The irony that I have to click through one of the ultra-shitty agree/learn more cookie popups just to read this article. Maybe if GHacks didn't comply with the legislation in such a user hostile manner, browser developers wouldn't have to waste time on such features.
Most of the big German news sites require you to either accept ads, or pay for a subscription.
It is sadly perfectly legal afaik. Nobody is entitled to your content without agreeing to some terms. Luckily, archive.is works very well. Wish there were more alternatives.
Would be totally fine if they weren't indexed, linked and summarized in a way that makes them indistinguishable from open web pages, until you click on them.
Certainly at this point anybody serious about wanting to give Google special access through their paywall would allow based on the published IP blocks [1] and not an easily spoofed UA header
GDPR does not allow forcing you to get a consent by preventing you from using the service:
"Consent is presumed not to be freely given if it does not allow separate consent to be given to different personal data processing operations despite it being appropriate in the individual case, or if the performance of a contract, including the provision of a service, is dependent on the consent despite such consent not being necessary for such performance."
Since GDPR clearly does not consider ad-tracking cookies as "necessary for the performance of service", this should be against the spirit of the law. I guess it's up for the BfDI and relevant state-level commissioners to prosecute this and I don't know what is their stance, but this type of behavior does not seem compliant.
Of course, there are many other types of non-compliant behavior. Most cookie banners out there make rejecting cookies harder than accepting, and there are many cookie walls that block you from accessing the site at all until you dismiss them. These are clearly non-compliant, but prevalent. Even oversized or disruptive banners that goad you to click "I Agree" in order to dismiss them, cannot be considered as "freely-given consent".
They aren't preventing you from using the service. You can consent to the cookies, or also choose to pay.
Which of course requires an account, which requires a cookie, which is then tied to your payment details, and therefore far less private than ads, but that's GDPR for you. A nonsensical law in which nobody involved thought anything through.
No, it cannot, that’s explicitly not what legitimate interest is about. If that’s the way it’s playing out in Germany then that’s sad, but that’s a problem with the national regulator. Other regulators are dropping the ball on enforcement so it doesn’t surprise me, but that is expressly not legitimate interest.
Legitimate interest is things like a legal requirement to maintain PII because of the services offered.
In Italy the privacy authority is looking into it as well [0], but they also said that at first look the "cookie wall" is "in principle" not incompatible with the GDPR.
Interestingly, browsing to your example link with uBlock Origin blocking all javascript by default I get a page that looks like indexes to articles. Clicking on one gives me what appears to be the full article. As I can not read German, I pasted part of the text into google translate, and yes, it does appear to be the full article text.
So for at least that site, it appears that all of the 'protection' is provided by javascript, and if one does not allow the javascript to execute, one receives the article content. There also does not look to be much in the way of ads with the javascript blocked as well.
They should make Ultra have a limited time countdown, to stress people into FOMOclicking.
But of course, for maximum trap potential, we need to find a wording such that Premium is the option without, while Ultra tracking and Basic tracking should both do roughly the same amount of tracking (modulo not really relevant details). With a sufficiently discouraging wall of text, a bad UX, and a limited time option, no one would spend the time to figure out they need to click the middle option.
(This tweet brought to you by our sponsor, Moloch.)
Not OP. I've been using NoScript until today, works as expected of course, but the hassle to have to enable specific scripts to make a useful website work outweighs its usefulness for me.
There's "NoJS", a extension where you can enable all JS through a switch, but it doesn't handle iframes very well at the moment.
> but the hassle to have to enable specific scripts to make a useful website work
You only have to do this once per website, so (unless you've already uninstalled it) you've already done the hard work time investment for the sites you visit most often.
And there is even worse : sometimes the “partner” list does not have a reject all AND each partner requires a two click steps - waiting for an animation in between.
> I agree, sites shouldn't be doing the things that require showing one
Like what, showing ads? Collecting payment from the user in leiu of ads? I wonder what website you're imagining that doesn't do something that requires a cookie consent popup. GeoCities, maybe?
It's perfectly possible to show ads without collecting data about your users; printed publications have done it for ages. Currently the big players are very heavily pushing for a model with ridiculous levels of user tracking (to the point that many people believe ads and user tracking are inseparably connected), but that doesn't mean it's the only possible model.
Print publications give their advertisers detailed demographic data collected via surveys and other techniques. The idea they don't collect data about their readers is wrong.
So sites need to have their own in-house advertising platform, I guess, because all of the major advertising platforms assume that they'll be able to keep track of how many unique ad views they're getting.
This is the same Europe that's trying to implement blanket surveillance of all chat communication. Just, you know, by the way. To illustrate how much they actually care about your privacy.
Any popup or obstruction is cancer, cookie consent or otherwise.
We need the same approach as for ad blocking. Just remove the crap from the DOM tree. Block the tracker cookies, based on curated blacklists or heuristics, or both.
We need to take back control of our devices, not leave it to every single website to hopefully obey some law.
Cookies are by far not the only option for tracking.
Banners yes, should be blocked from dom if you care, because by gdpr law, no respons means refusing
There's a major difference between a two button UI with a clear "I refuse cookies" screen, and a screen where you first need to click "Learn More", then manually toggle 5 toggles about what you don't want to allow, then click the greyed out "View our partners" button, then block all of those. The second one is definitely extremely user hostile.
