1. 60
  1. 15

    “We want to do something that is a bit shady and totally does not have any advantage for you, but it does have an advantage for us. Do you think that’d be okay?”

    Well, who would’ve guessed that a majority clicks “No”…

    1. 5

      This is despite dark UX patterns in favor of allowing? Huh, as if it wasn’t worth asking and folks could just not implement tracking in the first place.

      1. 30

        As far as I can tell, the 9% number comes from an experiment which used an ethical dialog box.

        I would imagine the statistics for the commonly-used unethical alternatives are not public.

      2. 4

        This is way higher than I expected as I see over half of websites are providing only “accept” button. (no “decline” button)

        1. 2

          Most web users will simply select “no to tracking” once in their browser and the browser will block all the trackers for them as they surf the web.

          This sounds a bit like Do Not Track, and look how well that worked. It also sounds like Firefox’s Tracking Protection feature, which is actually quite nice (although I still have Privacy Badger installed because Firefox’s list is based on a blocklist which by definition is never complete).

          1. 5

            I use Consent-O-Matic for this, because sites don’t respect DNT.

            1. 2

              I used to set the DNT flag. Then I saw an aggregation of visitor stats on one site I frequent. Only one visitor with DNT set - which I realized was myself. I concluded that setting this flag is just leaking a rare fingerprinting datapoint to any sites I visit. I no longer set DNT.

              1. 1

                Unfortunately Firefox doesn’t allow disabling the DNT flag as far as I can figure out :-/ I wish it would go away, it’s more harmful than helpful IMO, mostly because it gives the illusion of doing something while you’re actually not.

                1. 1

                  If that’s the case, perhaps the statistical profile of people using DNT has changed and now its more common. It’s not like there aren’t plenty of Firefox users out there.

                  1. 2

                    Microsoft enabled DNT by default in Explorer back in 2012, I believe (although later disabled it again). That was kinda the beginning of DNT’s demise since publishers complained about it being an indiscriminate use of the header.

                    Apache, for example, started ignoring the header not long after that.

          2. 2

            This is consistent with the observations we made at $job for most of our customers: when there is an obvious opt-out next to an opt-in button, only about 8–10% of visitors enable analytics.

            1. 2

              In other news, 9% of users can be tricked into clicking the wrong shit.

              1. 1

                I hate those banners. Idea to force users interact with banner on EVERY website is insane. People who wrote GDPR not familiar with internet.

                PS Why GDPR not targeting browsers? You can get more money from numerous websites vs a few browsers.

                1. 23

                  Idea to force users interact with banner on EVERY website is insane

                  This is not the case with GDPR. Under the GDPR, you only need to ask for consent if you want to store/process/etc. personal data outside of what is necessary for the service you are providing. Most of the sites that I visit don’t have GDPR consent banners. Lobsters doesn’t, wikipedia doesn’t, peoples blogs generally don’t, legitimate online shops don’t. Generally speaking, the only sites that have GDPR consent banners/popups are sites that make money by shady practices like tracking and targeted advertising.

                  1. 6

                    People who insert those banners (looking at you, web developers) are not familiar with GDPR.

                    1. 3

                      I hate those banners

                      That, as I understand it, is part of the goal. You don’t need consent for cookies that provide the core functionality of the site. You do need consent if you’re doing ethically dubious things. The GDPR is intended to create market pressure that gives an advantage to sites that don’t track users (unless the user explicitly signs up and creates an account, at which point tracking that account is part of the core functionality). Given two sites, if one tracks users and the other doesn’t, the GDPR gives users a visible incentive to prefer the non-tracking one.

                    2. 1

                      I actually use an extension to just blindly accept cookies etc. Then I use Firefox temporary containers to wipe it all away when I close the tab.

                      1. 1

                        I prefer the self-destructing cookies extension (there’s an attempt to rewrite it for Chrome, but it’s missing the point slightly). This extension makes cookies ephemeral by default, but provides an undo button. If you discover that you actually want the functionality that cookies provide on a site (e.g. remembering preferences) then you can hit the undo button to undelete them - they’re not actually deleted initially, they’re just moved aside where the browser won’t see them. I wish browsers would make this the default behaviour.

                      2. [Comment removed by author]

                        1. 18

                          That’s contradicted by the article. 48% of visitors interacted with the banner. 19% of those that interacted said “yes”, representing a total of 9% of all website visitors.