Pointed out that Starbucks uses a ``dark pattern'' that intentionally deceives users

In Europe and the United States, it is stipulated by law that ``users must allow cookies to be used in order to use the information of users who have visited the website for

targeted advertising. ' ' ” to force users to choose cookies that allow targeted advertising. Chris Corbett , an engineer, said that even on the Starbucks website in the United Kingdom, when the user set not to allow the use of cookies for advertising, an unnecessarily long processing time occurred, and the impatient user canceled the setting. It points out that a dark pattern can be seen.

Starbucks and TrustArc add fake cookie processing delay if you don't click agree | Hacker News

Corbett points out the Starbucks UK website. The video below shows how the Starbucks UK website works with cookie settings.

Click 'More Information' when asked about the use of cookies on the Starbucks UK website.

Of the options, allow only the minimum use of cookies, and click 'SUBMIT PREFERENCES' without allowing the use of cookies for advertisements.

'You have updated your cookie selection' is displayed. Nothing unusual happens at this point.

Then delete local storage.

It will also delete all existing cookies. By simply setting the cookie, the previously saved cookie will continue to be retained, but now all the cookie information saved on the user's PC, including information about Starbucks, will be lost.

After that, go to the cookie selection screen again from 'More Information'.

As before, allow only the minimum number of cookies and click 'SUBMIT PREFERENCES'.

Then, the screen shows that the process is being processed, and loading that was not there before appeared.

When you think that you have finally advanced to the next screen, the processing screen is displayed again. Along with the words 'It may take a few minutes to reflect the settings', a 'CANCEL' button was displayed that allows you to return the cookie settings to a blank page at any time.

Corbett told the Twitter accounts of two companies, Starbucks UK and TrustArc , which verifies its privacy, ``If you remove unnecessary timeouts, you will no longer need to process 'status'. It happens. Can you explain?'

Corbett points out that this is a dark pattern that deceives users. A dark pattern refers to an act that intentionally makes the design difficult to understand in order to force the user to take the intended action. It is said. The EU's data protection regulations and GDPR have made it difficult to collect user data, so companies are increasingly using such dark patterns, which is becoming a problem. For this reason, a law prohibiting dark patterns has been passed in the state of California , USA, and there is a movement to establish a new law in each state that ``not admit consent obtained by dark patterns''.

in Video,   Design,   Security, Posted by darkhorse_log