Instead of shutting down completely, why not this:
For goo.gl links that were created by google, continue redirecting them as normal.
For others, show a warning page explaining to the user that the link wasn't created (or vouched for) by google. If they press an "agree" button, still don't show a clickable link, but instead show it as plain text to be copied.
This looks like it could be very valuable for quite a lot of people- thank you for making it!
Just a couple first impressions from your site... loading it on a phone, the first thing I see is this: https://imgur.com/4maP1vV
(1) The entire contents of the site is completely covered by a cookie warning. This is honestly quite annoying even for an SWE like me, never mind your target audience.
I know at least one older person who doesn't understand these cookie modals at all and refuses to touch them. They either continue using the site in the background without accepting/rejecting(!), or if that's not possible they just leave the site.
I'd suggest you carefully check whether you actually need this modal at all. If the only cookies you use are technically necessary, then (based on my layman understanding of the law) you don't need to show it. If you absolutely must use tracking cookies, then maybe consider a more subtle approach that allows the user to continue reading the page without deciding.
(2) "Join Now" makes it sound like I'm signing up to a subscription, rather than making a one-off payment.
People should just stop including those warnings. Unless they are a google, FB or some other juicy politically rich target for the EU to make an example of, they are a complete waste of time. Nobody is going to hassle you about it.
Yeah, you better comply. And it is also pretty simple — if you don't so anything that requires that you get informed consent from your users you don't need to ask them.
Each combination of personal datum and purpose requires such consent if it isn't a strictly needed purpose (legitimate interest). Example: If you have an online shop you can e.g. collect someones address for the purpose of shipping — if they order and enter there address the user implicitly gave you their informed consent that they agree to you using that address to ship the product to them. Logical: when they order and pay money it can be assumed they want to give their address for that purpose.
They did not give you consent to sell that same address off to the highest bidder. If that is what you need to do, you would have to explicitly ask them to whom you want to sell that data and what they plan to do with it — same data, but different purpose. Not legitimate interest since you don't strictly need to do that to sell a product. And you better have a clear wording describing that purpose otherwise you collected uninformed consent and that is worth zlich. If you feel like you need to trick users into agreeing, that is what the law aims to prevent.
IP adresses and such have also been ruled personal data. Server side logging for technical purposes is legitimate interest, but storing the same data anywhere (not only cookies!) for the purpose of ad tracking requires you to get the users informed consent before collecting the data. You can assume that if it can be used to personally identify a user in a sea of users, it is personal data, even if it needs to be used in conjunction with other data to reach that identifiability.
Also: if there is a million "No" switches with two menu layers and one green "Accept" button: you created a nice toy there, but it didn't gather informed concent from your user and is therefore utterly useless. Informed consent must be given freely. If you make one easier than the other it hasn't been given freely. If you visually code one as the good/default and the other as the bad/meaningless/complicated choice, the choice was not made freely. Play stupid games, win stupid prices.
The law is pretty clear on all that, lived reality hasn't cought up yet and people pay real money for that. I recommend that you just read the law, it is probably worth to read instead of copying what everybody else (including the big ones) are doing.
But isn't the cookie banner for asking permission to use third party cookies? I don't think I ever have seen a cookie banner asking if I agree to my data being sold.
Why do you think website operators want to place those third party cookies on your PC?
There's only one legitimate use for them, which is for ancient corporate login workflows that shouldn't exist anymore. Every other use of them generally is just for targeted advertising, and with it sale of data, or using them for internal analytics.
Usually they don't really mention the selling data part upfront; it's hidden somewhere in the giant modals that they make you click through. There's also the related problem that Google is an information guzzler, and anything that enters it's ecosystem has a chance to get used by them for advertising, meaning that these giant modals also get shown for webpages that use Analytics. That last one is how you often see sites without ads get those giant modals.
Arguably they should've been blocked by the user agent years ago, and Mozilla has already done so. Google however cannot do so with Chrome because of their conflict of interest in the ad market; the UK has determined that if Chrome kills third party cookies, all their replacements would just punt Google into unfair competition. It's probably the strongest argument I can think of as to why Chrome should be split off from Google - a browser that cannot meaningfully protect a user against bad actors because of the operator being a monopolist bad actor shouldn't be used at all.
Mere (same site) login cookies require no modals or confirmation since the user implicitly consents to them when they authenticate (most users expect their login to be preserved when they changes pages and/or reload the site.) That said, it's still considered a courtesy/good practice to inform users before placing them regardless.
Yeah but the law didn't invent cookie banners, people who (intentionally mis-)interpreting the law did. Then in the public eye it got reduced to "You need a cookie banner" and people jumped on the bandwagon, because other sides had them so apparently you need to have them too. Many of those cookie banners are factually at odds with current EU law. But hey everything is a cargo cult these days.
Legally the law is just: You have to ask for informed consent that has to be given freely for each purpose. How you ask and how you inform is not defined precisely, except for negative examples what isn't considered informed consent or freely given consent etc.
If someone just clicks "Accept All" that person wasn't informed. So cool that you made them click, but you could also just have left it away, since it didn't give you the thing the law required you to get.
That means real datahogs would probably need to inform people in a many slides long presentation or a feature length film before they could actually get even close to receiving something resembling informed consent. That is ofc totally unpractical and would hurt their business of data-hogging.
Now the EU came at this with the base assumption that prvacy is a right that needs to be protected in a way that it cannot be simply given away without informed free consent. So if it hurts databogs, that is one of the intended side effects.
If my friends Pizza place wants to put ads onto my website that is entirely possible without any tracking he can give me a JPEG or a video and I put it onto my website as static content. Just the current way of advertisements with 300+ third parties would become harder.
Because it’s a poorly designed regulation and there is a group of people who can’t accept that the EU over-regulates and is bad at writing any regulation remotely related to technology.
If a government has trouble complying with the “spirit” (as many people use in argument) of their own regulation then the regulation is poorly designed and not useful.
Those are most likely illegal too, although local DPAs have been mucking with allowing them.
The CJEU however doesn't seem to like the practice, considering Meta/Facebook wants to do the same scheme, and as a general rule, when a major company does it, it'll eventually get a decision from the CJEU.
By the letter of the law these cookie paywalls are actually illegal. I assume the news sites are intentionally taking the risk till there is legal clarification/precedent.
I wish them that the EU comes crashing down with a hammer and demands all ad revenue of that time back.
Or they just stop with all this nonsense by not having third party tracking cookies in the first place. Legitimate usage of cookies doesn’t need such a banner.
Adding the ability to view the full title is an easy fix, I'll include that in the next push.
The history and bookmarks point is a good one. It's possible to specify those as optional permissions for the extension, so users could decide whether or not to enable them. One idea that motivates the project is that it's easier to close tabs when you know you can always get back to them quickly, so history and bookmark search are necessary to enable that mindset. I'll ruminate on this one a little more.
The idea of using it without replacing the "new tab" page had never occurred to me. Let me think about that one, too.
This looks fantastic and is relevant to some game modding ideas I've had. I love your blog series about decompiling Tenchu too. Thank you for releasing this stuff!
I should get back to this project one of these days. I did one version tracking session too many in a row and had to take a break, plus that delinking side-quest keeps snowballing out of control.
"The customer understood that their code was broken either way. They just were curious why unordered_map seems to demonstrate the problem more clearly."
Seems reasonable to me. It's an interesting question even if any given answer is only valid under narrow conditions.
