« home

UI/UX tricks against GDPR
(and users)

18 Jun 2018

I have just been suggested this article from InfoWorld.

I was welcome by a claim that they care about my privacy.

This is, evidently, a gift of GDPR, that give Europeans control on their data.

GDPR exists because who control enough data about you can manipulate you.

So I was very happy to see this: InfoWorld respects the law and its users. Yay!

Thus I clicked “Update Privace Settings”, because you know… 
I’m a programmer… I click things…

The popup expanded into a pretty well designed window where I can precisely decide which permissions I gave them.

Everything seemed clear, well explained, and without too much deceptions.

So I went towards the various steps and decided the permissions to give.

Everything was fine till the last step: “Vendor Consents”.

Apparently InfoWorld want to share my data with 338 vendors.

338 companies, as of this writing, will receive the data collected by InfoWorld.

With a single click on “Sounds Good, Thanks!”, I would have accepted to share my data with all 338 companies.
Will the consents be restricted to data collected by InfoWorld?
Will they leverage my consent on other sites?

Actually, this does not sound that good. :-(

Fine, when I realised the deception I decided I won’t give them any consent.

I had to click 338 times. No “Deselect All” button.

Smart move, guys! Very smart! ;-)

They don’t care about your privacy. At all!

338 clicks taught me a very important lesson.

Whenever someone says:

We care about your privacy.

you know they don’t care about you at all. It’s just deception.

Never register to their services. Never trust their TOS.
Never click their Ads. Never accept defaults.

If they manipulate you to get your consent, what will they do with it?

Note to other devs: I have ~20 years of professional experience as a web dev.
Among other things.

If you know how to hit F12, type a few keystrokes and trigger the click event on all divs with a line of JavaScript, chances are I can do it too. ;-)