![[Opinion] If your site uses an external domain for determining if a user consents to tracking or not, you are still providing a vector for tracking, whether you and your user choose to allow it or not](https://lemmy.world/pictrs/image/d6f7fc3a-b4b8-42b6-9666-78279711c30b.png){kind=link}
Something I noticed on a few websites, including stackoverflow, is that they leave tracking settings up to a different website, which still lets that external party know what websites a user has been seeing, and this can be maliciously abused.
I realize this might have been mentioned before, but I didn’t see any similar posts in a quick search.
That makes sense. Now it seems like a dilemma though. I assume that authority looking over this aspect of privacy would monitor the cookie sites to ensure no data is being retained when a user selects no, but that still leaves an opening for hackers. Well, I guess empty cookies would only mention the device ID and website ID and date accessed, nothing more.
I do not know whether the authorities keep an eye on these sites. But I wouldn’t count on it.
IMO the law to have these cookie notifications was made by people who wanted to do something about privacy. But did not understand the tech, they where writing a law for. There is localstorage which basically works like a cookie or much more advanced ways like scripts, which may track ppl. And there exists no law (that i am aware of) to make users aware of these things…