Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The next step in these laws should be mandating program consumable APIs for essential functions. What if every website showing a cookie banner also had to expose a few endpoints:

  /cookie-tracking/all/accept
  /cookie-tracking/all/info
  /cookie-tracking/essential/accept
  /cookie-tracking/essential/info
Browsers could hook into these or making a browser extension would be easy enough.

As a bonus we might witness the first ever televised government bikeshed over API/naming/is it really REST though?



I disagree. We don't need a technical solution to a people problem. If you start going on the level of how to use individual mechanisms, companies will develop new ones which are not going to be covered by law.

Especially accepting tracking should NOT, under any circumstances, be automated.


I think you misunderstood what they were saying.

To me, it sounds like the purpose of this suggestion:

> Browsers could hook into these or making a browser extension would be easy enough.

Is that browsers can dictate the UI and so you wouldn't have these dark patterns to fight on each individual website.

I don't know if this would be a good or a bad idea, because indeed I can see people making an extension at minimum and a browser (*cough*chrome) at worst that would allow accepting everything automatically (which would not be legally valid because the consent was not 'informed', but the site owners would have no way of knowing that). On the other hand, there is also the advantage of no dark pattern being possible at all if you implement the API correctly. I don't know. Either way, this is what I think GP meant to suggest.


This seems like a nightmare for web devs


It seems reasonable - until you actually look at the specifics. Some site may be just static files with no server-side api handling. Some may use GraphQL exclusively. Security. Government dictated API design will be an absolute shitshow. Etc.


Fair enough. I'm not particularly good at web dev so maybe there are better ways.

In the spirit of the law, yes maybe it should be less about mechanism and more about policy. The law they got fined over was that "accepting tracking cookies should be as easy as refusing them". I do think its possible to amend that to say _something_ like "both accepting and refusing should offer a simple program accessible mechanism to do so". Combined with the existing law, it would mean the mechanism/API can't be made arbitrarily difficult to reject but easy to accept. There will be room for debate here too, but it fundamentally is possible because the banners have to use such a mechanism.


I think that a good society should probably prioritize data/cookie rights over webdev nightmares.


It honestly is such a small overblown issue


Well, it is already nightmare. I would gladly welcome some standardization on cookie banners and tracking.


Sounds a lot simpler than the accumulation of dark patterns that web devs have implemented so far.


What's the advantage over enforcement of Do-Not-Track?


DNT does not have the

    GET /cookie-tracking/all/info
API call that GP suggested. Therefore, any DNT:"please track me baby one more time" values are legally invalid, because it could not possibly be an informed decision.

You can choose not to voice objection with DNT, but you can not give consent using it, and that's what these cookie walls are asking for.

(If you have a legitimate interest, legal requirement, technical requirement, or other ground for processing data while the user does nothing more than browse your website, an up-front banner to ask for consent is never required.)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: