>Those annoying cookie-consent banners that have flooded the internet over the past several years are supposed to give users the option to block most tracking cookies from advertisers. However, a recent California audit claims that the largest ad tech companies usually send cookies anyway, having decided that simply paying potential billions in fines is more profitable.
>The now-ubiquitous cookie banners emerged in response to European privacy laws requiring explicit consent before deploying advertising and tracking cookies.
>Still, webXray’s March 2026 audit found nearly 200 ad services ignoring opt-out signals from California users, sidestepping rules modeled on Europe’s framework.
>Across the sample, 55% of sites set cookies even after users declined them, and 78% of consent banners do nothing to enforce the user’s choice. webXray estimates ad tech companies could pay some $5.8 billion in fines instead of complying. On sites using Google or Microsoft ad networks, the systems frequently issue commands to drop cookies even after receiving explicit rejection signals.
>The audit traces this behavior directly in open network traffic, suggesting little effort to conceal it. Microsoft’s network reportedly ignores about half of opt-out signals and still tracks users on 35% of client sites, resulting in an estimated $390 million in fines. Google’s figures are higher, with 86% of opt-out requests ignored and tracking active on 77% of sites, for an estimated $2.31 billion in penalties.
>Meta’s implementation stands out for a different reason: its tracking code does not appear to check for opt-out signals at all. Among sites that do detect those signals, 69% still ignore them, with 21% actively tracking users. webXray estimates Meta may have paid as much as $9.3 billion in fines to date.
>webXray founder and CEO Timothy Libert, who previously worked as a privacy engineer at Google, told 404 Media that during his time there, leadership often failed to distinguish between taxes and fines.
AnxiousAngularAwesom on
If fines are not working to discourage unwanted behavior, keep increasing the fines until they do. Sounds like a simple solution to me.
EnigmaticGolem on
It’s one thing to not have the option, but misleading banners should give even bigger fines by default. And the fines should increase DRASTICALLY if they don’t learn from the first one.
Oceloterasu on
Why isn’t there a browser with false/alternate empty historic/cookies to comply with these shitty websites?
EU-National on
… Did people really think companies wouldn’t track us regardless?
Novakine on
3rd offense forced liquidation of said company and all board/executive members charged with invading privacy of affected users. If that is not a law in Cali, it should be, and everywhere else.
No remorse for entities existing with the sole purpose of making money.
nicht_ernsthaft on
Can anyone recommend a good browser plugin that will just send non-essential cookies directly into the void? Like, if I visit a news website for example, there is not a single cookie (or localStorage key, or similar) I actually need or want in order to read the article. I’m not logging in and do not need any persistent state.
There are only a handful of websites where I need a session cookie, and none of the others. I shouldn’t have to click dozens times to turn them off individually only for them to be set anyway because of “legitimate interest” in spying on me or some BS. I’d rather click “Accept all” to drop the whole lot in the shredder.
Sett_86 on
Use Vivaldi or Brave with uBlock
IntelArtiGen on
Many cookies are required for technical reasons, even remembering that you clicked “I don’t want cookies” ideally needs to be stored in a cookie, otherwise it would constantly be asking it. I think the right question is more “do they still use tracking / marketing cookies”.
Also cookies are just one way to track people or to store information on a device.
jofra6 on
The obvious solution is to avoid Microsoft and Google for browsers. I use duckduckgo and I haven’t even seen ads for the longest time, it even blocks YouTube ads (unless you bypass ddg’s built in player, which is necessary to change the speed of videos).
It’s only by refusing, as much as is reasonable, to use their products that they’ll start to get the message; I have relatively limited confidence that countries will actually limit massive companies like these, as countries get useful information from them.
