[tjbiddle]

> “Dark patterns” — confusing or deceptive user interfaces designed to steer users into making certain choices — will be prohibited. The EU says that, as a rule, cancelling subscriptions should be as easy as signing up for them.

This is an excellent addition.

[einszwei]

I am very tired of the cookie/tracking popups on many websites that don't have option to "reject all" but just "accept all" and "customise". Main example being Google Search.

Looking at this, I am hopeful but not too optimistic.

[nottorp]

> I am very tired of the cookie/tracking popups on many websites that don't have option to "reject all" but just "accept all" and "customise". Main example being Google Search.

And The Verge on this very article :)

[andrei_says_]

The people writing the articles are different from the MBAs forcing the financial and technological decisions.

“Integrity” has different meanings for each group. For the latter, the meaning is likely closer to “bring in enough revenue to keep the publication running.” Applying dark patterns does not conflict with this.

[nottorp]

Well it's fine with me. I only open Verge links when they're on HN and the title feels interesting. Which is pretty rare.

[jsnell]

From a couple of days ago: https://blog.google/around-the-globe/google-europe/new-cooki...

[einszwei]

Wow, best UX change from Google in sometime now.

[hnbad]

Don't let the prose fool you. They're doing this because what they did before was in violation and the walls were closing in.

This reminds me of supermarkets in Germany loudly announcing that they would abandon plastic bags to save the environment ... a few weeks before legislation came into effect banning them from selling plastic bags.

Why wait until you're potentially facing fines if you can move slightly ahead and sell it as a voluntary good thing you do for your users/customers?

[hiptobecubic]

That's basically WAI though. Plastic bags were banned because of the environmental impact. For some particularly naive customers they might think it's a feel-good initiative from a brand they now love a little more, but at the policy level it's really not important how various implementers want to spin it. What's important is that the outcome is a reduction in plastic bag use.

[hnbad]

Oh, I'm not saying any of these are bad. I'm just saying you shouldn't thank Google (or the supermarkets) when they try to spin this as charity. Some people might not want to hear this, but the thing doing this is not corporate volition but regulations.

[imiric]

Exactly. It's rich for the EU to regulate dark patterns when their own laws is the reason they're so rampant on the web today. I guess it's good that they're finally waking up to this, but they're so far behind what's going on in adtech that their actions seem almost intentionally slow.

The solutions to this aren't regulatory, but technical first. Monetary fines to tech giants are mere slaps on the wrist. We, and by that I mean the web developer community, need to make technical solutions that make it impossible for companies to infringe users' rights. I guess we should first start by defining what those should be on the web. Those solutions then need to be presented to lawmakers and companies forced to adopt them. This is not rocket science; there are already solutions to these problems that just aren't adopted (e.g. the {ab,un}used Do Not Track header).

All this "behave this way or else" regulation is just reactive, and usually takes years to even pass into law, by which point tech giants are way ahead of it anyway.

[ClumsyPilot]

"their own laws is the reason they're so rampant on the web today"

Really? Which dark pattern would bever be created if eu didn't exist?

"We, and by that I mean the web developer community, need to make technical solutions that make it impossible for companies to infringe users' rights. I guess we should first start by defining what those should be"

So, in this process, most of the population will get told what their rights are?

Since you complain that the regupation is slow, any ETA when the technofix will be ready?

[imiric]

Your snark is annoying, but I'll play along.

> Which dark pattern

The cookie consent forms that were a direct response to EU laws.

> most of the population will get told what their rights are?

Internet users need to be a) educated about the value of the data they produce (and ideally compensated for it[1]), and b) be provided with tools that safeguard this data and give them absolute control over it. So, yes.

The web should be user friendly, not hostile and scammy at every turn. It should be impossible for companies to abuse user data, and regulations are clearly too slow and ineffective.

> any ETA when the technofix will be ready?

Some already exist, and others can be built. The incentives are just not there, as tech giants rule the web and law makers are both influenced by and playing catch up to their schemes.

[1]: https://www.forbes.com/sites/forbestechcouncil/2020/10/30/sh...

[dmitriid]

> It's rich for the EU to regulate dark patterns when their own laws is the reason they're so rampant on the web today.

No. The law is not the reason. Companies that knowingly and willingly break it are.

Those annoying popups? The vast majority of them are illegal under GDPR, which parasites like IAB are very well aware of: https://www.iccl.ie/news/gdpr-enforcer-rules-that-iab-europe...

Edit: changed article URL

[ClumsyPilot]

Without the law they would take your data without telling you.

[imiric]

Cookie consent forms were a response to the "cookie law" passed in 2009[1].

If they're now illegal, that's on the EU for making them vague or not strict enough.

But my point is that fighting this with laws is:

- too slow, since by the time governments catch up that something should be done, a lot of harm has already been inflicted upon users. And by the time laws do come to pass, tech companies have grown in power and already have alternatives to keep growing. Governments are constantly playing catch up, which was a problem even with Big Tobacco/Pharma, but the speed of innovation of Big Tech is unparalleled.

- too ineffective, as breaking these laws is too slow/difficult to prosecute, and even when companies are fined, it's mostly symbolic to even matter. I.e. to them it's just the cost of doing business.

[1]: https://gdpr.eu/cookies/

[dmitriid]

> Cookie consent forms were a response to the "cookie law" passed in 2009

> were a response to the "cookie law" passed in 2009[1]

Your link clearly states: "Receive users’ consent before you use any cookies except strictly necessary cookies".

For everything else you need to ask for consent with "No"/"Reject" being clearly labeled and being the default option.

Yes, it's that easy.

> too slow, since by the time governments catch up that something should be done, a lot of harm has already been inflicted upon users.

So, what eactly is your proposal except "law is bad"? How do you propose law should work to minimize harm?

To be clear: I think that EU is too slow and too lenient when prosecuting things illegal under GDPR, and that they should pick up the pace. However, "omg this law makes the web bad" is in itself is a very bad take. Because it takes responsiility from those who are actually responsible for making the web bad. They are now exposed... but managed to persuade people that it's not their behaviour that is blatantly evil, but that "the law exposing them is bad".

[imiric]

I'm not saying "law is bad". I'm saying that the process of prohibiting a behavior after it happens is too slow and ineffective for Big Tech. As it was for many other industries before, but particularly now for Big Tech.

What needs to happen is for privacy-minded tech people to propose and lobby solutions to governments that make it impossible for companies to violate these rights in the first place, and then governments making it a law for this technology to be used by all companies. E.g. the DNT header could've been one such solution, but the fact it was never made part of a law is what led to it being abused for ironically tracking itself, and now abandoned altogether.

We're in this mess because governments fundamentally don't understand technology and how to police it. Either that, or they're willfully complacent with the status quo because it benefits them as much as the corporations.

[bratwurst3000]

The « i dont care about coockies » plugin for firefox is superb at geting rid of that problem

[layer8]

I wouldn’t count on sites not tracking you until you actually saved your “custom preferences”.

[alwayslikethis]

Of course you can't.

My recommendation:

1. Install "I don't care about cookies"

2. Install "Temporary containers"

This requires that you use special containers for things you do wish to have cookies for such as HN for the login. Other than that, you can safely click accept for all websites, since it won't persist anyways.

[imiric]

Extensions aren't a reliable solution to privacy and security. Why would you give access to all websites you visit to a 3rd party? I barely trust browser developers these days, let alone some 3rd party developer.

And, no, I can't be bothered to review their source code if it's available, or to trust that I'm actually running said code, that it won't become malicious eventually or bother with building it myself. Unless it's run on demand and for a single purpose, I suggest avoiding extensions altogether.

[alwayslikethis]

Containers is a Firefox native feature. The temporary containers extension simply creates and destroys them on demand.

I understand the criticism though - increased attack surface. But the Web is pretty much a lost cause anyways.

https://drewdevault.com/2020/03/18/Reckless-limitless-scope....

[adam0c]

use a vpn, any incognito browser, stop using google. simple.

[bgro]

Remember when Xbox let you sign up for Live online, but you had to do a 3 hour interrogation on the phone to cancel? And calls would cost like 25 cents a minute or something crazy.

Or the auto renewing subscriptions that either cancel your service immediately the second you turn off auto renew, even if you paid for the current time allotment, or they just prevent or ignore your request to not renew.

I feel like reverse charging didn’t exist back then.

There’s also entitled devs that say your email domain or VOIP number isn’t good enough when signing up for their service. There’s no reason for anybody to use an email from their perfect in test whitelist of gmail or Microsoft domains… And why would anybody ever have a voip number unless they were a terrorist?

[Terretta]

Or DirecTV recently:

“Hey we couldn’t process your card due to a temporary error so we went ahead and cancelled your $59 for AllTheThings plan you had for the last 10 years as a loyal customer. We’re very much not at all sorry that plan isn’t available any more. Now AllTheThings costs $129, but don’t worry, just click to reactivate, we’ll try your card again.” … “AllTheThings processed successfully for $129, thank you for your custom.”

[SantalBlush]

There's also this classic attempt at cancelling Comcast service. [1] What a nightmare.

[1] https://m.youtube.com/watch?v=yYUvpYE99vg

[vmladenov]

You know, I’ve heard this a lot and I hate Comcast for their abysmal upload speeds + their pricing, but I’ve cancelled Comcast at five different residences now and the experience took less than 5 minutes each time.

“Why do you want to cancel?” “I’m moving.” “Would you like us to transfer service to your new address?” “No.” “OK”

[lin83]

Amazon's attempts to get users to unwittingly sign up to Prime is one of the most egregious examples I encounter on a regular basis. As a European I cannot wait to see it gone.

[bcrosby95]

If it's easy to accidentally sign up for something, does that mean it has to be easy to accidentally cancel something? Because that would be hilarious.

[haswell]

I’m imagining a scenario where you’re about to check out, and decide not to finish the transaction because you wanted to add something else to your very first.

So you click the cancel button.

Only you find out you’ve cancelled Prime.

[psyc]

After the last iOS update, Apple nagged the shit out of me to setup Apple Pay, for two days. No way to say ‘fuck off’ - only ‘remind me’. No obvious way to stop the nagging. Finally I gave them just the tip, and then pulled out before the money shot, and that seems to have shut them up for now.

[HWR_14]

I have no idea what you're talking about. Apple asked me about Apple Pay a long time ago, I decided I didn't want it and I've never been bugged again.

[cyral]

Apple Pay is legitimately useful though. You can use it to pay at physical businesses if you forget your wallet (double click and face ID to turn your phone into a "tap to pay" card basically). There are also lots of apps/sites that support it so you don't have to type in your card number or even your shipping info sometimes.

[CydeWeys]

That you think it's useful isn't relevant; he doesn't wanna use it and yet nevertheless has continuously been nagged about it. That's not a good experience.

Fwiw I don't use Apple Pay either. There's a lot of things I don't use, for various reasons, and "you should just give in and use it" isn't the right response.

[perryizgr8]

Amazon prime is also very useful. I would say it's more useful for more people than Apple pay. But that doesn't excuse the bad behaviour.

[wrboyce]

How is that even relevant? Your phone was trying to onboard you to a _free to use_ feature. If you can’t see the difference here, then I suspect there probably was a button labelled “fuck off” and you didn’t see that either. Honestly.

[psyc]

Windows regularly tries to nag me into free features I don’t want too.

At no time has the term ‘dark pattern’ ever been necessarily dependent on getting you to pay money.

Your argument is that I sound stupid, so I must be wrong?

There’s no button.

https://www.cultofmac.com/538999/apple-under-fire-apple-pay-...

https://www.wsj.com/articles/apple-insists-iphone-users-enro...

My other peeve is when streaming apps put a button in the bottom-right of an ad, same size and style as the ‘skip’ button one reflexively clicks. Except it turns out to be an ‘engage even moar’ button.

[wrboyce]

Apologies for the implication you’re stupid, I didn’t really mean that and it was uncalled for at any rate.

I don’t disagree regards dark patterns, your example just felt a bit irrelevant to the specific topic being discussed (Amazon pushing a paid for product / cancelling a paid subscription).

[psyc]

I can understand why you would make the distinction. Making distinctions is good, in general. However from my perspective as a frustrated user being antagonized by ‘my’ devices, it’s all the same battle to me.

[jholman]

Paid vs not-paid is not an important distinction.

People who think that money is the only thing that other people want are doomed to be repeatedly exploited by people who understand that there are more forms of exploitation than directly monetary.

[KMag]

"Free to use", but presumably comes with a user agreement that opens you to some financial liability. There's a (granted small) chance that a bug, security incident, or fraud lands you in a Kafkaesque debt nightmare.

