Never-Consent refuses GDPR consent requests automatically
GDRP and cookie consent prompts are displayed on many Internet sites. Some sites check a user's location to determine whether consent prompts need to be displayed, others display these prompts to anyone entering the site.
What started with good intentions has quickly turned the Internet into consent-hell as users are bombarded with these prompts quite frequently.
The Firefox and Chromium add-on Never-Consent has been designed to provide an automated solution for users of the browser. It will refuse GDPR consent on any site that is loaded in the web browser provided that the site uses a consent platform that is supported. The latest version at the time of writing supports a good dozen consent platforms including Cookie Law Info, CookieConsent, Quantcast, OneTrust, ConsentManager and Didomi.
All it takes is to install the extension in a supported browser, e.g. Firefox, Google Chrome or Microsoft Edge (Chromium-based). The extension works automatically in the background to refuse any GDPR consent prompt right away that the extension recognizes. The extension itself is open source, you can check out the source on the project's GitHub site.
Additional GDPR platforms are already on the project's to-do list, and the project team is looking for a solution to deal with custom GDPR prompts that are not powered by any of the widely used platforms.
The extension comes without any options and works right after installation.
Never-Consent is a handy browser extension that complements the anti-cookie consent extensions and options nicely. Users who run into GDPR prompts frequently benefit the most from installing the extension, others may prefer to handle the prompts manually to avoid installing another extension in the web browser of choice.
Now You: How do you handle cookie or GDPR prompts when you encounter them?
Consent platforms are blocked here with ‘uBlock Origin’ as 3rd-party.
There are however a few (“few” in my experience, I don’t travel that much on the web anymore) that refuse to display their very pages without the user’s consent. I have in mind sites such as Yahoo! which will redirect any attempt to access them with an unavoidable redirection to guce.advertising.com where the user will have to consent in order to access, say, Yahoo! News.
Things are clear in my mind and in my behavior : any site which requires a user consent to their cookies is not only refused but boycotted, that is added to a blacklist which will render an access to their place by a 404 page. I don’t loose my time with such sites. Yet I test once in a while such places by un-blacklisting them to see if they’ve progressed, and some do.
It’s not “Do it to them before they do it to you” but rather “Do it to them if they do it to you” : Refuse, systematically, unconditionally.
Websites have a legal obligation to ask you for your consent as per the GDPR, and while this is annoying, I’d deem that progress compared to the situation before – where they would just have opted you in without even asking you.
I’d say boycotting websites because they are asking for your consent (legal obligation) is a very extreme reaction to a non-issue, since you could just deny consent and move on (or use an extension like the one described in the article to deny automatically). Many websites also have to set cookies for things like login forms, or to remember whether you want to use light or dark mode (DuckDuckGo uses a cookie for this, for example).
Furthermore, even if cookies are being set, they don’t survive long in my own setup anyway – I am a Cookie AutoDelete user, and I know that you are one as well.
@Iron Heart, I wrote “[…]any site which requires a user consent to their cookies[…]” : require is not ask.
I know the GDPR, I know legal obligations, and their limits. A site will *ask* a user’s cookie consent but has no right to condition access to their site on the user’s consent.
Put aside the bother which I do not condemn even if I bypass it remains the legitimate irritation to have to accept in the worst scenario a tracking cookie in order to access the site, and it is that that I boycott, not sites which, for most of them, ask the user’s consent and carry on whatever the user’s input.
> A site will *ask* a userâ€™s cookie consent but has no right to condition access to their site on the userâ€™s consent.
I have already laid it out to you: There are legitimate cookies, e.g. for login forms. Let’s say you encounter a website which asks you for your consent, you decline, and you are then able to visually access the website just fine. What if that website requires a cookie to operate correctly (e.g. login form)? You won’t be able to use certain functionality, and the website is basically reduced to a still image. Good job.
> Put aside the bother which I do not condemn even if I bypass it remains the legitimate irritation to have to accept in the worst scenario a tracking cookie in order to access the site, and it is that that I boycott, not sites which, for most of them, ask the userâ€™s consent and carry on whatever the userâ€™s input.
