The Consent Maze
"You agree to share more than you meant to — because saying no is exhausting."
Make 'accept all' a single bright click; bury 'reject' behind multi-step toggles, micro-fonts, and ambiguous language. Named after Facebook's longstanding consent UX.
Same hack. Three very different choices.
Reject all is one click, equally prominent to accept all.
Reject all exists but is one extra click and visually muted.
Reject requires per-vendor toggles across dozens of partners; accept is a single bright button.
A formula you can steal
Compare [CLICKS TO ACCEPT] with [CLICKS TO REJECT] → make them identical.
Where you've already seen this
- EU cookie banners with 847 'legitimate interest' partners pre-toggled on.
- Account creation flows pre-checking marketing consent under a long ToS link.
- App permission prompts that re-ask weekly until the user gives up and accepts.
Never — and increasingly illegal under GDPR and California CPRA.
Anywhere you'd be embarrassed to have the design shown in a regulator's screenshot.
Try the trick today
Open your consent flow incognito. Count clicks to fully reject. If it exceeds 'accept all' by more than one, redesign.
Free Marketing Hacked module included. See more cautionary tales and learn the playbook from the inside.
3 teardowns use this trick
How a single consent modal uses Von Restorff, confirmshaming, and obstruction to manufacture 'consent' that wouldn't survive a regulator screenshot.
Billy McFarland and Ja Rule sold $26M of tickets to a festival that didn't exist using 400 influencers, one orange tile, and zero disclosure. The blueprint for every influencer scam since.
BetterHelp marketed clinical-grade confidentiality, then shared mental health intake data with Facebook, Snapchat, Pinterest, and Criteo for ad targeting. FTC fined $7.8M and banned the practice.