Thanks! I hate it!
posted by pompomtom at 6:56 AM on March 19, 2021 [15 favorites]

I sort-of love the GDPR, even though it makes my work more difficult, but I wonder if there couldn't be a (legislated) mechanism for "Accept only GDPR-approved cookies", where such cookies simply enabled a user to be pre-logged-in where they have already consented to this, and not immediately find a way to enhance your facebook shadow-profile.

So, I suppose in summary: those fucking awful cookie-confusopolies might be fixed by more GDPR, rather than less.
posted by pompomtom at 7:03 AM on March 19, 2021 [4 favorites]

If only there was a way to legislate away bad-faith UI design.
posted by ardgedee at 7:05 AM on March 19, 2021 [12 favorites]

I think it would be fun to make a browser game in HTML about UI dark patterns. Like a dystopian "escape this online shopping cart" or something. Does anyone know of other browser games that are about website UIs?
posted by little onion at 7:08 AM on March 19, 2021 [3 favorites]

If only there was a way to legislate away bad-faith UI design.

I think you legislate quite generally and trust the magistrates, like fraud or assault or whatever, but I'm not a law-talker.

I'm not actually in Europe, but we have a GDPR consent flag on everyone, except I thought the point was the right to be deleted. I'm sure if someone contacted us we'd (OK, "I'd") delete them - I think the right to be forgotten is very important. So surely any time that flag is TRUE is a fail, so why have the bloody flag?

Basically I dunno. My boss dunno^dunno.
posted by pompomtom at 7:14 AM on March 19, 2021

57 seconds was my first go. Infuriating.
posted by FirstMateKate at 7:17 AM on March 19, 2021

I wonder if someone could create an adblock-like browser extension that automates these legal rejections?
posted by alexei at 7:23 AM on March 19, 2021

I couldn't finish it, even with hints. This is why I use AdBlockers & JS blockers and Privacy Badger and yadda yadda
posted by chavenet at 7:26 AM on March 19, 2021

No way. There are too many variants (including the weird ones which aren't trying to deceive).
posted by pompomtom at 7:27 AM on March 19, 2021

"Since GDPR came into our lives, we've all had to struggle with obtaining our basic privacy rights."

Well, no. We've all had the opportunity to struggle to obtain our basic privacy rights. You can still lie back and take it. It's just that, before, struggling wasn't even an option.

Excuse me, though; I've got a messenger to shoot.
posted by howfar at 7:28 AM on March 19, 2021 [17 favorites]

too many variants

I feel like that's true of ads too. Even if such an extension had to be manually trained for each site, just doing a few thousand of the most popular sites (especially since they ask multiple times!) would be invaluable.

Maybe even an opportunity to use machine learning for good.
posted by alexei at 7:31 AM on March 19, 2021 [1 favorite]

It's just that, before, struggling wasn't even an option.

A comment on this very board recently conflated the GDPR with the DMCA and I'm still howling.
posted by pompomtom at 7:31 AM on March 19, 2021 [1 favorite]

I feel like that's true of ads too

Ads are normally served from known servers and/or networks, and ad-blockers use disallow lists based on that. Disingenuous 'option' popups can't be filtered so easily.

(Please: someone better at this than me tell me I'm wrong about this)
posted by pompomtom at 7:37 AM on March 19, 2021

Hush might be of interest to some people in this thread. Considering the difficulty of the problem, it works surprisingly well on the Safaris of recent Macs and iOS devices.
posted by jklaiho at 7:51 AM on March 19, 2021 [3 favorites]

But it can't be saying "yes" to the "opt me out" options, and saying "no" to the "don't opt me out" options, can it?

(not even counting the "do not unopt me out of not opting me in to the opt-out option" options...)
posted by pompomtom at 7:54 AM on March 19, 2021

At least save the goddamn cookie that says what my cookie preferences are so you don’t have to bother me again
posted by Huffy Puffy at 7:58 AM on March 19, 2021 [3 favorites]

I usually just accept all cookies because they're deleted anyway when I close the browser. Problem easily solved.
posted by farlukar at 8:05 AM on March 19, 2021

Hush is neat but it breaks a few websites for me – sometimes they'll just refuse to render fully, so I have to reload the page without content blockers and provide consent (or not), thus negating the usefulness.
posted by adrianhon at 8:28 AM on March 19, 2021

There's a firefox browser extension called ffck Overlays (apparently based on a similar Chrome extension) that lets you dismiss basically any element on a page. More to the point (because there are a lot of other ways to get rid of random elements), this gives you a right-click menu item labeled "Fuck it", which you use to zap annoying crap. I'm not under any impression that zapping cookie notices is in any way helpful wrt privacy (I use other things for that), but being able to just click "Fuck it" has been a weird source of satisfaction and validation this year.
posted by trig at 8:38 AM on March 19, 2021 [5 favorites]

^ hey, I'll take it
posted by elkevelvet at 8:56 AM on March 19, 2021

I wonder if someone could create an adblock-like browser extension that automates these legal rejections?
There is one called "I don't care about cookies", but that just accepts everything, which is the opposite of what you want, I suspect it was created by someone in the ad-tracking industry.
posted by Lanark at 9:08 AM on March 19, 2021

being able to just click "Fuck it" has been a weird source of satisfaction and validation

I've often felt that most of the web could be improved with a "fuck off" button.

As it stands, the very nature of the medium means that contracts are dictated at us. There is no way to respond except in the manner provided. We have every reason to object to this crap, but have no meaningful channel for doing so. So the people voluntolding us are bold in their assertions, and we who are subjected to it are resigned to that fate.

I don't know what the solution is. An actual "fuck off" button would work, but they'd never agree to it. I'd love to do a "by serving ads to me you agree to the following terms and conditions" but as far as I can tell there's no way to do that without getting laughed out of court.
posted by swr at 9:37 AM on March 19, 2021

If only there was a way to legislate away bad-faith UI design.

A lot of these are actually not GDPR-compliant, as the GDPR does actually try to do just that! It requires affirmative opt-in, which means no preselected check boxes or other default-to-allow settings, and it requires opting out to be as easy as opting in. Very few cookie pop-up actually comply to these standards, and it would be fantastic if it were actually enforced.
posted by Dysk at 10:04 AM on March 19, 2021 [8 favorites]

Kill Sticky is also useful. I have it as a javascript bookmarklet for Safari, but there are Chrome and FIrefox extensions.
posted by emelenjr at 10:42 AM on March 19, 2021

Christ on a rubber crutch. It's a fun fun game of parsing out multiply-compounded negatives. "Do you not NOT want to not (not) accept cookies?"

Plus there are a few "Click here to throw away all the preferences you already set, just in case" buttons.

Personal best: 01:42.84
posted by caution live frogs at 12:34 PM on March 19, 2021 [1 favorite]

it would be fantastic if it were actually enforced

That requires consumers to make a complaint, in most EU countries, this will be the organisation responsible for Data Protection or regulation of the telecommunications industry.
posted by Lanark at 2:09 PM on March 19, 2021 [1 favorite]

> farlukar:
"I usually just accept all cookies because they're deleted anyway when I close the browser. Problem easily solved."

you close your browser?
posted by ArgentCorvid at 2:14 PM on March 19, 2021 [3 favorites]

Here is a list of fines levied against companies for breaking GDPR regulations.

GDPR is often poorly understood, it's more than a cookie law. It's about protecting citizens from unwanted tracking behavior, data storage, etc.
posted by romanb at 3:18 PM on March 19, 2021 [2 favorites]

Does anyone know of other browser games that are about website UIs?

Have you seen User Inyerface?
posted by cheshyre at 4:25 PM on March 19, 2021 [2 favorites]

GDPR is often poorly understood

Tell me about it. And often deliberately. The number of local authorities and other public sector organisations who used it as an excuse to introduce excessive, intrusive and obstructive ID and formality requirements for accessing personal data, in direct contravention of Art 12, is utterly infuriating.

The lack of enforcement of the GDPR is not a result of failures of reporting, but rather gross underfunding of the responsible regulators. The UK's ICO is the best funded (although that doesn't necessarily mean best, particularly given the UK's appallingly low levels of labour productivity) and my experience of raising complaints is that it just ignores everything except direct confidentiality breaches.
posted by howfar at 1:55 AM on March 20, 2021 [1 favorite]

> you close your browser?

I know it's a novel concept, but yes. I even turn off my computer every now and then.
posted by farlukar at 10:22 AM on March 20, 2021

Aaaaaaaaaaaaaaaaaaaaaa!!!!!
posted by hannahelastic at 11:40 AM on March 20, 2021

Personal best: 28.06. Fun fun parsing game indeed.
posted by inexorably_forward at 9:13 PM on March 20, 2021

I usually just accept all cookies because they're deleted anyway when I close the browser. Problem easily solved.

I assume you are referring to some sort of 'private browsing mode' where all the cookies are dumped when the session ends (however it's ended).

Am no expert but...if the 'set of cookies' sent to your browser by a given site (or set of federated sites) are unique enough to identify 'you, running this particular browser from this particular machine' later *and* this set of cookies is 'remembered' by whomever issued them *and* the exact same set of cookies gets re-generated on a subsequent visit *and* can be quickly compared with the previously 'remembered' set, well, then it should be possible to track you (for some value of 'you').

Someone please tell me I'm wrong. ;->
posted by Insert Clever Name Here at 12:11 PM on March 21, 2021

Mostly right, browser fingerprinting is a thing. But when blocking almost all third-party content, I can only be uniquely identified by the sites I visit; apart from trickery with tracking pixels and such, I'm not too likely to be tracked all over the interwebs.
But I might be wrong, I'm no web guru either…
posted by farlukar at 1:59 PM on March 23, 2021