So, what happens when you consent to it? I have my browser set to automatically block cross-site tracking cookies, it will continue to do this no matter what I decide on the website(!). This will already filter out most tracking cookies anyway. The rest, mainly first party cookies and legitimate cross-site cookies, are taken care of once I leave the website (Cookie AutoDelete). But when and if I want to browse a website, I try to let it operate correctly for as long as I actively use it – it’s not like its cookies will survive long, even if I decide to consent to them.
PS: I never had a website do a 404 for denying consent, this seems rather unorthodox, to put it mildly. I’ve already seen still images as laid out above, though.
@Iron Heart, legitimate and legal happen to serve different purposes. I’ll consider what is legal.
It is not legal, in terms of the GDPR, for a site to refuse access on the basis the user has either explicitly refused or bypassed the user consent. Now, practically speaking, if I know I’m bound to use a site’s feature requiring cookies, such as registration/login, and the site won’t accept either because the user hasn’t consented, then of course I’ll go through the user cookie consent, obviously. In my experience there is not one site on which I’ve registered an account and login to which appears to be a cookie permission maniac.
Before I forget it, please avoid wordings such as “I’ve already laid it out to you” because you are not my teacher and I’m not your pupil (reference to a famous Presidential TV debate between Giscard d’estaing and FranÃ§ois Mitterand in 1981!).
You write “So, what happens when you consent to it? [cookie]”. But I don’t undergo cookie consent otherwise than above mentioned.
Even if we manage our ways in and out there is, as far as I’m concerned, a possible irritation not to say revolt when confronted to an issue which appears illegal, even if I have the means to bypass it, especially if i don’t. As many I have anti cross-domain defenses, cookies are wiped once i leave the site anyway (unless deliberately accepted, on the site if GDPR requirement, and on Firefox with Accept exceptions), but as many even if fewer of us, I refuse to accept even what I have the means to bypass, as such I’m very little pragmatic. But principles have their importance, IMO.
I forgot to mention a crying example:
Must I ban or not Yahoo (and similar sites) which, when called by [https://news.yahoo.com/] redirect to
I’m sorry but I ban. I ban guce.* here with DNSCrypt-proxy’s blacklist, guce as a whole given guce itself is nothing but an ad company and entry cop. I repeat, this sort of mad behavior is seldom but when encountered, I ban, boycott, refuse, systematically and unconditionally. Such a domain’s policy is neither legal not legitimate not, at the end, smart.
You know me a bit by now, for me it’s “website operating correctly” > “most heavy privacy protections, principles”. Sometimes one needs to access a website, and one has to temporarily accept cookies IF the website turns into a still image otherwise. The point is to hinder theses cookies from performing their actual purpose, which is to track you across websites. If you want to go beyond that, fine, but then we enter into “I have principles, whether or not the website breaks is secondary.” territory which I do not care too much about.
But let me make this clear: IF a website really throws a 404 at you for refusing to accept cookies, then I would rather question whether or not something else is up (think: malicious activity). Personally, I have never encountered this, or virtually anything but still images (websites that are partially broken, mostly login forms) if one declines cookies.
One last word regarding principles; we are, all of us (myself included), merely privacy-aware individuals that want to improve their own privacy, preferably without breaking the web too much. If we really wanted to stick it to the advertisers / spy industry, we would be using something like AdNauseam (uBlock Origin clone that additionally generates fake clicks on all available ads, in order to confuse advertisers). But we are not, we are privacy-aware individuals, not activists. For this reason, I am trying not to overplay the “principles” card, if we were such, we would be using other tools.
@Iron Heart, you haven’t understood me correctly maybe because English not being my mother-tongue I don’t always express my thought correctly in that language.
By principle I mean that once a pragmatic approach has proven to be efficient, hence no issues on the web with a given OS and browser configuration (as you, as we all I guess we like to combine privacy+security+easy-on-the-eyes+easy-on-the-nerves) … once that is done we may very well consider the incident as closed because taken care of… and that’s where principle come in, saying that it’s not because i found a work-around that I should not express a disagreement by, say, boycotting a site for its policy EVEN if I amke, myself, my way out/in.
Freedom is not a gift, needs to be conquered. I put aside legitimate though arguable behaviors to embrace those which are illegal. I cherish others’ freedom as much as mine and consider consequently a gentleman’s agreement as the right approach. But when such an agreement is impossible then I react. For instance I remember my very bank blocking one of its pages, not for a cookie reason but because that page had been correlated to an xiti script which was blocked on my system. I emailed them the problem stating that they had all the rights to include whatever trackers they wished but not the one to condition one of their pages (bank insurance it was) to that script. They removed the script obligation a week later. We must not accept, of course what is illegal (wasn’t the case for the bank) but also what is illegitimate, I mean by that what is legally craps. They have the right to lay legal craps as i have the right to bypass it and even to boycott it.
We’ve exchanged a lot already on different issues, tweaks, settings and, believe me, I encounter no problem, i’m even inclined to prefer a much better display at the cost of a small reduction of an uncertain privacy setting. All this requires work of course. But there are sites’ behaviors I just don’t accept. people nowadays, on the wen and maybe even in everyday life, seem to increasingly accept, ads, privacy invasion. The consumer mentality has replaced the revolutionary one when both are dead-ends.
About 404 pages : I don’t encounter 404 pages unless those i’m prepared to given a blacklist of mine either because of the browser’s very limits (certificates mainly, here). If I mentioned 404 pages it is those I expressly epect given i’m the one who has set their url to end on a 0.0.0.0 period.
Principles are not incompatible with efficiency, but they may lead to unavoidable choices. I choose to never surrender.
You will find that I always prefer approaches that have a smart streak to them, for example I do not consider it possible to fully block cookies, aside from blocking known tracking cookies via a blacklist approach (which I do). Some websites require cookies not only for tracking, but also for legitimate purposes. It is impractical to block all cookies because that is bound to break stuff left and right. So what do I do? I let them set their cookies, but ensure that they are deleted upon changing the domain or closing the tab. With this strategy, I ensure the smooth operation of the website, but prevent the cookies from fulfilling their purpose, which is to follow me around the Internet. This has nothing to do with me being a consumer, this has something to do with me making websites work as intended, but making cookies meaningless at the same time, which is much more workable than what most user.js files or privacy guides recommend I should do, their approach is just not realistic.
We need smart approaches like this because we can no longer, as said, really block cookies (aside from known tracking cookies via blacklist approach) without turning insane from maintaining our whitelist. The problematic aspect of a cookie is not that it can be set, the problematic aspect is that it would normally be persistent unless we do something about that.
I think reasoning with cookie- and tracking-heavy websites especially is a waste of time, you are lucky that reasoning with a smaller player worked out for you. But in most cases, purely a waste of time.
Same story for adblockers; websites become increasingly aware of them, but disabling them is not an alternative. Tools like Nano Adblocker were the solution for me, and as for the internal adblocker of my Brave setup, websites never seem to check for Brave’s adblocker anyway, they seem to look out for extensions exclusively, since most adblockers are extensions.
Principles are all nice and dandy, but most websites wouldn’t take you seriously or outright ignore you if you complained about their trackers. We aim to improve our own privacy of course, but we are only a minor number of people, when we boycott something, it has no real world impact on anything, aside from making us feel better. If we really were principled, we would be fighting the problem at its root. There is an unspoken compromise between advertisers and the privacy-conscious: “Fine, block ads, but do not try to undermine the underlying business model.” I am somewhat trying to change things by using Brave, I believe a privacy-respecting way of presenting ads, where all the involved parties actually profit (user, content creator, ad network, browser developer) could hopefully bring about change. Another, more vicious method would be using tools like the aforementioned AdNauseam, because if we were all using this, pay-per-click would no longer be profitable, and Google’s main revenue would dry out. The currently promoted tools solely aim to restore one’s own privacy, not to vigorously attack the business model that led to those privacy threats in the first place (silent compromise, as said). Why do you think Google banned AdNauseam, while you can still download uBlock Origin just fine from the Chrome Web Store? Tools that are actually dangerous to the ad & tracking industry are being prevented from making it into the mainstream.
There is no progress. If you click “Decline All” on the first cookies page this DOES NOT reject the ‘legitimate interest’ cookies or the ‘vendor’ cookies which ALWAYS need to be done separately.
Pages which do not offer a Reject All category within the Legitimate interest and vendor tabs are seriously just moneymaking from your data even if you Declined All on the first page. I got a right mind to push for a Class Action against these abusers.
I would love to know, if someone could tell me, does this advertised Browser extension decline the LI and Vendors as well as the main cookies page??
@ Tom Hawack,
Is that why you refuse to “downgrade” to Win 10? â€œDo it to them BEFORE they do it to you?â€ Now, that’s being mean to MS and you know it! Stop being mean to MS!
And what’s this “I donâ€™t travel that much on the web anymore”? That’s all you young folks do.
And don’t tell me that you do something constructive now and then… like read a book (or take a nap) ’cause “lying” can get you into big trouble. (Don’t ask me how I know…) ;# )
@Valrobex, I’ve never made mine the idea of making to them, be it a human being or whatever entity, before they make it to you; this is the very basis of clashes and wars. But if they do it then I guess I’m not (yet) sufficiently advanced to present my other cheek once slapped. So I retort, but always proportionally (no ROI such as a punch for a bad word).
True there was a time I’d move all around the web, as a kid discovering a castle, eager to view all of its rooms. But this is anecdotal.
I think that the Web is so invasive that anything else you do besides within the limits of the Ten Commandments and that includes lying, or does it? I forgot!) is constructive :=) Most of us do, the problem remains nevertheless if we entertain less para-digital activities than we used to. For instance I don’t go out after girls as much as I used to, bars, dancing and so on, but that’s also the effect of years passing by where, once you have the feeling you’ve seen and lived it all, events need to be consistent to move you out of your rocking and/or PC chair!
Read you later, alligator :=)
>>>a blacklist which will render an access to their place by a 404 page
It looks like Tom Hawacks
404 page was found at this location.
Press any key to continue _
Without the ‘Press any key to continue’. But have to say a 404 makes an original entry :=) Porn sites should fake a 404 in order to filter a minimum of kids who’d think they’ve encountered a dead-end (even if they actually did enter it and even if kids nowadays are born digitally-smart).
Extensions like these hurt the honest companies and don’t do anything against those who illegally collect users PI. Solutions like uBlock Origin, Adguard, etc. actually block tracking scripts, not just “cosmetically” decline tracking consent.
Yes, it should be primarily about blocking relevant connections. Then, secondly, filtering out the visible annoyances that are left.
Both are easy to achive, although not with vanilla uBO. For me it takes the available uBO lists + Web Annoyances Ultralist + I don’t care about cookies list to really filter out basically everything annoying.
Aggressive blocking is the only way to dry out this business model. The web is slowly moving away from overt tracking, but the tracking is just getting more subtle. Also what matters is the result of the tracking, not the way it is done.
If the result is gaining a psychological advantage over users and manipulating them to buy something, it’s problematic.
The only acceptable content besides the actual web content is honest ad-banners that don’t move and don’t need a lot of attention.
I let uBlockâ‚€ handle these prompts (annoyance filter lists), rarely encounter them.
I just hit the X or accept the notice. Most are blocked by my tracker filter anyway. Most sites set cookies; it doesn’t bother me since they and all other browsing data are deleted at close or periodically with my Forget Button extension.
Not accepting cookies in general makes browsing a mess with broken sites, stuck pages, missing images, screwy formatting, etc.
What’s odd is some sites based in my country which is not in EU spit out the same cookie notices. Maybe because location is disabled, IDK.
These notices, to me, are annoying but not concerning.
> Not accepting cookies in general makes browsing a mess with broken sites, stuck pages, missing images, screwy formatting, etc.
