It’s the world I’d like to live in, even if I know it’s impossible. I don’t wish to be tracked. But on occasion, I know I have to put my name next to things. It is unavoidable. The question I ask today is, do we need more than that?
I ask this out of frustration. Today I noticed a [free-to-participate CTF run by Sans.org.] (https://www.sans.org/mlp/nordics-capture-the-flag/). I was excited to participate, so I followed the link. To sign up for the CTF, I had to register for an account. Acceptable. Pretty normal. I went along with it.
Right up until the point where I reached the “fill in your information” page. Where they requested: My email. Full name. Phone number. Company. Job title. And physical address.
What business did Sans.org have for requesting any of this?
I’ll admit, it annoyed me. I immediately made to cancel my participation in the CTF, and delete the account. Do you know how i did that? I couldn’t find a button for it, so after some searching on Google I found their account support page, which requested I email “firstname.lastname@example.org” to request the deletion of my account.
Because it is apparently 1997.
While it may not be an actual violation of GDPR, it was needlessly difficult to cancel the account, and such dark patterns are questionable under that data protection law. Though in my experience that law is violated on an almost daily basis with little/no repercussions. Companies obeying the letter of the law, if not the spirit. And today, Sans.org embodied that perfectly.