Yeah, I mean the first thing we all do when we get one giant unified inbox is write a bunch of rules to break it back out to a set of folders so that we can triage it appropriately. Slack channels just do this from the get go.
Having worked at multiple companies and talked to multiple legal teams about this, they tend to be very conservative. So the guidance I've gotten is that if we store any information at all on the person's computer, even to know whether they've visited the site before, we still need a cookie banner.
Basically, the law created enough fear among the lawyers that software developers are being advised to include the cookie banner in cases where it isn't strictly needed.
Agreed! Many sites don't actually comply with the GDPR because they don't provide simple tools to control the cookies and instead force you through a flow. Part of my gripe with the law is the way those violations are not being systematically cited.
You'd have much better retention rates if you don't cover up the content the viewer is trying to view.
How would you like it if I shoved a banner in your face the moment you walked into a store and forced you to punch a hole in it in order to view items on the shelves?
> even to know whether they've visited the site before
So uh, don't do that.
You don't need to notify if you use cookies for required functionality like login sessions or remembering a functional setting.
If you're tracking whether they're returning or not your activity is exactly the kind of behaviour the rule is covering because, in legal terms, it's skeezy as fuck.
> You don't need to notify if you use cookies for required functionality like login sessions or remembering a functional setting
Nobody wants to be the EU test case on precisely how "required functionality" is defined. Regardless of what the plaintext of the law says, it should be self-evident that companies will be more conservative than that, especially when the cost is as low as adding one cooke banner and tracking one preference.
"Strictly necessary cookies — These cookies are essential for you to browse the website and use its features, such as accessing secure areas of the site. Cookies that allow web shops to hold your items in your cart while you are shopping online are an example of strictly necessary cookies. These cookies will generally be first-party session cookies. While it is not required to obtain consent for these cookies, what they do and why they are necessary should be explained to the user."
Right, and then the legal teams tell me they don't care, and we should put up the cookie banner anyway. I feel like you didn't read my original comment.
That just means your legal team is lazy or incompetent. I work for a massive company that handles extremely sensitive PII and we don't have a cookie banner, because we don't need to have a cookie banner. GitHub doesn't have one, Gitlab doesn't have one.
The problem is that I spend hours explaining the actual technical nature of what we're doing to the legal team and I feel that there's often some kind of breakdown in communication because they don't understand the underlying technologies as well as the engineers do. And I haven't had this experience at one company, I've had it at multiple companies, several of which folks in this thread will have heard of.
To put a finer point on some of this, in one instance, I was writing an application that would allow our customers to deploy their own website with content that they had created through the tool that my company had provided. My company wasn't adding any tracking whatsoever to these pages. We were simply taking their content, rendering it properly, and hosting it for them. We ended up enforcing a cookie banner on these pages because the lawyers couldn't guarantee that there wouldn't be tracking content on that page that was added by the customers. But the end result is that every page, the vast majority of which don't have any tracking, still have cookie banners.
In essence, the law created a new legal hazard, and people aren't sure when they're going to run into it, so they end up putting up fences all over the place. Between this and malicious compliance, the end user experience has suffered greatly.
That's super interesting, because the lawyers should know that under GDPR, consent needs to be specific.
So a generic cookie banner is actually going to make the legal case worse than not having one at all (because you've now demonstrated that you knew you should have explicitly declared usages, partners, and used opt-in consent, but you didn't).
Laws should be evaluated on the effect they actually have on society, rather than the effect that we wish they had on society. I am very critical of laws that fail this test, and I think they should be updated to improve their performance. We want the right outcome, not the right rules.
I'm willing to argue that, sure (though it's purely a hypothetical point as I'm not a citizen of the EU and thus I don't and shouldn't have a voice in the laws there). I don't judge a law by a deontological measure of worth, but rather by whether it seems to be making things better or worse. The GDPR has overwhelmingly made my experience browsing the web worse, not better. Whether it should have resulted in that is beside the point: it has resulted in that, so that is what I judge it by. Therefore, I think it makes sense to get rid of the law as it seems that it is making things worse for people, not better.
> The GDPR has overwhelmingly made my experience browsing the web worse, not better.
From where I sit that's hard to evaluate since you cannot actually see most data abuses and privacy concerns, and you also don't know how it would have been without it. You also see the effects of various laws and regulations in combination, so the ones related to GDPR are not easy to be singled out. Are you thinking only of the cookie banners? Maybe sites would be plastered with even worse bullshit. Did you consider that GDPR also resulted in privacy policies that (if actually somewhat legal) are fairly easy to read and not just copy pasta but specific to the service(s), have proper contact information, you get some transparency about which data partners the sites work with, sites need to have full data export, right to be forgotten (removal of your data/contributions), and so on. I am certain you benefit from it often, potentially without realizing, and you wouldn't know what the world would be like without them today so it's not so straightforward to reason about.
Everyone is keying on forced free labor, but that's not really the proposed solution when an open-source project ends. The fact that it ends is a given, the question then is what to do about all the users. Providing an offramp (migration tools that move to another solution that's similar, or even just suggested other solutions, even including your own commercial offering) before closing up shop seems like a decent thing to do.
I'm noticing this argument a lot these days, and I think it stems from something I can't define - "soft" vs. "hard" or maybe "high-trust" vs "low-trust".
