Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: Is Cookie Pop-Up Protection a Good Idea?
3 points by pipo234 on Oct 7, 2024 | hide | past | favorite | 8 comments
On my Android phone I've been using Duck Duck Go's browser for a while. By default it visits sites "incognito" and aggressively purges cookies.

Of course this results in sites not remembering your (GDPR) privacy preferences which would in turn result in those pesky pop ups every time you visit a site. To mitigate this, DDG offers a feature to automatically handle the popups:

   When DDG detects cookie pop-ups on sites you visit it can automatically set your cookie preferences to minimize cookies and maximize privacy, then close the pop-ups.
Technically, it's far from the simplicity of something like DNT header, but it works reasonably well on a (small) majority of websites. I think this is because those websites use a standardized dialog, the remaining sites still require manual interaction with the pop-up.

What I've noticed recently in my own behaviour is that I tend to dismiss or ignore search results that DDG's pop up feature doesn't recognize. I.e.: I have a bias toward preferring sites that either don't have cookies, don't have cookie pop-ups or have cookie pop-ups that immediately disappear automagically.

So my question is: what if these kinds of tools gain wider adoption? Would that cause traffic to significantly decrease for sites with non-standard pop ups? And could that ultimately incentivize websites to tailor pop-ups to not annoy users? Any are downsides?



I use the extension Hush to do something like this.

Regardless of the systems to try and make the modern web less annoying, if a website annoys me too much, I leave. I can notice it on my face. I will go to a site, and may have a slight smile as I start to look it over. Then a modal window pops up asking for my email... the slight smile disappears and turns to a look of annoyance. Then I move my mouse toward the top of the page and it pops up another modal to ask me not to leave. Then as I'm reading new ads load in and shift the content, so I lose my place. Then so many ads load that the site crashes and reloads, and the dance starts again.

I'm done with it. At step 2, if I don't desperately need to see what's on the page, I'm closing the tab. These sites seem so desperate to milk every penny out of each impression that they become unbearable to use. I have to question if they would do better with less, because they would (at least in theory) get more repeat traffic. But I guess it doesn't matter these days, as few people go directly to sites and are instead driven to various sites by various social platforms.


From the website's tracking/ads/monetization perspective GDPR is a diabolic dilemma:

* no tracking: no money

* tracking without consent: GDPR fine

* tracking with manually clicked user consent: adds friction, nudges users to go elsewhere

* tracking with automatically clicked user consent: removes friction, but allows preconfigured blanket refusal

...For the time being, third option might still appeal, but at some point might they finally infer that people just don't want to be tracked/spammed/monetized/targetted?


Why can't there be money without tracking if the site still has ads? Advertising without any type of user tracking was the norm for the history of marketing until recently.

Simply target the ads based on the content of the site. Is it a site that covers fishing news? Show ads for fishing related stuff. Is it a blog for new moms? Have ads for stuff new moms need/want. Is it a more general purpose site with a lot of topics? Have keywords on the article dictate the ads.

This doesn't seem that complex, and the ads are still targeted based on the type of person who would want to interact with the content. No user tracking needed. This type of targeting gives us terms like soap opera. Those shows have been running for decades, it must work well enough.


Great point! Yes! And this is how (most) of traditional podcast ads work as well. You know, the ads that actually guide you to interesting products.

One thing to note, though, is that tracking is also used by the bean counters. Pre internet (newspapers, billboards, tv) accountability was always answered by: "trust us" or coarse-grained estimates.

Individual user tracking promises a transparent way to separate checks from balances. Evidently, this is a bit of a false promise in practice. And that is why there's this cat and mouse game where advertisers are tracking "genuine user agents" and sifting out the robots.

While I'm sure the advertising eco system is nothing but lies, damn lies and statistics it seems that in terms of click-trough and conversion user targeting is more profitable than content targeting.

...That being a common belief, I suppose we're left with simply prohibiting user tracking altogether, or making it prohibitively expensive. GDPR, ad and cookie blockers are stones thrown into the pond of the latter.


The uBlock Origin “annoyances” lists filter these cookie banners really well. I used it on Firefox for Android. I almost forgot about cookie banners because it worked so well.


Is uBlock Origin simply suppressing the pop ups / cookie banners or does it have similar logic as DDG to auto select the most privacy friendly option?

(Not sure if this actually matters in practice, but I'm sure lawyers would have ideas about what one or the other implies legally...)


It hides them, but also blocks most of the trackers anyway. Compliant websites should not track you before you consent. If they don’t honour this basic GDPR rule, it probably won’t honour your choices either.


I'm not a lawyer and I think you're right about the website's responsibility. It might be a bit more murky to assess whether the user agent is abusing the website (OMG, piracy!) if it looks beyond the modal cookie pop-up bypassing the actual choice. I mean, along the lines of skipping the mandatory DVD banner that says "the FBI will come after you if you copy this movie or skip this banner", DCMA style.

But yeah, that's probably just a nitpick only paranoid IP lawyers might consider pursuing.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: