WTH is this shit?!
edit: for those wondering, the setting can be found under Settings -> Privacy -> GDPR for the EU version only I think
There should be a big old reject all button.
I didn’t have one either, it was just like the image.
But wouldn’t “Confirm my Selection” reject all? It seema as though anything not necessary for proper functioning is diaanled unless you press enable all or manually enable some of them?
Legidimate interest usually means almost everything is enabled but it’s sadly often not even against the GDPR, just scummy af!
Not just “should”, the GDPR actually requires it. Not giving consent must be an easy option, not this dark pattern clickfest bullshit.
There is a reject all button. Try for yourself
That’s how it looked for me.
The dialog shown does not comply to the GPDR. Makes it very difficult and time consuming to reject cookies and consent, according to the GPDR it has to have an option to do it quickly. This just a giant dark pattern dialog to make users give up.
For me, everything was disabled once I opened the dialog options. Legitimate interest was still enabled, but that’s compliant to the GDPR.
‘Legitimate interest’ consent for ad-tracking, as the settings state is not compliant with GDPR. ‘Legitimate interest’ consent bare bones and for security and other essential functions only, not ads.
It’s questionable, thechincally yes but most who ever use it try to fit all of the tracking in that too and I think that’s not as clear
I’m saddened at the amount of uncivilized discourse going on in this thread.
You can actually talk about these bugs and development with the developer on discord, and also submit reports and suggestions on GitHub.
Saying things like “fuck this” and “uninstalling” about a beta that has had at least 2 versions updated today is the same kind of useless discourse I’d expect with failed protests on Reddit.
Here is a more civilized critique of one of the gdpr functions on GitHub. https://github.com/laurencedawson/sync-for-lemmy/issues/200
Perhaps you can make a new ssue about a reject all button as well.
If its uncivilised to uninstall an app because it’s bugs are invading your privacy, then I don’t want to be civilised. If anything, I’m doing the author a favour by telling them why I’m using their competitors.
There is a big difference between “WTH is this shit” and “This is a reason for me to use another app”.
I agree that “fuck this” might be a bit too strong for some people, I don’t think there’s anything wrong with “uninstalling”, as long as the reasoning behind it is mentioned.Edit: I see now that you’re talking about hypotheticals, because nobody in this thread is doing that.
This is the most asshole design for those dialogs. If it doesn’t have a “Deny all” button, fuck you.
Why is it called “Revoke consent”? Consent was never asked during setup, so how can it be revoked?
Edit: oh great. It doesn’t even save your settings for objecting to “Legitimate interest”. Uninstalled.
It’s ironic, because the companies who claim to have a legitimate interest in tracking my behaviour are the ones I want to block from tracking me most of all.
Ads and data collection are too much for me. Sticking with Liftoff for now.
Highly recommend thunder or Connect as well if you aren’t satisfied with liftoff. I’ve used all (I think?) The android apps and those two go back and forth for my favorite. Thunder looks slickest but connect is the most stable and easy to navigate imo.
Thunder has user tracking code.
Liftoff and Jerboa are clean and respect users privacy.
File a bug for reject all.
You can’t even revoke consent in the US. I’ll be sticking with Thunder instead of Sync for Lemmy.
Thunder has user tracking code.
Jerboa and Liftoff respect users privacy and are solid options.
Can confirm, Jeroba has been really solid (minor hiccups occasionally w/ feeds and inbox not loading – usually fixed by refresh, sometimes by app restart) for the few weeks I’ve been using it. Well-featured, and looks/“feels” nice!!
I was never able to login with Jerboa and regularly got JSON parsing errors and similar stuff. It sadly just didn’t work for me.
Jerboa feels like an app from 2010 lol
In what way? It uses M3 ?
Can you provide a source on that? DDG has shown zero tracking attempts from Thunder.
Yes exodus privacy maintains a database of each android app and all the trackers they contain.
There is an exodus app called classy shark on fdroid which will scan the installed app code on your phone and tell you which trackers it contains right down to the Java class name that are called.
So you don’t need a source go ahead and scan it yourself in realtime, I did and the tracker is there. I don’t recall which tracking platform its using as I uninstalled it afterwar the positive result.
Finally, the developer, when asked about the tracking in another thread said he “might” consider removing it in the future.
The other two major open source apps Jerboa and liftoff are clean and respect users privacy.
Exodus Privacy claims that Thunder has no trackers: https://reports.exodus-privacy.eu.org/en/reports/com.hjiangsu.thunder/latest/
That’s great news, I can confirm 0.2.1 is tracking free!
They are legally required to have a deny all button…
“Confirm Choices” should also function as that button, as the consent needs to be opt-in - nothing should be on by default.
“Consent” needs to be opt-in but “Legitimate Interest” does not and almost always isn’t.
There is one “Do not consent”
Can confirm this, I was offered (and chose) the Do Not Consent option. Weird that not everyone is seeing it.
Yes, this is a bug and needs fixing
The bug has been fixed
Was the update done server side or client? There was not any updates to the app
For me, the dialogue changed and I think the prompt is some html redirect. Gives me the option to deny all (but it currently does not work)
Yeah, that is ridiculous and I have already uninstalled.
I’m fully for supporting ljdawson and this app - the former version of which I’ve also purchased.
So, I was really surprised when I saw that the gdpr consent form had some of the worst dark patterns with the opt-out “legitimate interest” for each party.
The first time I was so excited to have sync again, that I just confirmed selection. Stupid of me. Second time, I spent minutes opting out of each individual party’s “legitimate interest” - after giving consent.
No idea what this means or if ljdawson knew (he’s the dev though), but this really soured my experience.
I think I’ll still purchase, but this sucks.
Edit: I’ve since purchased the ad-free version. I want to give ljdawson the benefit of the doubt and maybe also chalk this up to the beta state. I just quite dislike dark patterns.
Since it’s GDPR, I wouldn’t be surprised if this is a drop-in library or something that uses those dark patterns instead of LJ setting that up himself.
I guess it’s more of a Google’s fault, but still, having to spend 10 minutes to Reject all is insane.
I’ve uninstalled it, sticking with Connect and will also give Thunder a try. Loved Sync for Reddit and paid for it gladly, but as it is, I’m out.
That is illegal by the way. You should have a single button to reject all. You can report it to your data protection authority
They love this.
Hm, I’m curious how the law interacts with apps in alpha and beta. Like if an app is brand new and still under development, does it have to follow those laws immediately or is there some leeway because of the app being new
From my knowledge of the EU as citizen I would say probably not, if they do something exceptions are only made for companies who spend a lot of money lobbying or if public outrage is big enough
Why would it be legal to ignore the law because your product is in alpha or beta? Hell, Gmail was in “beta” for like the first 10 years of its existence.
I’m thinking more about apps that aren’t released to the public in any way.
I guess the old use of the word “beta” where things were tested by paid people instead of the public
It doesn’t matter, app in development can hurt privacy just as well and must follow the same rules.
It was a bug you whiny fucking idiots. Fucking stupid people on the internet.
I’m in the US and don’t have the ability to opt-out of these things.
I used Sync for Reddit for many years but the Lemmy version’s privacy policy is not what I was hoping to see. I would love a clarification around what privacy improvements a subscription might add…
Nothing happens when I click it for me, in the US
Nothing happens for me in the UK either.
:(
I’ve opened an Issue to look into the consent settings for ‘Legitimate interest’ not saving:
The two toggles called “Consent” and “Legitimate interest” is one of the most jarring things I’ve seen since GDPR came out. Those are legal basis for processing data, they’re not supposed to shown like that to the user, that just makes no sense.
User have to opt-in for processing activities that are based on consent, and be allowed to opt-out of processing activities that are based on legitimate interest, but to do that they must know what those processing activities are in the first place!
Edit: The more I think about it the more it makes my head hurt. What does a toggle just called “consent” mean? Am I opting in for “consent”? Why are they just writing “legitimate interest” without telling what is the interest and why it is legitimate? Complete nonsense