Comment by mattmcknight
3 years ago
> To website visitors: if you see a cookie banner, the site is asking permission to spy on you.
Or you know...count how many unique visitors they have and how to make the site more useful. Do you avoid using cookies on this site but still manage to log in?
Cookies needed to properly provide user authentication, i.e. user session identification, are counted as "technical necessary" cookies and do not need a cookie banner. You only need to ask for cookie consent, if you track visitors with third-party services. And, to counter your unique visitors claim: you don't need cookies, or any third party service, for that. Everything can be done locally without disrespecting user privacy.
Exactly. HN doesn’t need a cookie banner because they’re not spying on their users. No barrier to keeping track of sessions.
> and, to counter your unique visitors claim: you don't need cookies, or any third party service, for that. Everything can be done locally without disrespecting user privacy.
how do track unique visitors without cookies, and how is that way less "disrespecting" of user privacy than a cookie?
IP and User Agent, for example. Goaccess[1], a tool to generate statistics from webserver logs, is capable of calculating unique users. Calculating unique views entirely on your own server without any of that data leaving it, is way more privacy friendly than urging your users into accepting cookies so that Google can harvest their data and send it to their US servers.
I wrote "disrespecting" because using GA is exactly this for me. Website owners give a f** about your user privacy just to save them some work, without caring about any of your users' data.
[1]: https://goaccess.io
Do you know the difference between cookies and a cookie banner? Do you understand why this site can have login sessions, and even keep track of the number of unique visitors, yet is not required to have a cookie banner?
What do you think the _ga attribute is in their cookie?
Isn't there an exception for authentication in the consent requirement, but not in the inform requirement?
Have you researched to know if this site is hosted on a US server? I wouldn't be surprised if it is and I also wouldn't be surprised if your IP address was additionally stored in a log somewhere for a period of time. In the US.
Yes but they are not tracking you with third party services, so regardless of where the server is they would not need a banner. The banner is a request for surveillance permission.