Just In Time 4 Tech justintime4tech.fyi ← all guides

Privacy & Sovereignty

Consent isn't a contract you sign once

The web has taught us a strange idea of consent: click "I agree" one time, and you've handed over a blank cheque — to terms you didn't read, that can change without asking you again, with no easy way to take it back. That's not consent. It's surrender with a button. Real consent is a living thing — specific, revocable, ongoing. Here's the difference, and why it's the quiet foundation under everything else in this guide.

Just In Time 4 Tech · A field guide, not a sales pitch

Every other guide here is, underneath, about the same thing: something taken without a real yes. The fonts that phone home, the trackers, the keyboard sending your patterns onward — each is a small failure of consent. So it's worth stopping on consent itself, because the web has quietly redefined the word into something almost its opposite, and once you see the swap you can't unsee it.

The dominant model is the one-time signature. A wall of terms, a single button, and the moment you click, you've "agreed" — comprehensively, permanently, to things you couldn't reasonably read, that the other party may rewrite later at will. We've been trained to treat that click as consent. But measure it against consent as it actually works between people, and it fails on nearly every count.

Consent as a signature

  • One click covers everything, forever
  • Bundled — agree to all of it or leave
  • The terms can change without asking again
  • Taking it back is hard, hidden, or impossible
  • Given under pressure: "agree or you can't continue"

Consent as a living thing

  • Specific — to this, for this purpose, now
  • Granular — yes to one thing, no to another
  • Re-asked when what's being done changes
  • Revocable — as easy to withdraw as to give
  • Freely given — "no" is a real, usable option

Look at the left column and you'll recognize almost every "I agree" you've ever clicked. Look at the right and you'll recognize how consent works everywhere except software — between friends, in medicine, in any honest agreement. The right column isn't idealism. It's just the ordinary meaning of the word, the one the web mislaid.

A signature is a moment. Consent is a relationship. The web keeps asking you to sign where it should be asking you, again and again, to agree.

The four marks of consent that's actually alive

If a one-time click isn't consent, what is? You can hold it as four marks — a thing has to carry all four to deserve the word. They're the difference between being asked and being processed.

01

Specific

Consent is to something, for a reason, not to everything in general. "May I use your email to send your receipt" is specific. "I agree to the terms" is a blank cheque wearing the costume of a yes.

02

Informed

You can only agree to what you actually understand. Consent buried in forty pages of legalese nobody is expected to read isn't informed — it's consent engineered to be unread, which is the opposite of the thing.

03

Freely given

If "no" means you can't use the thing at all — if refusal is punished — the yes wasn't free. Real consent survives the existence of a genuine, non-punitive "no." Coerced agreement is just compliance.

04

Revocable

The mark the web fights hardest. Consent you can't withdraw isn't consent — it's a trap. Taking it back should be as easy as giving it. A yes that can't become a no was never really a yes; it was a one-way door.

Notice that the cookie banner — which we've written about elsewhere — usually fails most of these at once: bundled, not specific; designed to be clicked through, not informed; "reject" hidden two layers deep while "accept all" glows, so it isn't free; and good luck revoking next week. It performs consent while violating all four marks. That's the gap this whole guide keeps pointing at.

Why "sign once" is so convenient — for them

The one-time signature didn't win because it's good for you. It won because it's frictionless for whoever's collecting. A living consent — specific, re-asked, easy to revoke — means the collector has to keep earning the yes, has to honor the no, has to ask again when the deal changes. The signature model exists precisely to avoid all of that: get one click, then treat it as permanent permission for whatever comes next.

That's why revocability is the line they defend hardest. A yes you can freely take back puts the power where consent requires it — with you. A yes that can't be withdrawn moves the power to them the instant you click. Everything else — the bundling, the unreadable terms, the dark-patterned buttons — serves that one goal: turning a living relationship into a signature they can keep.

The test of consent was never the yes. It's whether your "no," offered later, is honored as easily as your "yes" was taken.

What building for living consent looks like

This isn't only philosophy — it shows up directly in how a thing is built. A site or product that respects consent as living looks different, and you can feel it:

  • It asks for little, specifically. Only what a given action needs, when it needs it — not a blanket grab up front.
  • It doesn't need a consent banner because it isn't doing the thing that would require one. The cleanest consent is having nothing to ask forgiveness for.
  • It makes "no" real. You can decline a thing and still use the rest. Refusal isn't punished with a broken experience.
  • It makes leaving easy. Your data is exportable, your account closable, your withdrawal honored — revocability built into the architecture, not buried in support tickets.

That's the whole ethic of this hub, said in the language of consent: take nothing that wasn't freely, specifically, knowingly given — and honor the moment someone changes their mind. Sovereignty and consent are the same idea wearing two words. To be sovereign is to hold a "no" that actually works.

A question to carry

You don't need to audit anything to start seeing this. Just carry one question into every "I agree" from now on:

  1. What exactly am I agreeing to — specifically, not "the terms"?
  2. Could I say no to part of it and still use the thing?
  3. Did I actually understand it, or was it built to be clicked through?
  4. Can I take this back later — as easily as I'm giving it now?
  5. If the answer to that last one is no, is this consent at all — or just a signature they get to keep?

None of this is cause for despair — it's a lens. Most of the web will fail these questions, and that's worth knowing plainly rather than feeling vaguely uneasy about. And every now and then you'll find something built the other way, that asks little and honors your no — and you'll recognize it instantly, because it treats your consent as alive.

When you're ready

Want things built to honor a living yes?

Everything I build starts from consent as a living thing — ask for little, need no banner, make "no" real, make leaving easy. Clean sites that take nothing without a specific yes, and honor the moment someone changes their mind. Consent > convenience, in the architecture, not just the policy.

See privacy & hardening services →

The field guide · one thesis, ten threads

01Your fonts are phoning home 02You can measure traffic without surveilling people 03The cookie banner confession 04Who owns your website? 05Fast is a privacy feature 06Your site should let everyone in 07Your email is someone else's filing cabinet 08The CDN that watches everyone 09What your keyboard sends home 10Consent isn't a contract you sign once