Are you sick of dealing with labyrinthine cookie consent popups just to navigate the web without being tracked? Well, researchers from Aarhus University, Denmark, have created a browser extension that automatically rejects them for you.
Consent-O-Matic is free and available for Mozilla Firefox, Google Chrome and other chromium-based browsers, and Safari for macOS and iOS. The browser extension already had 22,000 test users worldwide before becoming publically available.
“The way it works is that we manually analyze a pop-up to see how it is designed, and then we write the code to click on buttons and check boxes,” Clemens Nylandsted Klokmose, a Consent-O-Matic developer and associate professor in the Department of Computer Science, said in a statement. “Sometimes a website might have done things differently, and in that case, we will always try to submit the most privacy preserving settings. Websites might also use a pop-up that we haven’t seen yet, which means Consent-O-Matic can’t detect it.”
“The code for Consent-O-Matic is available open-source on Github […], so if anyone want to have a look, or contribute with new rules for a pop-up, they can do that.”
Amazing as this is, it’s unfortunate that the software even needs to exist. “People should have control over their personal data, but the way these consent pop-ups are designed make it difficult. Clicking through multiple screens and toggling hundreds of sliders for every website you visit gets exhausting and annoying, so it’s easier to just hit the big green button,” Midas Nouwens, a Consent-O-Matic developer and assistant professor in the Department of Digital Design & Information Studies, explained. “We built Consent-O-Matic to let people exercise their digital rights, and make it as easy as possible.”
Indeed, a 2020 paper co-authored by Nouwens highlights the often shady practices of consent management platforms (CMPs).
“The results of our empirical survey of CMPs today illustrates the extent to which illegal practices prevail, with vendors of CMPs turning a blind eye to – or worse, incentivising – clearly illegal configurations of their systems,” the authors write. “Enforcement in this area is sorely lacking.”
“Interface designs that try to guide end-users into desired behavior through malicious interaction flows are referred to as ‘dark patterns’,” the authors explain, adding that “A core takeaway from the user study is that placing controls or information below the first layer renders it effectively ignored.”
It seems that CMPs are already taking notice and trying to push back, with OneTrust LLC being granted a patent on September 6, 2022, for “Data processing systems and methods for detecting tools for the automatic blocking of consent requests.”
“The patent is pretty hilarious. The idea it is premised on seems to be that a refusal of consent has to have the same high standards as a granting of consent […] But that's simply incorrect,” Michael Veale, a professor of digital rights and privacy at UCL Laws, told Motherboard. “Furthermore, data protection law specifically recognises that an individual 'may exercise his or her right to object by automated means using technical specifications.”
"The entire adtech industry's strategy over recent years has been to attempt to misinterpret regulation to make consent seem like a joke,” Veale explained. “The legal reality is that this is not consent, and that such practices are themselves illegal. Data protection authorities are finally waking up to that.”
In a world where your personal data can be sold up to 987 times a day in split-second advertisement auctions, it’s more important than ever to get clued up on cybersecurity and protect yourself.