+- Sinisterly (https://sinister.ly)
+-- Forum: General (https://sinister.ly/Forum-General)
+--- Forum: World News (https://sinister.ly/Forum-World-News)
+--- Thread: France Orders Google/Facebook to Offer One-Click Cookie Rejection (/Thread-France-Orders-Google-Facebook-to-Offer-One-Click-Cookie-Rejection)
Pages:
1
2
France Orders Google/Facebook to Offer One-Click Cookie Rejection - Dismas - 01-07-2022
France is pressing Google and Facebook to make cookie rejection as simple as one click. Outlandish, as the entire internet functions on the basis of cookies. By inputting or storing data, people should assume they're using cookies. Like GDPR, these measures are being enforced by people that don't understand the basic functions of the internet.
Quote:French regulators today ordered Google and Facebook to make rejecting cookies as simple as accepting them and fined the companies a total of €210 million for failing to comply with France's Data Protection Act.
The CNIL (Commission Nationale de l'Informatique et des Libertés) said that "facebook.com, google.fr and youtube.com offer a button allowing the user to immediately accept cookies" but "do not provide an equivalent solution (button or other) enabling the Internet user to easily refuse the deposit of these cookies. Several clicks are required to refuse all cookies, against a single one to accept them."
The process making it harder to reject cookies than to accept them "affects the freedom of consent of Internet users and constitutes an infringement of Article 82 of the French Data Protection Act," the CNIL said. The agency announced fines of €150 million for Google and €60 million for Facebook and said it "ordered the companies to provide Internet users located in France with a means of refusing cookies as simple as the existing means of accepting them, in order to guarantee their freedom of consent, within three months. If they fail to do so, the companies will have to pay a penalty of 100,000 euros per day of delay."
The CNIL said it has received many complaints from users about both companies. In its announcement of the Google fine, the CNIL said it determined that "making the refusal mechanism more complex actually discourages users from refusing cookies and encourages them to opt for the ease of the 'I accept' button." With Facebook, "in order to refuse the deposit of cookies, Internet users must click on a button entitled 'Accept cookies,' displayed in the second window... such a title necessarily generates confusion and... the user may have the feeling that it is not possible to refuse the deposit of cookies and that they have no way to manage it."
Read More: https://arstechnica.com/tech-policy/2022/01/frances-fines-google-and-facebook-e210m-for-making-cookies-hard-to-reject/
RE: France Orders Google/Facebook to Offer One-Click Cookie Rejection - ConcernedCitizen - 01-08-2022
Like that senator that thought you could hack a web page by viewing its source (view-source:url), this has the stink of old people that just learned how to tweet.
@Oni
You're probably aware but dark patterns like this are commonplace. Cookie consent is one huge perpetrator of such techniques.
RE: France Orders Google/Facebook to Offer One-Click Cookie Rejection - mothered - 01-08-2022
(01-08-2022, 09:18 AM)vittring Wrote: Like that senator that thought you could hack a web page by viewing its source (view-source:url)Surely you cannot be serious?
RE: France Orders Google/Facebook to Offer One-Click Cookie Rejection - ConcernedCitizen - 01-08-2022
@mothered
https://arstechnica.com/tech-policy/2021/10/missouri-gov-calls-journalist-who-found-security-flaw-a-hacker-threatens-to-sue/
Quote:Parson described the journalist as a "perpetrator" who "took the records of at least three educators, decoded the HTML source code, and viewed the Social Security number of those specific educators" in an "attempt to steal personal information and harm Missourians."
Major web browsers include options such as "view source" or "view page source" to look at a webpage's HTML, so anything in that code is easily available. The initial Post-Dispatch article didn't go into detail about how the Social Security numbers were obtained from HTML source code, but a follow-up article about Parson's legal threats today said that the "teachers' Social Security numbers were present in the publicly visible HTML source code of the pages involved."
To clarify, the website had encoded SSN's not encrypted them, but the person who found this were called a "hacker" for disclosing.
The web page was taken down, hopefully before malicious users of the site could exploit this weakness.
RE: France Orders Google/Facebook to Offer One-Click Cookie Rejection - mothered - 01-08-2022
(01-08-2022, 10:53 AM)vittring Wrote: To clarify, the website had encoded SSN's not encrypted them, but the person who found this were called a "hacker" for disclosing.It's funny how the person who discovered SSNs In the HTML web page source code (that's viewable by anyone), was labelled a hacker.
(01-08-2022, 10:53 AM)vittring Wrote: The web page was taken down, hopefully before malicious users of the site could exploit this weakness.The web page/website Itself, obviously cannot be exploited purely through SSN numbers.
Though, such details In the hands of users with malicious Intent can have serious consequences.
RE: France Orders Google/Facebook to Offer One-Click Cookie Rejection - ConcernedCitizen - 01-08-2022
@"mothered"
I meant that the information was public and barely encoded in the page and someone could easily have used that for exploiting the teachers. A huge breach of personal security (PERSEC - the protection of personal information) & privacy laws probably.
RE: France Orders Google/Facebook to Offer One-Click Cookie Rejection - fronti - 01-08-2022
Well done, I hope they will find good use for that money
RE: France Orders Google/Facebook to Offer One-Click Cookie Rejection - Accident Man - 01-09-2022
I do not really visit many websites anymore, as I got tired of having to exit out so much crap before I can actually use the website.
I hope this is becomes enforced European-wide.
RE: France Orders Google/Facebook to Offer One-Click Cookie Rejection - Bricker - 01-09-2022
(01-08-2022, 10:53 AM)vittring Wrote: To clarify, the website had encoded SSN's not encrypted them, but the person who found this were called a "hacker" for disclosing.
The web page was taken down, hopefully before malicious users of the site could exploit this weakness.
Makes me wonder then if it's considered 'hacking' when people discover improperly redacted documents (making text backgound black) by just copying and pasting the text into notepad. Wouldn't be surprised if it is.
Back on topic: While I kinda get the point these regulators are trying to make, I feel like they aren't really getting the picture and understanding the real problem. Cookies being used to fingerprint, track and identify users habits across multiple sites for marketing and advertising is the problem. Not the little convenience cookies like staying logged in, etc. If users were really against cookies and not herd mentality, they could just straight up disable cookies. The government agencies could have just spent time telling people how to do that instead of mandating every single site give users a prompt to disable some cookies.
I always thought putting the onus on end users to accept or reject cookies per site was absurd in the first place. Great idea on paper, but as we all know from every single site we visit what its really like.
I feel like this path will just lead to users having to decline cookies every time they visit a page because the sites can't even remember if the user declined cookies.
RE: France Orders Google/Facebook to Offer One-Click Cookie Rejection - Marshland - 01-12-2022
Rejecting cookies really feels like a chore at times. Good thing to make it a one-click thing.