Click. Ugh. Another one.
You know the drill. You land on a new website, eager to read an article or check a product price, and before the page even finishes loading, it appears: the dreaded cookie banner. A pop-up, a slide-in, a full-screen overlay demanding you “Accept All,” “Manage Preferences,” or navigate a labyrinth of toggles designed by a corporate lawyer.
Most people do the same thing: they sigh, their eyes glaze over, and they click “Accept All” with the muscle memory of a weary soldier.
Who the fuck would do this when there’s a “Reject All” button right there. Like, if a contract allows you to opt out of something you should pretty much always do it.
Or just install Consent-O-Matic. By default, it’s set to automatically reject all cookies.
The Reject All button is only there for users detected to be within jurisdictions that require it be shown.
Not in any case I’ve ever seen. The reject all button started showing up for US users immediately after GDPR was passed and it’s only gotten more prevalent since then. Trying to figure out a person’s location is pointless cause they could be using a VPN and that won’t absolve you from following the law.
As an American the only time I’ve ever seen it is when I’m on my Swiss VPN
But what about the small blogger, the local restaurant, or the indie developer? For them, it’s another technical and legal headache, forcing them to install clunky, site-slowing plugins just to avoid a potential lawsuit.
As a small time developer, just no. Why would I be installing spyware on my small websites and importing a ton of third-party shit instead of doing things the right way from the beginning? Imagine tracking people to the extreme that you’ve legally got to resort to fucking popup
<div>s and having that kind of web property tied to your name — yikes.Someday hopefully people will be like "Remember the internet in the early 2020’s when they had those stupid cookie popup banners everywhere?
If the eu had a spine, it would make a law that says: “if you show a cookie banner on your website we will send a hitman to murder you”
IANAL
Two things: “reject all” should be as easy as “accept all”. GDPR seems pretty clear about that, to me at least. Almost all (if not simply all) 3rd party implementations get this wrong. I can only assume they’ve never been challenged on this, or found a loophole. “Native” European sites (governments, official bodies, TV stations, …. ) are the only ones I’ve seen do this correctly.
If your cookies don’t store user-identifiable or tracking information you don’t need to ask consent. You don’t need a pop-up. You don’t need any user interaction. All you need is a notification somewhere on the page.
One problem I can think of with the idea of legally requiring browsers to do anything at all is, how does this apply to hobbyist open source browsers? Will it be illegal to start developing a new browser in public unless it already has this feature?
These type of regulations often apply only when you have x active million of users to prevent issues like this.
