The UK has eliminated cookie pop up requirements. However, they have introduced other legislation that requires websites to establish the ages of all visitors via checking legal ID so that adult content can be restricted. This is expected to be done by integrating with (paid) third-party APIs that will keep track of users’ legal identity across websites. This will be both privacy-invasive for users and expensive for website operators. The UK has also axed many of the EU-based data protections that users have.
That is not true. Either A) You know for a fact all content is safe for underaged, or B) You verify.
What is safe for underaged is not defined and can change on a whim. Therefor, any sane person running a website that is not "explicitly for underageds" will verify and eject said underageds. Especially since the one in charge (hired by the company) can be personally liable for any "harm" comming to the underaged.
Popups were never required in the first place, what was required was to get consent before tracking users.
Websites that seem they need to track users immediately and across their entire web space implemented popups because it's the only way to get consent before showing content, but that's the website's choice, not a consequence of the law.
« in their professional experience, age verification is only ever invoked in discussions around what we might call explicit adult content: pornography, alcohol, tobacco, and firearms. So that’s what they assume this discussion is about, here, in the UK. They don’t realise, until I explain it to them, that the UK legislative discussion is not just about preventing children from accessing those four kinds of content. It’s about mandating age verification for anything and everything, for every user, of every age, in front of access to all topics, all subjects, all sites, all service providers, all opinions, and all content. The whole public open web. Everything. »
Indeed this is overly editorialised and the author very much assumes the reader is of the same opinion of them from the outset. The author seems to believe that web browsers will just ignore UK legislation and not bother to implement the necessary changes.
It has not been editorialized at all, let alone overly editorialized.
The author outlines the consequences of a very Ill-thought-out law that will harm the worldwide web, not protect users, and damage what is left of the UKs standing in the world.
Telling the truth is never “overly” doing anything.
Sometimes, you must call a spade “a spade”
Do you have some information to contribute to the discussion or are you suggesting that the author should lie instead?
The UK legislators want to replace GDPR with a watered down version that only applies to the UK. Their claim is that this will allow businesses to save money on compliance. (Me: Companies in Brazil, Australia and the US comply with GDPR, so realistically British companies will have to abide to both regulations and so costs can only increase)
Furthermore the British government is planning to force all websites to verify their visitors’ age (allegedly using government approved providers), which is orders of magnitudes more onerous than GDPR (me: which is actually almost free unless you abuse your users’ data).
The UK is notorious for not having ID cards. That's a solved problem in every other developed country as far as I know.
The reason behind it is privacy (lol, considering their total failure and unwillingness to enforce the GDPR) and yet they are totally fine with the tax office having the same database and information (which is no doubt accessible to law enforcement).
>That's a solved problem in every other developed country as far as I know.
Did you just call the US underdeveloped? :P
But seriously, the US does not have a standardized "ID card" either. They have things like passports (which not that many people have), state-issued driver's licenses (so 50+ different ones, not sure how it's handled in all the non-state areas like Guam or Puerto Rico), social security numbers (which aren't exactly ID either), birth certificates, voter id cards (for people without a driver's license), and a slew of other things the government and businesses will accept under certain circumstances. What they do not have is a nation id card.
The UK does have state-issued ID cards: Passports. Are you a UK person that wants to operate on the "international internet"? Get yourself a UK passport! :)
Not sure why this was downvoted. It was a serious question. The countries I've lived all have digital ID services since a decade ago.
And no I'm not talking about govt ID or a card. I'm talking about a digital identity you log into and then oauth into other govt services like the tax office or healthcare systems.
This sounds awful but I'm not sure comparing webcam age verification to Nazi phrenology is helpful. Indeed, such a reaching Reductio ad Hitlerum makes me doubt the credibility of the piece.
I don’t see any references to nazis in there. The article says “Victorian phrenology”, not “nazi phrenology”. Calling it a Victorian practice isn’t unreasonable. Technically phrenology was most popular immediately before the beginning of the Victorian era, but it’s pretty close.
The article embeds a tweet that states,"It took Nazi-era atrocities, forced sterilizations... for phrenology, eugenics, and other pseudosciences to be relegated from science’s mainstream to its fringe. It should not take mass injustice for Cheap AI to be recognised as similarly harmful."
The article doesn't directly equate phrenology with Nazis, but does make an implied connection between phrenology and Nazi craniometry, and goes on to quote a tweet which explicitly talks about Nazi atrocities being the driving force in the end of phrenology.
The entire reference feels like an overreach, however, not just because of the Reductio ad Hitlerum, but also because it begs the question on the inherent evil of any use of craniometry.
First, what the article describes is awful. It's a full onslaught on privacy, once more under the "won't anyone think of the children" banner. Of course, they don't care about the children, it's just an appeal to the purity of their blessed, little souls, as if encountering an inappropriate website will immediately condemn them to hell.
Anyway, measuring age with e.g. just a webcam is quite feasible. It's not perfect. I mean: I was well in my 30s when people were still asking for my student id, so there's an error margin. I do suppose these methods cannot circumvented by holding a picture in front of the camera or judicious application of some make-up. Adolescent boys looking for porn are not going to give up just because an age filter declines them access.
It's not phrenology, not in a technical sense, nor in the sense which the article appeals to. And that appeal is a bit pathetic, indeed, but more born from despair than the will to kill of a few million people.
I thought it was a very well written and engaging piece.
Given that this ludicrous legislation was, undoubtedly, pushed for by the Home Office and shadowy security apparatus, it seems plain to me that those same groups will have access to all the data the age verification companies hold - they will know the identity of every user accessing these websites, and there is absolutely zero chance it won't be abused. There is also zero chance it won't be used as a springboard to escalate the scope.
This is yet more mass-surveillance via the handy back door of "think of the children". One of the main reasons I voted against Brexit was exactly because of shit like this - put simply, I trust the EU more than my own government. Honestly, I found the phrenology comparisons rather apt.
You're not the only one. This was also my own number one (but not sole) reason for voting against Brexit, and that's a really sad thing to have to say.
I think the author was not the one performing the reductio ad hitlerum, but was referencing a tweet[1] citing a doctoral thesis on AI ambiguity (which made the "fallacy") and (i'm guessing here as I haven't read it) concerns biases present in modern vision systems.
Government attempting to legislate something they don't understand (especially technology I'd say) is nothing new, its already happening in the UK, in the EU, in the states and all around the world. Why we let this pass, I don't know, but its the reality we're living in.
But if I'm reading this right, this takes the cake for the worst one yet, or certainly up there.
> this takes the cake for the worst one yet, or certainly up there.
my number one is the Australian AABill mandating any Australian citizen working for a tech company can be forced to create backdoors in code and altering their employer about it is illegal. This one is so bad, that if it were China, we'd no longer hire any Chinese nationals anywhere in the world.
I was an Australian freelancing internationally at the time it was introduced, and took pretty good care fully understanding the bill to the best of my ability. It really seems to be as bad as it sounds.
But what worried me was that it was actually written quite coherently, I felt like it was had been well considered by some people of technical background, but the bill still had ill intent. So I'm not sure what's worse, legislature misunderstanding technology so much that it's harmful, or people using a good understanding of technology to be more precise and underhanded in their abuse.
> Why we let this pass, I don't know, but its the reality we're living in.
Are you willing to hire armed and trained goons to make them stop their ways and kill, maim and/or kill them? Because they are willing to do the same to get their way.
And that's why we let this pass. The so-called "monopoly of force" was not given by a "social contract", as Hobbes postulated - it was taken by them through superior force.
