I am in my mid forties, been working as a professional software developer for over 20 years.
I click “accept the cookies” almost every time. I just personally don’t feel it’s worth the effort and cost to try to avoid it.
What “dark pattern cookie trick” are you worried about? I just can’t come up with a scenario where it will actually harm me in any way. All the examples I have heard are either completely implausible, don’t actually seem that bad to me, or are things that are trivially easy to do even without any cookies.
Now, I am not going around giving my real email out to random sites, though, although even that doesn’t strike me as particularly dangerous. I already get infinite spam, and I am sure there are millions of other ways to get my email address… it is supposed to be something you give out, after all.
I just don’t think it is something that is worth stressing out about and fighting against. Maybe I am actually naive, but I just have not yet been convinced I should actually care.
First of all, if you don't practice any tracking limitation, you're almost certainly giving additional parties (directly or otherwise) access to your personal information. This is marketing data brokerage, this is the whole ballgame.
To your point about the actual harm, I've come to see it as a kind of ecological problem. Wasting energy and sending more trash to a landfill doesn't harm me individually, at least not immediately. But it does harm in aggregate, and it is probably directly related to other general harms, like overall health outcomes, efficiency, energy costs, etc.
No, accepting cookies by itself may not do much to me, but the broader surveillance and attention economy that relies on such apathy certainly has.
Sadly, this still doesn't do anything to show me that I should opt out.
I, as an individual, am not going to have any effect on a business if I opt out or not. No business decision is going to be made because I opt out.
You might argue that it will matter if enough of us do it. Sure, that is true... but again, it won't matter if I do it or not. If N number of people opting out is enough to ruin the business model, then N-1 is surely enough as well. There is a 0% chance that I am the one who finally causes the system to collapse.
I do use an ad blocker, and never click on ads. I feel like that action has a bigger return on investment than no clicking the cookie banner.
If having more information about me allows the website to charge more to show me an ad, and I never click any ads, then I am hopefully helping decrease the return advertisers get by using personal information.
This is the exact same logic as opting to not go through the hassle of registering to and casting your vote in your national elections (unless that physically isn't an option where you live) -- yes, your government isn't going to make a decision one way or another based on your vote alone. But will you affect the sociopolitical trends by whatever fraction of societal opinion you represent?
It may be you don't believe in democracy at all, and that's fair, but consumer action is the only way you can affect business decisions, by joining the decision-cohort you agree with more. Joining the opposite cohort because it's less work represents that you're okay with things continuing in that direction.
That said, I agree with the work it takes to navigate cookie banners being excessive (hence dark pattern), which is why my default browser config = ublock + consent-o-matic [1]
[1]: https://consentomatic.au.dk/
Yes, the Paradox of Voting is the exact same situation [1]. My decision to vote is not rational, but I know if all the rational people don't vote that is bad, and so I focus on the other parts of voting, like civic pride and the little sticker that says "I voted"
> It may be you don't believe in democracy at all, and that's fair, but consumer action is the only way you can affect business decisions, by joining the decision-cohort you agree with more. Joining the opposite cohort because it's less work represents that you're okay with things continuing in that direction.
I actually believe even less in 'voting with your wallet' than in actual voting, for all the same reasons except the cost of 'voting' in this case is even higher (choosing an individually suboptimal option with my wallet hurts me directly even more than the cost of voting in an election does... e.g. choosing to pay more to avoid major corporations costs me every time I shop) I personally think the only way to avoid companies destroying the common good for profit is to price in the destruction to make it explicit (e.g. carbon taxes, pollution taxes, etc).
[1]: https://en.wikipedia.org/wiki/Paradox_of_voting
You have to use something more like updateless decision theory rather than EDT or CDT: consider the similarity of your thought processes and decisionmaking to all the other people in a similar situation and act so as to further your goals given that a substantial fraction of similar people will ultimately make the same decision as you.
If I ever decide that it is no longer worth voting then I will probably leave the country under the expectation that other people like me giving up on voting are doing it for roughly the same reasons.
> choosing an individually suboptimal option with my wallet hurts me
That may be true, particularly in the short term, but you might be hurting everyone else including yourself in the long term. Opening your wallet sends a signal to the receiving business to keep doing what they're doing, even if we all know it's bad.
There's also a cultural aspect to consider. It's normalized to not think of anything other than cost. That's why we have CAFOs, toxic plastic children's toys, landfills full of junk, etc... Pricing in the destruction might help, but at some point our culture needs to change. Outside of the occasional voting, we're all pretty powerless to enact top-down change like taxes and regulations, but we can all build culture.
> Opening your wallet sends a signal to the receiving business to keep doing what they're doing, even if we all know it's bad.
That is exactly my point, though. The signal from my personal transactions isn't going to be enough to change anything. It will be drowned out by everyone else.
Of course, you are right that if enough people closed their wallet, then the business would have to change. However, that is STILL true even if I keep my wallet open. If N people stopping their shopping at a store would cause it to close/change its practices, then surely N-1 people stopping their shopping would also cause it to change. I could still keep shopping their, get the benefits while they last, and then switch once it finally goes out of business.
Of course, you might reasonably say, "Well, if everyone thought like you, then the change would never happen!" True, but my decision does not change anyone else's decision. The other people won't even know my choice, it isn't going to make other people boycott.
You could argue that people will listen to what I say, and I could influence them. That is true, but that is again independent of whether I actually 'vote with my wallet' or not. The influence I have on other people is the same whether I tell them not to shop there and I also don't shop there, or if I tell them not to shop there but secretly shop there myself.
Obviously there is some other morality at play here, but it isn't as simple as invoking the direct signal I am sending by choosing to shop somewhere or not.
Agreed, it's not simple to make change, and I wasn't suggesting that. I'm just promoting doing something instead of waiting for top-down solutions, which, even if they materialize, still aren't as cool as bottom-up culture change IMHO.
Is it effective? Probably not in the short term, at least for the intended purposes, but secondary effects like personal growth, satisfaction, and social dynamics might be realized.
It is pretty paradoxical and got me thinking. I don't know how to measure the value of my vote. I feel like the immediate value is less than the effort, but on the other hand, I don't think it's so simple. As you said, if no "rational" people vote, that's catastrophic and so I'm helping to maintain a larger system. Maybe a culture. Movements can have collective power no individual can have, but they can't exist without individuals. It's hard to measure the value or effects of a culture as they are often not clearly visible or direct. The effects can play out over a long time too.
About voting with your wallet, I agree that it'd be best if companies actually had to pay for those externalities you mentioned. If you have spare money to spend, you can view not choosing the cheapest option as supporting or donating. That's what I sometimes do when e.g. buying locally instead of ordering from somewhere far for cheaper. I can get local faster and it's more convenient, so there's lazyness, but thinking about it as supporting helps me rationalize it further (and it is true). I don't think it really hurts me more than buying something else that I don't strictly need. I see indirect value in trying to uphold things I like.
It's not paradoxical and the attitude expressed by GP that it's not "rational" is exactly the sort of thinking that leads to rationality getting a bad name.
Cooperation to the detriment of the individual in the animal world is exactly the same phenomenon in a much simpler system. That is widely and repeatedly evolved so we know for a fact that the game theory works out in a vacuum (ie without human cultural factors).
Any high trust cultural behavior is similar.
Animal cooperation proves that game theory is universal, but it does not prove it works in a vacuum for humans.
- Biology gives us the instinct to cooperate and the capacity for empathy.
- Capitalism provides the mechanism to scale that cooperation to millions of strangers.
- Institutions (laws/culture) provide the rules that prevent the "vacuum" from devolving into a state where the strongest exploit the weakest (which is actually what happens in nature when policing fails).
Therefore, in a capitalistic society, cooperation to the detriment of the individual (e.g., paying taxes, following labor safety rules) is not just a biological imperative; it is a social contract enforced by culture to allow the complex system to function. Without the cultural layer, the biological layer alone is insufficient to sustain a modern economy.
What happened to being part of a community?
I do not think this should be analysed from the perspective of an individual but from the perspective of being part of a collective.
Individually we are pathetic naked monkeys, collectively we are mighty
> My decision to vote is not rational
And I think this is great. Often our convictions aren't, and those are what make us interesting! I also think it's interesting how/why we rationalize our irrational behaviors! For example, I generally feel the same way as you about voting, but I don't like living as (in my mind, at least) a defeatist. Also, I feel that if I didn't vote then I have no right to complain or have an opinion about the things I didn't vote on. So I go vote for those reasons.
I mean, I do actually vote in every election, for the same reasons you are talking about. There are social reasons I do it, and there is something communal and bonding about the process of elections.
But it isn't because my individual vote actually matters.
> consumer action is the only way you can affect business decisions
I mean, insomuch as any action I take is a consumer action, because I am a consumer, this is true. That's why Luigi'ing is a consumer action.
But 'vote with your wallet' is an illusion; you have no way of informing an entity why you are rejecting their service if you simply don't patronize them. On a ballot you're actively choosing another over them. As a consumer, you're otherwise 'invisible' to them.
Walking past Target out of rejection of their politics, for example, is no different to them than the person next to you walking by because they don't need anything from them at that moment (and realistically, they would probably prefer to just switch you for said politically/privacy-un-conscious person). It's still good to stick to your morals, but that alone isn't actually 'consumer action' in the way you mean it.
It requires a coordinated, public messaging campaign that a group is boycotting actively to have any impact on a business. Your individual action of not clicking on Accept Cookies does nothing to influence businesses.
Not spending money at Target is not voting with your wallet. Voting with your wallet is the spending you do at a business that isn't Target instead.
However voting is different. We don't vote for a policy (although that is a common misconception.) The collective power of voting is often voting against a person/party : voting them out.
We spent money on goods/services we choose, and receiving money is a very strong signal to a business. Not spending money is an extremely weak signal.
Opposites.
Sadly, there will be no signals at all, until it's too late. ICE has used online advertisement tracking to find their targets. They won't tell you anything about this, until they're already at your door with handcuffs. https://www.404media.co/cbp-tapped-into-the-online-advertisi...
This is the real answer. Palantir aggregates massive amounts of data, and they are not stupid enough to not use online ad profiles. They track everything. I mean, sexuality, race, age group, mental and physical illnesses, income, job/industry, living address, work address, frequent travel destinations (in and out of your city), shopping habits, eating habits, the list goes on and on and on. Any possible days point they can get, they will.
If you aren't worried about the US government having this, it's a sign of significant privilege and safety a lot of others don't have.
It's not possible to be a ghost, but it is possible to reduce your surface area in these systems, which is what I focus on. Denying tracking cookies is a single tool in this quite large toolbox.
You could use exactly the same argument for not bothering about doing things that pollute, generate landfill, or generally make things worse for society.
Its highly unlikely your vote will swing an election.
If you want easy things to do use cookie blocking extensions.
I could make that exact same argument, and people have been for a long time: https://en.wikipedia.org/wiki/Tragedy_of_the_commons
These are all related to the collective action problem (https://en.wikipedia.org/wiki/Collective_action_problem). This is why we have regulations and rules and laws about things like pollution, because we CAN'T rely on everyone wanting to live in a clean world to make everyone not pollute.
> You could use exactly the same argument for not bothering about doing things that pollute, generate landfill, or generally make things worse for society.
Which is why those things need laws to create any meaningful change.
> I do use an ad blocker, and never click on ads. I feel like that action has a bigger return on investment than no clicking the cookie banner.
Right, but this is not solely about cookies or blocking ads. You also leave behind data which helps create a profile. AI is mass-creating profiles of everyone. Not everyone will have the same pattern, but information space is finite and they get more and more data about you over time. You may think this is not relevant for your use cases, but can you make this as prediction in the future?
The future of myself and my son does not depend on nor benefit from my anonymity.
I'm not a revolutionary taking up arms I'm a voter and a citizen in disagreement. Unless I am seen and counted, then being any of those things is worthless as well.
There is no value in hiding from the system while the system goes to hell and attacks everyone else.
While I have no idea of the actual outcome, I’ll muddle through the extra step + thinking to opt-out where possible.
My own personal bend is that I do not want to be sold anything and I want anonymity where possible. We’re constantly being advertised to. Anything small action that I can take to deter that, or make the ads less personalized/interesting/distracting to me, is worth it. Even if I also will never knowingly click an ad.
It’s probably largely a control thing psychologically. With cookie banners specifically, I also don’t want to concede to dark patterns which make accepting easier than rejecting.
> My own personal bend is that I do not want to be sold anything
You can always choose this no matter what ads they show you. In some ways, choosing to not be sold AFTER being shown ads might be more effective at shutting down that behavior than simply avoiding the ads entirely; forcing the company to pay to show you the ad that you ignore is costlier to them than simply not being able to show you the ad at all.
Your ad blocker probably has a setting for cookie blocking too
If not then install EFF Privacy Badger and Decentraleyes extensions.
uBlock is enough for all of that. I would minimize the number of extensions used, possibly to one (uBlock only).
Potential real-world consequences, while they do exist, are simply too subtle to realize. Some actual examples of cookies being used against people:
- CBP has admitted to buying location/advertising data from brokers to use in helping locate people to arrest
- Phishing and identity theft can be made easier due to cookies... security researchers have even demonstrated 2FA bypass techniques based on it
- Price discrimination - Consumer Reports found that flight prices can fluctuate based on your cookies. Sometimes they would even raise the price if you kept searching for routes, as an indication that you were in a hurry, thus likely willing to pay extra.
- Healthcare discrimination - Companies have been found to raise healthcare prices or deny coverage due to cookie data aggregated via brokers where external sites tracked a person's health conditions based on what pages they visited (examples: fertility, cancer and mental health support groups)
- AI models or automated systems using cookie data to predict housing stability, creditworthiness, and employment risk without ever seeing your resume or credit report directly
- ProPublica found that Facebook was allowing advertisers to target their housing ads based on specific age/race groups stored in cookies
- Some recruiting firms have used cookies to infer personality traits and political leanings. Your employment application could be rejected or deprioritized based on that
- Based on the previous examples, I think it is not a far-fetched idea that websites and services could deny you access altogether based on data revealed by a combination of things like your browser fingerprint + brokered cookie data, such as political affiliation, estimated income, race/gender, health situation, etc. Imagine for example, not being able to order pizza because you badmouthed their favorite president online.
It's also harder to change your mind later and go delete a bunch of specific cookies to opt out when you could have just said no from the beginning.
I appreciate the list of potential harms. I'm curious about your last point though. Isn't it trivially easy to wipe cookies from your browser?
You should always configure your browser to automatically wipe all data on exit. The Arkenfox user.js user profile does this and more to mitigate fingerprinting.
I am logged into way too many sites to do that unfortunately. I do use a password manager with a browser plugin to make it easier, but it's still a lot of manual work to re-login to all the sites I use on a normal basis, for both work and home, every time I restart my browser.
Would be nice if there was some other solution, like maybe encrypting the browser profile and then requiring a pin/password/biometric/something to unlock it on each start.
It shouldn't take more than one second to log into a website using the Firefox password manager.
In my case it often can and does.
Many sites I use force email or SMS-based 2FA, sometimes in addition to "security questions" and/or have other multiple steps of authorization (like captchas) required; it's often not just a simple username/password for me.
Now multiply that by 25 different sites. Not happening.
One option for that is to use multiple Firefox profiles. The main general-purpose browsing profile would have a hardened configuration, while dedicated profiles are used for other websites that should remain logged in.
It's not just about cookies but also about fingerprinting, which is extremely hard to prevent.
No extensions that randomly change your fingerprint? I suppose that might trigger a lot of captchas.
There are but I'm not aware of anything that can reliably fool creepjs.
https://abrahamjuliot.github.io/creepjs/
And yes it often results in endless captcha loops.
Fingerprinting can be extremely sophisticated. Have a look at this test: https://coveryourtracks.eff.org/
Only Tor Browser can reliably fight with it.
Tor Browser will not even hide the OS you're using from javascript... so if you're on Linux, you are automatically more identifiable than >97% of people.
Also, that EFF site only checks against other people who visited the same site, so the results are skewed IMO. The other comment that links to creepjs is what I consider the best available open source tool.
It can be yes, although not everyone wants to do that because you will likely be logged out of all the websites you're using, shopping carts cleared out, etc.
Why do you think you have a 5 day work week? Because collective action fought for it. Same goes for the Civil Rights movement in the US and strong union protections for the Boomers that helped them build out a healthy middle class (that they're in the process of squeezing dry after pulling up the ladder, because Millennials and Gen Z won't do collective action to enact change, but that's a separate discussion).
Saying you don't see an individual motive here to do anything just says that you don't see how interconnected everyone is in modern society.
> Sadly, this still doesn't do anything to show me that I should opt out.
Then don't. No need to be sad about it.
> I, as an individual, am not going to have any effect on a business if I opt out or not. No business decision is going to be made because I opt out.
I do it more from a point of view of principal. I don't want following around the Internet by all and sundry who care to, any more than I want to be followed down a dar alley, for followed into Tesco by someone yelling “hey, Dave, I saw you went to the pub last night, my shop has some cheap spirits” or “hey, Dave, I saw you but a network switch the other week, do you want another one?”.
I also resist anything wrapped in many layers of dark patterns, and that describes almost all current ad tech.
> You might argue that it will matter if enough of us do it. Sure, that is true... but again, it won't matter if I do it or not. If N number of people opting out is enough to ruin the business model, then N-1 is surely enough as well. There is a 0% chance that I am the one who finally causes the system to collapse.
If your stats knowledge and reasoning accept that, then I've got an infinite compression scheme for you. It can compress anything including compressed anythings!
You are jumping between two factors of large numbers haphazardly from sentence fragment to sentence fragment, and the logic isn't following you. At some point N-1 might make a difference, and you could be that -1.
> I do use an ad blocker, and never click on ads.
To use your argument on tracking: but many people don't, so why do you bother? What makes you think you could be the +1/-1 here but not there? And by blocking ads you are blocking a fair portion of the tracking, in fact that is why I block ads much more than the ads themselves. I don't run sponsorblock for the other side of the same reason: that doesn't affect tracking at all.
> If having more information about me allows the website to charge more to show me an ad, and I never click any ads, then I am hopefully helping decrease the return advertisers get by using personal information.
And when the database eventually leaks, many others will have the extra information about you.
And again: by blocking the ads using most ad blockers (obs not all work the same ways) you are blocking at least some tracking.
--------
But again, if you don't want to block tracking, don't. No need to be sad that we've not convinced you with our arguments as to why we try to block it. I know other devs who take your attitude (that is simply isn't worth their effort), and many others who take mine or similar (when it isn't worth the effort, the information or product behind the mountain of “legitimate interest” checkboxes isn't worth the effort either so I'll just move on). Our threat and principal models can be different from ours without either of us being bothered by the other's choices here.
I hear what you're saying, and instinctually I feel gross about it. But, if enabling advertising allows the website I'm visiting to stay in business, I think that might be a trade-off worth making.
The business model of the websites I visit is not my problem. I block ads and trackers at multiple levels, very aggressively, and could not care less if some websites disappeared because of it. Perhaps then we will be left with a more sane and useful subset of the Internet.
I don't understand that thought process.
Why should I give up my data to any private entity?
If their business model depends on ads, then I say it should die.
Then the fix is pretty easy, just don't visit their site?
[dead]
Do you have any napkin math on the ecological impact in quantifiable terms? I'm just super curious what the scope of the problem is.
I turn off 3rd party cookies in the browser but I don't see first party cookies as big of a threat and I click accept just in case it breaks the website somehow.
The effect of that data is serving you better ads. Its not a big deal. Dystopian governments have way better sources of citizen data than anonymized ad exchanges. It basically just powers product discovery in a giant global marketplace.
I’m glad you mention this. From today https://www.404media.co/cbp-tapped-into-the-online-advertisi...
This shows a really fascinating dynamic.
In theory, the government doesn't need the ad exchanges which have very lossy information. They have access to the ISPs and cell service providers, etc, with a warrant. Dictatorships like China and Russia don't need ad network data to be police states, they just use the core phone, internet and computer data.
But in this case, the US gov are using the insecure private data as a run-around to the warrant process. This is definitely unfortunate, and I think laws should be amended to prevent this workaround.
They don’t need a warrant for the ad exchanges
>The effect of that data is serving you better ads.
On the contrary, the ads become worse, since they become better at trying to get me to buy some crap I don't need.
The more irrelevant to my profile they are, the better.
This is not just about "better ads" - though I don't understand the term better anyway here. This is about profiling people. Ads are just one benefit here. Profiles can be sold to get a better idea of the potential customer base.+
> It basically just powers product discovery in a giant global marketplace.
That is also incomplete. See how profiling led to ICE finding people - and ICE has a proven track record of executing US citizens. That is also a fact. It does not mean profiling led to the death of the people here, 1:1, but it meant that it is a contributing factor to the build-up of government troops killing people (which is very similar of Europe 1930s by the way).
Would you write your name down the side of your car?
There's a subset of people in Ireland who are legally required to write down an ID on their vehicle, that can be matched to a name/photograph in seconds.
https://www.transportforireland.ie/getting-around/by-taxi/dr...
---
Additionally, in plenty of European Countries, it's pretty common to write your name on your address: https://c8.alamy.com/comp/B01RP4/personal-name-plates-at-blo...
My name is on my car, the license plate can be matched to my name in seconds.
To those who have access on the registry - yes. But not everyone knows the name because they do not have access to the registry.
Writing it down would give more information to everyone else at all times.
Would you not? It would look odd and draw a lot of attention simply for being unusual, but I'm struggling to come up with any way in which doing so would actually harm me.
If you do it right now I will reveal my answer.
I disagree, because there’s always a chunk of advertising that seems to be all about targeting low-income or people who aren’t financially savvy and I don’t think it’s ethical for an apparatus to take advantage of them.
I think if a product is harmful, advertising it should be banned. Alcohol, drugs, gambling ads should be banned.
That is a pretty simplistic, prohibitionist worldview.
What about food products that can be used to excess? What about cars or AI or vacations? All these products can be harmful when misused.
Those all pass the utilitarian calculation for me, goods greater than harm.
What utility does a box of cookies have? A bar of chocolate? A can of soda? Those things are about pleasure and have serious harmful consequences if overused - just like tobacco, alcohol and drugs.
What about video games? They only have utility in pleasure and the sedentary lifestyle associated with over-playing them is extremely harmful.
Sounds to me like you have some random things you decided you don't like and want to ban ads for them, not that you've done any thinking about utility (other than as a bad attempt at rationalizing your anti-some things campaign).
Insurance is likely using that same data to adjust rates.
” it’s not a big deal. Just gets you better ads.”
I thought this was just ignorance.
Then I checked the profile. They ”have lots of experience with digital advertising “
Really? So the profile is like an ad-bot. Good to know. It was the only account that tried to promote ads; everyone else hates ads, so they don't write in a positive tone about them.
This might’ve been true in 2012 but definitely is not the case today
“It is difficult to get a man to understand something, when his salary depends on his not understanding it”
The counter point to that quote is that someone whose salary depends on something likely has a lot more understanding of the topic than the average person. Not saying theyre always in the right. But the average internet user thinks they are way better informed than they actually are.
> I click “accept the cookies” almost every time. I just personally don’t feel it’s worth the effort and cost to try to avoid it.
the effort and cost to download an ad-blocker that automatically removes the prompt to accept/deny entirely is practically zero and the amount of clicks you'd save yourself would quickly exceed the clicks it took to install the blocker.
> I just don’t think it is something that is worth stressing out about and fighting against. Maybe I am actually naive
It seems like you are, but that's just how our brains work. We're very bad at judging long term and abstract risks, especially when the consequences and their connection to the cause are intentionally kept unclear. For example, when people's cars started collecting data on their driving habits and selling that data to insurance companies a lot of people saw their insurance rates go up, but none of the insurance companies said that it was because of the data collected from their cars. I'd be willing to bet the data being collected by tracking your browsing history has already been screwing you over in various aspects of your life, online and offline, but you won't be told when it happens or why.
> I'd be willing to bet the data being collected by tracking your browsing history has already been screwing you over in various aspects of your life, online and offline, but you won't be told when it happens or why.
Ok, can you give me a plausible example of what that harm could be? This seems in line with the exact thing I said in my comment; every time I ask how it could harm me, I am given vague statements about tracking and data. Charging me more if they think I can afford it is surely a thing to worry about, but there are so many ways to do that without tracking that I already need to take actions to defend against that (comparison shopping, price history tools, etc).
I am not saying I don’t think companies can take data they have access to and use it to extract more value from me… I am saying I don’t thing opting out of cookies is going to do much to change that, for better or worse.
> Ok, can you give me a plausible example of what that harm could be?
There are countless ways the data collected about you can be used against you. Companies are using this data for everything from setting prices, to deciding which policies they'll apply to you, what services they'll offer or deny you, even shit as trivial as deciding how long they should leave you on hold when you call them on the phone. It's been used to deny people housing, or employment. It's even resulted in innocent people being arrested and investigated by law enforcement. This guy (https://www.nbcnews.com/news/us-news/google-tracked-his-bike...) wasn't worried about Google tracking everywhere he went until he had to get his parents to clean out their savings to pay for a lawyer in order to prove his innocence.
AI is only going to make it easier for companies to leverage the massive amounts of data they've collected against us. Companies have been trying to get consumers to accept discriminatory pricing practices this data enables for a very long time (https://link.springer.com/article/10.1057/s41272-019-00224-3) and it looks like they're starting to wear us down. Digital price tags are becoming increasingly common. So are demands that consumers scan QR codes to get prices. Prices don't have to be set so high that they become unaffordable to you, they can just slowly eat away at more and more of your earnings.
The system is set up so that you will never know when or how the data being collected about you is used against you, but every company is looking to leverage that data to their advantage every chance they get. I get that it's easy to feel defeated and think "My ISP already sells my browsing history, Google chrome already collects all by browsing history, so who cares if I let 30 other random companies collect it too by accepting their tracking cookies on every website I visit?" but those companies collecting your data care very much and it's not because they have your best interests in mind. They aren't going through all the trouble to track you across every website you visit because it doesn't matter. Taking a few basic steps to help protect yourself is just the smart thing to do, especially when it's something as simple as using an ad blocker or an add-on to auto-reject the countless "Can we track you" requests.
I guess the thing that worries me is more so population effect versus direct personal ones. When companies know they can extract useful information from a source, there becomes a market for the information, which further incentivizes others to collect the information. The other thing is that even if you don't care about ads, I assume you care at least about browsing privacy. The main reason why GDPR was even passed was data privacy and security.It is difficult to know who has what personal information and for how long they keep it. Because of that, it just takes one breach where suddenly your email/username/personal information, along with all of your browsing activity, gets leaked. This wouldn't only be the ones that you purposely entered your email address in; it just takes one site to have your cookie "fingerprint" and email connected, and suddenly all the sites that recorded that fingerprint will have a record that you visited them. All in all, I agree that there is a low chance of personal harm to you, but I look at it like putting motor oil in the storm drain. "Low trust" cultures where people only care about the direct effects of actions to themselves instead of society as a whole always fare worse than cultures where everyone sets a standard of what is acceptable or not.
A plausible example: Your insurance company knows how much money you make, and how fast you drive, and takes this into account when setting your insurance bill. Even if you never thought you gave them this information.
Another example: there are fallen countries that try to penalize abortion even in extreme cases (rape, incest) Having the data in your ad-exchange’s online profile that you bought a pregnancy test and a bus ticket to another state that allows abortion may be enough to get you jailed.
And when the government uses that data to round you up? Sure maybe you aren't an immigrant... but are you in the next group they target, or the group after that?
Maybe not, but does that matter when they use an advertising profile to make your life hell before determining you're not in the problem group? Will they even bother to check? They already have been hassling and detaining citizens on similar sloppy suspicions around immigration.
Even if you're a perfect aryan and think you're safe from the current regime... will the next one have the same notion of perfect?
> the effort and cost to download an ad-blocker that automatically removes the prompt to accept/deny entirely is practically zero and the amount of clicks you'd save yourself would quickly exceed the clicks it took to install the blocker.
For less-often used, e.g., non-English language sites, these often leave a site in an unusable state, e.g., non-scrollable. I often have to go into the developer tools to fix a site manually, sometimes hunting for the element to fix if it's not body or html.
> the effort and cost to download an ad-blocker that automatically removes the prompt to accept/deny entirely is practically zero
It's only zero if you don't need to interact with sites that break when you're running an adblocker. I run an ad-blocker nearly continuously, but there are all sorts of sites where I have to disable it in order to use the actual functionality of the site (and these are frequently sites I _have_ to interact with).
There’s a burden in ad blocker plugins: you never know when they will get compromised. Im comparison to that, simply ignoring the cookie baner is less effort imho
Preventing add-ons from auto-updating is helpful. Enshittification happens more often than serious security updates, especially when it comes to add-ons that do something very basic such as hide a banner.
this is definitely happening and for some reason, no one has any clear evidence on it.
Conspiracy theories are gossip for men.
We have all kinds of evidence for it (for example, here's an article about the data sold to insurance companies https://www.nytimes.com/2024/03/11/technology/carmakers-driv...) and we've had evidence for a very very long time (https://www.cbsnews.com/news/data-brokers-selling-personal-i...)
The data collected about us online is extensively used against us both online and offline. The multi-billion dollar industry around collecting and selling every scrap of data about you and your personal life didn't spring up because nobody was making money from it.
We were talking about browsing history, not credit card, purchases and metrics from your car.
At all gets added to your dossier and it all gets sold and resold and used against you. You can't know what is going to prejudice someone against you, or what assumptions they'll make. Your browsing history can be a lot more relieving than your credit card purchases or your driving data. It can give them your medical issues, your sexual preferences, your addictions, your political views, your religion, etc. Just knowing the dates and times you're going to websites can tell them a lot.
In a single given website, accepting cookies look innocuous.
But to me, what is mind blowing, is when one day you accept the cookies on random e-commerce or review website about vacuum cleaner, and then later when you browse news or look at videos, there is suddenly a constant stream of advertisement for vacuum cleaners, everywhere.
[Reject Optional], [Essential Cookies Only] ... I am one of the people who clicks such options. But to some degree they are "privacy theater". Any website that presents you with such a choice is almost certainly loaded to the gills with tracking/analytics and various 3rd-party services that will track you with browser fingerprinting regardless of any buttons you click on the cookie banner. Nevertheless I still reject them, mostly out of spite.
Feel similarly. And to be honest, even when I do select decline all, I have little confidence that the function does what it says it does.
Yes, I do not have a lot of faith that "essential" cookies are always "essential" for example.
Essential is contextually defined by whoever implemented the that part of the front-end basically.
Certainly advertising is essential to the business model.
This is how we should view all information we get from a company. If the product say organic, claim to be pure ingredients, recycled material, made in "COUNTRY", or any other claim, it is only just that. It is simply a claim that you as the customer has no way to verify.
Having seen how these things are implemented in the field, your lack of confidence is definitely well placed. Most of these things send your denial request to /dev/null
Firefox has a setting to dump cookies on exit, which I use.
And there's Firefox Klar on Android. It forgets everything on exit. Some people call it a porn browser, but I've gotten used to it for general use when I don't need to log in somewhere.
For those that wonder, Klar is Firefox Focus with telemtry disabled by default. It is available on german speaking countries due to trademark avoidance with the Focus magazine.
When you decline, their tracking becomes illegal, so they are constantly in danger of a legal action. It's a good enough reason to declime for me.
> Now, I am not going around giving my real email out to random sites, though, although even that doesn’t strike me as particularly dangerous.
I am fanatically following my rule "one email per website". Obviously, they all route to the same inbox. Initial motivation was to see who leaks my address and simply block it. However, the separation helped me out tremendously more than I ever expected (at the very least I believe so).
I'm originally from a country with a highly oppressive regime. Years ago I signed up for financial support to a political opposition leader. Things weren't as bad and it felt safe enough at the time. They had my email, of course.
Eventually opposition systems were compromised, and the full donor list became public. The regime's response: they cross-referenced it against emails registered on government services. For quite a few whose addresses matched, police officers paid a visit — looking for grounds to fine them, pressure them, etc.
My alias for that site existed nowhere else. No match, no visit. Definitely an experience I was more than happy to avoid.
> I just have not yet been convinced I should actually care.
I'm not out to convince you since my reasons are unlikely to apply to you. There are some of us who want privacy for privacy's sake. We respect the social boundaries of other people, and find those who don't respect our social boundaries creepy. We don't much care one way or the other if those people are out to exploit us or to harm us. It is the act itself that we consider violating.
You won't notice the effects, but allowing tracking feeds your behavioral profile into the data broker economy. You can then be targeted with things like dynamic pricing based on your guestimated income, invasive ads for significant life events, health care risk modeling, tracking your group affiliations, identity theft, and more.
Unfortunately, NOT accepting them and actively blocking things also makes you extremely identifiable.
I recently spoke with an engineer who was building a product using the information he is able to acquire from these data brokers. This includes every search query you've ever made, anything you've purchased with a credit card, and anything that is in the public record (i.e. a pending divorce case, or child custody dispute). He uses that information to generate a profile on leads to determine how much they can squeeze from this person in whatever deal they are making. (I'm not going to get more specific than that.) This person had no incentive to lie to me about what they were building.
The data trail you are creating is much more personal and invasive than you want to imagine, and in the wrong hands it could be used to devastating effect.
Every search query you’ve ever made is not available from any data broker and if you hear otherwise someone is lying
Apply the same logical test to freedom of speech, and you’ll get the same result.
You’re not missing anything about what’s likely to happen to you personally. What you’re missing is the manner in which rights shape your life and your society even when you don’t exercise them, and sometimes even when nobody is currently exercising them, and that significant harm can be built out of a vast number of smaller harms that aren’t individually that bad.
Read the fine print. You’re usually not consenting to cookies, you’re consenting to having your data gathered, processed, enriched and sold by hundreds of companies around the world.
One click usually gives random foreign corpos the right to your data across a multitude of platforms, the right to identify you across data sets, and to permanently link your device identifiers to you, for ”fraud detection” on a site which sells nothing.
Clicking on accept or deny on those notices makes no real difference, since the ”partners” and ”vendors” usually enshrine their core data activities into the ”legitimate interest” category, which has no opt-out.
Ok, so suppose I am consenting to all of those things.
I still have the same question… how is my life going to be made worse by that happening?
Are you saying ”I don’t have anything to hide”?
All of your data starts affecting everything your data is used for.
You may get worse rates for a mortgage, or not get one at all. You may be denied insurance or insurance claims. Cherry-picked details of your online activities may be used against you in a court of law, if you ever find yourself in one for any reason (think custody).
These are the very mild examples from a somewhat functional society. In the other end of the spectrum, where societal breakdown is imminent, you have things like getting disappeared, thrown in a concentration camp, executed on your own front yard.
Oh, I don't think I have nothing to hide. I have plenty to hide, so I hide it.
I just don't think blocking cookies meaningfully protects anything that I want to hide. I feel like it is putting gloves on while you walk around naked, it isn't doing anything to protect your privacy.
> You may get worse rates for a mortgage, or not get one at all.
That is an interesting example, because getting a mortgage is going to require me to voluntarily give ALL my personal information to the company giving me the loan, and they will absolutely use all of that to determine if I get a better or worse rate. I am literally giving them my entire financial history, they don't need to try to piece it together using my browsing history.
Also, shouldn't mortgage companies determine rates based on personal information about you? How else should they manage risk? It would be awful for our society if banks were forced to give loans out at flat rates for everyone. There would be zero incentive to pay back loans, because they can't use you not paying it back to decide not to give you more money in the future. If banks had to give everyone the same rate, they would stop lending money entirely. There would be no way to avoid losing it all, why would you do that? No, we WANT loans to be based on personal information, because that is what allows us to have control over our own financial reputation.
> Cherry-picked details of your online activities may be used against you in a court of law, if you ever find yourself in one for any reason (think custody).
This one seems very nebulous, and a very unlikely and low risk. Courts can do discovery; they can obtain much more personal information than cookie based online tracking data. I can't see how this would be worth considering.
> These are the very mild examples from a somewhat functional society. In the other end of the spectrum, where societal breakdown is imminent, you have things like getting disappeared, thrown in a concentration camp, executed on your own front yard.
If this happens, browsing history is going to be the least of our worries. They might throw you into a camp because you DON'T have any browsing history and that is suspicious. If there is no rule of law, you can't expect plausible deniability to help with anything. If we get to that point, they are going to have a lot more than ad tracking data to work with. The added risk seems negligible.
Browsing history (and input) is used in many court cases today and has been for years, at borders as well. It’s not about whether it’s personal, but rather about establishing intent.
Ignore at your own peril, and enjoy risk with no benefit.
Rejecting cookies doesn't erase your browser history.
Cookies tie the history together across sites, at the other end.
Presumably you might also get better rates for a mortgage, to be fair.
Possibly, but the big companies have ratcheting expectations to meet, and prefer to keep benefits to themselves, while leaving us with the drawbacks. e.g. Tesla using telemetry to protect itself but not customers without court order.
You seem to carry a very defeatist demeanor. Is there a particular reason for capitulating at every point of friction?
You've misread or I was not clear enough. I advocate rejecting this system—one must understand the boundaries in order to do that. Saying, "I won't bother" is the opposite of that.
https://rooseveltinstitute.org/publications/uber-for-nursing...
Also, gig workers get paid less when in a poor financial position. Harassed, detained when crossing borders.
These are the start, not the end.
> Read the fine print. You’re usually not consenting to cookies, you’re consenting to having your data gathered, processed, enriched and sold by hundreds of companies around the world.
They'll get it one way or another
With IP tracking, you don't really need cookies much anymore
IP is personal information, at least under GPDR in Europe.
https://gdpr.eu/eu-gdpr-personal-data/
I'm worried about my browsing to be tracked across the entire internet for the purposes of marketers to "enrich" my profile... just to sell me more and to sell that data to third-parties who can make all sorts of decisions based on a made up story about who I am, my preferences, my values and whatnot.
there's a reason I don't walk around naked either. it wouldn't hurt me, but I don't need that kind of exposure for no upside
> third-parties who can make all sorts of decisions based on a made up story about who I am, my preferences, my values and whatnot
You're going to be presented with ads and preyed on by marketing no matter what. The "made up story about who you are" is just even more imaginary the less they know about you. You'll simply be presented with less-targeted ads.
Not the point, no one benefits by having an accurate (or non) dossier built on them, up for sale. The drawbacks may be infrequent and postponed but as history confirms, quite real.
I don’t think there is much short term danger from the cookies. It’s more the principle of the thing. I hate the bullshit language of how we and our 1500 partners respect your privacy choices. They don’t respect anything and would sell their own grandmothers for a dollar.
For me it's mostly a matter of principle. I'm against online tracking and I will do everything I can to not be monetized. Also clicking reject is not that difficult and if a website tries to make it difficult I just close the tab.
I think he is referring to how some have an "Accept cookies" and a cookie's settings, but to reject cookies you have to open a separate dialog box. I agree, and I think it is so wild that people would give their actual email to random sites.
Very few still have that, at least from Europe, and for those which do it's almost usually just a single additional step.
I'm the same, (well, mid thirties, and over a decade) but I always click accept for cookies.
The only times I've stopped, or tried to deny it is with the recent thing I've seen from some sites that say "accept cookies or pay money". I think that is scummy, and against what these regulations require, so I'll usually just close the site in that case.
Oh and to address the point from the main article, I think I'm unfortunately beholden to more companies, but would strongly prefer to not verify my identity, because I have little to no trust in the companies to safeguard my actual personal data. (rather than inferred cookie tracking data, which they can have imo).
same experience here, but one exception:
I just always the most left button, as this is usually "cancel" or "deny" - not alwys right,though :-D LOL
"software developer" is pretty broad. Here this is specifically B2C (business to customer) applications. I only assume that you haven't been in this market sector, otherwise you would've been more familiar with GDPR and all the concerns that prompted it.
There was a time where the Internet was the wild west and you could've easily been personally targeted and exploited. Businesses sold your data to whoever.
Even today, if you decide to accept all cookies, you're safer than what you used to be.
Rejecting the non-essential cookies puts you in the safest spot from bad actors.
I am familiar with the GDPR. We had to do a lot of research when it came out (as well as the California version, the CCPA, where I live), and had to make some changes to how we dealt with data.
> There was a time where the Internet was the wild west and you could've easily been personally targeted and exploited. Businesses sold your data to whoever.
Yes, I remember when the internet was a much more dangerous place, in all sorts of ways. Browsers were not as secure, network security was not very robust. Most things were plain text. Hell, my friends and I used to run ettercap in our college dorm, because the entire dorm LAN was unprotected from ARP spoofing. Everything was sent in plain text, we would capture email passwords, AIM passwords, etc. We would play pranks on each other where we would spoof AIM messages to different people pretending we were someone else on the dorm floor.
I think some of the regulations have helped the internet be safer, but the tech is really what has changed.
It seems crazy that no one stressed it yet: for the last few years refusing the cookies has been requiring EXACTLY the same effort as accepting them, for the wide majority of websites!!!
It's disheartening that so many people still do this (and not accepting has rarely ever required enormous efforts, to begin with).
I like to just roll over and bite the pillow, click "accept all cookies" and let them go in dry and unprotected.
I don't think you are being naive but I do caution you before you don't worry.
Its not always clear what the desired outcome is here. The dark pattern could have nothing to do with the tracking most folks worry about. We like our phones more than our laptops because we touch the screens for example. The dark pattern here could simply be you use the site more because you do more actions there driving you to waste time and view ads. Who knows.
> Maybe I am actually naive, but I just have not yet been convinced I should actually care.
You are. Tracking is extremely dangerous to the society.
Before Shiftkey offers a nurse a shift, it purchases that worker's credit history from a data-broker. Specifically, it pays to find out how much credit-card debt the nurse is carrying, and whether it is overdue.
The more desperate the nurse's financial straits are, the lower the wage on offer. Because the more desperate you are, the less it'll take to get get you to come and do the gruntwork of caring for the sick, the elderly, and the dying
https://pluralistic.net/2025/02/26/ursula-franklin/
I would imagine it's the GDPR "ACCEPT ALL COOKIES" in big font and then in very small low contrast text "select some cookies" or "reject cookies" that they were describing.
You're lucky to get a "reject" or "select some" button at all. Now I typically see "ACCEPT ALL COOKIES" or "Customize Preferences"
technically, it's the ePrivacy directive. GDPR requires the consent to process personal data and governs the data but the ePrivacy directive is the instrument that requires that god-damn-please-make-it-stop-banner.
Which is why I installed the "Consent-o-matic" extension which dutifully denies everything for me, and I have uBlock Origin for everything else.
ublock it all away. ez pz
Meanwhile I just bounce from the site 60% of the time. Most websites aren't needed for my survival, and I hope they are happy that they lost a customer while I go to their competitor.
Moral of the story is: If you want me to see your content, and maybe spend money, don't cover up your content.
Especially if you're not EU-based and not subject to GDPR, stop listening to the laws of some foreign country that doesn't control you.