this post was submitted on 23 Sep 2023
503 points (98.8% liked)

Technology

59264 readers
3647 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world
503
Europe wants easy default browser selection screens. Mozilla is already sounding the alarm on dirty tricks (www.theregister.com)
submitted 1 year ago by HipPriest@kbin.social to c/technology@lemmy.world
46 comments fedilink hide all child comments
 

Can you blame it?

you are viewing a single comment's thread
view the rest of the comments
[–] Ghostalmedia@lemmy.world 88 points 1 year ago (3 children)

It would be nice if, unlike GDPR, some veteran UX leaders would be consulted before this legislation was drawn up.

GDPR was well intentioned, but many of the pop experiences are littered with dark UI patterns, and most of those pop up experiences are annoying as hell.

[–] Barbarian@sh.itjust.works 55 points 1 year ago (2 children)

An amendment has changed the rules on that. They need to be as easy to reject as to accept. Lots of websites atm are breaking the law on this still.

[–] Ghostalmedia@lemmy.world 14 points 1 year ago (1 children)

My hot take is that GDPR, CCPA, etc. should require sites to go through a standard user experience native to the browser’s chrome. Kind of like how Android and iOS handle tracking permissions for Play and App Store apps.

That seems like it would be way easier to audit / govern, and it would be a better overall experience for end users.

[–] towerful@programming.dev 2 points 1 year ago

The issue with that is that there are so many different apps that process data in so many different ways.
A phone has a bunch of physical features. Letting a website/app know what's available and request access is a small extension of the hardware APIs with clear defined purposes.

But a financial app is going to have widely different data interests and processing than a workout app, which will be different from a video game, a calculator, a forum etc.
I don't know how it can be normalised into something programmatic.

I guess it's why law and courts are so complex. Sure, laws are written down, it should be easy... but they are regularly challenged and tested.
It's a difficult problem to solve.

The ideal way would be to cut the legalese bullshit in the privacy policy.
However, that's a legal document, so it needs the legalese.
It actually needs an honest human readable summary that sums up what's collected, why it's used etc.

[–] hitmyspot@aussie.zone 6 points 1 year ago

Oh, I'd noticed that a lot of sites now seemed a lot better. It's so frustrating when a site has you jump through 4 delays to reject, but accept keeps working fine. As soon as there is a delay now, I'm out of there.

It'll be nice when we have the settings built into your browser and the sites need to comply so it's on them not you to verify your preferences.

[–] TestShhh@lemmy.world 38 points 1 year ago (1 children)

It’s worth re-mentioning this whenever it pops up.

The GDPR does not mandate the cookie pop-up. The GDPR just says that companies cannot gather personal information about you without your consent,

If companies weren’t trying to build a profile about you all the time, they don’t need a banner in the first place. The GDPR is amazing because it makes it immediately obvious which rare companies actually respect you and your right to privacy, due to not needing cookie banners in the first place

[–] Ghostalmedia@lemmy.world 5 points 1 year ago (1 children)

As someone from the UX side of the fence, I can assure you that there are a lot of legitimate convenience and or fraud protection reasons for why a company might store PII server side for the user’s convenience. Targeted marketing isn’t the only reason to store identifying information.

[–] towerful@programming.dev 6 points 1 year ago (1 children)

Fraud prevention is a legitimate interest and does not need a consent request.
I'm pretty sure that is specifically called out in GDPR. Certainly ICO (UK) has loads of articles on it.

However legitimate interests are often difficult to demonstrate compliance, so it can be easier to rely on consent.

[–] azertyfun@sh.itjust.works 3 points 1 year ago

Imagine if fraud prevention mechanisms were ineffective if you do not consent to targeted advertising.

Black Hat: Darts! These darks patterns got me again, I accidentally consented, now I won't be able to bypass the captcha!

[–] Knusper@feddit.de 4 points 1 year ago

You shouldn't assume the contents of the GDPR based on what most companies are doing. It's not legally consent, if it was not given freely. So, no dark patterns, no coercion, no inaccurate descriptions, nothing. You need to inform the user as accurately as possible and ensure that they choose what suits their interest. Then it's consent.