FuriousGirafFabber on
Either disallow cookie data harvest or make opt in via menu the option. The cookie banner is retarded.Â
ZeraDoesStuff on
I would do the whole “big shock” routine but that just sounds like news from the “water is wet” category so not even mild shock
b3nsn0w on
new revenue stream for europe just dropped. that is, if our politicians had balls
d1722825 on
> Clicking “reject cookies” might not actually do anything
Well, as tracking is opt-in, “reject cookies” shouldn’t do anything… right? ^(/s)
14 commenti
>Those annoying cookie-consent banners that have flooded the internet over the past several years are supposed to give users the option to block most tracking cookies from advertisers. However, a recent California audit claims that the largest ad tech companies usually send cookies anyway, having decided that simply paying potential billions in fines is more profitable.
>The now-ubiquitous cookie banners emerged in response to European privacy laws requiring explicit consent before deploying advertising and tracking cookies.
>Still, webXray’s March 2026 audit found nearly 200 ad services ignoring opt-out signals from California users, sidestepping rules modeled on Europe’s framework.
>Across the sample, 55% of sites set cookies even after users declined them, and 78% of consent banners do nothing to enforce the user’s choice. webXray estimates ad tech companies could pay some $5.8 billion in fines instead of complying. On sites using Google or Microsoft ad networks, the systems frequently issue commands to drop cookies even after receiving explicit rejection signals.
>The audit traces this behavior directly in open network traffic, suggesting little effort to conceal it. Microsoft’s network reportedly ignores about half of opt-out signals and still tracks users on 35% of client sites, resulting in an estimated $390 million in fines. Google’s figures are higher, with 86% of opt-out requests ignored and tracking active on 77% of sites, for an estimated $2.31 billion in penalties.
>Meta’s implementation stands out for a different reason: its tracking code does not appear to check for opt-out signals at all. Among sites that do detect those signals, 69% still ignore them, with 21% actively tracking users. webXray estimates Meta may have paid as much as $9.3 billion in fines to date.
>webXray founder and CEO Timothy Libert, who previously worked as a privacy engineer at Google, told 404 Media that during his time there, leadership often failed to distinguish between taxes and fines.
If fines are not working to discourage unwanted behavior, keep increasing the fines until they do. Sounds like a simple solution to me.
It’s one thing to not have the option, but misleading banners should give even bigger fines by default. And the fines should increase DRASTICALLY if they don’t learn from the first one.
Why isn’t there a browser with false/alternate empty historic/cookies to comply with these shitty websites?
… Did people really think companies wouldn’t track us regardless?
3rd offense forced liquidation of said company and all board/executive members charged with invading privacy of affected users. If that is not a law in Cali, it should be, and everywhere else.
No remorse for entities existing with the sole purpose of making money.
Can anyone recommend a good browser plugin that will just send non-essential cookies directly into the void? Like, if I visit a news website for example, there is not a single cookie (or localStorage key, or similar) I actually need or want in order to read the article. I’m not logging in and do not need any persistent state.
There are only a handful of websites where I need a session cookie, and none of the others. I shouldn’t have to click dozens times to turn them off individually only for them to be set anyway because of “legitimate interest” in spying on me or some BS. I’d rather click “Accept all” to drop the whole lot in the shredder.
Use Vivaldi or Brave with uBlock
Many cookies are required for technical reasons, even remembering that you clicked “I don’t want cookies” ideally needs to be stored in a cookie, otherwise it would constantly be asking it. I think the right question is more “do they still use tracking / marketing cookies”.
Also cookies are just one way to track people or to store information on a device.
The obvious solution is to avoid Microsoft and Google for browsers. I use duckduckgo and I haven’t even seen ads for the longest time, it even blocks YouTube ads (unless you bypass ddg’s built in player, which is necessary to change the speed of videos).
It’s only by refusing, as much as is reasonable, to use their products that they’ll start to get the message; I have relatively limited confidence that countries will actually limit massive companies like these, as countries get useful information from them.
Either disallow cookie data harvest or make opt in via menu the option. The cookie banner is retarded.Â
I would do the whole “big shock” routine but that just sounds like news from the “water is wet” category so not even mild shock
new revenue stream for europe just dropped. that is, if our politicians had balls
> Clicking “reject cookies” might not actually do anything
Well, as tracking is opt-in, “reject cookies” shouldn’t do anything… right? ^(/s)