> we want to load JS from a CDN like literally everyone does
Well, carry on and load it, it's your server.
Oh, wait, you mean you want ME to load it, into MY browser? That's a problem - my browser only loads JS from the origin server, and only if I give it explicit permission.
As a developer, I deplore the use of CDNs to serve javascript libraries; you don't know what the CDN is going to serve to your users, it could change without warning and break your site.
You’re just illustrating why this isn’t an issue requiring legislation - anyone can block requests to whatever origin they like. No need for heavy handed gov’t getting involved in technical matters.
So maybe the legislation should be that you have to pass a "internet operator" test to get a license that ensures you have the awareness and the skill. Because even if the current law protects you from GA, there are tons of other companies doing the same things and have no intention of stopping.
Better to protect the people from all the bad companies, not just the ones who do business in the EU, right?
Sounds like protecting the people by leaving it to them, and (somehow) restricting their internet access if they haven't passed a course in internet jiu-jitsu.
And no: the GDPR isn't just about GA, and it isn't just about the internet; it's about any personal information.
Ad-blockers and JS-blockers are essentially technical solutions; but you have to know to install them. If they were integrated into browsers (and defaulted to "on"), that would make privacy less of a technical matter.
Maybe because the two crimes here are (1) breaking and entering (you have to actually break something) and (2) theft. If the window isn't locked, then you don't have to break in; you can just open the window.
It's not against the law to just walk in; or rather, it's the civil offence of trespass - you can sue the trespasser for damages, e.g. causing wear on your expensive carpet (but you'd have to produce evidence of monetary damages). And you can physically remove them, perhaps with the help of a bailiff. But the police won't help with common trespass - it's not a crime.
[Edit] At least, that's how I understand the law here. IANAL.
> The internet is just not designed for privacy at a technical level.
The Internet is A-Ok.
The issue lies with various slimy companies that exploit web developers ignorance, laziness and negligence with free and easy shortcuts in exchange for the private data of said developers' clients.
No one's forcing you to use CDNs in place of a properly setup caching. No one's stuffing Google Fonts down your designer's throat, they are just lazy to add local resources. An analytics service is not required and there are simple self-hosted options. And so on and so forth.
And the most infuriating part is that these companies, Google being the offender, know perfectly well that they are exploiting the ignorance and they are willingly facilitating and encouraging the spread of practices that would've been viewed as wildly unethical not 10-15 years ago.
Just look at the level of general erosion of privacy and nearly universal lack of concern for it in general population. If you reflect on it for a moment, it is plain fucking scary.
So do you want “we want to load JS from a CDN like literally everyone does, is that okay” popups on every website?