←back to thread

FTC announces "click-to-cancel" rule making it easier to cancel subscriptions

(www.ftc.gov)
1737 points pseudolus | 7 comments | 16 Oct 24 13:09 UTC | HN request time: 0.001s | source | bottom
Show context
Uehreka ◴[16 Oct 24 15:57 UTC] No.41860626[source]
When people try and say that regulating stuff like this is impossible, I often think about how unreasonably great the regulations around “Unsubscribe” links in emails are.

There really seems to be no loophole or workaround despite there being huge incentive for there to be one. Every time I click an “Unsubscribe” link in an email (it seems like they’re forced to say “Unsubscribe” and not use weasel words to hide the link) I’m either immediately unsubscribed from the person who sent me the email, or I’m taken to a page which seemingly MUST have a “remove me from all emails” option.

The level of compliance (and they can’t even do malicious compliance!) with this is absurd. If these new rules work anything like that, they’ll be awesome. Clearly regulating behavior like this is indeed possible.

replies(46): >>41860684 #>>41860824 #>>41860883 #>>41861066 #>>41861129 #>>41861436 #>>41861512 #>>41861678 #>>41861722 #>>41861736 #>>41861811 #>>41861814 #>>41861817 #>>41862226 #>>41862350 #>>41862375 #>>41862533 #>>41862548 #>>41862583 #>>41863105 #>>41863467 #>>41863955 #>>41863981 #>>41864245 #>>41864326 #>>41864554 #>>41864607 #>>41864815 #>>41865404 #>>41865413 #>>41865616 #>>41866082 #>>41866103 #>>41866240 #>>41866351 #>>41866850 #>>41866986 #>>41869062 #>>41869290 #>>41869894 #>>41870054 #>>41870127 #>>41870425 #>>41870478 #>>41871231 #>>41873677 #
justinpombrio ◴[16 Oct 24 16:43 UTC] No.41861129[source]
Unsubscribe links are a fantastic regulation, but there is a workaround. I must have received at least a dozen emails from Brown after graduating despite unsubscribing to every email they sent.

The trouble is they're endlessly creative about the lists they put you on. I'd get one email from "Alumni Connections" and then another from "Faculty Spotlight" and then another from "Global Outreach" and then another from "Event Invitations, 2023 series". I'm making those names up because I forget exactly what they were called, but you get the idea. I hope this was in violation of the regulation: surely you can't invent a new mailing list that didn't used to exist, add me to it, and require me to unsubscribe from it individually.

They finally stopped after I sent them an angry email.

replies(20): >>41861495 #>>41861822 #>>41861841 #>>41862170 #>>41862481 #>>41862648 #>>41862820 #>>41862999 #>>41863186 #>>41863220 #>>41863555 #>>41863933 #>>41864179 #>>41864270 #>>41865514 #>>41865698 #>>41867204 #>>41867673 #>>41867742 #>>41868957 #
ksd482 ◴[16 Oct 24 17:21 UTC] No.41861495[source]
What I have noticed companies do is resume emails after a year or so. They probably think people would forget about unsubscribing them after a year, and for the most part they are right.

If I catch any of these email lists not respecting my unsubscribing, I immediately mark them as "spam".

Gmail then doesn't send them to my inbox anymore. I don't think just one person marking them as spam hurts them, but at least I feel gratified and my ego is satisfied.

replies(9): >>41861762 #>>41862632 #>>41863071 #>>41864902 #>>41865583 #>>41866898 #>>41867213 #>>41868242 #>>41881805 #
1. thayne ◴[16 Oct 24 19:05 UTC] No.41862632[source]
Or they interpret any kind of interaction after a while of inactivity as "yes please sign me up for all your newsletters, even though I previously explicitly told you to unsubscribe me"
replies(1): >>41863551 #
2. malfist ◴[16 Oct 24 20:33 UTC] No.41863551[source]
The worst for this is Shopify. If you've ever given your email to shopify, they will absolutely share it to a page you visit, even if you don't check out.

Throw something in the cart at a random website? Now you're on their mailing list and get reminders to finish checking out. Doesn't matter that you never consented. I don't know how this isn't a violate of the CAN-SPAM act

replies(3): >>41863802 #>>41866288 #>>41869210 #
3. beretguy ◴[16 Oct 24 20:58 UTC] No.41863802[source]
Now is a good time to mention SimpleLogin. So... yeah. SimpleLogin.
4. james_marks ◴[17 Oct 24 03:58 UTC] No.41866288[source]
I’ve looked into this a bit- I believe it’s related to the checkout page loading with a default of “Agrees to Marketing”.

What happens- at scale and I have to believe deliberately- is the “checkout created” event with that flag set to true is considered as “opted-in” by the marketing automation platforms everyone uses, like Klayvio.

Even if you immediately un-check it, un-checking doesn’t trigger an unsubscribe event, since you never submitted the form in the first place.

And because your Shopify session is now shared across stores, your email address gets opted-into marketing just visiting a checkout page.

replies(1): >>41869704 #
5. 0_____0 ◴[17 Oct 24 12:52 UTC] No.41869210[source]
Shit, that's devious. Thanks for mentioning that.
6. thirdsun ◴[17 Oct 24 13:55 UTC] No.41869704{3}[source]
It's up to the store owner to actually default to "agrees to marketing". I'm not sure if Shopify is to blame when it's the owner that used an illegitimate opt-out for that setting instead of an opt-in.

And of course, follow-up mails for abandoned carts are an optional setting too.

replies(1): >>41870207 #
7. james_marks ◴[17 Oct 24 14:50 UTC] No.41870207{4}[source]
The default for “Agrees to marketing” controls if the box defaults to checked on checkout, so I do think if the store disabled that you wouldn’t be subscribed.

My theory is it started by accident- if you get a notification that says, “this checkout, this email, agrees to marketing: true”, it sure reads like an opt-in, and it used to be reliable. But it’s not anymore, because your email is already attached to the checkout when its created.

“Agrees to Marketing” pre-dates the global Shop session by years, it’s plausibly an ecosystem bug; one with no real motivation to solve until customers start talking (more)