Hacker News new | past | comments | ask | show | jobs | submit login

One warning: the site claims you don't need a "cookie popup" since it doesn't use cookies. That's false. The ePrivacy directive states that reading or writing any data from the user device other than for the purpose of serving the site needs permission.

This thing uses the user agent string and IP to identify users, so you need a permission popup. It's great that they put much effort into not storing those things, using hashes etc, but that does not remove the requirement for permission under the ePrivacy directive.




At this point, why doesn't the browser implement the cookie popup so every site doesn't have to re-invent it? Just don't allow access to cookies programmatically until the user has allowed it via the browser's built-in popup.

This already happens for things like notifications and location access, is this something being worked on for the future?


Spot on. The author acknowledges that cookies are actually more privacy friendly, but then concludes with “it is what it is”. Kind of disappointing.

This is my major gripe with all the privacy friendly analytics (disclaimer: I authored two, namely Fathom when it was still open-source and Koko Analytics) tools that submerged over the past few years. Elaborate work went into bypassing cookies, only to make things worse from a privacy perspective in the end.


I don't know how bypassing cookies does literally anything, at least not since the GDPR came into effect (let alone ePrivacy). It doesn't matter if the data is collected via cookie, header, HTTP request or carrier pigeon. If you're processing, storing or transferring PII for non-functional (read: immediately necessary to provide the service the user specifically requested) purposes, you need revokable consent via opt-in and you need to be able to provide information to the user about what data you collected and what you did with it.

Now that the GDPR and ePrivacy are in effect, PII is radioactive. You need containment, handling and disposal procedures, you need to allow users to inspect it at any time and if you accidentally expose anyone to it that's a major emergency incident.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: