It would be better to hide the consent banners (use any good ad blocker) and delete the unauthorized cookies anyway. Without having your explicit consent they cannot track you (they still might, but it'd be a violation) so the cookie manager is just a way for you to enforce your rights.
The problem is that many sites will break if I hide the consent banner.
Some sites will hijack the page, take you to another page, and if you reject then they will take you to a page saying you must leave if you do not consent.
Keep in mind that re:consent isn't just about consent cookies - it's also about educating users what they allowed services such as Google & Facebook to know about them.
Ouch... That smooth scrolling hurts experience and pleasure of being on cliqz website. I think I know how to customize my browser, so if I would like to have smooth scrolling or custom scrollbars I will add them to my browser. Please, don't take your visitors as dumb persons - almost everyone knows how to install extensions from Firefox/Chrome store and some others also knows how to develop own add-ons.
I run with Ghostery and Privacy Badger with very restrictive settings. Google Tag Manager is blocked. Plus no third party cookies, and Firefox in site isolation mode. Few sites fail to work. General effect: the Internet has no advertising.
re:consent allows you to view and change the consent you have given to websites for data processing. It works for websites that adhere to the IAB's Transparency & Consent Framework, as well as for Google and Facebook. re:consent offers more control over your direct interaction with websites making it a smart addition to third-party tracking protection powered by Cliqz. Learn more on https://cliqz.com/magazine/re-consent
I appreciate the sentiment, but unfortunately your website is quite misleading. For example, subjects do not have an absolute right to erasure, even under GDPR, but your detailed comments about this are hidden in your FAQ while your main introductory paragraph clearly says something very different. Your letter template also has a few problems. The date is not in European format. The content itself appears to be conflating different subject rights in a confusing way. It also refers to some contact methods but doesn't include all of the necessary details to use them.
Please be careful getting involved with legal matters if you're not sure what you're doing. You could cause real trouble for all involved if people think they have rights they don't and start trying to make a big deal of it.
Thanks for the feedback! You have a point about the opening paragraph, do you have a better suggestion? The GDPR has a lot of "edge cases", which is why we placed the FAQ on the homepage and reference it throughout. The email template was reviewed by legal experts, I'd love hear your specific concerns. This is a free and open source project, maybe you can open an issue or a pull request on our github repo? Link is in the about page.
I'd suggest just being a little less heavy-handed in the wording. As written, I think your introduction will make many people think they have an absolute right to have their data removed, even if it's legitimately being collected and processed on a basis other than consent. It seems clear that you understand this is not really the case, as you do cover that in your FAQ, but perhaps the introduction could be altered to be less confrontational in style?
For the email, I'd suggest fine-tuning a few things. Numerical dates in European countries are typically given in D/M/Y order rather than the US-style M/D/Y, but the ambiguity could be avoided entirely by writing the month out in full, for example. Also, I wouldn't invite contact by methods where you haven't provided the necessary details, but IIRC your email template mentioned calling but without giving a phone number. If nothing else, these sorts of mistakes make such an email look less credible, which surely isn't going to encourage a positive response.
Yes, and additionally for a request to any site to be made, one has to fill in their home address (apparently to verify I you are living in the EU). Whether the request succeeds or fails, the company it is made to now has email + address to link to my identity.
Looks interesting. But what we really need is to erase our data from companies of which we are not aware that they have our data. There has been a lot of data brokerage going on in recent years.
We're working on providing a list of these data brookes (companies that provide no value to you but still collect and sell your data) so that you can easily it out of them.
I found most GDPR consent popups and settings cumbersome. They are hidden, they often require a few more extremely slow HTTP requests. I suppose most people simply click agree, because it’s the fastest option.
I trust my AdBlocker more than any consent options/frameworks.
I can't work out if that's set to allow functional and disallow advertising cookies or the other way around. And that's Bloomberg who presumably think they're somewhat reputable.
Still, I'm sure there's a UX guy somewhere swimming in material for a talk on dark patterns. Every cloud, but ffs.
Personally I hope the outcome will be a strict interpretation:
* opt-out by default
* dismissing means opt-out
* users need to be able to dismiss banners (at least per session)
Along with a lenient interpretation of consent-by-default for "normal" use (i.e. serving the content, anonymized logging and anonymized analytics) I think this would make the most sense from a user perspective while still serving basic business interests.
> I trust my AdBlocker more than any consent options/frameworks.
I agree. But, I have nothing against ads, just poorly behaved nuisance ads. I want content providers to get paid, I just don't want to surrender my privacy and eyeballs for that to occur.
So, I'm trying to think of some rules for well behaved ads, that I would allow to come through my AdBlocker.
1) privacy - hosted on neutral, log-free and audited website so no tracking information gained and no additional information in the URL query parameters
2) image - ad image is an appropriate size in kb, has no animation and is a strait img tag (i.e. no javascript to do funny things on hover, click or over time).
3) render - image size is included in page html (avoid annoying layout shifts as the page renders)
Anything i'm missing? I think this would be an interesting check-box for an AdBlocker app/plugin.
Missing:
* some way to stop an advertiser from uploading the same image 50k times with a slightly different name to do tracking. could probably be covered easily with the way billing is done so this would be cost prohibitive.
If sites just hosted their own ads, blockers wouldn't stand a chance. I wouldn't trust a third-party, centralized, site (users should have demanded that their browsers block third-party content from the begining of the web) and it wouldn't stop the host from doing their own on-site tracking. Self hosted ads are the only that will ever be allowed past my blocker, and I've seen about 3 sites in the past 10 years that do it.
> They'll just keep moving the target, it would be indistinguishable from regular content.
Not everyone will have the ability to do that effectively, or even have a platform for it, and users can simply avoid sites where native advertising is obvious.
If some advertising just becomes unobtrusive, and most of it disappears, then that may still be a win-win for a lot of people. This isn't a fight site owners can win with technical measures or deception - unlike every other form of mass media, the web is designed to put as much control over content presentation in the hands of the consumer as the producer, and users are now aware that advertising is something they can opt in to.
If sites offer content with high enough quality, they might be able to convince people to let their ads through, assuming those ads don't interfere with user experience too much. But just trying to sneak it past people isn't going to work forever, any more than ad banners did.
It's not hard to do by any means. Put it randomly inline with other content and don't give it any special attributes. How is any blocker going to catch that without hogging my cpu and killing my battery, or worse, sending details about the page im viewing off to a third party?
I've seen one site start doing that (or at least proxying the ads through their own servers) - all ads come [random 8 letter domain].ay.[domain].com (which I immediately reversed because they started using it to serve auto-playing video). If it was hosted on their main domain, I wouldn't have a chance (at least without more tools).
Pay-per-click is a bad model. Ad networks are a bad model. Ad companies are a bad model. Website businesses should get a proper advertising department (or be the department if they're small) like TV, papers, podcasts, vlogs, magazines, billboards, sports arenas, and the hundreds of other outlets that advertise, without tracking, and make millions doing it. Then the site owners and the advertisers can work out how to trust each other without getting consumers and their machines involved, again, like all other advertising works. And when people stop going to a site because it has a full page animated image with embarassing audio and a well-disguised close button, it will be nobodies fault but site owner for allowing such an ad.
Classically, a site could sell their own advertising space and serve them from their own infrastructure.
This would be preferred. More careful vetting of advertisers/ads, more targeted without personally identifying info, and less malware being served by ad networks, intentionally or otherwise.
> I trust my AdBlocker more than any consent options/frameworks.
There should be more layers of defense for your privacy. ad blockers only really target third party trackers. While this method also helps for webapps that track you directly (facebook, google, etc).
I trust my hosts file first. For work reasons I need to allow some domains/trackers there by default (Adobe Analytics, Tagmanager, Google Analytics and AB-testimg stuff). There my browser plugins come into play. I can decide on a site by site basis to block or to be able to do my work.
I know, I will not be able to block everything. Especially if it is done in the backend. But at least I can kill most 3rd party crap that way.
My customers want their customers to have a good experience and to feel safe and secure. They want to follow the law. They also want analytics. By following a standard that complies with the law here in Europe they get some of both.
I want the opposite of this. Is there some tool I can use to just automatically agree to all of these annoying GDPR cookie popups so they stop bugging me?
My best solution so far is using two Chrome extensions. "I don't care about cookies" and "Vanilla Cookie Manager".
The first one will accept GDPR consent, the second one auto delete cookies from non-whitelisted domain after a certain period (eg. 30 minutes).
Additionally, I have uBlock Origin blocking tracking domains.