I am in my mid forties, been working as a professional software developer for over 20 years.

I click “accept the cookies” almost every time. I just personally don’t feel it’s worth the effort and cost to try to avoid it.

What “dark pattern cookie trick” are you worried about? I just can’t come up with a scenario where it will actually harm me in any way. All the examples I have heard are either completely implausible, don’t actually seem that bad to me, or are things that are trivially easy to do even without any cookies.

Now, I am not going around giving my real email out to random sites, though, although even that doesn’t strike me as particularly dangerous. I already get infinite spam, and I am sure there are millions of other ways to get my email address… it is supposed to be something you give out, after all.

I just don’t think it is something that is worth stressing out about and fighting against. Maybe I am actually naive, but I just have not yet been convinced I should actually care.

> It is the young people that are growing up conditioned to press accept

It's really alarming, actually. I run the cyber security training & phishing simulations at my work, and it's the younger employees that struggle the most. It's like they just assume that everything on the web is trustworthy.

It's not hard to see why though. They grew up with app stores & locked down devices. No concept of a file or file system, no concept of software outside of the curated store & webapps. People that never had to take responsibility for their own digital safety because "someone else" (Google, Apple) always did it for them.

It's not just cookies, it's explicit consent to track you, and sell your browsing history to ~1500 spy companies around the world.

To the sibling comments: don't "accept the cookies" and then delete them.

- - -

I'm super angry at what the web has become, especially at the OS browser community. There is 0 browser (that I know of) that can access the web safely and conveniently. Atm I use Firefox with uBlock which blocks the cookie banners, but Firefox's extension model is broken, and every single extension provides 100% access to my websites to whoever controls the extension. I don't like it.

We need a browser with a safe extension model.

- - -

edit: I guess using 2 Firefox profiles, one with uBlock and one with my google/facebook/bank/amazon/etc accounts solves the threat posed by uBlock and extensions. I still don't like it.

I remember when it first became widely known that the government could see your library checkouts. People protested. It was a big deal in my tiny town.

I don't even think it would be even a blip on the radar now.

It really is depressing how much ground we've given.

People around me (including engineers) all casually use things like Alexa, Google Home, Ring, Nest, Chrome, are always signed into Google, have all sorts of apps installed on their phones, and have no problems giving up their phone numbers to services for verification. It's crazy.

I use Cookie AutoDelete on Firefox and it's great. It works with Firefox Container Tabs (groups have their own cookie settings), and let's you greylist (allow cookies from a particular domain pattern until the tab is closed) or whitelist (always allow from the domain pattern). I set it up for my kids computers also. The default is to blacklist (cookies aren't set), and I can whitelist for particular sites where they need say persistent login.

Definitely in 2026 kids should be getting tons of education in public school about how to safely browse the internet, both for personal data privacy and for safety against stalking, doxxing, grooming etc in the same way millenials were grilled about source checking internet resources like Wikipedia.

Most doesn't event know what cookies too. In fact, most doesn't put extra thought into the things they are clicking/accepting on web.

Because of this, I found it odd that the regulation allows displaying the accept cookies button. Instead, it should be rejecting cookies by default and a separate flow to accept tracking cookies (e.g. via account settings page)

I do this, more or less, although I am a bit older. It's not as if I enter my real name, address, or email at every opportunity, but there is really no perceptible feedback loop that would force one to contemplate the consequences. I visit my local news site and the first thing I see is a massive cookie banner which lists over a thousand third-party vendors and asks me to either "Accept all", or if I am being prudent, click adjacent button called "Choose" to go to another page, then manually untick dozens of tracker categories, and then click "Allow selection". Whatever I chose, it wouldn't have any tangible impact on my life. I simply do not care.

>Siting there I realized, we were not the real target.

That is wrong. You definitely ARE the target too - perhaps not the primary one but you are part of the cohesive whole. Why would you think that Facebook sniffs for offline data about which doctors people visit? These are not accidents.

Accept the cookies and flush them out every time you close the browser. I think it would be naive anyway to assume that clicking no on a cookie banner would achieve much for your privacy.

The allow/reject button seems useless anyway. It's my browser allowing this, not the website. If I were worried about cookies, I'd disable them or clear at end of session.

There is a third path, Firefox focus.

Accept everything, the end the session.

