Giters

squidfunk / mkdocs-material

Documentation that simply works

Home Page:https://squidfunk.github.io/mkdocs-material/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Add "deny" button to cookie consent

J0B10 opened this issue · comments

commented

Contribution guidelines

I want to suggest an idea and checked that ...

  • ... to my best knowledge, my idea wouldn't break something for other users
  • ... the documentation does not mention anything about my idea
  • ... there are no open or closed issues that are related to my idea

Description

The cookie banner which was implemented to close #1914 followed many common practices of other websites.
But by doing that it also implemented some deceptive, user-hostile designs (commonly referred to as Dark Patterns).

For more information on what Dark Patterns are and why they should be avoided I suggest reading this article:
https://usercentrics.com/knowledge-hub/dark-patterns-and-how-they-affect-consent/

To sum it up deceptive designs are noticed and disliked by users while being potentially illegal.

Also I think a documentation site should be as easy to use as possible and it's really bad practice to annoy new users with unintuitive ui.

Fixes

  • Add Deny or similar option to the consent banner right next to the Accept button, in the same colour and style.
  • Modify the initial state to be unchecked by default.

Additional Features

  • Have an X in the top right corner of the consent banner that just closes it, denying all cookies / choices.
    I know not everyone will like that but as an user is very intuitive and saves a lot of annoyance
  • Add a Change cookie settings link to the sites footer, right next to the copyright information so it is always present.

Use Cases

All new users first discovering a mkdocs site with a cookie banner would benefit from making consent easier.

Users that are curios about the use of their personal data would get a better first impression of the site.

Administrators of sites would have a reduced risk of being held accountable for non compliance.

Screenshots / Mockups

grafik

commented

Thanks for suggesting. This is a very hot topic that is quite controversial.

We can add an optional Deny button, and I'll see if we can automatically add the change cookie settings link to the footer. However, the close button, as you mentioned is probably too controversial. You can easily add it yourself via theme extension. Furthermore, the initial state can be easily set to unchecked. Changing this behavior now would require a major release, as it would be a pretty significant change in behavior. For this reason, we'll leave that as it is. It's all documented.

commented

Thanks a lot for the quick response and taking my objections into consideration. 👍

I understand that this (unfortunatly) is a controversial topic and you have to be extremly cautious.

I disagree with you in leaving the old behavoiur by default tough.
I'm not a lawyer but from my understanding of recital 32 GDPR the old behaviour is not compliant:

Silence, pre-ticked boxes or inactivity should not therefore constitute consent.

Non compliant behaviour should in my opinion never be the default, even if documented.

Of course this is not a big enough change to justify a major release, but maybe you can keep it in mind and change it on the next major release, whenever that might be?

commented

Well, I see this a little differently. As long as the user can say "deny all", and all pre-ticked boxes are unchecked, it should be perfectly fine. We have to keep things practical, and most authors will want to maximize the number of users who give their consent, thus checking boxes by default. Making all boxes unchecked is easy to achieve by adding one line of configuration.

We might change it in the future, but I don't see this happening any time soon.

commented

Fixed in 557e6f6. Authors can now define which buttons are shown in which order as part of the actions setting, with the reject button denying all cookies. The default is accept and manage:

extra:
  consent:
    title: ...
    description: ...
    actions:
      - accept
      - reject
      - manage

I've decided not to add a "Change settings" link by default, as users might have different opinions where it should be located, but it's trivial to add the link to the footer yourself:

copyright: >
  Copyright © 2022 John Doe – 
  <a href="#__consent">Change cookie settings</a>

I'll update the docs accordingly before issuing a new release.

commented

Released as part of 8.3.2+insiders-4.17.1.