WTH is this shit?!
edit: for those wondering, the setting can be found under Settings -> Privacy -> GDPR for the EU version only I think
The dialog shown does not comply to the GPDR. Makes it very difficult and time consuming to reject cookies and consent, according to the GPDR it has to have an option to do it quickly. This just a giant dark pattern dialog to make users give up.
For me, everything was disabled once I opened the dialog options. Legitimate interest was still enabled, but that’s compliant to the GDPR.
‘Legitimate interest’ consent for ad-tracking, as the settings state is not compliant with GDPR. ‘Legitimate interest’ consent bare bones and for security and other essential functions only, not ads.
It’s questionable, thechincally yes but most who ever use it try to fit all of the tracking in that too and I think that’s not as clear
There should be a big old reject all button.
Not just “should”, the GDPR actually requires it. Not giving consent must be an easy option, not this dark pattern clickfest bullshit.
There is a reject all button. Try for yourself
I didn’t have one either, it was just like the image.
But wouldn’t “Confirm my Selection” reject all? It seema as though anything not necessary for proper functioning is diaanled unless you press enable all or manually enable some of them?
Legidimate interest usually means almost everything is enabled but it’s sadly often not even against the GDPR, just scummy af!
That’s how it looked for me.
I’m saddened at the amount of uncivilized discourse going on in this thread.
You can actually talk about these bugs and development with the developer on discord, and also submit reports and suggestions on GitHub.
Saying things like “fuck this” and “uninstalling” about a beta that has had at least 2 versions updated today is the same kind of useless discourse I’d expect with failed protests on Reddit.
Here is a more civilized critique of one of the gdpr functions on GitHub. https://github.com/laurencedawson/sync-for-lemmy/issues/200
Perhaps you can make a new issue about a reject all button as well.
Edit- this response is to the commenters here, not op. OP made a well formatted and polite issue on GitHub.
If its uncivilised to uninstall an app because it’s bugs are invading your privacy, then I don’t want to be civilised. If anything, I’m doing the author a favour by telling them why I’m using their competitors.
There is a big difference between “WTH is this shit” and “This is a reason for me to use another app”.
I agree that “fuck this” might be a bit too strong for some people, I don’t think there’s anything wrong with “uninstalling”, as long as the reasoning behind it is mentioned.Edit: I see now that you’re talking about hypotheticals, because nobody in this thread is doing that.
Why is it called “Revoke consent”? Consent was never asked during setup, so how can it be revoked?
Edit: oh great. It doesn’t even save your settings for objecting to “Legitimate interest”. Uninstalled.
It’s ironic, because the companies who claim to have a legitimate interest in tracking my behaviour are the ones I want to block from tracking me most of all.
This is the most asshole design for those dialogs. If it doesn’t have a “Deny all” button, fuck you.
Ads and data collection are too much for me. Sticking with Liftoff for now.
Highly recommend thunder or Connect as well if you aren’t satisfied with liftoff. I’ve used all (I think?) The android apps and those two go back and forth for my favorite. Thunder looks slickest but connect is the most stable and easy to navigate imo.
deleted by creator
You can’t even revoke consent in the US. I’ll be sticking with Thunder instead of Sync for Lemmy.
deleted by creator
Can confirm, Jeroba has been really solid (minor hiccups occasionally w/ feeds and inbox not loading – usually fixed by refresh, sometimes by app restart) for the few weeks I’ve been using it. Well-featured, and looks/“feels” nice!!
Jerboa feels like an app from 2010 lol
In what way? It uses M3 ?
I was never able to login with Jerboa and regularly got JSON parsing errors and similar stuff. It sadly just didn’t work for me.
Can you provide a source on that? DDG has shown zero tracking attempts from Thunder.
deleted by creator
Exodus Privacy claims that Thunder has no trackers: https://reports.exodus-privacy.eu.org/en/reports/com.hjiangsu.thunder/latest/
deleted by creator
File a bug for reject all.
They are legally required to have a deny all button…
There is one “Do not consent”
Can confirm this, I was offered (and chose) the Do Not Consent option. Weird that not everyone is seeing it.
“Confirm Choices” should also function as that button, as the consent needs to be opt-in - nothing should be on by default.
“Consent” needs to be opt-in but “Legitimate Interest” does not and almost always isn’t.
Yes, this is a bug and needs fixing
The bug has been fixed
Was the update done server side or client? There was not any updates to the app
For me, the dialogue changed and I think the prompt is some html redirect. Gives me the option to deny all (but it currently does not work)
Yeah, that is ridiculous and I have already uninstalled.
I’m fully for supporting ljdawson and this app - the former version of which I’ve also purchased.
So, I was really surprised when I saw that the gdpr consent form had some of the worst dark patterns with the opt-out “legitimate interest” for each party.
The first time I was so excited to have sync again, that I just confirmed selection. Stupid of me. Second time, I spent minutes opting out of each individual party’s “legitimate interest” - after giving consent.
No idea what this means or if ljdawson knew (he’s the dev though), but this really soured my experience.
I think I’ll still purchase, but this sucks.
Edit: I’ve since purchased the ad-free version. I want to give ljdawson the benefit of the doubt and maybe also chalk this up to the beta state. I just quite dislike dark patterns.
