Accept cookies or pay? No thanks
One of my biggest pet peeves when visiting most commercial websites these days is the inevitable data privacy modal dialogue box that pops up on the screen. The second you land on the site, you'll be faced with a pop-up asking whether you would like to accept cookies and share your data with 15,324 partners. Why yes, that sounds lovely.
The best popups have a "Refuse all" button somewhere on the modal - ideally a prominent button, but sometimes a tiny text link hidden at the top of the page. It's not the end of the world, you just click on the button and the modal closes. Worse are the pop-ups that make you wait while they "apply your preferences" (almost certainly complete nonsense in my professional opinion as a software engineer). Worse still are the ones which make you go through individually and manually opt out one company at a time. But wait... can we make it even shittier?
Of course we can. They say capitalism breeds innovation, and data privacy pop-ups are no exception. In order to comply with the GDPR, which is the legislation in the EU and the UK which gives people specific rights related to the processing of their data, companies must allow customers to opt out of cookies and tracking1. But shareholders demand more money than ever before, and there's a whole untapped revenue stream right there for the taking. The tiny fraction of users who don't take the path of least resistance by clicking "Accept all" present a prime opportunity.
Now some publishers have introduced a new style of data privacy pop-up: one which asks users to accept cookies or pay. Yes, pay - with real money. It's typically a subscription of £3.99 a month or so, which you might think is a fair price for quality journalism, but in my experience this type of pop-up tends to be found on websites where the quality of the journalism is less than optimal. Even some higher quality publications are starting to adopt it, but perhaps you don't want to support them financially, perhaps money is a bit tight right now, or maybe you're not a regular reader and just need to view a quick article as a one-off.
The solution
What if I told you you don't have to make the awkward choice between being tracked or opening your wallet?
I stumbled upon the solution accidentally when I installed NoScript Security Suite, which is a web browser extension available for Firefox and Chrome. It allows you to block JavaScript2, as well as things like embedded media, fonts, CSS3, and so on. It gives you fine grained control over which domains4 to accept JavaScript from and which to block. Modern websites typically load resources not just from their own domain, but from third parties too. Some of these domains will host stuff like images and fonts (which can be served more efficiently by being hosted on a different domain) while others will contain tracking scripts and other undesirable code.
Out of the box, the extension applies the strictest settings, and denies all JavaScript by default. I would argue that's probably too strict for most, while allowing all JavaScript by default is a little too permissive for my liking. I chose the happy middle ground, which is to enable JavaScript on the main domain, and then disable it by default for all third party domains. That way, I only have to fiddle with it when sites are broken, and I can enable only the things I actually need, without the extra tracking and nonsense. That's still a lot of hassle, but for now the extra effort seems worth it.
By automatically distrusting all third party domains, it turns out that it's possible to skip certain paywalls entirely!
I think this is because certain bots, like web crawlers, need to be able to read the main article content in order to list and rank websites correctly in their search engines. My suspicion is that there needs to be a way for bots to bypass the paywall in order to parse the content of the website correctly. But I may be completely wrong.
In any case, I've been browsing the websites of national and local newspapers unimpeded, when previously I was prevented from doing so entirely. I just have to ensure I trust certain third party domains that host things like images and fonts, otherwise most websites break or become a right pain to use.
Of course, this extension should be used responsibly. For example, here in the UK, there's a company which has a near monopoly on all of the local news websites. The quality of their so-called "journalism" is absolutely abysmal, but it's still one of the only ways of finding out what's going on in the local area. I personally think it's acceptable to bypass the paywall for a company which I would not want to support financially, but of course, if nobody pays, then the company might disappear, taking all local news with it. On the other hand, I'm not convinced this style of pop-up is even legal, and these companies are probably relying on the assumption that nobody in their right mind is going to take them to court - and if they do, they have the resources to prolong the case until the other party runs out of money.
But there you have it, use NoScript if you want to bypass those infuriating data privacy pop-ups. It's free and you can even install it on Firefox on Android. (Not sponsored, by the way).
Except where they have a "legitimate interest" to collect your data, which includes collecting it for marketing and advertising purposes.↩
JavaScript is code which runs in your browser and typically makes websites more interactive and dynamic than is possible without it.↩
Cascading StyleSheets (CSS) are text files that contain a set of rules which define how a web page should look.↩
A domain name is just a human-readable web address, such as bearblog.dev. When you type it into your web browser's address bar, it typically takes you to the homepage of that website (assuming there is a website hosted on that domain).↩