Hacker News new | past | comments | ask | show | jobs | submit login

I still smile sometimes at the pop-ups. I mean, you can try and store a cookie. I'm still gonna automatically delete it in a few minutes.

This never needed a legal solution in this form. Browsers should just not accept cookies, unless the user explicitly wants something stored on their device. That might have been better to legislate. Software on a user's device should not store or enable tracking by remote services, without disclaimer.




With a purely client-side solution how do you stop a company using the same identifying token for basic session management and invasive tracking/data gathering?


Tracking a single session doesn't really worry me and I seriously doubt any law will stop it. What we want to do is prevent them correlating two sessions. With FF in full defensive mode. No canvas, restricted JS, deleted cookies I can at least make it hard for them.


Exactly. Cookie autodelete (remove cookies when all tabs from a domain are closed) + I don't care about cookies (remove the popups).


But.. what if it asks to allow tracking based on your internet provider? Then the provider delivers who you are automatically instead of anything you control.


Rejection is required to ensure that for functionally required cookies (e.g. session cookies when logged in) you refuse permission to use them for any other purpose, and that you refuse permission to use any of the many non-cookie tracking methods.


Tracking probably won't go away if you remove client side cookies - it will just move server side (think a new server-side google analytics) and to more aggressive client fingerprinting.

Is that the best outcome?


I mean, I am pretty sure (have seen first hand) that this already happens regardless of whether client cookies are enabled. There's so many other (good?) ways to track users beyond just a cookie.


AFAIK it’s not actually about cookies but a website tracking you by any technical means. Could be your IP or user agent as well


That would also be terrible to legislate. Browsers for privacy conscious people should offer it as an option, it's a non-issue for everyone else.

If the government wants to get involved they can make public service announcements and try to convince people to care.


As far as I know the law only applies to tracking cookies, I’m not sure if the browser can distinguish those from normal ones so it has be done via the law. Asking for consent for any kind of cookie whatsoever would be a bit much


Browsers explicitly asked permission to allow a cookie back in the 1990s. I'd guess around 1996-7 that changed to automatically accepting them.


> Browsers should just not accept cookies

Most (all?) browsers I've ever seen have a setting that makes them reject all cookies.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: