Dark pattern abuse at its finest. You find this on all third party webstores that have decided to affiliate themselves with Shop. This has been spreading like the plague and infected a lot of webstores I used to use. If you don’t notice or forget to click on the “not now” at the bottom of the page they will create a Shop account that contains your email, phone number and credit card information without further warning. Whoever hacks into their database is going to hit a goldmine. You might have a Shop account without even realizing it right now.
And of course there is a 30 day delay for account deletion for purely made up reasons.
Isn’t that illegal in the EU?
Yes, you have to opt in. That’s why they’ll have you check 3 perfectly fine checkboxes, and then hide one like this among them.
Who cares? The corpos are city-states, now. Try to enforce it.
The EU routinely enforces such rules, with fines that are calculated based on company revenue, so that it hurts equally, no matter how large.
I fucking hate Shop because of this bullshit.
It took me a bit to understand, had to read everything you wrote. I would’ve had no clue. That’s extremely fucked. Will keep an eye out.
Is passive agreement (i.e. by not declining) even legally binding in your jusrisdiction?
Definitely not. But who has the time and money to file a lawsuit over this? What kind of payout can you even expect for the tort of creating an account you didn’t ask for? That’s why they keep getting away with crap like that.
I have always silently rejected the whole “if you do x then it means you agree to y”. No idea if either would stand up in court but I don’t see some text label on a website or program as legally binding. Hell, I’d say that a lot of user agreement fine print doesn’t even meet the informed consent requirement for a legal agreement. Or that would be the case if the legal system cared about justice rather than being more of an orphan crushing machine for corporate interests in many cases.
I didn’t even know, just deleted the account. Fuck this shit.
By the way, I also fucking hate that these awful companies are now naming their shit with misleading names. If you don’t spot the capital S here, you might think, it’s an account at the website that you’re shopping on.
Klarna also has a payment method, which is called something like “direct transfer”. When it’s included on a webpage, they don’t have their branding or anything next to it, to make you think, it’s a normal bank transfer, when it’s not.
By reading this sentence you’ve agreed to all my terms and conditions, idiot!
I must have missed one of those at some point, because on multiple occasions now, while filling out shipping/billing field on websites I’ve never bought from before, their e-commerce platform recognized my partial info and sent me a “confirmation” text well before I entered a single digit of my phone number in the phone number field.
I’m sure that e-commerce platform touts that shit as being streamlined and convenient, but I thought it was fucking creepy, and it lost each of those companies my business.
This exact same thing happened to me and this is what completely put me off from that kind of service. Especially since I had never willingly agreed to let them record this information and use it this way. I thought I had been hacked at first. It is beyond creepy. The fact that they keep trying to sneak it past you every time makes it even worse.
Also, Shopify had a data breach about their customer’s data already. I just don’t want them to hold that information on their servers.
This reminds me of all the Link bullshit I see everywhere too. “We created an account for you! Now just turn off all your tracking protection and DNS blocking to land on our skeezy website to opt out!”
Wow. I’d assume if I don’t select that payment method, they don’t have access to my data. This is evil and should be illegal and consumer protection agencies should prosecute anyone doing shit like this.
I’ve had to start being on the lookout for an auto checked “$2.99 package protection” add-on with some stores. The Internet is a trainwreck.
“30 day account deletion for purely made up reasons”
LIES! MISINFORMATION!!There is an entirely plausible reason for this. And that reason is “Fuck You, that’s why. Lol”
Its deleted pixel by pixel, bit by bit.
Do you know how many prompts it takes for our agent to only drop your database entry?
Not to mention the ones asking you for a tip. This isn’t a service, it’s a product that I haven’t even received yet.
Man, that has happened to me twice! Luckily I only use credit cards online, but it’s so easy to accidentally click on that, especially when a page hasn’t finished reloading and the options move slightly as you choose.
Hate to break it to you, but placing the order at all is already giving them all that data.
It’s more about consent to save the data rather than just passing it on to the payment processor. Different attack surface, as getting it without it being saved would require their codebase be compromised or some sort of man in the middle attack (which is difficult/impossible with encryption, if it’s done right), or compromising the payment processor themselves. If the data is saved, all of those work plus any brief security breach that gives access to the database, which will be the most common type of breach out of all the ones that could expose the CC info.
Sure they could still be saving it, but then if there is a breach, it will be discovered that not only did they have a breach but they made it worse by saving financial data without user consent, which would increase the damages for the class action suit for the breach. In theory, at least, hard to tell how it would work out with today’s level of corruption.





