How to Update Easy List on Ublockorigin

I am amazed, at how much that annoyed me, too - and why I never bothered to find out, that ublock origin has this as a hidden feature. Awesome. I just also turned on all of the other annoyance settings. Is there a good chance of real content getting removed, on occasion, or do they work quite good?

It's pretty easy to make your own, too. I use the element zapper and picker to block Reddit's incessant demands that I use "new" reddit and get a "premium" membership. I also use it to block Facebook's "trending" bullshit.

Either an element zapper or a one click sticky-header killer should honestly be standard issue features in browsers nowadays. The web would be a miserable without them, especially on mobile.

I'm just concerned that's inviting an arms race where unwelcome page elements get randomized CSS namespaces. Fuck that noise.

In that case we could just match by the CSS rules' content - i.e. match all elements that have style X, Y, Z applied to them. That kind of arms race would be over real quick.

The arms race is that the next time you come back to the page, the offending element has a slightly different style (randomized CSS class name, RGB values changed by 1, font size changed by 0.1...) and your browser doesn't recognise it as being the right element to block.

Match by ranges so changing values by 1 doesn't work. At the end of the day a human would have to come up with an entirely alternative style for the page to defeat your filters. Pretty much any machine generated variations can also be defeated automatically by a machine. If defeating your filters takes a lot of work, and only helps until a few days later you update your filters in a few minutes, nobody is gonna bother.

That's already the case with sites like Twitter. In order to remove the trending pane in uBO, I had to rely on a11y attributes: ##div[aria-label="Timeline: Trending now"]

And random structure to break nth-child selectors. Even better: draw everything in a canvas.

I activated all the options in uBlock Origin a couple months ago and didn't miss anything so far. Of course when I visit a new site it's hard to know, but the few times where a site was obviously missing some content it turned out to be broken in general. So I would say the filter works pretty well, I didn't get a single popup of any sort ever since.

I have had all list except the extra languages lists enabled for a couple years now. Online fast food ordering sites (e.g. Chipotle) are the only ones I've noticed get broken.

> Is there a good chance of real content getting removed, on occasion, or do they work quite good? Yes, I sometimes get some real content removed. If something looks strange, I temporarly deactivate uBlock. Last time it was a GDPR checkbox at a store checkout.

Normally I disable ublock if I'm actually buying something from a website exactly for these sort of issues.

Or just use a different browser/Firefox-profile which still has uBlock Origin installed but with only the default filter lists...

OMG. Why have I been wading through the interweb of annoyance all this time? It's amazing how much of a difference this makes. I was starting to find the web so hostile. Every page an annoying battle with cookie pop ups. I am so genuinely happy

Yup, I use this one as well, and it's fantastic. The developer is a nice chap as well, and can give you an invoice for your donation.

Does this automatically remove the element and give no feedback to the site, always give the site permission to set cookies, or always deny the site permission?

Legally I haven't given affirmative permission so they're not allowed to track me. The same if I just ignored the cookie banners (which is what I did... until 2 hours ago when I saw this post). Practically I assume most of the sites are breaking the law, because that's how I expect webdev's to think and because most of the cookie banners aren't nearly up to spec to satisfy the law so I assume they aren't being that careful.

The Irish data privacy regulator recently did a sweep of 38 Irish websites, reviewing for cookie compliance. Two-thirds of websites were found to be relying on "implied consent" and 37 were found to set unnecessary cookies on landing before consent was given. Overall only 3 websites were rated as "substantially compliant." Further reading: https://www.dataprotection.ie/en/news-media/publications/rep...

Every site involved will say compliance is too difficult or whatever. What I wonder is, if you're not going to bother being properly compliant, why bother adding a GDPR banner at all?

Because your boss has a boss who has a legal adviser who tells him they have to have the appearance of meeting the requirements of the law/regulators. Compliance theatre. They all know it's smoke and mirrors but it ticks a box in someone's board meeting agenda.

Because there's a huge difference between being "blatantly non-compliant" vs "properly compliant".

I suspect most sites will get a warning first. I have a website myself with Google Analytics and I've never added a banner myself, I'll wait for the warning first, and I expect my users to have blockers installed if they're privacy-conscious.

If GDPR starts to be enforced, they'll go after the low hanging fruit first. You don't need to be compliant, just more compliant than the worst.

I haven't tested but, as far as I'm aware unlock origin never sends anything back to a site, it just blocks content so I expect that it would just remove the element with no feedback.

tldr; uBlock Origin removing the html element containing the "we use cookies" banner is effectively the same as clicking "OK" or "Accept", even without notifying the site/server. If there are any exceptions, they are extremely rare. --- Long answer: The vast majority of sites that show the GDPR "we use cookies" banner remember you clicked "OK" or "Accept" by setting a boolean value, either in its own cookie or as a key-value in your session cookie's storage (whether stored client-side or server-side). The ONLY thing the boolean does is determine whether or not to show the banner. That's it. I've never known of a company or site that changes the privacy/retention behavior of its features based on clicking "OK" or "Accept". As I understand it this solution doesn't follow the law, as users are supposed to be able to decline cookies and somehow still maintain state; the lawmakers don't understand a session is necessary for things like logins, so of course companies compromise with a simple banner that you need to accept/dismiss to "grant permission". When was the last time you saw a "Decline Cookies" button? If you click it, does the site work as expected? Answer: probably not, or the site uses the same cookie/session strategy anyway without telling you. Source: I've seen dozens of such implementations, and they're all the same. If the cookie/session value indicates not to show banner, then the layout/view simply skips outputting the banner. No other line in the entire code base ever reads the value of that cookie/session.

> as users are supposed to be able to decline cookies and somehow still maintain state; the lawmakers don't understand a session is necessary for things like logins The lawmakers do understand that, you are allowed to use sessions and cookies for essential tasks like tracking login state, and no popup is necessary in this case. I wouldn't be shocked if you are correct and many devs are indeed completely ignoring the legal requirements here, but that may be in part due to developers not understanding the legal requirements or believing incorrectly (as you seem to) that the requirements are not technically feasible. A simple, GDPR compliant solution would be a tickbox for "remember me across visits" next to the login form. If ticked you get a persistent cookie, if unticked just a temporary session that goes away when the browser is closed. No popup is needed.

Thank You. This is new to me. If login Cookies are allowed, and your login site already has your profile hence your Ads preference. Why do they still need to use cookies banners?

IANAL. It's not about cookies per se, it's about your information and what it's used for. If your information (e.g. a unique ID) is used for something you want (e.g. login), that's fine. If they want to use your information (could be the very same information, i.e. your unique ID / user profile) to track you, advertise to you, sell your profile to advertisers, ... they need extra consent for that.

Just in case they get sued. ..while their ads preference dialogue has pre-checked options which is clear violation of GDPR...

> users are supposed to be able to decline cookies and somehow still maintain state GDPR only applies to non-essential tracking & advertising cookies. Login cookies are always allowed, and you don't need a banner to state that you use those.

Is this true? What about shopping cart cookies, especially as a 'guest'? Does that need Cookie op-in, legally?

"the cookie is strictly necessary to provide an 'information society service' (eg a service over the internet) requested by the subscriber or user. Note that it must be essential to fulfil their request – cookies that are helpful or convenient but not essential, or that are only essential for your own purposes, will still require consent." If the site's using a common framework, convenient and essential uses will be combined in a "session id" cookie which needs re-developing, or just slap a cookie warning on it. https://ico.org.uk/for-organisations/guide-to-pecr/cookies-a...

We can look to the GDPR text itself to answer that. Is the cookie there in order to create a profile with other information in order to identify a natural person. If yes, then the company is required to treat that cookie identifier with the same care and requirements as other sensitive personal data like social security numbers, passport numbers, personal ID numbers, and so on. Law is fuzzy by nature, but it seems pretty clear that a shopping cart cookie is exempted from needing consent. Functionality of services that are expressly requested by users do not need consent, and in this case we have users that want to put items inside a cart in order to buy it. If that creates a profile on the server, and that profile is combined with other information, and then used outside the scope of the customer relationship, then we are moving into the area where consent is needed. We can draw a parallel to data collected offline. A person go to a store and talk to a sales representative about buying a product and having it shipped home. At what point do the sales person need to ask for GDPR consent? The answer is likely the point where the sales person saves a profile of that customer on the computer, and the profile is intended to be used outside the context of that purchase.

Which sounds a lot like the "DNT" (do not track) or Microsoft's "P3P" (Platform for Privacy Preferences Project) headers. Which both failed, because if companies were required to respect those standards, all advertising and tracking would be extremely easy for users to opt out across the board as a single global preference. The problem is that each site can choose its own text to display, which buttons/options it shows, and how those settings are supposedly enforced. This doesn't belong in the html of a site. This is exactly what a cross-browser preference should be doing. Which should probably be a modern–and most importantly standardized equivalent–of the P3P header. Every site should have a static set of options it can request, so users are used to accepting or declining the same set of permissions regardless of the site that is visited. Otherwise agreeing to the per-site cookie banner is just as convoluted as expecting users to read Terms and Conditions policies. I have never read the text in a cookie banner, and I never will. I click the OK/Accept button immediately, just like any T&C/ULA. Imagine if requesting webcam, microphone, notifications, or gps/location permissions were possible by a site including its own custom banner, and if you clicked OK/Accept, it immediately got access to those features. Of course browsers don't allow this, because sites would abuse it and trick users into granting permissions when not desired. Instead, your browser provides a standardized prompt for requesting such permissions. There is no reason for tracking cookies to be exempt from being required to follow the same model.

The trick of the GDPR vs those browser technologies is that there's actually regulation because obviously the industry can not be trusted to self-regulate. Indeed, there should be an enforced UI, but that's not how the EU tends to regulate on privacy, and without EU regulation none of the companies currently trying to entirely ignore the GDPR will use it. They have put out guidance that some current attempts at pretending to comply are illegal, and I expect to see fines regarding that in the next couple of years - the difficulty is creating a solid case that isn't going to undermine the GDPR through case law. I wonder, though, if there were a dirt simple API for consent in the browser, whether independent developers who would honestly like to comply would use it.

I have been increasingly seeing cookie banners that provide more options than just the typical "Ok" or "Accept" buttons, such as a more restrict cookie tracking configuration. Not sure if selecting the more restrict config will have any effect in those sites though, besides just hiding the banner in future visits.

That would place the plugin authors in a potentially dicey position legally-speaking. The publisher is trying to adhere to a law (for better or for worse) by giving the user visibility into technologies and data usage. A plugin hiding that by default can lead to all sorts of nastiness.

Hiding the popup simply means the site cannot legally set unnecessary cookies. Which they don't if you just ignore the popup or click its close box. That's effectively all the plugin is doing, so it's a perfect solution. It might annoy the site owner, because they would really like you to click "Yes" but it's perfectly legal for them to never get that "Yes" and just never send you cookies.

> Which they don't if you just ignore the popup or click its close box. The majority still sets the cookie, by using implied consent. In best case they don't set anything if you Decline but most don't even do that. The banner is then merely an information popup about cookies in general. Example: https://news.ycombinator.com/item?id=23523294

Yes, but the statement that simply ignoring the cookie banner will result in no cookies being set is still wrong. The reason being that almost no sites are compliant.

They are violating the law. There is no implied consent, except in the mind of people whose income depends on there being such a thing.

On a related note is there a good plugin that blocks those annoying "would you like to subscribe" type floating popups? I feel like we've gone back to 1996 with those things. Often when I get one of those my first gut reaction is to leave the site rather than search for the "X" button, but now almost every site has them.

One downside is that some apps refuse to work until you make a choice in the cookie pop up. So if you hit a site like that you need to: * Pause your blokcer * Reload the site and accept/deny cookies * Resume your blokcer

Thank you! I can't believe I haven't looked into that until today. I could not care less if a site uses cookies, but the notice was always super annoying.

I was doing it manually every time like this ; Right click on ad / pop up -> Block Element ( a rule is automatically generated ) -> Create. Voila ! You might have to do it 2-3 times for the same element as it might have several layers. But then you're done and you haven't been forced into clicking "ok" ( With uBlock Origin )

It must be the sites I go to, but I've always had this enabled, and I still get plagued with Cookie requests. :(

wisniewskihaverping.blogspot.com

Source: https://news.ycombinator.com/item?id=23521606

Share this post