I always warned people that if they "buy" digital things (music, movies) it's only a license, and can be taken away. And people intellectually understand that, but don't think it'll really happen. And then years go by, and it does, and then there's outrage when Amazon changes Roald Dahl's books, or they snatch 1984 right off your kindle after you bought it.
So there's a gap between what is "allowed" and what is "expected". I find this everywhere in polite society.
Was just talking to a new engineer on my team, and he had merged some PRs, but ignored comments from reviewers. And I asked him about that, and he said "Well, they didn't block the PR with Request Changes, so I'm free to merge." So I explained that folks won't necessarily block the PR, even though they expect a response to their questions. Yes, you are allowed to merge the PR, but you'll still want to engage with the review comments.
I view open source the same way. When a company offers open source code to the community, releasing updates regularly, they are indeed allowed to just stop doing that. It's not illegal, and no one is entitled to more effort from them. But at the same time, they would be expected to engage responsibly with the community, knowing that other companies and individuals have integrated their offering, and would be left stranded. I think that's the sentiment here: you're stranding your users, and you know it. Good companies provide a nice offramp when this happens.
Just some examples. If you watch the hearings from two days ago, you'll see that DOJ refuses to interview or speak to the victims to gather more info, and ignored a report from DJT's limo driver that he spoke with a (now deceased) victim that was murdered (head blown off, cops said it couldn't be suicide). That report asserts that DJT and JEE raped her, but they never even spoke to him or followed up.
There is a clear pattern of inaction, going back several administrations.
For fellow HN'ers reading this epically long back and forth:
sig appears to be taking the more mainstream stance that Starship Troopers is satire. This is reinforced my popular interpretations from, say, Wikipedia, but refuted by others, like say, IMDB.
mrob is part of the coalition (that included many critics when the film was released) that asserts the film has no elements that are satirical. I admit pointing to specifics that show the satire is tough. "Do you want to know more?" was the biggest tipoff to me.
But my point is that this argument is still going on in wider society. Lots of people say satire, and lots don't. But the balance say it is:
> Since its release, Starship Troopers has been critically re-evaluated, and it is now considered a cult classic and a prescient satire of fascism and authoritarian governance that has grown in relevance.
> This is reinforced my popular interpretations from, say, Wikipedia, but refuted by others, like say, IMDB.
Not "refuted", "disputed". If you "dispute" something you disagree with it. If you "refute" something you not only disagree with it but you conclusively prove you are correct.
They certainly haven't done the latter.
This word is very frequently used incorrectly. Sometimes on purpose by people (such as politicians) who would love to be able to actually refute some allegation, but instead just disagree with it and say that they refute it.
Yeah, I just looked at the tags for the genre on IMDB, and confirmed "Satire" wasn't there for Starship Troopers, but is there for other satires.
Thanks for the language lesson. You're of course correct, but "refute vs. dispute" isn't one of my language pet peeves (like "less vs. fewer" is), so thanks for the correction.
I had no idea that people seriously think that the film isn't satire - I thought it was just people who had barely paid attention to it and weren't really giving it much thought that didn't spot the satirical elements throughout the film.
They're even wearing fascist style uniforms and all the commercials are so over-the-top.
Maybe part of it is due to how it was promoted - in the UK, it was promoted as satire, but I believe the USA promoted it as a straight action film.
> “I remember coming out of Heathrow and seeing the posters, which were great,” Verhoeven added. “They were just stupid lines about war from the movie. I thought, ‘Finally, someone knows how to promote this.’ In America, they promoted it as just another bang-bang-bang movie.”
> They're even wearing fascist style uniforms and all the commercials are so over-the-top
The big clue to me is when they visit the recruiter. The man is sitting at a desk and says something along the lines of "the galactic marines made me the man I am today", only for him to push back and reveal he's lost both his legs.
This seems.. wrong? From the director's mouth, confirming it's satire [0]
> Robert Heinlein’s original 1959 science-fiction novel was militaristic, if not fascistic. So I decided to make a movie about fascists who aren’t aware of their fascism. Robocop was just urban politics – this was about American politics. As a European it seemed to me that certain aspects of US society could become fascistic: the refusal to limit the amount of arms; the number of executions in Texas when George W Bush was governor.
I really have no idea why Wikipedia says what it does. Someone should edit it.
I'm of the opinion that if you want to make a satire, intending to make a satire isn't enough, you have to actually make a satire. Others might disagree. The famous Roland Barthes essay "The Death of the Author" is relevant here:
It seems there are 2000 positions and 8000 applicants. The program cost $74M, but more than paid for itself:
> It also recouped more than the trial's net cost of 72 million euros ($86 million) through increases in arts-related expenditure, productivity gains and reduced reliance on other social welfare payments, according to a government-commissioned cost-benefit analysis.
The lockdown has been slow and steady. Slow enough that at every juncture, apologists point out that it is still possible to run software you choose. I think we enjoy freedom that people do not appreciate because they never had to earn it. Gaining it back will require extraordinary effort.
I really wish people would stop trying to innovate with user interfaces. In a comment below you criticize this UI because it doesn't have delimited interface elements. I agree that non-delimited user interface is really bad, but I attribute that mostly to Microsoft's flat design innovation, which I didn't like at the time, and I still wish I hadn't had so much influence.
As for invisible scroll bars, again we agree. But I think that was Apple. I'm sure somebody will correct me if it wasn't.
reply