> Using the internet in the UK/EU is such a horrible experience, every cookie pop-up is a reminder how badly thought out these rules are.
Technical cookies don't require any consent so every time you see a cookie banner the website owner wants to gather more data about you than necessary. Furthermore, these rules don't require cookie banners, it's what the industry has chosen as the way to get consent to track their users.
So when I see a tracking cookie dialog on a web site, either 1. the site collects more data than they need to in order to run the site or 2. they don't and the site's management is incompetent. Both are pretty good reasons to avoid that particular web site.
There's no risk, they know what they are doing because the law doesn't just mandate the banner, it mandates you to know which third party service you're sharing the data to.
Check the banner next time, you'll see how many “partners” they do sell your data to.
A lot of websites for smaller businesses will not be run by technical people, they'll be run by business people or otherwise who don't understand cookies beyond "I see cookie banners on every website I visit, therefore to avoid legal trouble I need one too", you can't expect someone like that to understand the difference between tracking cookies and technical cookies.
Ah yes of course. How could I forget about poor Mom & Pop Co. and their 186 business partners that they want to share my personal data with. Surely we can't expect such a small operation to know what they are doing.
That's not the point I'm making, I'm saying whoever in Mom & Pop Co. set up the website may well not understand the difference between the cookie types and even if they are using no tracking cookies and sharing no data, they may well put a cookie notice on their website anyway as they're so common they think they're normal, the law allows for huge fines, and they're doing it out of an abundance of caution.
It's very easy to make websites without needing cookie popups in EU/UK. Every cookie popup is a reminder of how stale the thinking around tracking and data sharing is!
Some would argue the point is to be intrusive... The most cost effective and simplest solution to kids watching porn would be regulation around on-device filters. Why the UK didn't do this and instead tried to regulate the entire internet should be questioned – is this really about the children watching porn?
When purchasing an internet-enabled device the UK could regulate that large retailers must ask if the device is to be used by an under 18 year old. If they say yes, then they could ship with filters enabled. They could also regulate that all internet-enabled devices which could be sold to children should support child filters.
If we did this then whether or not a child views NSFW material it will be on the parent, instead of the current situation where whether a child can view NSFW material online depends on the age verification techniques of Chinese companies like TikTok or American companies like 4chan.
When you buy wifi, they already make sure you're an adult. They ask for proof of residence, you sign a contract. Children cannot buy wifi. Go ahead and try - no ISP is going to write a contract with a child.
Wifi, like tobacco and alcohol, is already age restricted.
The problem is the adults buying it then turn around and just... Hand it to children. That's not the fault of the law or society.
Like, okay the store clerk might make sure when I buy a pack of menthols I'm of age. But if I just go home and hand my kid the pack of menthols, all bets are off. That's not the store clerks problem, he can't and won't get in trouble for that.
Parents and establishments are being stupid here. Same applies for public wifi. Don't want kids to use it? Okay, give it a password, only tell the password to adults. Easy peasy.
> But if I just go home and hand my kid the pack of menthols, all bets are off. That's not the store clerks problem, he can't and won't get in trouble for that.
But it is society's problem, and within society's capacity to attempt to manage.
Sure, but reality also often means smart, caring parents still can't stop kids from... being kids. I've lived in places where half a dozen public wifi hotspots were available; even if I didn't, chances are I'd have to let my kids on wifi for homework, on computers I don't have admin rights to because they come from the school.
They can't go sign up for a new internet plan, but that's hardly required.
> But it is society's problem, and within society's capacity to attempt to manage.
Sure, to an extent, but not really: we give parents a lot of freedom here.
> Sure, but reality also often means smart, caring parents still can't stop kids from... being kids. I've lived in places where half a dozen public wifi hotspots were available; even if I didn't, chances are I'd have to let my kids on wifi for homework, on computers I don't have admin rights to because they come from the school.
Okay, then lock down those networks. We don't need to lockdown the Internet as a whole.
In reality, most of those networks already are locked down.
Try searching up porn on, say, hotel wifi, it won't work.
I can't even search for porn on cellular networks and I'm in the US.
Hotels, Starbucks, my job, the library - they all block porn. The idea that kids just have free access to a wild internet is legitimately made up. Schools block that stuff too - universities, even.
As I've said, this solution is not solving this problem because this problem legitimately does not exist. It's solving a different problem. What that problem is, is for you to find out.
My cellular network (Google Fi / T-Mobile), as far as I can tell, has zero content blocking. Hotels used to officially put porn on the TVs via pay per view. I'm very skeptical that they widely block it.
I have high-school aged kids; they all trade techniques for getting precisely that "free access to a wild internet". It's a game of whack a mole, and school IT administrators are on the losing side.
Yes so lets go ahead and burn the entire internet so your kids, specifically, don't see boobies or something.
The reality is that it is YOUR responsibility to control what your kids see. If you fail, I do not care. They are not my kids. Not only do I not care, nobody cares.
You can absolutely lock your kids down and make sure they get no internet access. I know because I grew up without internet. Everything is very much in reach. Do that, or don't, again I don't care.
My mobile carrier blocks porn. I know because I'm an adult and sometimes I want to watch porn, and I have to use a VPN.
What you should do is call up whoever you are giving money to for internet and ask them about blocking. If they tell you they don't offer that product, then you, as a consumer, should cancel your subscription and go to another carrier.
What are you talking about when you say "when you buy Wi-Fi"? If you walk into a coffee shop, or a hotel, or just about anywhere, you get Wi-Fi for free. Are you talking about buying mobile service from an operator?
I'm happy to have popups with "Reject All" button. If there is no "Reject All" button I close site immediately.
Cookie regulations are perfectly Ok, businesses which want to add 429 vendors and data processors to simple internet shop or corporate blog is not.
If you use cookies only for legitimate basic local functionality (like login and shopping cart on online shop site) you SHOULD NOT have any popups, there is exemption for such use cases in the regulations. Only if you want to sell data or pass it for processing to third party you need popup. Simply don't.
Having done several rounds with parental control, I'd say -- nfw. We were worried more about timesink than anything else, but over a long period of time, it mainly boils down to knowing your kids, trusting them, with checkups. The tech is just not there to actually control what happens on a device.
White listing worked for a while (months) when they were young, but it was super-high touch and stuff just broke all the time. You try to whitelist a site, but you have to then figure out all their CDNs.
Restricting specific sites works, sort of, until they find some place that hosts that content. Blocking youtube doesn't work(*), every search engine has a watch videos feature. (Why are you spending 3 hours a day on DDG?) There's really no way to segment youtube into "videos they need to watch for school" and "viral x hour minecraft playthrough". Somehow, we've managed to combine the biggest time waste ever with a somewhat useful for education hosting service.
That's leaving out the jailbreaks that come from finding an app's unfiltered webview and getting an open web escape there.
There's basically no reliable method for filtering even on locked down platforms.
* there's probably a way to kill it at the firewall based on dns, but that's iffy for phones and it's network wide.
It's totally doable to block YouTube with pihole, and also to make it blocked only on certain devices.
The regex are:
(^|\.)youtubei\.googleapis\.com$
(^|\.)ytstatic\.l\.google\.com$
(^|\.)ytimg\.l\.google\.com$
(^|\.)youtube-ui\.l\.google\.com$
(^|\.)youtube\.com$
(^|\.)ytimg\.com$
(^|\.)googlevideo\.com$
You can create groups and assign devices to them, and assign the block rules only to certain groups.
The only annoyance with this is that it blocks logging into Google since they redirect to YouTube to set a login cookie as part of the Google login process. If you're already logged into Google though, everything works as normal, and you can always disable pihole for five minutes if for some reason you got logged out and need to log back in.
My kids figured out disabling Wifi disabled the Pihole within hours, and that was when they were ~9. They are intelligent opponents and a very fast moving target.
On Android, it's technically possible to use an always on VPN to still use pihole even when on cellular data, but unless there are some mdm controls on the phone, one can obviously disable the VPN.
> The tech is just not there to actually control what happens on a device.
Neither is the tech for locking down all online identity to government-controlled access... But I have strong opinions about which one everybody should/shouldn't start creating!
Age restricted filtering of the internet is the default on all UK mobile networks as far as I know, it might even be the law that it defaults to filtering. You have to actually ring them up and say you want the filtering switched off or some do it as part of the sign up process.
All the routers also come with filtering settings as well and ISPs ship with the filtering on by default, since that is the law and has been for several decades.
It's generally just a toggle in the account settings so no need for a phone call, but yes. It is default-on when you take out a new broadband connection or mobile phone contract.
> Using the internet in the UK/EU is such a horrible experience, every cookie pop-up is a reminder how badly thought out these rules are.
That's what the advertising-dependent implementers who deliberately made it shittier than necessary (stuff like "you have to decline each of our 847 ad partners individually") want you to think, at least. It's mostly malicious compliance.
The funniest part of the banners is that most websites just buy a service from a third party to manage compliance, and some of those third party service providers have added "decline all" style buttons and one click solutions to all that use them, and are even friendly enough to save that choice in one of the "necessary" cookies.
But people (like my girlfriend) still click "Allow all" because they don't seem to realize that the legislation requires the website to still function if you decline unnecessary cookies!
The banner is literally an attempt to FOMO you into accepting cookies you never need to accept!
IMO the EU is somewhat in dereliction of Duty for not punishing cookie banner sites
Oh, its funnier than that. The most sophisticated data trackers don't even use cookies anymore. Anyone you would have to worry about getting that data hasn't used cookies in years. So the entire exercise punishes small companies that don't do anything with the data except pre-populate fields for you. But big tech companies that the law was targeting don't have to change a thing.
The cookie popups is such a painful representation of Europe tech in general.
Like you can configure your browser to do whatever you want with cookies - blocking them all, blocking only third party ones, etc. - there is no need for government regulation here.
But the legislators are completely tech illiterate and even the general public supports more interference and regulation.
The legislation simply says if you collect more data about your users than necessary, you must inform them and they must consent. This has nothing to do with cookies or any other tech.
The question a user should ask is why is this website collecting my data. Marketing and adtech companies are trying to shift this question to why is the EU making websites worse.
> there is no need for government regulation here
You don't need to care about this if you respect users' privacy in the same way you don't need to care about waste water regulation when you don't pump waste into rivers.
No, that legislation is perfectly fine! It's the pesky websites who can't get their grubby hands off of private data. They could very well do away with some of the tracking, and have no popup at all, fully legally! But they all chose not to, and would rather annoy everyone with the pop-up.
I'd welcome a ramp-up of the legislation: outlaw the kind of tracking that needs the banners currently outright. I'm sure a lot of websites would just geo-block EU as a result (like how some did because of GDPR), but I bet the EU-compliant visitor tracking solutions would suddenly skyrocket, and overall, nothing of value would be lost, neither for the users, nor for the website administrators.
Without laws forcing companies to properly declare which cookies are "necessary", this control you imagine does nothing, as every company simply sets their advertising cookies as "necessary"
One of the hundreds of reasons do_not_track failed. You cannot do something that trusts the website operators, because they are egregiously untrustworthy.
The cookie banner everyone keeps bitching about is a direct example of this. No website is required to have a cookie banner. They choose to, because they know most users click "Yes to all", and then complain about the regulators, instead of the assholes asking you to consent to sharing your data with nearly a thousand third parties
And "browser vendors" will never do anything, because 90% of the market is a literal advertising behemoth, the rest of the market is owned by a company that makes money only when you do things not through the web browser.
The simplest solution is to require all online devices to have a "child mode" that can be activated during setup, and require all parents to enable this for minors under 16. In this mode, the device takes screenshots every few seconds of active use, and makes this viewable on the parents' devices as a timeline. This must be private with full end-to-end encryption and limited data retention in the clients (7 days or so).
It's much simpler than blocking, and much more effective. Most parents don't know what to block proactively, blocklists are imperfect, and the biggest threats are hiding in the most innocent looking apps (Discord, Roblox, Reddit, even just messaging with friends from school).
Sure, but you'd need to apply it to all phones, because what's stopping a kid from buying an adult smartphone if they have the money? And smartphones can be dirt cheap.
Also remember that the pop-up is an industry choice, the rules only mandate that a user should opt in, not how. No laws mandate the cookie banners, no regulations say they should be obnoxious.
> Sure, but you'd need to apply it to all phones, because what's stopping a kid from buying an adult smartphone
There's no need, that's already the case.
All phones (the network account attached to the SIM actually, not the phone itself) comes with a content filter enabled by default in the UK, adult or not.
> All phones (the network account attached to the SIM actually, not the phone itself) comes with a content filter enabled by default in the UK, adult or not.
Neither resident nor frequent visitor to the UK, so I'm behind the times when I ask: I beg your fucking pardon?
Is there further reading on this inane nanny-state horror, ideally via a Wikipedia article on the law or gentleman's agreement amongst the carriers?
Furthermore, is this more common than I assume, and I simply don't notice because I don't stray too far from the mainstream?
Yep, my thoughts exactly when I first encountered it.
> Is there further reading on this inane nanny-state horror
I tried to look something up but it seems the articles and news about the (new) Online Safety Act has taken over all of the search results (and it's not something I want to search too hard at work). I even asked an LLM but it couldn't provide sources and simply said it was "voluntary" and "industry standard". The rest of its output was drowned in the new Online Safety Act.
I suppose thanks to the OSA the old system is now history.
> Sure, but you'd need to apply it to all phones, because what's stopping a kid from buying an adult smartphone if they have the money? And smartphones can be dirt cheap.
What's to stop that same kid to buy a porno dvd? Or to download a torrent of a porno? Or a porn magazine?
Come to think of it, parental control would be a neat application for something like Apple Intelligence. A local system service that is "trustworthy enough" to monitor everything on screen, and written content too.
Parental controls only need look for an RTA header [1] that would need to be legislated to be served from any adult or potentially adult user-generated content site. Not perfect, nothing is but it would take an intern maybe half a day to add the code to clients to check for said header. Adding the header on the server side is at trivial. Teens will bypass it as they can stream and watch together porn and pirated movies in rate-PG video games that allow defining a "movie player" but small children on locked down tablets would be fine.
I am not sure what you mean. Are you saying a daemon would recognize a video player that is streaming porn from within a video game? Who is installing this daemon?
A client checking for a header is more than sufficient to block small children from seeing porn and that is 100% more than we have today. No extra memory or CPU required important on tablets or phones handed to children. No privacy invasion by daemons or other third parties.
Kid: "Mommie they said go to pornhub.com for games but it ask for password"
Mom: "Dumb trolls are picking on you, I will deal with them."
The phone manufacturer. I don't think it would otherwise be possible without root. And it's quite a computationally heavy thing where security and privacy are important. It'd have to be secure (no sending information). That's why I suggested Apple, they have the vertical integration to do this kind of thing. In theory. Also it's a good counter to governments trying to censor the internet itself if children can be protected at the device level.
How about this. We implement RTA headers on the server and checks for the header on the clients, get little ones squared away and in parallel have Google and Apple start working on your local AI daemon. The header should take one code change cycle to get in place, maybe a couple weeks realistically assuming the goal posts are not on wheels.
But "we" are not in control of "the server". I agree though it's worth doing, adult content should be tagged as such. But it doesn't handle the case of non-compliance.
"We" are not in control of the server or phone client or tablet applications. Should the 5-eyes or 9-eyes countries pass a law to use RTA headers on servers and look for the header on user-agents that should suffice to get basic coverage for kiddos by default and parents can disable the checks if they so desire.
That would seem to be least intrusive option.
Using the internet in the UK/EU is such a horrible experience, every cookie pop-up is a reminder how badly thought out these rules are.