Actually it was mentioned in the post: "I told Julie it had to be something terrible. I mean, a car company? We’d run reports on the launches of new vehicles, lots of them. They never looked like this."
So they knew it wasn't about a new car model, but some negative event.
Have you ever seen hotjar, inspectlet, mouseflow and many other service? I mean check out the demo page on the inspectlet site, type in your email address, check the recording and tell me they don't store it in plain text.
Ads in some context are okay. People who use adblockers wouldn't click on your ads even if they'd see them. But tracking is a completely different thing and much more serious. And most of the time I don't even have a choice, the website just tracks everything about me with no way of turning it off.
I completely agree with you. Not to mention the current trend(?) with solutions like hotjar or inspectlet where the whole html is sent to their servers with realtime cursor position, click and scroll information. This is really disturbing. And I guess 99% of the visitors don't even know that they are being tracked.
^ This. I have had kidney sand which bothered me a lot (because of stomach aching), until a doctor said that I should drink more water. I haven't had any problems since.
You don't necessarily need a checkbox for this. Just place a text that says something like "By clicking on the 'Signup' button you agree to our Terms of service and whatnot". This is what facebook is uses, and twitter, and many other service.
I think it might be because if you write something like $PARAM_INT_sometypo that variable would be undefined, and it is easy to catch. But if you are using constants PARAM_INT_typo becomes a string[1]. That way you would have to do more validation about that, too.
But without more context it's not that easy to tell.