[dsnr]

Modern UX:

“ We respect your privacy! Do you agree to the use of cookies by this website?

[x] Yes, all of them, with some extra on top.

[] I would like to manually review and uncheck 859 individual checkboxes or be directed to some other 3rd party website to manage my settings there. Also, I would like these settings to expire after 7 days.

Your personal data matters to us! (In ways you can’t imagine) “

[dessant]

That kind of consent popup is illegal in the EU, please report them to your local DPA. Rejecting data collection must be just as easy as accepting it.

Also watch out for the use of "legitimate interest". I have seen banks trying to deprive customers of their right to refuse data collection, data sharing and marketing messages, claiming legitimate interest.

https://www.theregister.com/2022/02/02/europe_iab_decision/

[dsnr]

Except they left the “legitimate interest” loophole which gets abused by every website.

[MaxBarraclough]

As I understand it, the law provides reasonable limits on what is covered by its legitimate interest provision. Violation of the law is widespread because everyone knows the enforcement is a joke.

See also a rare exception https://news.ycombinator.com/item?id=27060609

[toxik]

Funny, I’ve seen this on multiple government agency websites. This is in Sweden.

[Nextgrid]

> please report them to your local DPA

That requires an unreasonable amount of effort, and at least in the UK the DPA is completely useless, corrupt and/or incompetent.

[fsflover]

> our personal data matters to us! (In ways you can’t imagine)

No, "we value your privacy (at a very high price!)".

[pwdisswordfish9]

We value your privacy, that’s why we don’t give it to you for free

[wengo314]

i got even better one.

do you accept your cookie policy ? [ yes | no, customize ]

and after you go through all that :

big green button [ continue with recommended settings ]

smaller gray one [ save my choices ]

guess what the green one does.

[BoxOfRain]

Or the equally obnoxious 'pressing consent is instant, pressing don't consent takes 5+ seconds to process'. This one is plausibly deniable too.

[stanmancan]

What about when you remove yourself from a mailing list. and they inform you it will take 10 business days to take effect?

[fsflover]

> This one is plausibly deniable too.

How can it be? You do nothing for 5+ seconds or you save a ton of cookies instantly.

[BoxOfRain]

I think if it was in a court of law it'd be quite difficult to prove beyond reasonable doubt that it's malicious unless it was literally something as obvious as `Thread.sleep(5000)` rather than the software just being badly written. I managed to introduce a really annoying and very specific timing issue a few weeks ago completely by accident for example, I reckon the accused would just say 'non-consent is processed differently to consent for $legacy_cruft reasons and it's quite slow, we're incompetent but we're not malicious'.

[kawsper]

It just feels like corporate weasel words.

Wes Borg from Three Dead Trolls in a Baggie did a skit called "Internet Helpdesk" that included this bit:

> Thank you for calling, your call is very important to us, please hold!

https://youtu.be/1LLTsSnGWMI

[plebianRube]

Put it in the pile with the other dark patterns.