Consent-O-Matic – automatically fills ubiquitous pop-ups with your preferences

Original Article ↗ Hacker News Discussion ↗

Extension Reception & Behavior

  • Many users report using Consent-O-Matic happily for years; it noticeably reduces cookie pop‑up friction.
  • Some see it failing on a growing fraction of sites or only working on ~30–40% of pages.
  • It can auto-reject non-essential tracking while allowing necessary/functional cookies, and can also be configured to “accept everything” for those who prefer.
  • On Safari (including mobile), support is valued because uBlock Origin isn’t fully supported there, but reliability is mixed.

Alternatives and Browser Features

  • uBlock Origin with “annoyances” / cookie lists, Brave’s built‑in blocking, and “I (still) don’t care about cookies” are common alternatives.
  • Key difference: many blockers just hide banners, sometimes implicitly “accepting” the easiest path, while Consent-O-Matic explicitly tries to reject tracking options.
  • Firefox has experimental cookie-banner handling; some mention Ghostery, superagent, and built‑in reader modes as partial solutions.

Security & Extension Trust

  • Concern that such extensions have near “root” access to browsing data; fear of malicious updates or buyouts.
  • Calls for better extension permission models (e.g., no arbitrary outbound requests, separate DOM read/write access).

Legal/Regulatory Context (GDPR, ePrivacy, DNT, GPC)

  • Repeated claims: under GDPR/ePrivacy, tracking is opt‑in; many current banners violate the law (dark patterns, no equal “reject all”).
  • Debates over which cookies truly require consent: essential vs functional vs third‑party services.
  • History of failed/ignored standards: P3P, Do Not Track.
  • GPC (Global Privacy Control) and California CPRA noted as a more enforceable successor.
  • Some argue the problem is poor enforcement, not the law itself; others see the whole regime as performative and burdensome.

UX, Dark Patterns, and Attention Overload

  • Cookie pop‑ups are framed as part of a broader onslaught: CAPTCHAs, paywalls, geo‑blocks, login walls, notifications.
  • Several describe this as an “attack on agency” or psychological denial‑of‑service, especially for people with ADHD.

Technical Proposals & Future Directions

  • Ideas: standardized browser‑controlled consent dialogs; cookie “purpose” fields; browser‑level global consent settings backed by law.
  • More radical proposals:
    • “Secure/Securer DOM” with script/DOM chain‑of‑custody and taint tracking.
    • Strict DOM read/write separation for extensions.
    • Browsers evolving into true “user agents” with automation/AI to navigate pages, kill pop‑ups, and extract only desired content.

Impact of Rejecting Cookies

  • Most report minimal breakage when rejecting all non‑essential cookies: maybe more logins, lost carts, or broken embeds, but sites generally still work.