You must log in or register to comment.
Why won’t you let them protect your privacy???
To be fair, I can actually sort-of see a specific point here:
They are legally required to offer you that cookie choice. If you block that choice, are they in violation of the law even if they cannot apply cookies? Just because their site does implement tech for it (even though you’re blocking it, but the law cannot know that) and they cannot show you the popup allowing you to reject the tech (since you’re blocking it)?
Weird thing. Doubt there’d be a clear answer without someone dragging someone else in front of a court for it, plus that’s of course not why CNN is blocking us here, but it’s an interesting thought whether they are even allowed to let you on if they cannot present you with the GDPR choice.
They should just treat it as declined every necessary cookie and move on
It’s already supposed to be decline-by-default in this case (IIRC under GDPR)
Then why can over 100,000 other sites show their cookie banners as required by GDPR while Firefox + unlock origin is active, but somehow one of the largest media companies in America “just can’t do it” without disabling your ad-blocker?
If they really couldn’t do it, they would do like Home Depot did and block anyone in europe from accessing their site.
This is not about GDPR at all! This is exclusively about forcing you to disable your ad-blocker so they can make more money from offering a bad browsing experience.
unlock origin
Exactly, it works fine with third-party scripts blocked.
Yeah. GDPR should have been implemented as a mandatory part of HTML or even HTTP that interacts with a builtin browser feature. Let the user make the choice once, in the browser, and let the browser tell the visited site what’s allowed. Statutory compliance would mean something like
- browser detects and warns about cookies which do not appear to be in compliance with user’s preferences (optionally: browser can block cookies which do not appear to be in compliance)
- browser detects sites which do not implement the spec at all, and warns the user about that
- regulatory body checks for compliance on any site with over X number of users
- regulatory body checks major browsers for compliance
- any combination or all of the above
Yeah. GDPR should have been implemented as a mandatory part of HTML or even HTTP that interacts with a builtin browser feature.
Well, it kind of is. The Do Not Track header has recently seen a court win in Germany (source):
It turned out that the judge agreed with vzbv, ruling that the social media giant is no longer allowed to warn users it doesn’t respect DNT signals. That’s because, under GDPR, the right to opt out of web tracking and data collection can also be exercised using automated procedures.
And it is basically the same in California too Source
GPC is a valid do-not-sell-my-personal-information signal according to the California Consumer Privacy Act (CCPA), which stipulates that websites are legally required to respect a signal sent by users who want to opt-out of having their personal data sold.
Sounds like do not track +
They offered it but you just didn’t see it because blocked, so there.
INVADING YOUR PRIVACY IS REQUIRED TO PROTECT YOUR PRIVACY
LET US IN!!!
No one has mentioned the good version of that site, https://lite.cnn.com – no ads, no bloat, works fine with UBO.
TIL!
and it’s mobile-friendly and distraction-free too
Thank you for this. Wow, such an improvement!
That’s amazing!
Oh my god, YES
This is awesome. I’m wondering if other companies have similar versions of their site.
Try text.npr.org. I think there a few more but that’s the one I remember.
CNN: We can’t ask if you want to allow cookies because you’re blocking everything
Me: Which means I don’t want you to……….?
CNN: No idea, we have to ask you.
Me: I’m so strict you can’t even ask meaning………?
CNN: You….
Me: Yes?
CNN: Uh………… don’t want……
Me: Yesssss………
CNN: To miss out on us asking you.
Thos but unironically. GDPR
GDPR doesn’t require them to ask if they would just not violate our privacy. In other words, it’s perfectly legal to assume “no” if they have no means of asking.
It’s not only legal to assume, it’s a requirement to default to “no”.
Tracking is opt-in.
The requirement to not track users with cookies does not extend to cookies that make the site work in the first place, such as those which track your login session, or your refusal of other cookies.
so don’t track login sessions, etc.
no cookies, no problem with not having asked for cookie consent.
if the site breaks, it breaks, and leaving it broken is a choice users can make.
I just opened CNN on firefox with unblock origin on both mobile and desktop without issue.
I wonder if it has to do with the region you try to load it from. The message in the screenshot seems to indicate that it might.
could be that there’s been an update to the filters to deal with this issue?
I can open CNN too, but once i click on an article I get the page OP has…
I viewed 3 articles, no issue. Cleared cookies & site data before hand to be sure I hadn’t already allowed them at some point.
Clicking the article works fine for me.
I can confirm this behaviour, Fennec on Android with uBlock Origin.
seconded the success.
You think they might have updated something in response to backlash…? I had thirty-five blocked elements with Firefox and UBO. Fuck CNN…
Windows/android?
What if you refresh the page?
Same, works fine. But I don’t block cookie popups, I have consentomatic handle them instead, plus Firefox is getting that built-in, anyways.
you blocked the stuff we need to protect your privacy
holy shit fuck you you lying fuck
They could be telling the truth… It’s possible that OP is in Europe and the ad blocker is blocking a GDPR cookie consent notice.
The message explicitly mentions EasyList Cookie, which is described like this on https://easylist.to/:
EasyList Cookie List blocks cookies banners, GDPR overlay windows and other privacy-related notices.
Edit: I’m not agreeing with what they’re doing. I’m just saying that the message may be accurate. Having said that, maybe blocking a cookie banner should count as an opt-out, so they shouldn’t show this notice and instead just automatically reject the cookies. I’m not sure if the law is clear around this, though.
If you want to opt-out of tracking cookies, consent-o-matic will likely work better. It automatically clicks the right buttons in the consent notice for you.
Edit 2: The law seems unclear about what to do if the consent notice is blocked by the viewer’s browser (and thus they can neither accept nor reject cookies), so maybe blocking access to the site is likely the safest approach for them to take.
The law is done dumb. They should update it to say “the banner must always have a “reject all” button which rejects everything (including the legitimate interest) on it and it must not be hidden inside any further clicks”
I’m sick of having to search for that button under two sub menus or having to uncheck 20 check boxes. And what the hell is even “legitimate interest”? There’s nothing legitimate about any tracking at all. This phrase really offends me every time I read it.
The EU already updated it. Websites slowly follow to comply
I’ve had it happen to me for a week or two now. US based. I always just figure if a site doesn’t work with my blockers, then I really don’t need to see it.
Imagining a returning user who previously consented. If non essential cookies changed since their last visit, that user needs to consent again. But in scenario, just auto opt them out? I’m weirdly on the fence between this might be a reasonable block or a violation of GDPR for denying access to users who do not provide consent.
Funny… My company (over 100k employees worldwide) is blocking CNN as a security risk…
Do you see a similar message for other news and social media sites? My gut tells me that it’s just one of many blocklists added to your company’s firewall but they don’t have a specific message for “blocked because not work related”.
I’m getting these messages occasionally, but usually they make sense, such as when I go to online gaming sites or torrenting portals. Didn’t try porn - don’t want a call from HR. In general, our IT policies are fairly sensible; this is one of the very few outliers.
Probably just a blanket block of all msm
All other MSM, even some more questionable like The Sun or Fox News, works fine. CNN is the only one blocked.
deleted by creator
Well, guess we won’t visit CNN anymore 🤷
https://archive.is always has a backup of the current page. I stopped using CNN a few weeks ago.
required components that protect your privacy
Talk about doublespeak. Double-plus-good, eh?
I’m using Firefox with uBlock Origin and cnn.com loads for me without any issues.
I tried after reading this, can confirm that it works fine for me too with FF and UBO.
Says you’re using Brave…
Yeah I’m using Firefox with ubo and was not blocked when I visited cnn.com
I’m not doubting OP, I just wanted to make sure I was reading the same post as everyone else. Weird that CNN flagged FF as Brave. Could also be a VPN issue, either on or off.
I just assumed that it was some kind of boiler plate message, but it makes sense that OP’s user agent is Brave, using FF or not.I take it back, FF and had the same problem, just not on their front page.
Read retard, refresh
Just visited in Brave and not getting any warnings on desktop
Same here
I’ll give them benefit of the doubt and assume they’re using the brave user agent in Firefox.
If that’s the case the solution is simple, switch back to Firefox user agent. Or use Chrome as your user agent, you can whitelist specific sites to use any user agent you want
Post title says Firefox, but the screenshot is saying Brave. 🤔
I mean… It could just hard coded example text as they might have seen most people with that blocked used Brave? Haven’t test it tbh.
I got the same message on iOS Safari with no special config or UA switching (just an ad-blocker). I figure it’s a badly implemented feature. But holy shit I thought the browser wars settled out a long time ago and we had decent standards in place, guess we’re regressing back 20 years though.
deleted by creator
Maybe a changed user agent?
Removed by mod
If CNN wants me to use their website they need to sign a contract that says they need to eat my shit with a spoon. Legal repercussions if they violate.
Heh, we had this problem with a work product a month ago. it’s the suppress cookie popups feature.
Legislation in some areas requires people to opt in to cookies, but add blockers block the banner pop, so from a legal compliance standard they’re not in compliance even though it’s something the users are doing.
The cookie blockers automatically decline cookie consent with the minimum possible cookies.