That said even with throwaway relay emails I don't sign up to much

sadly I'm one of those "knowledge worker" that aren't extraordinary enough to survive on my own so I have a job. And everyday when I try to login to my zero trust network my face is being scanned multiple times. And I feel the cold stare from the teenager me lol that dude would not approve such atrocity for sure. daily refresh of biometric data is just downright degrading...

Accepting cookies vs. entering personal information are very different buckets for me.

I just click "Accept all" on every cookie banner, life it too short to figure out which checkboxes and dark patterns I have to avoid on each site to not hand over some data...that is than later on just tracked in the backend ("server to server tracking"). Or sold by my credit card company, or tracked by me hovering over some video on YouTube. With the amount of data available unselecting some check boxes on a website just doesn't make a difference.

My inclination is to simply close the window as soon as there's a popup of any sort. If someone did that to you in public you would be within your right to punch them in their face as an act of self defense.

I doubt the average person even reads those. They are just "the thing you must click to get on with things". How many of those does a person even see in a day across all software and websites wanting to pop up with some garbage you do not care about?

> It is the young people that are growing up conditioned to press accept

There is a similar story with Ford and how they build pavement everywhere and taught the young population that roads are for cars. Now we have to drive for 10 minutes to get from one shop on the plaza to another shop on the different plaza.

I had the same realization when seeing some one open up the outlook inbox and seeing a huge advert banner on the right of their screen. I had been so accustomed to using an ad blocker I realized the average person is bombarded with so much attention theft.

I'm over "middle aged" and just accept everything as well. Same with email - who cares who has it when we have adequate filtering in this year of our lord. I've never had anything negative come of it, and I'll be surprised if anything ever does. Seems like a lot to worry about for nothing.

simple solution: go to a convenience store. Show your id, maybe 2 pieces. They frown, shrug, and give you an anonymous verification token, usable once (or maybe a set of 20), that you can then use to anonymously verify your age.

Yeah, people will sell these tokens online, but that's not the end of the world. People have bought liquor for minors who sit around the corner from the liquor store since forever. It's still a reasonable comporomise

I saw some research awhile ago that 60% of the time, "reject cookies" is ignored.

I use chrome as “burn” browser (i only use it for non important things) and I have a dummy email that I use for signing up in everything non important as well. Perhaps this young adult was doing the same?

> the young people that are growing up conditioned to

How does the conditioning start?

> not value their personal data

Okay, but in practice how much do they do with it that isn't ad placements?

It's not young people it's inpatient people. My mum was happy to browse the pirate bay and demonoid and all that, where all the adverts were massive throbbing cocks and hardcore porn lining the edges of the page, just so she could torrent the latest hidden object game. She became addicted to those games and it wasn't enough for me to give her credits to buy a few more of them, and because I was her son I was the tech support who had to help her unfuck her laptop after it got loaded up with another round of viruses.

The internet has maliciously complied with most if not all regulation applied to it which is where the new mass of banners and interstitials come from but the ultimate effect is to just beat the user into submission. See the EU cookie mandate and GDPR for how badly that turned out in terms of UX (even though the accountability is well in force under the hood, so the bad UX compliance failed and those sites are just screwing themselves).

In this way, Google was initially a hero but is now just another American Big Tech entity that is too big to fail and can do whatever it wants along with Meta and Amazon, and in fact now TikTok's US entity.

That all random game and messaging sites now wants my kids' passport uploaded to some random 'id verification company' is madness.

But now instead, my 11 year old's Roblox thinks she is 18 because she wore glasses in their age verification webcam tool. And it can't be changed unless she uploads a passport, which I will never allow.

Please, gov.uk introduce a gov ID verification service? I could trust that, -ish, I have worked with public sector clients several times...

I would go into source, delete the overlay, undo the scroll lock

Most doesn't event know what cookies too. In fact, most doesn't put extra thought into the things they are clicking/accepting on web.

Does it even actually matter what you do? How many lawsuits/investigations have there been in the last decade revealing that some company or another that swore up and down was following privacy laws, protecting your data, and not selling it actually were. I'm at the point where I figure anyone who wants to track me is, and any privacy pop-ups or the like are just for show.

I prefer to have a rule in ublock that blocks all cookies notices

Are those young people really doing the wrong thing by accepting? They are getting on and solving their problem, they have probably never had any personal harm done by "some weird dark-pattern cookie trickery".

It's almost like forcing (almost) every website to add these cookie banners has desensitised people to what they're actually saying.

People are getting brainwashed into giving away information on the web and real life.

In the US it's not rare to link accounts through phone numbers that are required in web forms and store memberships.

In Chile they started asking for your National Id with so many stupid pretexts that people got conditioned into just giving it away. It wasn't like this 10yrs ago. I'd rather have membership numbers.

It's technically public information, so collecting Ids is legal, but it's also a universal primary key within the country that allows merging any user-related table you run into.

Retail says it's just to associate it with receipts in case you need that later, but I'd rather just get a photo of the printed receipt for later than rely on them to find my receipt. Supermarkets, Drug stores, and petrol stations tie it to (possible) discounts or points at check-out, which is price discrimination and it's illegal, but we are in our way to get surge pricing as soon as the new US bootlicker president begins his period next week.

I'm pretty old and was the same as you for about five years, but now I just tick anything, much like the young adults. If they want my info, they can have it. I've not heard a convincing explanation why I, personally, should care

I'm sure many law professionals felt the same way when we started getting bombarded with EULAs.

It's been done for about a generation or two, and that's what people don't seem to realize.

In the early aughts I was sitting in on privacy discussions that reluctantly acknowledged that regardless of what we do online, surveys showed you could offer someone at the mall a free Snickers and they'd fill out the whole form.

The perceived cost to the individual of divulging their personal data is near zero; dangling nearly any incentive in front of them will induce them to let it go. And that's not a new phenomenon.

The fact that you think declining the cookies gets you privacy is the real grift. The fact that you think you're safe from tracking because of a cookie banner

Bingo

It's not just young people. I think the above represents 98% of the people out there.

We've collectively long ago crossed over from privacy to convenience, and there's no going back. You and some of us here on HN (myself included) are the outliers.

Breaches will inevitably happen. And each time one does, it'll erode people's trust in this new world of zero-anonymity-allowed. Give it time.

Have you noticed half the internet doesn’t work if you use a vpn? Even a good vpn? Even HN wont let you create an account with a vpn. The friction applied to preventing people from deploying privacy tactics is intense. I’m not sure how we can practically resist the privacy enshittification without abandoning the internet and its convenience entirely. I’m ready to go back to paper statements and visiting my bank and writing paper checks, but I don’t think GenZ is.

I have no problems accepting the cookies - my browser cleans them every start.

Surely I don't use the web based services which require a login everyday in my main main browser.

But e-mail address is a hard pass, mostly on the amount of work than the anything else.

"they"... sadly indeed the damage is done, but not by "them".

I've been saying this for years. GDPR and Cookie Law were created for big corporations to legitimise data trade where before it was grey area. Now they get consent as people blindly click accept and they can make money. It was never about privacy.

Again the HN bubble, I assure that the vast majority of adults of any age are not privacy conscious.

You're still relying on sites fulfilling what they promise in a world where facebook has been blatantly violating gdpr from day one and enforcement just isn't happening

Set your browser to block 3rd party cookies, add privacy badger and ublock origin. It will have more effect than clicking "reject"

I click "don't send me mail" every time I buy something. Every place I buy from still sends me spam at some point. There are no negative repercussions for them beyond whatever infinitessimal thing me clicking the "report as spam" button does

You know you can clear your cookies right?

i've caught a lot of heat in the UK where i live for my position on GDPR, which is that i completely reject it, because people seem to believe it's there to protect any rights

if there's anything remotely good with GDPR is the requirement to companies to disclose known data breaches

all the rest of it is a terrible idea and only serves to nag people and legitimise the darkest of patterns

the regulation should be there to disallow companies from asking certain information, everything else regarding tracking is self-defeating as it's 1) seldom enforceable 2) hardly binding in any meaningful way 3) pushing people to concentrate their services where they have already surrendered their data 4) legitimising of dark patterns

this new and blatant step towards digital id is a hill i intend to die on, I will not comply and I will do everything in my power so that others don't have to and are even punished for doing so

The cookie dialog was a mistake -- this is something that should've been handled as a browser API. A standard dialog of "do you consent to cookies yes/no/functional-only" should be part of the HTTP headers.

Same thing with age verification. My kids all have devices that are managed through parental systems like Google Family Link and Microsoft Family Safety. It would be straightforward to have a header for "user is an adult" or not, and to have a standard API for "this site is requesting metadata that you haven't said to automatically make available without permission. Do you want to send it? Y/N [ ]checkbox use this for all sites.

The only time we should even be talking about full identity verification is on user-submitted content, and even then that should be up to the site (with the commensurate legal liability of hosting anonymous slop).