Are you saying that there are literally no policy differences between major political parties in countries like the UK? What about countries that have voting systems that make the legislature more representative of voters' preferences?
The only way I can think to steel-man your position is that you're saying "Some unspecified power would intervene to stop a government relinquishing its monopoly on force even if the population overwhelmingly voted for the government to do so". That's hard to imagine though; not because the unspecified power is so vague, but because no country would ever vote like that to remove the protections that a state provides for them.
in most multi party systems parties cater to the interests and issues of the majority. minority (issue) parties don't have much chance to even get enough votes.
> Are you saying that there are literally no policy differences between major political parties in countries like the UK? What about countries that have voting systems that make the legislature more representative of voters' preferences?
In the context of my parent's comment: "Government trying to legislate things that they do not understand", no, there is no distinguishable difference between the Tories, Sinn Fein, the DUP, the LibDems, the SNP or Labour. The Raving Loonies at least have the introspection that they consider themselves incompetent, so ... more power to them, I guess?
I meant more in the way that its not even brought up. Take partygate for example, obviously Boris got away with that with pretty much just a slap on the wrist, but at least he had to sweat a bit over it.
The fact that politicians can make rulings over things they don't understand in the slightest is bad, the fact that nobody even cares is tragic.
(To be clear, I dont consider the fact that he had to "sweat a bit over it" in any way justice, or a sign of a fair society, but at least its something)
I feel like this whole post, (notably this section) makes bad faith assumptions, then elaborates on the strawmen/bad assertions.
> ...no matter what they’re trying to put right in the world – to know the ages of all their visitors or users
That's not what it says, explicitly. I interpret it as "it will require most every useful online service to be account-based with hoops at that level, not just some random visitor or on every page".
Most of the sections are making reference to having to know the age of users as a pre-requisite to any web activity, in the UK, and I don't see it. Did I miss something or did she?
I am impressed. This bill manages to go from “think of the children” to “papers, please” in zero intermediate steps! One motivates the other, directly. And no one noticed the irony!
It's on top of the existing measure where if you wanted to access mature content over your internet connection, you had to file a request with your ISP. And I'm sure the UK's big provider porn filter wasn't very good anyway, given how much and how quickly it can pop up.
And the targeted demographic that should be protected - children - will find plenty of ways around it. Reddit and Twitter are easily accessed, Youtube has tons of soft porn that won't get filtered out, VPNs are everywhere - even free ones, like in Opera, and they Know about it - Tiktok has tons of soft porn, the list goes on.
Step 1 could be seen to have some justification. But any lawmaker with a functioning brain would immediately realize that Step 2 will cause a radical change on the Internet.
They aren’t saying that you get an unlinkable verifiable claim (Web3) that you’re over 18, to access ALL SITES. That would be somewhat reasonable. No, they say you’ll get an ID that is linked to you and all sites will be able to know who you are and cross correlate all data on you, to save the children. I mean… who needs third party cookie blocking at that point haha
The current proposals isn't to roll it out for mature sites, but any site that might possibly allow user generated content. Think of e-commerce sites with product reviews for example.
Web3 doesn't feel like the right framework here? Generally the types of tokens used in the "web3" world are inherently traceable.
Something similar to Passkeys (https://developer.apple.com/passkeys/) would be more appropriate, generating a new key pair for every website accessed. In order to provide the attestation of age, the public key provided could be signed by a trusted authority. (not that I like any of this, but something like this would be the least objectionable implementation)
Will the UK governemnt be also encouraging kids to use vpns, for their own protection, but remember to only use ones with UK ips, lest you seem something adult.
<<Preamble: you’ll be aware that the UK’s Online Safety Bill has been promoted as a piece of big tech/social media legislation, but it is not. It will impact any company or project of any size, nature, location, or business model which has user-generated content on it or allows humans to interact with other humans. So if your site, service or app is anything other than a promotional portfolio web 1.0 site, or a blog like this here blog that only allows comments, you’re in scope. If you weren’t aware of that, you are now. Enough of the preamble, let’s amble.
Sold. I am all for returning to standard boring web 1.0. Lets do this thing!
This doesn't read like a neutral analysis to me. On the other hand the UK will mostly continue to support GDPR, in the same way all our phones will be USB-C, EU legislation leaks across borders to every country on the planet.
The UK government have been hopelessly out of their depth legislating the internet, since, forever.
The site is called "webdevlaw.uk" and the article footer "This is my personal site, and the opinions on it do not reflect the views of any current or previous employer." seems a bit dishonest, but everywhere does it these days (putting "news" at the end of your twitter handle somehow makes you a journalist apparently).
> The UK government have been hopelessly out of their depth legislating the internet, since, forever.
This is both the good and the bad of this legislation. Bad, for obvious reasons, but good because usually they're so unbelievably out of their depth that it never actually comes to pass.
We're now, what, 5 years is it delayed on a bill that was supposed to require an ID for adult websites? I remember it started up before May was in power and still nothing has been done about it, and that was far less "ambitious" than this.
Agreed. I don't really understand the UK government. Though it's probably the same elsewhere, career politicians schooled in humanities at university, completely clueless about the ministerial role they've been given.
They need some crazy headlines to try to win the next by elections. When the pensioners will realise that they have to identify themselves to watch porn, the bill will be retracted.
It's like the republicans on abortion, the last thing they want is to actually pass any legislation, because then they'll have lost an issue that they can use to rile up the dumbest side of their supporters, combining the best of "won't someone think of the children", and "omg, genitalia in motion is much more evil than violence", and "if we do this right, we'll have a perfect panopticon to catch out the others out there that you don't like".
The trouble with these issues is that there is always a legitimate argument in their favour. There really are some nasty people in the world and some of them really do prey on children and there really is a lot of content on the Internet that isn't suitable for children and real children sometimes do suffer real harm because of these things.
The question we should be asking is how much that we value for other good reasons we are willing to give up in exchange for the possibility of improving the protection of our children, when there is no crystal ball that tells us either how much of an improvement any given measure would actually make or how much of the potential harm from giving something else up would actually be realised.
Until we view these kinds of rights and protections issues as a balancing act with legitimate arguments on both sides but also genuine concerns from both sides it's impossible to even have an intelligent debate on the ethics, never mind write good laws with all the extra practical concerns that legislation and enforcement introduce.
1. I don't believe children will really be "saved" from viewing/reading harmful content - if they really want to see something, they will simply find a way around it, but also remember this is a *UK-only* thing!
2. I don't believe for a second that the security apparatus won't have unchecked access to the data
I suspect you and I (and probably most people on HN) have similar views on these issues. We skew liberal and we skew technically literate. My point is that "normal" people don't necessarily perceive the same dangers that we do in measures like the ones proposed here. On the other hand "making our children safer online" is something any decent person can get behind as long as you conveniently ignore all the nuance and practical details.
Given who the government here currently are it's hardly surprising that they resort to attention-grabbing soundbites. With a bit of luck the Tories will boot Boris before too long and that'll take many of his current Cabinet out of the picture as well since they were seemingly chosen more for their expected loyalty to Boris than any particular expertise or competence. Then at the very least there is a mini-reset in government and some of the more headline-grabbing but questionable policies of the Johnson administration might be quietly sidelined while whoever takes over desperately tries to steady the ship before the next general election. Although of course they quietly passed legislation earlier this year that pushed the latest possible date for that election all the way back to January 2025...
It's parents being lazy and demanding that the rest of the community accommodate their needs for bringing up their children, while abdicating any actual effort on their part.
So instead of parents actually installing and/or configuring and/or actually using all of the different parental controls that are already available to stop their kids seeing stuff they shouldn't, they want all the rest of us to deal with the bullshit, while not solving the problem.
There is definitely an element of parental responsibility that often gets conveniently ignored in these debates. I'm a sceptic about placing the blame entirely there though, for the simple reason that so much of normal life is now connected. That includes time at school or when kids are playing with their friends and not under their parents' immediate supervision 24/7. The only way a parent could truly keep their child away from any possibility of getting online today would be to restrict their activities and access to technology so severely that they'd barely live a normal life or socialise and develop in a healthy way. So whatever we think of parents and how they raise their children, the problems that modern connected technologies create are always going to need societal solutions as well as parental or schooling ones.
I hope that legislators are actually technically illiterate. If they were, they'd know what kind of stuff gets posted on any underground porn torrent tracker and probably geo-fence the whole internet.
I fail to see how this protects children from those evil people, tho.
It establishes the age and id of UK children to websites and services. However, unless all these services children use are siloed off from the rest of the internet and UK only, bad people from other countries (and those in the UK savvy enough to mask themselves behind some kind of VPN/TOR) will still be able to use these services without having their ids established the same way, and will keep trying and sometimes succeed to groom and abuse children.
Yes, it's a daft plan and it's unlikely to work if they press ahead with it (at least if you think "work" here has anything to do with protecting children). You know that. I know that. But the problem isn't how to convince HN, it's how to convince Mumsnet and the tabloid-reading grandparents.
Nobody who has an actual opinion will sound neutral, unless they're actively trying to mislead you.
Everybody who is actually an expert will have an opinion.
Therefore almost anything that "reads like a neutral analysis" will be worthless drivel. If you want such drivel, it's available in unlimited quantities from various press outlets. Of course, they're not "neutral", either, but they buy their biases wholesale rather than actually doing that whole tedious "understand the issue" thing.
And some opinions are right, while other opinions are wrong. Reality is not "neutral".
It could be much easier if the major web browsers (at this point Chrome, Safari (mobile), Firefox) were able to read the metadata and if parents (or corporate IT departments) wanted to filter content they could using 'built-in' technology rather every web site having to potentially re-invent the wheel.
This 1000%. Legitimate services have an incentive to self-identify because they don't want to anger parents and are generally not out to corrupt kids. A setting to block unrated sites could be provided as well.
Movies and video games self report their rating not sure why web content needs to be any different.
The problem with the top down approach of the government deciding which topics are taboo is that it removes agency from parents. Different parents, different kids, and different ages all lead to different values and levels of acceptibility.
My tin foil hat catches my eye every time I see government trying a heavy-handed, slippery-slope approach to clamping down on a problem instead of just providing society with a common set of tools to accomplish a relatively simple goal.
If only Google had used just a little bit of its lobbying money to get those laws more technologically sound and help solve that with metadata that the browser can then handle.
I have a serious question… in elections, we need to know a person has exactly one account etc. Entering a bar, they need to know you’re 21 or over etc.
The PROPER mechanism for this would be a certificate issues by a trusted authority (or a few) that would somehow prove with a zero knowledge proof that you have one of the certificates, but every time it would be different and unlinkable to you. It wouldn’t leak an identifier that can be used to track you.
Google GROUP SIGNATURES, that is what we want to achieve. How? Is there a well-known software library in crypto, besides a mixer like Tornado.Cash or rings like in Monero? Something like openssl so we don’t have to “roll our own”?
But what is the latest State of the Art in Group Signatures? What is used today, that can work at scale for groups of MILLIONS of people, and still be anonymous? Chaum’s conception is linear in the number of group members and the group has to be fixed in the beginning, and can’t be dynamically changed. That means issuing new certs once a year year to people who have come of age at 18, or registered to vote etc. That proves your age so they’d have to actually create larger groups by aggregating these together with previous groups (they could also remove people from the rolls if they haven’t retegistered for a while, eg for a driver’s license again).
This is the latest work I could find and it’s from 2003… why is no one making progress in this field, or implementations?
The problem is that "exactly one account for election voting" and "untraceably anonymous" don't go together.
What we've got now is a physical mixing where you "prove" your identity to a clerk at the assigned polling location, you are issued a physical token which you fill out in privacy, and then the token with the voting information on it is mixed with all the others from that polling location. By having opposed auditors watching vigilantly, we get some confidence that ballots are not altered or replaced.
Let's say that you have a system which has a single account for every citizen (fine in theory), which can issue an anonymous bearer token that can be used for voting later. That bearer token is now vulnerable to being sold, confiscated, copied (but only usable once, so there's a race), forgotten, and can go unused.
Yes they do. This is basically Group Signatures. I am just asking whether BBS04 is the state of the art still. In there, the group manager is the only one who can deanonymize people.
Is there any way to provably opt out of this latter feature, so we can be sure NO ONE can link signatures to users? That’s Chaum’s original 1991 conception.
The alternative is to use ZK mixers on distributed ledgers that have solved the double spend problem, but the jury is out on just how anonymous and unlinkable they really are in practice: https://arxiv.org/pdf/2201.09035.pdf
There are mechanisms out there that try to minimise data exfiltration to validate certain facts about a person. IRMA [1] has a system that's developed quite well though development and expansion has slowed down over the years. It's a lot more chatty than using offline certificates, but the privacy challenges are very similar. The basic premise is that your ID holds your date of birth and that date of birth can be used to generate a signed token that says "over x years old". For Europe this can be 18, for America this can be 16 or 21, depending on what you're trying to gatekeep.
Having users manage cryptographic secrets seems like an absolutely terrible idea. Developers and system administrators are incapable of renewing certificates in time, it'll only slow everything down.
None of these technical measures solve the core issue, though, which is that kids will lie about their age online. They'll find a friend/family member/random guy over the required age and copy the super privacy friendly secret token to their devices and boom, everyone is 18. Cryptographic age requirements raise the bar but ultimately they'll never be enough.
What I am talking about is essential for voting or UBI. One person one account.
It isn’t just for kids.
The hardest part is to make sure that the certificate issuing authorities aren’t corrupted (eg by having a self regulating organization like FINRA) when they give out certificates — since those represent free cashflows or outsize voting shares.
I'm really sad that even professionals hate the cookie/gdpr/data collection banners for the wrong reason. And most people hate the wrong entity for being responsible for their existence.
If companies weren't actively spying on their users, if the didn't collect every last bit of data they can, there would be no need to put up a banner. If the website needs cookies for core functionality (essential cookies) only, there' no need to inform, ask or badger the user for anything. The websites/data collectors are the bad guy here (from where I'm standing) and now that they have to ask us if they can please spy on us, the EU is evil because they force them to ask?
The main presented point of this bill is "We will eliminate the obligation for the spies to ask you if they may spy on you" and even the author of this piece is celebrating that.
> and even the author of this piece is celebrating that.
I don't think so. Read the last part of that sentence which I've emphasised in italics.
"So if you work in any sort of tech or digital related role, and the work you put into the world can be viewed, or accessed, by anyone of any age in the UK, and you are (rightfully) celebrating the loss of the cookie popups, I need you to do me a favour and drop the balloons and party streamers and sit down."
> The websites/data collectors are the bad guy here (from where I'm standing) and now that they have to ask us if they can please spy on us, the EU is evil because they force them to ask?
If the end-result of the law + standard human behavior is that you made web browsing a crappier experience then you made a crappy law.
> If the end-result of the law + standard human behavior is that you made web browsing a crappier experience then you made a crappy law.
That's not a very good way to figure out if a law is "crappy". Building codes make for a crappier construction experience (can't just do whatever TF you want) but that doesn't mean they're bad.
Laws requiring designated handicapped parking spaces make parking a slightly crappier experience for non-handicapped people. That doesn't mean they're crappy laws.
It's a bad law if it ends up punishing the people it was intended to help. If the building code had a clause about building decks and max occupancy where the easiest way for a contractor to comply was to post a gigantic sign permanently attached to the deck stating the weight limit, the end-user would view that as terrible as well.
You really think that basic web analytics is "spying on you"? So a company that records how many people purchase a given product is "spying" on them? Business owners are not allowed to do basic accounting to gauge product performance? Because that's all 99% of people use these analytics for.
> "No one cares about you enough to "spy" on you."
Would you mind telling them that? Maybe they'll stop sending me personalised spam offering me discounts since I haven't shopped there in a while, or paying to send me phyisical advertisements through the post. From your tone, that must be giving me an inflated sense of my own importance.
> "You really think that basic web analytics is "spying on you""
No, I think web analytics is spying on me. A HTTP log is one thing, a JavaScript library which probes my browser, tracks available APIs and versions and mouse movements and sets EverCookies and behaves insidiously, is spying. If I visit example.com and example.com know I went there, that's understandable. If there's a deliberately invisible Facebook pixel telling Facebook I went to example.com, which is only vaguely disclosed in some "and our trusted 3rd parties" legalese, that's not fine.
I really despise "won't someone think about the children laws" and I say this as a parent. It is not society's job to shelter your children from the unsavory, it is the parents' job.
Besides that, it is hard to argue against any law that is couched as protecting innocent children. Obviously, having to verify with ID the age of every website visitor is impractical right now. The logical solution is for government to mandate and issue Internet IDs that must be used to access any web service. This bait-and-switch leads down a slippery slope that erodes anonymity on the Internet, not that there is much left.
Also, and I understand it is a quote in the article but the GDPR isn't "highly complex". It is actually one of the more understandable pieces of legislation I've ever read. It is, however, vague and gives a lot of leeway to local data protection authorities in interpreting it.
The announcement says it wants to "protect consumers", but it changes user tracking from opt-in to opt-out... How about ensuring that companies stop tracking people unnecessarily?
I see so many websites – even club websites or private blogs – that have a cookie consent banner, but which wouldn't actually need one if they'd just turn off Google Analytics. I just don't get it.
Do you have any support that it’s not a myth, other than…”a lot of people are saying…”? I mean, burden’s on the one making the claim, not the other way around.
There are literally "a lot of people saying" it isn't a myth, I've heard them, and one guy saying it is a myth and is an expert ... so, seems like that expert could straighten the issue out for us?
I mean, the burden is on both sides here but one has "been in SEO for a while".
Google doesn't need GA data. They know how many times people see sites in search results, how many people click them, and if people go back to make the same search again.
Besides, GA data is easily faked. I can give a site a low bounce rate or make it look like people spend a long time on a page. Google can't trust their own Analytics data because of this since it is client provided.
Sounds like a myth non-SEO people believe because, again, I've never even heard this before. And SEOs believe a lot of myths but this one is just too stupid
People will do an update on their site, which includes removing GA, then blame GA exclusively for tanking their rankings. All of which is probably coincidental to an algorithm change that was going to de-rank them anyways
For most people, analytics is just about know how much traffic you're getting and where it's coming from and what they're doing on your site. For example, if 30% of the visitors from reddit.com convert to paying customers but 60% of users from indiehackers.com convert to paying customers you'll know to spend time, money, etc on indiehackers.com.
Also, my understanding is Google pretends like they don't really look at your traffic data and use that for search.
> "The announcement says it wants to "protect consumers", but it changes user tracking from opt-in to opt-out... "
The cookie-blocking features in modern browsers (except Chrome, probably, haha) effectively make tracking opt-in anyway, don't they? The cookie pop-ups are pretty redundant today.
Not to suggest that this makes all the down sides of Brexit worthwhile, but it does make me happy that this can now be addressed. Cookie popups seriously harm the usability of the web and have been one of the most highly visible and ill-conceived pieces of EU legislation.
I guess anti-GDPR won. So-called "Cookie popups" are about so much more than cookies. Looks like anti-GPDR marketing managed to make even technically-literate people unaware of their rights.
If you're using a menstruating-cycle app, GPDR will protect you against the app owner publicizing your name that you're pregnant, and thus protect you against anti-abortion mobs, if you wish to abort. A cookie banner wouldn't do that. Because GPDR is NOT about the cookies.
If we were to speak exclusively about tracking (which is, again, a very very small part of GPDR), even simply dismissing as a browser-side "feature" is yet another brainwashing win from anti-GPDR marketing. The number of ways to track people in a browser is infinite. From canvas rendering, to DRM, from cache leakage to window size. Hell, even the GPDR banners explicitly say so! Most GPDR banners now contains an option to allow site owner to fingerprint your browser to track you.
Considering the way we went with browsers (was it right adding so many features? I don't know. But the effects are there), we CAN NOT put this on browsers, it is technically impossible. If Google wants to prove the world that it is possible, fine, I'll grab popcorn. But at the moment they are not even trying.
So no, history has proven again and again that those privacy issues can not be handled technically. Only through regulation can privacy be preserved.
I think the really crazy thing about the cookie banner stuff is that it’s actually nothing to do with GDPR: it’s almost entirely about the ePrivacy Directive from back in 2002, when it was opt-out, and 2009, when it was revised to opt-in. It’s just that most people didn’t do much about it until GDPR came along, and then people conflated the two.
> "If you're using a menstruating-cycle app, GPDR will protect you against the app owner publicizing your name that you're pregnant, and thus protect you against anti-abortion mobs, if you wish to abort. A cookie banner wouldn't do that. Because GPDR is NOT about the cookies."
Absolutely. I'm not arguing against GDPR, which includes many important rights and protections that don't have much to do with cookies. I'm arguing against intrusive and pointless cookie pop-ups.
> The cookie-blocking features in modern browsers (except Chrome, probably, haha) effectively make tracking opt-in anyway, don't they?
Browsers are generally only working on stopping cross-site tracking, but cookie banners are needed even for first-party cookies (ex: local telemetry, shopping carts).
Yes, but usually cross-site tracking is the creepy stuff that people are concerned about. I don't have much of a problem with first-party cookies, personally, but some browsers (Firefox) are now offering "Enhanced cookie clearing", which can automatically clear first-party cookies at the end of each session, configurable per site.
And every browser offers a private browsing mode which is more or less the same effect.
You do for the way shopping carts are usually implemented. Say you put something in your cart, close the browser, and reopen it the next day. On basically all sites, the item is still in your cart, but that requires cookie consent because it isn't "strictly necessary in order to provide an information society service explicitly requested by the subscriber or user".
I agree with the interpretation that you can just leave it in the cart forever.
Mechanically if you add something into a physical shopping cart it will remain there forever until you take it out. But legally the pdf has the claim "a merchant could set the cookie either to persist past the end of the browser session or for a couple of hours" [1] and to me that means indefinitely or a few hours.
The goal of the announcement is purely to make the EU look stuffy and bureaucratic. "Look, we got rid of those annoying cookie pop-ups THEY forced on US!"