I had a bit of a nightmare where one of the credit reporting agencies was convinced my residential address was inside my bank. Their online system referred me to their phone system or sending them mail. Their phone system referred me to their online system or sending them mail. I sent them mail 3 times and got no reply. An online cheat guide for getting to an actual human through their phone system didn't work, and I eventually just started hitting random keys in their phone system and got to a human who was able to sort it out.

You can't even get a secured credit card (backed by a cash deposit) without a credit check (I looked into it), which is going to fail if your residential address is wrong.

Opening a financial account that might misreport something to a credit agency shouldn't be taken lightly.

[ClumsyPilot]

There ought to be penaltues for negligebce causing damage to you

[joe_guy]

Apple makes money off the interchange fee. It might be "free" to the end user, but the corporate motivation is the same as Prime's -- money.

And please don't ad hominem attack people you're responding to.

[wrboyce]

Yeah you’re right, there was no need for the last bit. I’m still struggling to see the relevance though, trying to get me to buy things is very different from trying to get me to use a feature you profit from (in my opinion). You also have to bare in mind that HN represents the more technical users, plenty of people probably do need the popups to discover these features. Saying that, a “no thanks, don’t remind me again” button would be a nice inclusion - perhaps with a secondary confirmation.

[tjoff]

Feature you profit from?

You feel you profit from facebook tracking as well?

Regardless, these dark patterns are truly disgusting and how some can defend them so mindlessly just because they apparently found a use for a product is quite disturbing.

[pessimizer]

I feel like I remember it being pretty easy to cancel Prime, though. Have things changed?

[tjoff]

Doesn't excuse tricking people into it.

[fmx]

Yes: https://www.msn.com/en-us/autos/news/yes-it-seems-amazon-did...

[eli]

It’s a great idea but my understanding is that they have not yet defined the term. And that sounds very hard to define.

[aaaaaaaaaaab]

"I know it when I see it."

[eli]

I’m just not a big fan of laws where just about everyone could arguably be breaking them in some small way. That’s a lot of faith to put in regulators to always act honorably.

Vaguely worded laws can also lead conservative corporate counsels to make decisions like geoblocking all of the EU

[bryanrasmussen]

in common law systems I know it when I see it is good enough, but I believe most of EU is under a Napoleonic system where you should define what you mean.

[jamesrr39]

Nitpick: most of it falls under the Civil law system, some of which is Napoleonic. Wikipedia has a pretty nice map of the breakdown: https://en.wikipedia.org/wiki/Civil_law_(legal_system)#/medi...

[XorNot]

The requirement of "subscribe is as easy as unsubscribe" is a metric which you could argue about in court, but would be very hard to game.

i.e. if signup is "email and credit card number" then you're going to be hard pressed to explain why a similar option to cancel does not exist and isn't accessible in as many clicks, with equivalent screen real-estate usage.

[q-big]

> i.e. if signup is "email and credit card number" then you're going to be hard pressed to explain why a similar option to cancel does not exist

So you argue that to cancel a subscription, you should have to provide your credit card number again. If a check on the credit card fails for some obscure reason, you cannot cancel your subscription.

This is what "subscribe is as easy as unsubscribe" also means.

[kaba0]

I mean, that is precisely the court’s job to interpret the law. Your take is just a deliberately twisted one, it wouldn’t stand a chance in a court setting the same way as a willful offense can’t be defined that precisely, yet there is generally no problem with it.

[XorNot]

Sure: but if it fails, then the card is invalid, and the card no longer can be billed. Again - you wouldn't get away with saying "well we couldn't verify the number" as standard practice - you'd just get sued and then punitively fined if it was found to be a lie.

[jpz]

Sounds extremely subjective. How do you measure it and where do you draw the line? All marketing is somewhat coercive.

How do you get economic and business growth (things which are good for people - jobs and employment) without marketing and advertising?

[nathias]

It's objective its just very widespread. Amazon is probably the greatest offender, but most of the platforms and BigTech is just dark patterns all the way down.

[bratwurst3000]

Windows is fuckinh the worst at this. The whole system experience is at some point „ please login to the mircrosoft produkt you never signed for“ or whatever new noninteresting feature they have. That there isnt something like a windows version striped off that stuff is a shame .

Oh and firewall or defender that puts a big !! Everywhere so it seems that my system will explode anytime

Are they aware that people use it for working?

[ugjka]

I hope this makes Google Pay app subscription cancellations actually cancel them instead of postponing them for 3 months or so