The New Yorker (Conde Nast) tricks you into thinking you've exercised your CCPA rights when you haven't
Dark Patterns in Privacy - Here Already
As a California resident, CCPA (the first US landmark privacy bill created and moved forward in cowboy fashion) has been a huge non-event for me. Supposedly effective Jan 1, there’s been little changes on my web experience. Until this morning.
Clicking on a Slower News link to a New Yorker article about moderating Hacker News, I came across my first opportunity to exercise my rights. If you’re in California, go ahead and click.
To my surprise, a new experience popped up. Not just asking me to accept cookies, but also informing me of my choice to prevent the publishers, in this case Conde Nast, from selling my personal information. Freedom!
“Do Not Sell My Personal Information” vs. “Accept Cookies” seems at the very least like a reasonable choice to evaluate.
I clicked “Do Not Sell My Personal Information”, and lo and behold, Dark UX patterns emerged.
Wow-where to begin. Most companies wouldn’t give you this “additional context” on actions you want to take. Note 2 things:
1) By default the slider is shifted to the left (make note of that)
2) This doesn’t actually fully prevent them from sharing information. If you want to stop them from doing that, you have to submit a “CCPA Request Form” located via link right about the “Manage Consent Preferences.”
But nonetheless, I’m close to success here, and only in a a few seconds!
I clicked the button to “Do Not Sell My Personal Information” because I want that “on” not off.
Success, I think? I go to confirm my choices but…
Wait a minute. Are my targeting cookies on or off? The bold text lets me know that f I don’t want Conde Nast to sell my information, that I should toggle the ‘Do Not Sell My Personal Information’ button to “Off”.
Isn’t that strange?
It’s clearly a dark pattern. In my head, when you want to “activate” a setting, such as “Notifications” or “Send Texts”, the “on” position means you have activated that feature.
In this instance, the logic is flipped. If you want “Do Not Sell My Personal Information” to be activated and “On”, you have to keep the button toggled “Off.”
I’m sure there will be some back and forth here - off is in fact the ‘default’, but I suspect this pattern has been deliberately designed by OneTrust to trick people into not exercising their CCPA rights.
In the end, I don’t really want to pick on anybody: OneTrust was ahead of the game in offering privacy management and compliance software. Conde Nast is probably one of their top clients. And look, the fact that I can opt out, even if it requires careful reading, with a click and a submission of a web form, is progress.
But I suspect this isn’t the end of the variety of Dark Web Patterns we’ll see.
P.S. Please subscribe and send any comments to hello@thefutureiswork.com