If your site is GDPR compliant it must respect the consent triggers by the extension as the consent is identical to if a human user correctly filled out the cookie form to acknowledge only the minimum required cookies.
CNN in the OP is just gaslighting the user here.
That’s assuming the extension manages to hit your trigger correctly. They did not make the js call, just blocked the div. Oddly, they left our full page control block in place. We had to modify our triggers to make it work.
Is the trigger a js event, or an api call, or what?
We had a form button on a div slide in with a 30% dimmed background div behind it. The button just did a JS call to trigger to safe cookies or not and unblock the back div.
The browsers were just unblocking the banner div on us they weren’t making the button call. I’m sure they do something very smart to try to figure out how to automatically click okay or cancel, somehow it just didn’t line up with what we had written.
Genuine blockers do that, but some anti-nag filters remove the popup via css or js suppression.
I’m using the consent-o-matic Firefox plugin (set to deny all) and have no issues whatsoever using CNN on mobile.
Thanks I’ll check it out
How would blocking the pop-up be violating the law, though? If the pop-up doesn’t show, you’re not able to agree to cookies. You don’t provide your explicit consent, therefore the website must assume you don’t want to be tracked. The presence of the pop-up shouldn’t be changing anything for people not willing to opt in, should it?
Or perhaps they’re self-aware and have set it up to only opt you out by filling out the form, which you can’t do if it isn’t there. Or they just want you to agree to those “required” cookies? I don’t know.
Blocking the pop-up isn’t violating the law. Nevertheless we needed the cookie for the login. If we didn’t get you to authorize the cookie you really had no business in the app because it would not work for you. It was a bad design but it was third party.
But we couldn’t even pop that up because the browsers just tried to slide by any notifications about cookies
First-party cookies that are needed for site functionality (like a login cookie) dont require explicit consent.
Feel free to proceed without a cookie banner.
From gdpr.eu:
Strictly necessary cookies — These cookies are essential for you to browse the website and use its features, such as accessing secure areas of the site. Cookies that allow web shops to hold your items in your cart while you are shopping online are an example of strictly necessary cookies. These cookies will generally be first-party session cookies. While it is not required to obtain consent for these cookies, what they do and why they are necessary should be explained to the user
It took me so long to figure out what you meant about accounts and stuff until I remembered you were talking about your own product. I get it now. Do you think it’s a similar situation here, where the site is reliant on these third-party cookies to function at all?
They literally explained. Some jurisdictions require them to ask you about cookies but the way some people configure their browser blocks this legally required prompt, potentially exposing them to legal action.
The cookie popup is only required if you’re serving cookies. If the user is unable to accept/reject, or chooses not to, the correct action is to not serve any cookies to stay compliant with the law.
It is obvious that you should not serve a single cookie until after the user has accepted it. Unless you’re intentionally being an ass of course
Narrator: They are intentionally being an ass.
Horseshit. The legislation does not just require that they “ask.”
If the pop-up can’t be served, all it means is that they can’t use the cookies or tracking restricted by the legislation. If the user did not consent for any reason, then they did not consent. This includes if the pop-up is not displayed for whatever reason. It’s not the user’s fault CNN is too stupid to understand this. If they don’t serve illegal cookies or perform illegal tracking, then they don’t have to ask. It’s pretty damn simple.
In reality, they’re just using this to try to prevent people from using an ad blocker on their site, and making up a rationalization post-hoc.
Is that actually true or is that just their legal team playing it overly safe? Because if it is true that’s incredibly stupid.
Not just the legal team. Every time there’s new legislation like this, a new set of contractors pop up offering to walk your company through what it needs to do to be compliant. Nobody is quite sure what the limits are–and nobody will for several years until court precedents work out the issues–so those contractors are going to tell you to assume the worst case interpretation.
PCI Compliance (technically a contractual obligation rather than legal), Sarbanes-Oxley, and GDPR were good things, but all of them spawned a sub-industry of grifters.
Is it even the legal team though? This just feels like someone playing malicious compliance.
It sounds like legal teams playing it safe. Who would go to court over such a thing?
The California stuff still has yet to play out in courts but the European law covering it was actually pretty significant. And it was enough of a pain in the ass that they recently said they’re going to repeal it.
And it was enough of a pain in the ass that they recently said they’re going to repeal it.
Repeal the EU law? I’ve heard that they were going to tweak it, but that usually means they’ll tighten it, like when they clarified you can’t make a cookie banner with thousands of individual opt-out switches.
Just switched back to FF for the first time in years. Have to say, it’s helping me de-google quite quickly because they’re such bastards about playing nice with other browsers.
