The backend already stored all the information about the users. Why would it violate any laws if it stored a bit more or a bit less info? Things can get tricky if Github exported the collected data to third party for analytics.

part of the GDPR law is the intent of the information you are storing, not the method. Cookie is just a technology. If you track your users using a DB it still applies and you need consent if the tracking is not necessary

I can't reply to the reply to this for some reason, but it's worth noting that GDPR and the cookie law are different, though related.

For very recent comments, click on the timestamp to get the single comment view and be able to reply.

(I had to do it here too.)

You folks might just be time limited on the reply - HN puts some brakes on "too fast" commenting

See my profile if you want, that was my first comment in hours. I think it is that sort of brake, (prevents heated discussions veing quite so quick-fire) but it's not on the user, it's on everyone for <'5 [or something] minutes ago' comments; drcongo's happened to be '0 minutes ago' when I loaded the page, so I clicked on it to reply.

Oh! Useful tip, thanks!

It would still be a violation because of how you're using it. The law isn't purely about what data you track, it's primarily about what you do with the data.

IANAL!!!! But I think, yes, there are still implications. GDPR makes no distinction about back end and front end AFAIK, it's just about what data you collect and why/purpose.

But note there are other reasons you can have for collecting data other than consent (something often overlooked) - for example I would guess GitHub would log IP addresses in the back end for a limited time for spam fighting reasons, and I think that would be fine.