no longer realize how essential something is, until it fails. CoM, or what a this point appears most recommended, unfortunately doesn't do the trick for me, though I appreciate all efforts of course. Doesn't even work on BBC or Guardian, let alone on German sites that's where I'm based. Even when and where it does something, seems you still get to see everyting that's going on, there's a silly animation and it takes ages. Ages. Don't get me wrong but this is a step backward unless you're fantastically slow, and/or mouse-bound. I have the impression it's rendered all the more useless since I'm "private" mode only user (Firefox) and used to close windows often. Obviously still a better choice than IDCAC now. Anything is. But no way out for me. Until there is, I might as well go text browser only, for news, wikipedia and passive reading of stuff like HN.
This extention clicks on accept on every cookie notice you encountered. I don't think you can just block all those notices and expect sites to keep working.
I've never looked into that, but how many CMPs are there, really? It feels like it's a pretty small market and very few people are rolling their own solution, so it shouldn't be too hard to shim them, I naively believe.
Not having to wait for Cookiebot's slow servers to get their act together would be quite refreshing.
Is there a version of this product that tells the site to block all cookies automatically? It seems this just answers whatever is easiest to keep the site running.
I like how everyone is quick in stating the GPLv3 license and asking somebody to maintain it. I know I can't do that either but looking at everybody pointing fingers is funny.
If you have uBlock Origin, go to settings, filter lists, scroll to bottom, custom, import, paste this URL. Enable AdGuard annoyances while you're at it. It's not perfect, but this replicates the "don't show me cookie dialogs" feature pretty well.
?
As a Brave user, what are you actually asking for?
My Brave opened a window that told me about the purchase. So I read the comments, immediately uninstalled IDCAC and installed a different cookie monitor (meh!), but what do you want Brave to do?
I think if you can articulate that, there will be some good responses and suggestions for alternatives.
Judging by the size of the user base the author was paid at least 100k USD, all for an open source project that is free to fork. Avast has acquired you, the user, and the original maintainer continuing to work on the project is just a ruse, the new owners prefer to do it this way to reduce user loss until the business end of a future extension update is pushed out to your devices.