Since it’s GDPR, I wouldn’t be surprised if this is a drop-in library or something that uses those dark patterns instead of LJ setting that up himself.
I guess it’s more of a Google’s fault, but still, having to spend 10 minutes to Reject all is insane.
I’ve uninstalled it, sticking with Connect and will also give Thunder a try. Loved Sync for Reddit and paid for it gladly, but as it is, I’m out.
That is illegal by the way. You should have a single button to reject all. You can report it to your data protection authority
They love this.
Hm, I’m curious how the law interacts with apps in alpha and beta. Like if an app is brand new and still under development, does it have to follow those laws immediately or is there some leeway because of the app being new
From my knowledge of the EU as citizen I would say probably not, if they do something exceptions are only made for companies who spend a lot of money lobbying or if public outrage is big enough
Why would it be legal to ignore the law because your product is in alpha or beta? Hell, Gmail was in “beta” for like the first 10 years of its existence.
I’m thinking more about apps that aren’t released to the public in any way.
I guess the old use of the word “beta” where things were tested by paid people instead of the public
It doesn’t matter, app in development can hurt privacy just as well and must follow the same rules.
It was a bug you whiny fucking idiots. Fucking stupid people on the internet.
Ads have no place here…!! 👎🏻
Sync was always an ad supported app with ways to remove them.
I’m not sure why anyone would expect that to change.
I get it, the idea of ads on an app accessing an ad-free, and generally anti capitalist network like lemmy is dissonant. But the truth is that I’d rather have ads in apps than have developers not getting paid for their work.
You gotta realize, it is a time intensive thing. If someone is working on a lemmy app in their spare time, that means development is going to be slow as hell. If they’re getting enough income to do it full time (or even part time but dedicated), then we have access to a stable, well supported app.
Google has fucked over developers in how they can monetize. They can’t do iterative sales the way software used to work, where you’d buy a program and any major new versions were a new purchase. They’re limited in how many versions they can have in the play store, so they can’t have tiers at various price points.
Google wants their cut, and that’s all they really care about. They get the biggest flow from subscriptions and ads. So they try and channel developers into those streams. It’s a long standing problem.
Thia is one of those things where you can’t hate the player, you gotta hate the game.
As long as people can remove the trackers and not have their data sold by paying upfront, instead of having to pay AND part with your privacy then I don’t think there is any problem with this. Especially because of the FOSS community’s general attitude of ‘Is it really open-source if the dev doesn’t have to do borderline illegal labor in China to survive?’ sucks
Fuck you Spez
Sorry, involuntary response
Like a reflex?
Fully agree there!
People still sell software the traditional way, especially B2B. I don’t like your argument because it assumes someone needs to be paid, community efforts benefit the community and there are plenty of people who just want to make use of their technology on their own terms. They can put ads in this that’s their choice, but even adfree if tracking is bundled in it can’t be said to be ethical. The community excitement does baffle me a bit, respectfully.
I mean, you don’t have to like the way things are. But pretending that aren’t that way is pointless.
I dunno, were you a reddit user? If not, I don’t think you’d understand that this particular app was top of the pile, and Dawson was begged to port it for lemmy. Those of us doing that begging, or encouraging him to do so all knew that the app was ad supported with payment options. We all voiced willingness to not only use the app, but to pony up the costs.
Third party apps are were the default way to access reddit for over a decade. Losing them, and then having to migrate to a new place is daunting. Having a familiar app with a superb interface takea away part of the emotional side of losing reddit. That may seem silly, but that’s why everyone is so hyped.
Now, the tracking part sucks, but that’s Google, not Dawson. Admob is utter shit in that regard. It’s why I block anything and everything related to it. But the way to address that is to focus on that, not blaming Dawson for being stuck in capitalism. We all gotta pay the bills, and his training as a developer is how he does that. There’s already a subscription to remove ads, ways to modify the apk to remove trackers, ad/tracker blockers, and Dawson is a very responsive guy. One of the easiest devs to communicate with overall.
How would you prefer he monetize?
Ultimately I’d prefer he didn’t, as it’s reinforcing the race to the bottom you refer to above. Yes google caused it, yes we choose to participate. I am also a developer and pushed out apps without ad support in business contexts, admittedly niche, but basically a single person should not be able to monetize at this level and for just their own gain. We lose a lot compared to any short term benefit. Yes I’m talking ideals, I want people to focus more on ideals generally and less on growth and monetization.
I completely understand, respect, and share your ideals however our current global circumstances are not favorable at all for those ideals. We can and will slowly change that, I’m sure of it, but at the same time people deserve to get paid for their work.
You don’t want the developer to earn any money?
Do those that provide this space earn any money??
My server admin has a donation page for server support costs, and anything over what is needed for the local server gets donated to the main fedi devs, so… yes, they do.
I’m in the US and don’t have the ability to opt-out of these things.
I used Sync for Reddit for many years but the Lemmy version’s privacy policy is not what I was hoping to see. I would love a clarification around what privacy improvements a subscription might add…
Nothing happens when I click it for me, in the US
Nothing happens for me in the UK either.
:(
I’ve opened an Issue to look into the consent settings for ‘Legitimate interest’ not saving: