Internet's biggest annoyance: Cookie laws should target browsers, not websites

Original Article ↗ Hacker News Discussion ↗

Purpose of Cookie Laws vs. What Happened

  • Many argue cookie laws and GDPR were meant to give users control over personal data and make tracking visible, not to create popups.
  • Commenters say the banners are “malicious compliance”: ad-tech and large sites deliberately make consent flows annoying to push users into “Accept all”.
  • Several note that GDPR/ePrivacy already allow functional/essential cookies without banners; if you don’t track, you don’t need a popup.

Law, Enforcement, and Responsibility

  • Strong view that the laws themselves are mostly fine; the core problem is weak or delayed enforcement by national data protection authorities.
  • Others counter that any law that predictably enables widespread dark patterns is “badly written” and needs revision.
  • Some point out EU courts are slowly cracking down (e.g. requiring equally prominent “Reject all”), improving banners over time.

Browser‑Level Signals and Their Limits

  • Prior browser-based approaches (Do Not Track, P3P) existed and largely failed because sites ignored them; they had no real enforcement.
  • Global Privacy Control (GPC) is seen as a better successor, with some legal backing in US states and partial recognition in the EU, but browser support and adoption are patchy.
  • Many support legally mandating respect for DNT/GPC and letting browsers apply user-wide preferences, eliminating most banners.

Technical and Conceptual Constraints

  • Several argue browsers cannot reliably infer which cookies or scripts are “essential” vs tracking; only site operators know their purposes.
  • Others say browser-level controls could still work if sites were legally required to declare purposes in a standard way, with penalties for mislabeling.
  • Multiple comments stress that the issue is not “cookies” but tracking via any mechanism (cookies, local storage, fingerprinting, IP, pixels, etc.), all of which are under GDPR.

Ban or Restrict Tracking and Data Sharing?

  • A sizable camp wants broad bans on third‑party tracking and data brokerage, or at least very tight limits; some liken current practices to “digital stalking”.
  • Terms like “sharing with partners” are seen as deceptive; there are calls to force plain language like “selling your data” and explicitly warn of spam/fraud risks.
  • Others note GDPR in theory already bans most secondary use/sale without a lawful basis, but say this is poorly enforced in practice.

Economics: Ads, Tracking, and Who Pays

  • One side claims that without targeted ads, many ad‑supported sites would die; users overwhelmingly refuse to pay directly.
  • Opponents reply that ads don’t require cross‑site tracking (contextual ads worked before surveillance ad-tech), and that “people won’t pay” is overstated and partly a UX/pricing problem.
  • There’s discussion of micropayments, per‑article billing, and subscription fatigue; no clear consensus on a viable alternative model.

User Strategies and Attitudes

  • Many users say they always click “Reject all” or simply leave sites with aggressive banners; others install adblockers and tools like uBlock Origin, Consent-O-Matic, or cookie-banner blocklists.
  • Some maintain highly hardened setups (privacy browsers, VMs, VPNs) and treat banners as noise; others explicitly accept tracking for more “relevant” ads.
  • Several emphasize that cookie banners at least expose which sites are hostile to privacy, even if they’re annoying.