Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Besides cookies, there are tracking methods based on fingerprinting, IP and so on. None of them are permitted without explicit consent. This means that a site may not load resources from a third-party server without consent, since the request itself reveals enough information for fingerprinting and tracking.

Tracking is plainly not permitted without consent.



> Tracking is plainly not permitted without consent.

According to some poorly thought out law in certain territories, sure.

In practice, however, there is no technical mechanism by which users, or anyone else for that matter, can detect whether they're being tracked or consent to it. There are browser extensions conscious users can install to block certain browser features, but these are not infallible, and they're constantly playing a cat and mouse game with trackers.

The cookie policy only applies for cookies, not for general tracking. And even with it, companies loophole their way by claiming "legitimate interest". Many popular websites show cookie consent forms with upwards of a thousand of these companies, and deliberately use dark patterns to make it impossible to deny all of them. It's absolute insanity.

But in general, cookies are a red herring. They're used as sacrificial offering aimed at governments and the public to show that a company really cares about user privacy by not using them. When in reality they've been relying on far more sophisticated tracking methods for many years which are technically impossible for the public to even comprehend.

And let's not forget about the shady data broker market, where our data is perpetually transacted against our will or knowledge, let alone benefit.

We need far more technical experts in governments to pass strict regulation against this nonsense, in a way that it actually benefits the public. But I'm not holding my breath that this will ever happen, considering the corporatocracy we're living in.


If by "cookie policy" you mean GDPR, then it absolutely applies to general tracking, not just cookies. The actual technical means used for tracking has absolutely no bearing on legality.


> there is no technical mechanism....

sigh There is the law.

The law that legitimate companies obey.

Such data protection law means I can trust my bank will not track me and provide my personal data (all the booze and fags I've spent money on) to my insurance company, and my insurance company cannot accept such data gathered 'unfairly'.

The only people who object to such data protection laws are scummy tech companies who haven't yet understood unnecessary personal data is now a liability, not an asset.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: