GDPR: Successfully turning privacy problems into security problems.

Ugh – GDPR. From a legal perspective, GDPR was designed to give users control over their data. From a practical perspective, GDPR is the reason you had to click “Accept Cookies?” 12 times today without really knowing what cookies even are (and I’m sure you read all 12 privacy policies before clicking “Accept”, right?)

“The road to hell is paved with good intentions…”

I shouldn’t be so annoyed by these pesky little popups. But tonight I find myself searching for a chrome extension that can just auto-click-yes on all of them. The popups are not useful to me.

Turns out “there’s an app for that” called I don’t care about cookies. Looks like what I want, except…

Do I want to install an app that has ability to read all pages I go to and clicks “Accept”? This may seem like a circular question – am I worried about privacy to an app that’s going to help me ignore my privacy? But that isn’t the real issue. The real issue is that to fix GDPR’s UX problem requires me to turn a privacy problem (cookies) into a security problem: can I install this extremely powerful app at all? What if it’s malicious? Or what if it gets updated to do something malicious? Grrr…

Unfortunately I couldn’t find the open source for “I don’t care about cookies”, so my search continued. This time I found another app called “Consent Manager“. This one seems to take the opposite approach – attempting to decline automatically, but I also can’t find the open source. Foiled again. At this point, I’m out of time so I will give up.

Conclusion: I hope Google Chrome implements a checkbox on install that will enable users to “auto accept all cookie policies” or “auto reject all cookie policies”. If Google give you the choice, I’d say that falls within “do no evil”. Irony!

2 thoughts on “GDPR: Successfully turning privacy problems into security problems.

  • February 17, 2021 at 11:59 pm
    Permalink

    FWIW – “I don’t care about cookies” source code looks clean for now. To see the source, you can just install the extension and unpack it (rename to zip and extract). There are a few way to do this, but here’s the link to the Firefox one which is just a direct download: https://addons.mozilla.org/firefox/downloads/file/3726039/i_dont_care_about_cookies-3.2.8-an+fx.xpi

    To go one step further as a protection against malicious updates, you can use some sort of js injector. Chrome/Chromium-based browsers have plenty. For example, “Custom Javascript for Websites 2.” I just replicated the plugin inside of an IIFE and it seems to work pretty well (still a little buggy…). The plugin is just searching through a bunch of common classes and IDs that the author must have scrapped — so I combined all of the JS files into one function and now I can have that run locally when the page document is ready. A fun exercise, but at the end of the day, I’ll stick with the extension.

    Reply
  • May 26, 2021 at 6:16 am
    Permalink

    The EU says that GDPR was to ‘”harmonise” data privacy laws across all of its members countries as well as providing greater protection and rights to individuals.’ Do you think there is a better way to accomplish this? I’d be curious as to your thoughts. Is there a data privacy solution to be found through blockchain that disperses data privacy to the level of the individual?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *