提案:Cookie 同意应为浏览器原生,而非网站原生
简而言之:Cookie 同意不应该在每个网站上都成为弹窗战争。浏览器应该像处理位置或通知一样,基于用户设定的隐私偏好来原生处理这一问题。我们可以通过一个头部信息、少量的浏览器强制执行以及大幅减少无谓的干扰来改善网络体验。
当前的 Cookie 同意系统混乱不堪。每个网站都在你面前弹出一个窗口,要求你接受你既不想要也不需要的跟踪。讽刺的是,这在技术上并不是必要的。我们可以在浏览器层面上解决这个问题——以一种干净、普遍且尊重用户的方式。
以下是解决方案:
1. **浏览器级隐私偏好**
浏览器应该允许用户设置全局同意偏好,就像设置默认语言或搜索引擎一样。
示例:
- 必需的 Cookie:始终允许
- 分析 Cookie:询问或阻止
- 营销 Cookie:询问或阻止
- 第三方 Cookie:询问或阻止
只需设置一次,适用于所有网站。不再有弹窗。
2. **新的 HTTP 头部:Set-Cookie-Category**
网站在设置 Cookie 时应对其进行分类,例如:
Set-Cookie: sessionId=abc123; Category=Essential
Set-Cookie: trackUser=true; Category=Marketing
标准化的类别:必需、分析、营销、个性化、其他。没有欺骗,没有模糊。
3. **浏览器强制执行**
当一个网站试图设置 Cookie 时:
- 浏览器检查声明的类别。
- 浏览器检查用户的隐私偏好。
- 如果没有同意:Cookie 被静默阻止。
如果同意为“询问”,浏览器会显示一个小的权限提示(类似于位置或通知)。不再劫持页面界面。
4. **可选的网站消息**
网站可以选择触发一个浏览器原生对话框来解释其 Cookie 使用情况——但不应有法律术语的墙壁阻挡访问。
5. **额外:更简单的合规审计**
浏览器可以提供 API 供合规工具自动验证网站是否尊重同意偏好。
为什么这还没有实现?
- 广告技术公司从摩擦和黑暗模式中赚取了太多钱。
- 浏览器厂商(尤其是 Chrome)从现状中获利。
- 监管机构在 GDPR/CCPA 草案中针对的是网站,而不是浏览器。
但现在还不算太晚。Safari、Firefox、Brave、Arc——甚至 Chrome(如果施加足够的压力)——都可以轻松实现这一点。
用户值得拥有更好的体验,网络也值得拥有更好的未来。
如果你认为应该构建这个功能,请点赞以帮助提高可见性。
查看原文
TL;DR: Cookie consent shouldn’t be a popup war on every website. Browsers should handle it natively — just like location or notifications — based on user-set privacy preferences. We can fix the web with one header, a little browser enforcement, and a lot less nonsense.<p>The current system for cookie consent is a mess. Every website throws a popup in your face, asking you to accept tracking you neither want nor need. The irony? It’s not technically necessary. We can solve it at the browser level — cleanly, universally, and in a user-respecting way.<p>Here’s how:<p>1. Browser-Level Privacy Preferences Browsers should allow users to set global consent preferences, just like setting a default language or search engine.<p>Example:<p>* Essential cookies: Always allow<p>* Analytics cookies: Ask or Block<p>* Marketing cookies: Ask or Block<p>* Third-party cookies: Ask or Block<p>Set once. Apply everywhere. No more popups.<p>2. New HTTP Header: Set-Cookie-Category Websites would categorize cookies when setting them, like:<p>Set-Cookie: sessionId=abc123; Category=Essential Set-Cookie: trackUser=true; Category=Marketing<p>Standardized categories: Essential, Analytics, Marketing, Personalization, Other. No trickery. No ambiguity.<p>3. Browser Enforcement When a site tries to set a cookie:<p>* Browser checks the declared category.<p>* Browser checks the user's privacy preferences.<p>* If no consent: cookie is silently blocked.<p>If consent is "Ask," the browser shows a small permission prompt (similar to location or notifications). No more hijacking the page UI.<p>1. Optional Website Messaging Websites could optionally trigger a browser-native dialog to explain their cookie use — but no walls of legalese blocking access.<p>2. Bonus: Easier Compliance Audits Browsers could expose APIs for compliance tools to automatically verify if a site respects consent preferences.<p>Why hasn’t this happened yet?<p>* Ad-tech companies make too much money off friction and dark patterns.<p>* Browser vendors (especially Chrome) profit from the status quo.<p>* Regulators targeted websites, not browsers, in GDPR/CCPA drafts.<p>But it’s not too late. Safari, Firefox, Brave, Arc — even Chrome (if enough pressure builds) — could easily implement this.<p>Users deserve better. The web deserves better.<p>If you think this should be built, upvotes help visibility.