*thunderous applause* Exactly. The solution is Cookie AutoDelete (or similar extensions) – let them set their cookies, but don’t let those cookies survive a domain change or you closing the related tab. Website works, but cookies don’t survive. Best solution.
@ULBoom, what do you mean by “blocking cookies”? Blocking cookies means setting a browser to block them, and this is another topic than bypassing cookie notifications. Blocking cookies browser-side (radically, all) which is not my policy, appears to those who practice it not a real problem given exceptions are made when applicable. I encountered no issue when I handled cookies that way, and I’d simply set a session cookie authorization when required. It did pose a few problems nevertheless but it’d be too long to re-write what I mentioned in previous articles’ comments.
Regarding cookie notifications and mainly due to the GDPR (“mainly” or “only?”) which is this article’s continuation, once you allow cookies (with a browser’s variants and session only is enough) then those notifications may be problematic for those who encounter them each time they’ve wiped their cookies, but remain legal. But sites which will block access unless you accept their cookies are the only real, true problem.
Blocking GDPR notices.
I’m not going to set cookie exceptions for sites. FF deletes them anyway, I’d have to put the exceptions in our system level blockers and I manage a dozen devices with five different OS’s in our home. Has to be simple with everything the same, I can’t spend much time configuring devices; just how things are these days.
Our main concern is with annoyances; being tracked, nagged, redirected, spammed, whatever. High levels of privacy are not really our goals; you can’t get that by playing with browsers anyway. The level of protection we have eliminates all ads with very few issues browsing. The kids love it and that’s big!
You are talking about first-party cookies. Third-party cookies are almost never necessary.
First parties are often needed for many sites to display at all; third parties can be for proper display. I’ve had third parties turned off and ran into a lot of issues.
Although first party only in Linux seems to work much better than in Windows.
Not saying you haven’t had different experiences; if we could block third parties with no or few issues, we would.
that doesn’t make a lot of sense to me. Are you sure you mean third-party cookies only? You can literally browse the entire web without third-party cookies, except you can’t log in on a very small number of site swhen it comes to cross-origin authentication or some sites (very rarely) requiring third-party cookies for cookie consent or something, but this necessity should be deactivated with the right filters.
Tbf, I tried a few sites I use that have a cookie-wall but all off them did force me to accept the agreement. And ofc. I did restart Ff before I I tried. So for now a no-go for me.
what i hate the most are the ones that list a billion things you need to accept or reject… except there’s no reject all. (and obviously accept is default)
you get those when you use the browser in steam… for example. whilst handy because alt-tabbing out often causes issues whilst fullscreened.. it’s a bit of a pain with the ads.
Doesn’t work on Yahoo:
There are many websites like this which completely obscure the page you’re trying to view to the point that unless you agree, you can’t see it at all. Some are more subtle where you can use Inspect to delete elements like dimming and prompts, but on websites like Yahoo, this extension is useless.
> but on websites like Yahoo, this extension is useless.
Correction: websites like Yahoo that do this to you *have made themselves useless*. The customer is *always* right.
To be fair, Yahoo and it’s related services have been fairly useless for a while, long before GDPR.
JMO, but I won’t go anywhere near Yahoo, to the point where if anything Yahoo opens, I close it immediately and do a cache/cookie clear.
Yahoo’s security may be fine today but the Marissa era was one massive data breach after another. The so called advice given in their forums is not just spam it’s mostly completely wrong!
For those who aren’t served by ‘uBlock Origin’ to bypass cookie warnings, there is this excellent add-on :
‘I don’t care about cookies’ by Kiko at [https://addons.mozilla.org/en-US/firefox/addon/i-dont-care-about-cookies/]
This extension will do what uBO can do and even more, i.e. when
[https://news.yahoo.com/] redirects to
the extension redirects the redirect to the called site, here it’d be [https://news.yahoo.com/]
You’ll see Guce’s shame page for a brief moment and be redirected to where you wanted to go. As it should be. I don’t use the extension given uBO handles the most part and others are banned. But it’s good to know that should one be yahoo addicted (which would require much more from Yahoo sites) then this extension could make life easier.
How does this differ from consent-o-matic? Which is better, if either?
Oops! you beat me to it.
I should have refreshed my tab. Good suggestion.
I believe Consent-o-matic has a more granular approach where as Never-Consent is more of a ham fisted approach that simply declines all cookie requests of such. From my understanding Consent-O-matic allows you to define what types of cookies should be declined based on knowledge gathered from such companies or cookies. It seems much more robust than Never-consent, nonetheless if you hate clicking then either of these will do fine but aren’t perfect.
It’s still all a cat and mouse game as always.
Not sure why users would be receiving the General Data Protection Regulation on a regular basis unless, of course, a VPN is used or maybe the country is changed as “home” country. Maybe in one year I’ve received the notice and used Kill Sticky to eliminate it.
Yesterday we had 106 degree weather. Baked like a potato. Swam like a turtle in the Colorado River. Today is cloudy and cool. Neat experience–so freezer is cold as cold get, but drinks in the fridge are getting warm. Okay, time to buy a new refrigerator. On sale, same day, the guys deliver. Problem: They break the window in my screen door. Hmmmm . . . we call the only glass company in town, and they not only have glass, they have a brand new screen door on super special deal because the mis-measured the size. We measure my door jamb. Perfect fit. Merchant for the refrigerator pays half the cost of the $200 sale price for the screen door.
Now this is serious because, well, we weren’t rich or anything; I have never seen or opened or walked through such a nice screen door. I went to bed smiling! Super great. Another confession: We never had a washer and dryer. A washer, but my mother always wanted a dryer. For the first time in my life, and I’m over the 50 mark, I have a washer and dryer. So blessed by these little things. Even Martin’s blog makes me happy most of the time.
Now, please understand the connection between a short life story and confession and a GDPR response. There is another article, and the commentator wanted to know if and how he could copy and paste URLs into a text file with a minimum of effort.
That led me to Martin’s and Ashwin’s articles via the funky search function.
Results: The only program I like, personal opinion, that did exactly what the person says he needs is CopyQ. It truly is a brilliantly designed program.
That also reminded me of Lazarus which was a auto text saving add-on for Firefox. Like, so, you know, if I write all of this gibberish, I better have it saved because time precious.
Found, found via different search methods: Form History Control. Sweet FF add-on when doing this type of thing. All there in a click! Now, is that a rather high cool factor? Or not. No river today.
Appreciation is a gracious King who holds the Magic Key.
Midwest has been similar; up, down, up, up, up, down, up, up. Hot, humid summer. Fungus and bugs. Rabbits everywhere, cute but napping on the porch? C’mon!
Barebacked our horse into a lake last weekend, she loved it, snort, snort, snort! Didn’t think she’d go but it was sooooo hot…too deep, I started floating away, oops! Little things really matter. Humor is important.
You understand the computer game and play it vs. sitting in the stands shaking a fist in frustration.
Would be great if there was a ublock filter subscription for all these annoying consent platforms. Don’t really like the idea of installing yet another addon…
@asd, there is this one :
Anti-Cookie Filters AT [https://fanboy.co.nz/]
“This will remove cookie and privacy warnings (List already included in Annoyances List, don’t add list if you’re using the Annoyances List)”
OR install that lsi directly in uBO :
uBO / Dashboard / Import :
[https://fanboy.co.nz/fanboy-cookiemonster.txt] (without the brackets of course)
By the way there’s a very nice site which displays all filter lists it’s aware of (I get to wonder if it’s not aware of all given so many are supplied), excellently carried out :
FilterLists at [https://filterlists.com/]
Maybe this addon (consent-o-matic) would be more suitable for some of you then.
I have no affiliation with the above addon but reading the few comments here then perhaps this is the appropriate middle ground.
Some of you guys just wear me the plum out with the back and forth, nit, nit, nit, nit.
Back and forth bickering is part and parcel here, my young padawan.
Some call that the expression of love :=)