Pluralistic: 28 Jun 2022

Today's links

A GDPR consent dialog with a rubber stamp in the center depicting a snarling man flipping the bird.

Decrapify cookie consent dialogs with the Consent-O-Matic (permalink)

Remember when they sneered at Geocities pages for being unusable eyesores? It's true, those old sites had some, uh, idiosyncratic design choices, but at least they reflected a real person's exuberant ideas about what looked and worked well. Today's web is an unusable eyesore by design.

Start with those fucking "sign up for our newsletter" interruptors. Email is the last federated protocol standing, so everyone who publishes is desperate to get you to sign up to their newsletter, which nominally bypasses Big Tech's chokepoint on communications between creators and audiences. Worst part: they're wrong, email's also been captured:

Then there's the designer's bizarre and sadistic conceit that "black type on a white background" is ugly and "causes eye-strain." This has led to an epidemic of illegible grey-on-white type that I literally can't read, thanks to a (very common) low-contrast vision disability:

Often grey-on-white type sins are compounded with minuscule font sizing. You can correct this by increasing the font size from teeny-weeny-eyestrain-o-rama to something reasonable, but when you do, all the static elements on the page size up with the text, so the useless header and footer bars filled with social media buttons and vanity branding expand to fill the whole screen.

This, in turn, is made a billion times worse by the absurd decision to hide scrollbars (shades of Douglas Adams' description of airports where they "expose the plumbing on the grounds that it is functional, and conceal the location of the departure gates, presumably on the grounds that they are not").

Scrolling a window (without using RSI-inflaming trackpad gestures) is now the world's shittiest, most widely played video-game, a hand-eye coordination challenge requiring sub-pixel accuracy and split-second timing to catch the scroll-bar handle in the brief, flashing instant where blips into existence:

One of the scariest things about the precarity of Firefox is the prospect of losing some of the customizations and stock features I rely on to decrapify the web – stuff I use so often that I sometimes forget that it's not how everyone uses the web:

Two side-by-side screenshots comparing the default layout of a article ('The intoxicating pleasure of conspiratorial thinking' by Virginia Heffernan) with the same article in Firefox's Reader Mode.

For example, there's Firefox's Reader Mode: a hotkey that strips out all the layout and renders the text of an article as a narrow, readable column in whatever your default font is. I reach for ctrl-alt-r so instinctively that often the publisher's default layout doesn't register for me.

Reader Mode (usually) bypasses interruptors and static elements, but Firefox isn't capable of deploying Reader Mode on every site. The Activate Reader View plugin can sometimes fix this:

But when it can't there's my favorite, indispensable Javascript bookmarklet: Kill Sticky, which hunts through the DOM of the page you've got loaded and nukes any element that is tagged as "sticky" – which generally banishes any permanent top/bottom/side-bars with a single click:

A recent addition to my arsenal is Cookie Remover. Click it once and it deletes all cookies associated with the page you've currently loaded. This resets the counter on every soft paywall, including the ones that block you from using Private Browsing. Click this once, then reload, and you're back in business:

Today, I added another plug-in to my decrapification rotation: Consent-O-Matic, created by researchers at Denmark's Aarhus University. Consent-O-Matic identifies about 50 of the most commonly deployed GDPR tracking opt-out dialog boxes and automatically opts you out of all tracking, invisibly and instantaneously:

We shouldn't need Consent-O-Matic, but we do. The point of the GDPR was to make tracking users painful for internet companies, by forcing them to break down all the different data they wanted to gather and the uses they wanted to put it to into a series of simple, yes/no consent requests. The idea was to create boardroom discussions where one person said, "OK, let's collect this invasive piece of data" and someone else could say, "Fine, but that will require us to display eight additional dialog boxes so we'll lose 95% of users if we do."

What's more, the GDPR said that if you just bypassed all those dialog boxes (say, by flipping to Reader Mode), the publisher had to assume you didn't want to be tracked.

But that's not how it's worked. A series of structural weaknesses in European federalism and the text of the GDPR itself have served to encrapify the web to a previously unheard-of degree, subjecting users to endless cookie consent forms that are designed to trick you into opting into surveillance.

Part of this is an enforcement problem. The EU Commission we have today isn't the Commission that created the GDPR, and there's a pervasive belief that the current Commission decided that enforcing their predecessors' policies wasn't a priority. This issue is very hot today, as the Commission considers landmark rules like the Digital Services Act (DSA) and the Digital Markets Act (DMA), whose enforcement will be at the whim of their successors.

The failures of EU-wide enforcement is compounded by the very nature of European federalism, which gives member states broad latitude to interpret and enforce EU regulations. This is most obviously manifested in EU member states' tax policies, with rogue nations like Luxembourg, Malta, the Netherlands and Ireland vying for supreme onshore-offshore tax haven status.

Not surprisingly, countries whose tax-codes have been hijacked by multinational corporations and their enablers in government are likewise subject to having their other regulations captured by the companies that fly their flags of convenience.

America's biggest Big Tech giants all pretend to be headquartered in Ireland (which, in turn, allows them to pretend that their profits are hovering in a state of untaxable grace far above the Irish Sea). These same companies ensured that Ireland's Data Protection Commissioner's Office is starved of cash and resources. Big Tech argues that their Irish domicile means that anyone who wants to complain about their frequent and enthusiastic practice of wiping their asses with the text of the GDPR has to take it up with the starveling regulators of Ireland.

That may change. Max Schrems – whose advocacy gave rise to the GDPR in the first place – has dragged the tech giants in front of German regulators, who are decidedly more energetic than their Irish counterparts:

The new EU tech competition laws – the DMA and DSA – aim to fix this, shoring up enforcement in a way that should end these "consent" popups. They also seek to plug the GDPR's "legitimate purpose" loophole, which lets tech companies spy on you and sell your data without your consent, provided they claim that this is for a "legitimate purpose."

But in the meantime, GDPR consent dialogs remain a hot mess, which is where Consent-O-Matic comes in. Consent-O-Matic automates away the tedious work of locating all the different switches you have to click before you truly opt out of consent-based tracking. This practice of requiring you to seek out multiple UI elements is often termed a "Dark Pattern":

But while "Dark Pattern" has some utility as a term-of-art, I think that it's best reserved for truly sneaky tactics. Most of what we call "Dark Patterns" fits comfortably in under the term "fraud." For example, if "Opt Out of All" doesn't opt out of all, unless you find and toggle another "I Really Mean It" box, that's not a fiendish trick, it's just a scam.

Whether you call this "fraud" or a "Dark Pattern," Consent-O-Matic has historic precedent that suggests that it could really make a difference. I'm thinking here of the original browser wars, where Netscape and Internet Explorer (and others like Opera) fought for dominance on the early web.

That early web had its own crapification: the ubiquitous pop-up ad. Merely opening a page could spawn dozens of pop-ups, some of them invisible 1px-by-1px dots, others that would run away from your cursor across the screen if you tried to close them, and they'd all be tracking you and auto-playing 8-bit music.

The pop-up ad was killed by the pop-up blocker. When browsers like Mozilla and Opera started blocking pop-ups by default, users switched to them in droves. That meant that an ever-smaller proportion of web users could even see a pop-up, which meant that advertisers stopped demanding pop-ups. Publishers – who knew their readers hated pop-ups but were beholden to advertisers to keep the lights on – were finally able to convince advertisers that pop-ups were a bad idea. Why pay for ads that no one will see?

Pop-up blockers are an early example of Adversarial Interoperability, AKA Competitive Compatibility (comcom for short). That's the practice of improving an existing product or service by making an add-on or plug in that changes how it behaves to make it more responsive to its users' interests, without permission from the original manufacturer:

It's been more than 20 years since the Platform for Privacy Preferences (P3P) tried to get tech companies to voluntarily recognize and honor their users' privacy choices. It failed:

Do Not Track, another attempt to do the same, did not fare much better:

But you know what actually worked? Tracker-blockers and ad-blockers, "the largest consumer boycott in history":

Making it impossible to track users is of great assistance to efforts to make it illegal to track users. Tools like Consent-O-Matic change the "security economics" of crapification, by turning the consent theater of illegal cookie popups into actual, GDPR-enforceable demands by users not to be tracked:

Decrapifying the web is a long, slow process. It's not just using interoperability to restore pluralism to the web, ending the era of "five giant websites, each filled with screenshots of text from the other four":

It's also using a mix of technology and regulation to fight back against deliberate crapification. Between Consent-O-Matic, Reader Mode, Kill Sticky and Cookie Remover, it's possible to decrapify much of your daily browsing and substantially improve your life.

Hey look at this (permalink)

This day in history (permalink)

#20yrsago Warchalking in government*/

#20yrsago Bruce Sterling on Ubiquitous Computing and the canard of stalled innovation

#20yrsago 802.11a card for the price of dinner for two

#15yrsago Real-money game-traders interviewed

#10yrsago Eulogy for Erik “Possum Man” Stewart

#10yrsago Snow White rides, secret pockets of theme-park horror

#10yrsago Chinese corruption and looting on a vast scale: industry, government, and military

#5yrsago UK government won’t promise help to remove highly flammable high-rise cladding

#5yrsago David Cameron and Prince William condemned in leaked FIFA bribery and corruption report

#5yrsago Ransomware crook’s email provider shuts down account, so now no one can pay their ransom

#5yrsago Industrial robotics security is really, really terrible

#5yrsago Travel tip: don’t throw coins into your plane’s engine “for blessings”

#5yrsago Texas Congresscritter wants to gag small investors who object to large CEO paychecks

#5yrsago Researchers demonstrate attack for pwning entire wind-farms

#5yrsago EFF will defend McMansion Hell from Zillow’s copyfraudulent bullying

#1yrago Lazy Congress only schedules 9 days' work this summer

#1yrago Podcasting "Qualia": My column on quant-bias, antitrust, drug policy and epidemiology

Colophon (permalink)

Today's top sources: Red Ferret (

Currently writing:

  • Some Men Rob You With a Fountain Pen, a Martin Hench noir thriller novel about the prison-tech industry. Yesterday's progress: 532 words (20180 words total)

  • The Internet Con: How to Seize the Means of Computation, a nonfiction book about interoperability for Verso. Yesterday's progress: 500 words (16667 words total)

  • Picks and Shovels, a Martin Hench noir thriller about the heroic era of the PC. (92849 words total) – ON PAUSE

  • A Little Brother short story about DIY insulin PLANNING

  • Vigilant, Little Brother short story about remote invigilation. FIRST DRAFT COMPLETE, WAITING FOR EXPERT REVIEW

  • Moral Hazard, a short story for MIT Tech Review's 12 Tomorrows. FIRST DRAFT COMPLETE, ACCEPTED FOR PUBLICATION

  • Spill, a Little Brother short story about pipeline protests. FINAL DRAFT COMPLETE

  • A post-GND utopian novel, "The Lost Cause." FINISHED

  • A cyberpunk noir thriller novel, "Red Team Blues." FINISHED

Currently reading: Analogia by George Dyson.

Latest podcast: Reasonable Agreement: On the Crapification of Literary Contracts

Upcoming appearances:

Recent appearances:

Latest book:

Upcoming books:

  • Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin, nonfiction/business/politics, Beacon Press, September 2022

This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Medium (no ads, paywalled):

(Latest Medium column: "A Win For Harley Riders"
Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla