[TeMPOraL]

A popup (probably what used to be cookie warning) on Medium says:

> Medium uses browser cookies to give you the best possible experience. To make Medium work, we log user data and share it with processors. To use Medium, you must agree to our Privacy Policy.

I must agree to logging user data and sharing it with processors?

EDIT: come to think of it, it might be a new, GDPR-specific, dark pattern. I can use the site without clicking "I agree", and the existence of that button sort of implies the consent is not assumed. The wording of the message ("you must agree") is just trying to bait consent.

EDIT2: I just read[0] that biggest sites in my country are treating closing the GDPR popup as giving consent to everything. This definitely does not sound as explicit, informed consent. I sincerely hope it'll land them in a world of hurt.

--

[0] - (PL link) https://zaufanatrzeciastrona.pl/post/klikasz-x-w-komunikacie...

[krageon]

The most hilarious part of that is that you really don't need to. I've added a blacklist for everything (first party JS, styling, images) on medium.com and everything continues to work just fine. I don't remember specifically why I did that, but it's probably a dark pattern (such as a modal that pops up after one paragraph of reading) that annoyed me in the past.

[pferde]

Hm, they must have changed how the site works. A while ago, I decided to simply skip any medium.com link posted to HN, because a) it was a crap experience reading on mobile, b) it was a crap experience reading with javascript disabled and c) with javascript enabled, the site was too annoying

[krageon]

When I say "it works fine" I mean "the text is on the page and in a reasonable font". There is a huge amount of wasted space in terms of crap content (banners, etc - all mangled because there is no JS) there, which would be annoying on mobile. This experience (in my mind) competes with websites that will not show the content at all without JS, which is not a high bar.

[jannes]

Some complaints have been filed against Google and Facebook for this practice today:

http://www.bbc.com/news/technology-44252327

[Vinnl]

"Processors" need theoretically not be advertising/tracking networks, but could also e.g. be payment processors. That is something that I could imagine classifies as necessary.

[chopin]

Consent must be given for a specific purpose. It is debatable whether a generic "we need to share your data with our processors" is sufficient. I doubt it.

[Vinnl]

Yeah, I guess if it were a payment processor or something like that, consent would not even be necessary - so if they're asking for consent, it's probably for something else, in which case the generic message might well be insufficient.

[inopinatus]

Isn't that the quid pro quo, though? I don't feel obliged to accept their shitty privacy policy, and in return they are not obliged to serve me their often equally shitty content.

[merijnv]

> I don't feel obliged to accept their shitty privacy policy, and in return they are not obliged to serve me their often equally shitty content.

Yes and no. Yes, in the sense that you can argue that. No, in the sense that the GDPR just says "no, you cannot ask people to pay with personal information". So either they must show me the article even if I opt-out of giving my information. Or they must make reading their article conditional upon something else (say, paying them). They CANNOT make it conditional upon my consent to use my personal data, because that's just coercing me into clicking "yes", which is exactly what GDPR is supposed to curb.

[TeMPOraL]

Trading nonessential data sharing for ability to use a service is forbidden under GDPR. I'd be fine with them geoblocking me, but the way it is now, this popup sounds not compliant, and also manipulative.

[sakarisson]

I don't agree. What's the next step? Will they ban me? Is it my responsibility to reach out to them and tell them I disagree? Or am I just expected to never go to Medium again?

[krageon]

To be GDPR compliant, everything needs to be opt-in (except for the stuff that is critical to functionality). If you refuse to answer their questions, they need to assume that means "no". From this you can see that it's not your responsibility to tell them anything and you can still use their website just fine.

[isostatic]

Nope, the site works fine if you disable cookies. Once Facebook and Google fail I'm sure they'll be next.

[TeMPOraL]

I didn't click "I Agree" anyway. If they processed the data, I guess they're in violation now.

That said, it's not the first time I've seen something like that this week. I wonder if some companies aren't simply testing if they can get away with it.

[isostatic]

Yes, they say

To make Medium work, we log user data and share it with processors. To use Medium, you must agree to our Privacy Policy, including cookie policy.

However it seems to work just fine without cookies - when I load the site in lynx, and reject all cookies, it loads just fine.