GitHub recently announced having removed all banners from GitHub. GitHub additionally commits to only use in the future cookies that are essential to serving GitHub.com.
Nat Friedman, CEO of GitHub, explained the rationale behind the move:
No one likes cookie banners. But cookie banners are everywhere. […] At GitHub, we want to protect developer privacy, and we find cookie banners quite irritating, so we decided to look for a solution. After a brief search, we found one: just don’t use any non-essential cookies. Pretty simple, really.
GitHub thus removes all non-essential cookies from the GitHub website. Friedman hinted that GitHub already did not use cookies for advertising and tracking purposes. It now no longer uses cookies to send information to third-party services, including analytics services.
Web sites have started to implement cookie banners in response to the introduction in 2018 of the EU cookie consent policy that is part of the General Data Protection Regulation (GDPR). Web users have complained that the banners provide a poor user experience when browsing the web, especially on mobiles.
The Dark Patterns after the GDPR: Scraping Consent Pop-ups and Demonstrating their Influence study scraped the top 10,000 websites in the UK and found that dark patterns and implied consent are ubiquitous: only 12% met the minimal requirements set by the European law. The European Data Protection Board adopted this year new consent guidelines that ban some of the worst practices encountered. The guidelines explicitly mention cookie walls:
- Example 6a: A website provider puts into place a script that will block content from being visible except for a request to accept cookies and the information about which cookies are being set and for what purposes data will be processed. There is no possibility to access the content without clicking on the “Accept cookies” button. Since the data subject is not presented with a genuine choice, its consent is not freely given.
- This does not constitute valid consent, as the provision of the service relies on the data subject clicking the “Accept cookies” button. It is not presented with a genuine choice.
GitHub thus sets a rare example of avoiding entirely asking for consent by removing the need for it. Privacy and tracking protection efforts are on the rise. Firefox and Safari are already blocking third-party cookies by default. Chrome is expected to do the same in 2022 in a bid to let the advertising ecosystem adapt to the change. Apple plans to update its iOS 14 software in 2021 so that app developers must explicitly ask users for tracking permission — a move that has been virulently opposed by Facebook, whose business model relies largely on personalized ads.
GitHub’s annual State of the Octoverse Report reported that over 56 million developers are using GitHub, with 60 million new repositories and 1.9 billion contributions added in the last 12 months.