[Opinion] If your site uses an external domain for determining if a user consents to tracking or not, you are still providing a vector for tracking, whether you and your user choose to allow it or not
[Opinion] If your site uses an external domain for determining if a user consents to tracking or not, you are still providing a vector for tracking, whether you and your user choose to allow it or not
Something I noticed on a few websites, including stackoverflow, is that they leave tracking settings up to a different website, which still lets that external party know what websites a user has been seeing, and this can be maliciously abused.
I realize this might have been mentioned before, but I didn't see any similar posts in a quick search.
Naturally, I have both these "cookie" sites denied access.
I also felt that I should mention that any external asset domains can also see this traffic, too, but those typically aren't used with tracking - or the opposite thereof - in mind.
How do you, personally, block cookies? Like, manually or with an extension or..? Do all your devices have the block?
I run a pihole, but I think cookies work very differently than ad dns. I don’t really understand the various components of the internet, tbh.
I use browser extensions that - from what I'm understanding - remove any external script references, or at least prevent the script from loading, but I'll admit, the pihole method is what I've been drooling over for a while now, but haven't arranged yet. Also, it's probably more trustable than a browser extension, ironically. 😅
Permanently Deleted
I do understand where you're coming from. But since it's the law, to have these cookie things, there obviously will be a service for it.
SO could probably implement it themselves. But small businesses and volunteers of clubs etc. probably don't have the expertise to do so...
That makes sense. Now it seems like a dilemma though. I assume that authority looking over this aspect of privacy would monitor the cookie sites to ensure no data is being retained when a user selects no, but that still leaves an opening for hackers. Well, I guess empty cookies would only mention the device ID and website ID and date accessed, nothing more.
I do not know whether the authorities keep an eye on these sites. But I wouldn't count on it.
IMO the law to have these cookie notifications was made by people who wanted to do something about privacy. But did not understand the tech, they where writing a law for. There is localstorage which basically works like a cookie or much more advanced ways like scripts, which may track ppl. And there exists no law (that i am aware of) to make users aware of these things...