Why can a regulator only catch a deceptive consent screen by reading it manually?
Opportunity
GDPR and FTC rules require freely given, unambiguous consent, but detection is entirely manual: investigators visit sites, walk through flows, and write reports. A 2026 arXiv study found that regulatory practitioners explicitly want automated detection but have no viable tooling to run at scale. Dark patterns shift dynamically: a service can hide opt-out paths during a review period and restore them afterward. With millions of sites and a handful of inspectors, enforcement is reactive, slow, and geographically uneven. No machine-readable standard for a consent record exists that would let an auditor replay the exact UI flow a user experienced at a given moment.
Why it matters
Automated, provable consent verification would shift enforcement from after-the-fact investigations to scalable real-time compliance checks, making dark patterns economically unviable.
How I score the opportunity
The Opportunity Score is my own read, not a measurement: how much it hurts, how often it bites, and how little exists to solve it today. Higher means I think it is more worth building.
How much pain it causes when it shows up.
How often people actually run into it.
How little good tooling exists for it today.
More problems worth solving
Why is the software we depend on most the worst to use?
TechWhy do I still own none of the data I generate?
TechWhy can I not get a receipt proving my data was actually deleted?
TechWhy can I not know if what is running matches what my SBOM declared?
TechWhy does every C2PA provenance chain break the moment content hits social media?
TechWhy does critical open source software still depend on one exhausted maintainer?