Tories need this because of two reasons:
1. Brexit is hurting the UK economy
2. They need to distract from the Partygate scandals[0]
As for Google Analytics... I've talked with multiple clients who have wanted to improve site performance on their stores. The first thing I usually point out is the multiple overlapping analytics packages downloading multi-megabyte JavaScript files. Those are, of course, absolutely untouchable for whatever reason, and we just have to work around the most obvious performance flaws in their site.
The reasons why someone might tank their site performance with a bunch of conflicting ad trackers is not just because "data is valuable". We're conditioned to think of ad tracking as solely interest targeting[1] and remarketing[2], but a huge part of it is also just attribution. Advertising is paid for on a per-click or per-conversion basis, and nobody trusts nobody in this industry, so everything needs to be tracked or the people buying ads get gamed out of their money by the people they buy ads from.[3] So even if you just want to buy ads, you often also need to have tracking on your website purely so that the ad network can either protect you from click fraud, or if you're paying per conversion, actually track how much you owe them.
[0] For those who are not in the UK, like me: The scandal is the fact that the PM and his staff were running a bunch of illegal parties while the whole country was on COVID lockdowns.
[1] When ad networks track your interests to serve more relevant ads. As the ad buyer you can purchase ads based on these specific interest categories; i.e. "I want this ad to be served to 40-year-old men with an interest in cars"
[2] When ad networks track your history to serve ads based on what sites you've visited recently. This is actually a different thing from interest-related ads; it's more like "I want this ad to be served to anyone who has just gone car shopping".
[3] This is also why on-domain advertising will never be a thing outside of the big social media networks.
> The reasons why someone might tank their site performance with a bunch of conflicting ad trackers is not just because "data is valuable". We're conditioned to think of ad tracking as solely interest targeting[1] and remarketing[2], but a huge part of it is also just attribution. Advertising is paid for on a per-click or per-conversion basis, and nobody trusts nobody in this industry, so everything needs to be tracked or the people buying ads get gamed out of their money by the people they buy ads from.[3] So even if you just want to buy ads, you often also need to have tracking on your website purely so that the ad network can either protect you from click fraud, or if you're paying per conversion, actually track how much you owe them.
Thanks. I think this is severely understated. Ad people managed to force the debate to "customized ads" vs "privacy", saying that websites could make money exclusively with customized ads. We've seen here on HN a lot of examples of people realizing that was bullshit (I would guess there are some cases where customized ads can be beneficial, but overall they seem little).
Apple showed how to make attribution privacy-friendly (I have no idea whether there implementation works and scale), yet debates still manage to ignore that totally.
That being said, solving attribution doesn't actually... solve attribution problem. The reason being for the case where I search Nokia D3500 on Amazon, then I go on random website, which will show me ads for Nokia D3500 on Amazon, and I click on this ad to buy what I already planned to buy. In that case, the random website will get money, with current unprivate ads, while they won't with the private one. I didn't change my consumption based on that ad, so the ad has literally 0 value, "private-friendly ad" properly reflects that, however the migration from not private to private ad will reduce the revenue for websites (even though this didn't have any impact on my purchasing behavior).
Edit: It does solve attribution for "proper meaningful" ads: If I'm reading camera reviews on some websites, and they have affiliated links for those reviews, then they'll rightfully get money for it, whcih is good!
The role that remarketing played in poisoning the well can't be forgotten either. Targeted ads were sneaky (and, arguably people preferred them to untargeted), while remarketing ads made you feel seen. It was almost waving in the user's face how much data you have on them. "You like to watch Netflix's Castlevania!"
>> [0] For those who are not in the UK, like me: The scandal is the fact that the PM and his staff were running a bunch of illegal parties while the whole country was on COVID lockdowns.
The whole country. Hm. During the lockdowns I was in a town in the South. In fact I lived there for the last 15 years. The only time I ever saw a party on the green in front of my flat was every single Sunday evening during the lockdown periods, from the start of it to the end.
Let's not talk about the beach that was full of people throughout summer all coming down from London in packed trains, without nary a mask in sight. Not that a mask would have done anything at that point.
How about my neighbour? Possibly because of lockdown he moved his phone-fixing business home so every day the street in front of my house was taken up by one or two cars, their engines idling, waiting for the guy to fix their phone. I guess that was somewhat socially distanced but, not really, because his clients went up to his house to give him their phones and I guess pay him.
So, "the whole country"? No, because at least one small town resisted the conquer... oh, sorry, that's not Asterix against the Empire, but you see my point: no, the whole countery was not in lockdown. A substantial minority didn't give a dime about such trite things as lockdowns, other peoples' health or virus mutations. And they weren't all in Number 10.
The popups are annoying specifically because the rules lumped Google Analytics in with all the bad tracking that evil companies do.
I want to know how many people visited my website. So does every website. It's something that websites need to know. We use Analytics to handle that for us, and because of this silly EU rule we're all technically breaking the law by not bothering every single visitor with annoying popups.
Now there are in fact bad companies collecting data on individual people, correlating it between sites on the backend, and using it for nefarious purposes. Those are presumably the reason these stupid laws were passed in the first place, and it would be nice if they actually did need to show a button for you to click.
But since the law says that everybody needs to show that button or lose the ability to know how many people saw their site, you never know whether you're getting the button for an evil site or just one of the millions of other sites you visit every day.
I don't blame the evil companies even a little bit for this mess. It's the people who passed these terribly thought out laws. They'll keep passing more of them until we stop letting them.
> I don't blame the evil companies even a little bit for this mess. It's the people who passed these terribly thought out laws. They'll keep passing more of them until we stop letting them.
Apart from being a... very interesting take, how do propose to do this?
Google Analytics doesn't use any third-party cookies; it uses first-party cookies only. While the JS is loaded from a third-party origin, its notion of identity is entirely per-site.
It seems certain features are restricted to third-party cookies: https://developers.google.com/analytics/devguides/collection.... In practice though, moving from third-party to first-party is simply a way to reduce the probability that the spyware gets blocked by the user agent.
> certain features are restricted to third-party cookies
You're talking about the https://developers.google.com/analytics/devguides/collection... section, right? That's only for sites that are already using third-party cookies for advertising, has to be specifically enabled, and doesn't seem very applicable to our "know how many people visited my website" discussion? But my comment above was too broad, and I've edited it to point here.
> moving from third-party to first-party
GA, back to the Urchin days, has always been built around first-party cookies though.
I think so? It's about linking advertising activity (keyed by third party advertising cookies) with analytics activity (keyed by first party analytics cookies)
Indeed. You get that and so much more useful information for free in your web-server logfiles. Any half-decent web server log analyzer tool will classify and graph all the useful data in those log files and present it to you in a nice shiny web page or report document of some sort. No cookies required.
But Google Analytics is a 30 second setup, whereas setting up a log analyzer (or even getting logging going in the first place) is a much bigger hassle. Some of my stuff is on wacky Cloud Function hosting that I wouldn't have the first idea of how to go about logging.
Thus, nearly 100% of us just use Analytics. If they had an "evil" checkbox that I could uncheck to stop it doing whatever you're worried it will do, then I'd happily do so.
Frankly, I'm not sure what GA could do that would bother anybody. All it does is tell me how many people saw what page and how long they stayed there. It certainly can't tell me anything about you personally.
On the other hand, if you do it yourself you'll see all the people who block all contact between their browsers and anything they can identify as an "analytics" site.
I don't have time to screw around with figuring out what uses third-party cookies, what uses browser fingerprinting, what correlates information across sites, and/or what tracks what how in general, nor to check all the time to see if any of that has changed. I'm just gonna block all of it, because it's not worth the investment of my time to make such distinctions. The most I could get out of it would be slower page loads.
Actually, I'm not even bothering to make THAT decision. My ad blocker blocks GA by default, and I'm not going to worry my pretty little head about unblocking anything unless something breaks.
A lot of modern cloud architecture is concerned with the business of making sure web requests don’t reach your servers if they don’t have to. Edge caching, content distribution networks, browser cache handling.
If you do it right, a high proportion of your site visits leave no trace in your logs that they were ever there.
Even if the CDN can't (for whatever reason) one could easily include a tracking pixel on every page that is marked as `Cache-Control: no-cache`, or insert a few lines of JS to do the same.
Presumably at some sort of additional cost, though. So then we’re into the business of weighing up whether to spend money on obtaining raw logs or purchasing the CDN’s own traffic analytics add on… or just going with a third party. This stuff isn’t just built in.
Can't agree with most of the page but the cookie "nonster" section of this site explains one to three of such workaround:s https://www.abarim-publications.com/contact/Copyright_Names....
TL:DR is cloudflare beacon [not to be confused with sizzling bacon&] as well as a hidden method of session storage.
> But since the law says that everybody needs to show that button or lose the ability to know how many people saw their site, you never know whether you're getting the button for an evil site or just one of the millions of other sites you visit every day.
Not sure where you got this from. But GDPR absolutely does not require this.
I see so many websites – even club websites or private blogs – that have a cookie consent banner, but which wouldn't actually need one if they'd just turn off Google Analytics. I just don't get it.
For sure an interesting take. Is there really no way to bypass gdpr restrictions if the only functionality you need is unique visitors? It's been a while since I read the gdpr doc, so at what point does your activity become relevant to its restrictions?
To track unique visitors you need cookies or some other form of client-side storage. In Europe that means, per ePrivacy which predates the GDPR, you need cookie consent.
I looked into this, and yes, there are some services that can do analytics without the cookie. E.g https://usefathom.com. However, the vast majority use cookies and the ones that don't often have a much higher cost.
Ultimately, some of these alternatives that avoid the cookie law are simply finding tech work arounds. I have no doubt in my mind that the gov would find a way to require popups for those services if they were more prevalent.
> The popups are annoying specifically because the rules lumped Google Analytics in with all the bad tracking that evil companies do.
That's because it is the most evil one of all.
Just because you're only using it for one piece of info doesn't mean you aren't violating your users' privacy by handing over a complete record of every site they visit to a company that uses it exclusively for evil.
>I see so many websites – even club websites or private blogs – that have a cookie consent banner, but which wouldn't actually need one if they'd just turn off Google Analytics. I just don't get it.
Actually, most are probably not even correctly following the law since the cookies will probably be set before the popup is accepted. For most, people just assume they need a cookie banner. I'm pretty sure I've seen cookie banners on sites that had no cookies.
If it is true it's an anti-trust lawsuit waiting to happen. I highly doubt it is true. Keeping that secret in the bag would be hard in my opinion. We're constantly getting leaks from Google.
I have a domain that was ranked #1 for a decade, it always had GA. I removed GA replaced it by Piwik, it dropped in rank.
Nowadays I'm not eben on the 1st page anymore, despite having the most authentic design and simple use.
A few days ago I visited a German provincial government website that had a cookie banner for the cookie banner provider. It's really funny if it wasn't so stupid.
> The UK is also planning to legislate to remove the EU-derived requirement for the Data Protection Officer, as the person responsible for safeguarding an organisation’s users’ privacy rights, while simultaneously demanding under the OSB that companies appoint named individuals who are subject to personal arrests and criminal sanctions for failing to prevent bad things from happening on the internet.
*subject to personal arrests and criminal sanctions* seems like the limited liability companies no longer limit the liability.
I have a legal entity registered in Scotland. Seems like it might be time to wind that up and move it to another country. Where is a good company within the EU to registered?
Limited liability companies in Ireland don't provide any protection against liability for criminal acts (nor do any countries), so I think the ideal would be to move to a jurisdiction where the act is not criminal or cease the criminal actions.
Well, the issue is, they made a company data protection issue criminal and not civil. It would be moving to a country where data protection is a civil matter in a day and age where data leaks happen on a regular basis.
So if nothing is changing, why is it changing from a data leak being a criminal offence for an indivual from being a civil offence for the company? That seems like a massive change! Seems like the laws are changing!
Just to be clear, some poor sod is going to end up getting a criminal conviction because someone at the company they work for but don't own fucked up. You get a so-so paid job at a mega corp and end up with a criminal record because some guy in an office you've never been to did something. That is nuts.
Well the law is changing to make failure to carry out your responsibilities as a specific officer in a company a criminal offence. But that’s got nothing to do with a companies limited liability.
There are plenty of other positions in companies that come with similar personal criminal liability. They mostly only exist in finance industry, but the roles of CEO, CRO, MLRO etc in most financial institutions come with personal criminal liability.
The liability in these cases is usually tied to competence and knowledge. It’s illegal to be incompetent at your role, and it’s illegal to be ignorant of the activities of your company that fall within your roles responsibilities. The expectation is that individuals in this role will setup policy and monitoring frameworks to make sure that nobody is doing any stupid, that might result in them going to prison.
All of these requirements came into existence after the 2008 financial crisis, after it became apparent that senior leaders in financial institutions we’re keeping themselves deliberately ignorant of the misbehaviour of their companies, and creating a situation where nobody could be held responsible for the mess.
I’m not sure that age verification for website meets the bar needed for applying this approach here. But there are certainly places where it makes sense.
> Well the law is changing to make failure to carry out your responsibilities as a specific officer in a company a criminal offence. But that’s got nothing to do with a companies limited liability.
The law is changing so that the liability isn't limited to the company. That has all to do with the companies limited liability.
No it’s not. The law is changing to create new additional liabilities for people. The liabilities in question have never existed before, so it could never be limited.
If you commit an act of murder as a company agent, limited liability isn’t going to protect you. This law is simply saying that failing in your legal responsibilities as a specific company officer is a criminal offence. Just like committing fraud as a company officer, or failing to produce accurate accounts will also expose you to personal criminal liability.
> No it’s not. The law is changing to create new additional liabilities for people. The liabilities in question have never existed before, so it could never be limited.
GDPR, Data Protection Act, etc all exist. These are all leveled againist the company.
> If you commit an act of murder as a company agent, limited liability isn’t going to protect you. This law is simply saying that failing in your legal responsibilities as a specific company officer is a criminal offence. Just like committing fraud as a company officer, or failing to produce accurate accounts will also expose you to personal criminal liability.
Comparing data protection with murder is silly. The law is simply stating if you breach data protection laws it's now a criminal matter againist a person instead of againist a company, Massive difference. Especially, if you registered a company to make sure you're not personally liable for data protect breaches.
> Especially, if you registered a company to make sure you're not personally liable for data protect breaches.
And that's your mistake right here. A limited liability structure never protected you against wilfully breaking the law, or being criminally negligent, not when it came to murder, and not when it came to data protection. Just ask any engineer who signed off on a design that later turned out to be insufficient according to specification.
Data protection criminal charges used to be levied against random people within the company - and now they are focussed on the data protection officer (who criminally neglectfully abandoned their function if there is a breach).
If you are still confused about this concept, before you do more in the business structure world, it might be a good idea to talk to a lawyer and make them explain the difference to you.
This doesn't even seem like it'll accomplish what's intended.
The goal is to hold the company accountable, but it sounds like they just created legalized paid-fall guys.
If the government wants to pierce the limited liability veil, they should either go after the persons in the company either directly or ultimately responsible (eg the direct manager, or the C-suite). Letting the company decide who takes the fall just means they're going to foist it on some uniformed schmuck.
You get paid more for being on-call - now wait until you see the legaly-liable-for-the-entire-company bonus!
> Where is a good company within the EU to registered?
Estonia for sure. Their e-residency scheme is fantastic and designed for people all around the world to register virtual companies, even if you don't have any presence in Estonia.
Hmm the main allegation against GDPR seems to be that it lead to creation of useless pop-ups, which is partially true but it should be also highlighted that GPDR itself does not require a pop-up mechanism just consent, it did not specify what technological implementation should there be. It is the website owners to blame for using daunting cookie pop-up implementations.
This is to say that "killing pop-ups" should not be a point of a legislation if there isn't one that requires these pop-ups.
The popups are a revenge tactic used by data hoarders. "Oh, look at this terrible EU, they make us show you all kinds of popups [small]because we want to track your every move online[/small], poor you, the inconvenienced users! If only there was a way to prevent this terrible faith!"
So you think every single website has cookie banners as some sort of political statement?
Isn’t the simpler answer that the EU like most governments is incompetent and didn’t think through their legislation even though it’s 99 sections and 11 chapters?
The EU knew exactly what they were doing. The requirement for explicit consent was entirely intentional.
It was websites and businesses that chose cookie walls over data minimisation. Most websites don't need a cookie wall or even a popup. Even ad supported websites can use context based advertising without any tracking whatsoever but the choice is clear.
It's not always a political statement to add a cookie wall. Some companies are too lazy to consider alternatives, others don't care enough about their users. This stuff has been coming for years and nobody cared until suddenly everyone was "surprised" and now years later everybody is still acting like this is a recent development.
The message is always clear: your convenience as a customer is worth less than your data.
My convenience as a customer was impacted by the laws in the EU. The law had no positive effect on my experience as a user.
Apple did more for privacy with a 30 line rule change on the App Store than the GDPR. As evidence by every company dependent on tracking admitting during earnings that they are losing money by the change. No company announced any effects by the GDPR.
Imagine that a private technology company knowing more about technology than the EU.
The popups happen because that turns out to be what the legislation is incentivising. The solution is to make different legislation that doesn't incentivise popups.
Some examples (obviously not problem-free, but just to show that a solution space exists):
* No tracking even with permission
* No tracking unless the user mailed you hard-copy permission
* No popups
* No popups unless user testing shows that a user who hates popups, doesn't care about privacy and is just clicking stuff to get to see the site, will decline tracking at least 80% of the time
A lot of cookie pop-ups you encounter are not even remotely required under GDPR. They are a mostly a form of malicious compliance from the ad-tech industry that want the restrictions lifted.
This whole charade feels exactly like ISO-9000 and SOX compliance. Both were a pretty simple idea: document your policies, and document your adherence to the policies. In practice however, mid-level managers at Fortune 500's sprang into action to implement every idea thrown at them by white papers, underwritten by auditing firms, who would then be hired to come in and judge whether the company was adhering to their recommendations for compliance, which ultimately had very little to do with either precision and accuracy (in the case of ISO) or separation of roles and security (in the case of SOX).
So the Online Harms Bill (the switch part of TFA) is about having a completely controlled Internet in which innovation is completely stalled and entirely government mandated. It seems kind of mad that this could be phased in soon...
I presume I will have to log into hacker news via a VPN because obviously this place isn't going to implement anything other than geo blocking for UK IPs (like 99% of websites will); it certainly isn't going to be paying 10p+ for every user here to prove they are over 16/18?
Do we know under what terms young people will be allowed to interact with the Internet?
I think for the reasons you give this bill is never going to actually get through in its current form, or, if it does, it won't be abided by nor enforced. The reason it's gotten this far is because government ministers don't have any idea how the web works and they've adopted an attitude of ignoring experts so they won't learn. Once ordinary Tory voters start to get irritated by the implications of the law (credit card to view porn?) it'll get quietly scrapped. In any case, I know otherwise-luddite 60 year olds who know how to use VPNs to watch geoblocked TV, so getting around it will be trivial for a sizeable chunk of the population. And there's no way the UK government has the resources and political capital to police the internet on the scale required by this bill.
I don't doubt that the government can make life hell for its opponents if it wants to, I just doubt that ordinary voters will allow it to get that bad. Tories have such power right now because they're taking actions (and making signals) popular with the people, whether the rest of us agree or not. I don't buy that they've so corrupted the system that it no longer matters what the voting public think, which is why I still believe this bill is not going to be implemented or enforced in a way that removes real freedoms, once the public notice.
Besides, don't plenty of despotic countries already ban VPNs around the world, to limited effect? A large, liberal country like the UK banning them would I'm sure drive improvements to VPN protocols to make them even harder for ISPs to detect.
I think you’re wrong, this UK government is scarily authoritarian and vindictive towards anyone who crosses them (see bullying of the BBC and the sale of Channel 4 as just two examples).
Why do the commenters here don’t think they want to be able to control and bully opponents on the Internet too?
> geo blocking for UK IPs (like 99% of websites will)
Nahh, they'll just ignore UK law just like they ignore other countries laws. I mean, do you really expect every website owner to be versed in every single country's laws? There's no way!
Unless they "do business" in a specific country (e.g. selling goods/services) there's not really any downside to just ignoring that country's laws (when it comes to website/data stuff).
I don't plan to ever sell stuff to say, Guyana and never plan to go there. Why should I care what their laws are regarding websites/data collection? It's completely irrelevant.
The EU had some teeth when GDPR was passed. Even if I'm not in the EU, there are lots of countries that are, so cost/benefit of compliance seems reasonable.
When I hear about strange Brinternet rules, I just think why should I care about a single country and their strange and costly laws. If UK users want to reach my site, change your laws or use a VPN.
Indeed. My response to this has largely been "if this passes I'll just block traffic from the UK to my website" as it'd be cheaper than implementing this utter madness.
Especially if compliance becomes a _criminal_ issue. But then again Britain probably thinks this will spur a domestic market for smaller tech, and maybe that’s correct? Though it does sound like the main thing it incentivizes will be some rent seeking age verification companies or very dubious utility to consumers.
Is there a service or system for automatically blocking anyone from the UK? And how can we make it clear to British politicians that such a thing will be widely deployed?
I did read the article. I don't see anything in it that would cause somebody with no ties to the UK to block traffic. If I'm to believe this article, it's a pretty terrible law for UK residents, but as a US webmaster I am not bound by their laws. I can continue to serve user-generated content without any age verification and Her Majesty's government can't really do anything about it aside from blocking my web site. In an extreme case they could issue an arrest warrant should I ever decide to visit their kingdom, but that doesn't really worry me either.
If this becomes UK law and I continue to run onionisafruit-forum.net without age verification or blocking UK traffic, these are what I consider the possible outcomes from most to least likely:
- It never comes to the kingdom's attention, and everything continues as before.
- Some vigilant Brit reports it to their government. An email is sent to the support address. I do nothing, and the matter is dropped.
- My site gets reported and is added to a blocklist for UK ISPs.
- My site gets reported and Her Majesty's government convinces my ISP to cut me off.
- My site gets reported. Her Majesty's government puts in the effort to identify me personally and issues an arrest warrant. I never get to fulfill my lifelong dream of drinking warm beer in a London pub for fear of arrest.
> where I discussed how government is shifting its language from describing us as people with data rights to consumers with contracts, was spot on. You’ll understand if I’m not gloating.
This is exactly the issue, and the most important point that people and small businesses should be focused on. Especially when dealing with organizations that want to use the "consumers with contracts" model. Stop using the word "Consumer". People are not consumers, they don't consume things. People and Individuals purchase things with their own purchasing power as "Customers". We are not apart of a mindless machine, where businesses are the engine and we are the gears. Its the other way around, and the more that people promote this in the work place and other areas of life, the better. Words are like magic, they can empower, or enslave us. Don't let the few, who want to control public perception, make the calls.
Would it be possible to avoid all this mess by imaging a different way to use the web?
An access method based on rss (of some sort), in the way "start pages" did it ages ago.
So instead of going to a website to get information, the information comes to my website where I make the rules (as I'm the provider and the sole user). And instead of only receiving plain text information, I can also interact and communicate with other people (the content provider and other consumers), if I choose to.
It took them 15 years to fuck up the Web, we can pull the rug underneath them and perhaps get 20 more.
Historically in the UK inconvenience-inducing online laws like the Online Safety Bill have fallen either shortly after passage or shortly before passage as the people who pass them realise that they too have to follow their own rules.
This was certainly the case for that nationwide opt-out porn block that they brought in a decade ago, then quickly slipped under the rug when it became clear that they too would have to either learn to use a VPN or call up their service providers expressing their desire to watch porn
Some of it lingers, though. Like the invisible DNS filtering that all consumer ISPs are effectively forced to implement, blocking URLs coming from an unaccountable third party organization. Or:
> that nationwide opt-out porn block
That's still there; ISPs just made it very easy to switch off the block from apps and websites.
Tories ask for 100, bag 20, then ask for 200 and bag 80 - result: they get 100. And there is no recourse now, because those pesky supranational voices of reason have been jettisoned.
Boris Johnson is the only hope, in my opinion. Yeah he's a slimy, entitled, lying, racist, upper-class con-artist, but he's a populist at heart and has no principles beyond what he thinks will make the public like him. Yeah that's disgusting, and yeah it's the best of the worst, but it's still better than Cameronism, which simply doesn't care what you think. If an uproar comes, which it hopefully will, at least our fearless leader will listen, if only out of self-interest
Johnson is the one who keeps pushing these crazy schemes just to keep people riled up against the "bureaucracy-mad EU" he invented so many years ago. He will stop at nothing to stay in power, and will happily sacrifice all your freedoms to that effect - he doesn't respect the law anyway, so anything put on the book is just for you and me to be beaten down, not for him and his mates.
> it's still better than Cameronism
That's a false dichotomy. There is life outside the Tory ideological landscape.
> If an uproar comes, which it hopefully will
If the uproar comes from the "wrong" sector of the electorate, the Tories will just double down on it.
you're not really following the hn guide on commenting etiquette, and if you continue I won't reply any further.
>That's a false dichotomy
right now the options are Boris or a Cameronesque Tory. Sure in 2 years better options will be available, but that's in 2 years time. it is not a false dichotomy. besides, the longer Boris stays in power, the more he damages the Tories as a whole
>If the uproar comes from the "wrong" sector of the electorate, the Tories will just double down on it
this is an exaggeration, especially under the populism of Boris. yes they largely listen to their base, but they don't seek to actively antagonise others. they're a centre-right party that seeks a wide base without a high degree of polarisation. they're not the GOP or UKIP. given your comment, I suspect you may assert that they are more like the GOP or UKIP than I think. if so, I will agree to disagree on that
it seems like you have a lot of emotion and anger about this, and that's fine, but I don't think it's helping your objectivity about actual outcomes and intentions. I also don't like him or his party, but in the short-term he's better than a right-wing ideologue that doesn't care what you think
I mean, you started with "Boris Johnson is our only hope", so I assumed HN etiquette was out of the window at that point.
> 2 years better options will be available, but that's in 2 years time
You assume the Tories can produce a majority after the current "Brexit coalition", held together by Johnson, collapses. That's not a given. It's also not a given that whichever cabinet a new PM could produce, will be strong enough to enact big policies.
> but they don't seek to actively antagonise others.
Policies like Rwanda deportations and the return of imperial measures are absolutely designed to produce outrage, and I challenge you to prove otherwise.
The basic Johnson strategies are directly copied from the US playbook: they deliberately provoke the left in order to consolidate the right by defensive reaction, playing the victim and distracting from failures and scandals. And it works, for a while at least.
Is the entire party like that? No, but the people who are, are currently running the show.
> they're a centre-right party that seeks a wide base
They were. They stopped being that when absolute power went to the likes of Reese-Mogg. They attracted radical Northern votes by acting extremist on issues where the Labour party refuses to do. This is not your dad's Tory party.
First point, as far as I'm aware that phrasing has no relation to HN etiquette, and even if it does and you chose to interpret it in that worst possible sense, that doesn't give you the right to do it too
Second point, do I assume that? I cannot see how you've read that from what I've said. I'm a dyed in the wool labour voter, and last I checked the Tories were down by about 15% in the polls.
The rest is opinion that I disagree with. I'm not here to change your mind. It's fine to be emotional and shouty and take the worst possible view of everything, but I'm completely unconvinced by it, especially when you challenge me to prove a negative
>> The announcement criticized the EU’s “highly complex” General Data Protection Regulation and promised a “clampdown on bureaucracy, red tape and pointless paperwork” to “seize the benefits of Brexit.”
And that's all one needs to know about that announcement.
How does the UK passing a law saying you don't need cookie popups make those popups go away. Maybe big companies will target UK cetizens to not get popups, but most sites will still give you popups, because giving everyone popups to comply with EU laws is a lot easier than figuring out if you live in the EU or not. For example, the US doesn't have requirements for cookie consent, but you still see a ton of these popups if you live in the US.
From what I understand the way this is currently shaking out, is that it largely won't impact marketplace sites as credit cards can be used as a form of age verification. You might have to create an account and associate a credit card before you're able to browse which would be an awful user experience...
For other sites though, if the this passes into law I suspect it will have a much more intense cooling effect on the availability and access to sites. For the unpaid service sites I run, I'm certainly not going to pay for identity verification or allow that garbage on my sites. I'm much more likely to hide or disable any user generated content, or just serve a static page to users in the UK saying the site isn't available in your region.
They're really doubling down on removing themselves from the world community...
Yeah, this seems remarkably unworkable. 10p per user is a really high cost. I have to imagine that sites like Facebook or Twitter will fight hard against this. It’s far more onerous than GDPR.
What I don't get is that if you have a web presence in the EU, you're STILL subject to GDPR regulations, so really, in practice, for many – in particular larger – companies, you'd have now implement GDPR AND the new british rules.
And it's not clear to me that those two sets of rules would be compatible, rather than mutually exclusive.
I know protection of children is usually a false pretense, but for those that really care, it makes much more sense to let parents fine tune their children's access to various internet properties.
For example, iOS has pretty good parental controls, where parents can limit time in certain apps, etc. It's just a much more scalable and flexible solution.
Sure, some laws for companies could make sense, e.g. forbid them to run ads tailored to children below a certain age. Or label their products appropriately.
But I think it's basically the same thing as "video violence" and any reasonable set of parents shouldn't have any trouble making sure that their eight year old isn't watching Saw 3 (or some other violent film) with her friends.
reply