Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

But what requests would it even make? If you opt out you're effectively telling it to _not_ make any requests.


If it's the TrustArc Ads Compliance Manager, it makes a call to all the ad networks requesting the network's opt out cookie. The opt out cookie prevents the user from being tracked by that ad network across all sites. Cookie banner opt outs usually only prevent tracking from the site you are one.

Unlike GDPR, which uses a website as the gate for all cookies, the ad industry also has self-regulatory programs. Participation in these programs require that a website allow a user to opt out of all ad networks present on their site. TrustArc built a module to do that: https://preferences-mgr.truste.com/.

If you run the tool there, it will make a call to the ad networks listed. Of course if you're running an ad blocker, the call will get blocked and it will look like the tool doesn't do anything.


The problem is you're being presented a mandatory popup for what appears to be used as GDPR compliance but realize that it isn't because real ones are instant. This is fake GDPR in the sense that it isn't (compliant); it's other things, as you note. If the purpose is to facilitate GDPR, that opt-out time shouldn't be conflated (the ad stuff shouldn't be bundled), given that GDPR appears to have a requisite "It shall be as easy to withdraw as to give consent.". Is that a correct interpretation? You're suddenly notified you can't operate for minutes (unless you opt-in), which is definitely dark, and unnecessary (unless you want to achieve the action they're doing, but you didn't; you just need GDPR). Sitting captive for minutes is not a modern day web experience anyone finds acceptable, that's why Google is so focused on empowering loading speed inspection/resolution. The experience made me wonder if they use users who don't opt out (I almost gave up just to get out of being locked out) as a selling point. There wasn't, that I could find, an instant GDPR-compliant way around this obstruction. Why would any company care for this experience? If they wanted to be polite and do extra action (this ad network regulations thing), they have the tech to do it asynchronously/unobtrusively, right?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: