[Bug] Misdirected keystroke can grant training-data consent via the feedback prompt (consent-validity / data-protection concern)
Bug Description
The feedback prompt uses numbered options (0/1/2/3) and often appears on the same turn the agent has asked me to pick a numbered option for the task, with nothing clearly setting the two apart. So a number I meant for the conversation gets captured by the prompt instead.
Sometimes that prompt isn't a satisfaction rating — it asks whether my transcript can be used to train the model. When that variant collides the same way, an accidental keystroke doesn't just mis-rate a session — it records agreement to data use that I never actually gave. I can end up consenting to my data being used for training with a single misdirected keystroke, having never really read the prompt.
Agreeing to data use is meant to be a deliberate, unambiguous choice, clearly separated from whatever else is on screen. A consent prompt that reuses the agent's number keys, and appears right when I'm about to type a number, means people agree to things they never saw. This is the kind of "dark pattern" that data-protection rules are increasingly built to catch — GDPR in the EU/UK, and consent and dark-pattern rules well beyond it.
This overlaps the input collision reported in #68483 and #69392, but it's a distinct concern: those treat it as a usability bug — a keystroke lands as the wrong feedback response. This is about the same collision producing legally-meaningful consent that no one intended.
Environment Info
- Platform: darwin
- Terminal: ghostty
- Version: 2.1.185
Errors
[]