Wednesday, June 27, 2018

The Norwegian Consumer Council Talks Tech Giants: "Deceived By Design" (FB; GOOG; MSFT)

The press release from Forbrukerrå

Facebook og Google manipulerer oss til å dele personinformasjon
Publisert 27. juni, 2018 

 And in English:
Facebook and Google steer us into sharing vast amounts of information about ourselves, through cunning design, privacy invasive defaults, and “take it or leave it”-choices, according to an analysis of the companies’ privacy updates.
As the new General Data Protection Regulation (GDPR) is implemented across Europe, users of digital services have been confronted with new privacy settings through numerous pop-up messages. Unfortunately, The Norwegian Consumer Councils just published analysis demonstrates that companies appear to have little intention of giving users actual choices.

– These companies manipulate us into sharing information about ourselves. This shows a lack of respect for their users, and are circumventing the notion of giving consumers control of their personal data, says Finn Myrstad, director of digital services in the Norwegian Consumer Council.
The Norwegian Consumer Council and several other consumer and privacy groups in Europe and the US are now asking European data protection authorities to investigate whether the companies are acting in accordance with the GDPR and US rules.

Sharing by default
Through the Consumer Council’s analysis of the companies’ privacy pop-ups, it is made evident that consumers are pushed into sharing through;

Standard Settings
Research has shown that users rarely change pre-selected settings. In many cases, both Facebook and Google have set the least privacy friendly choice as the default.
Cunning design choices
Sharing of personal data and the use of targeted advertising are presented as exclusively beneficial through wording and design, often in combination with threats of lost functionality if users decline....

Got that?  Respektløst, disrespectful. They're dissin' us.

And from the report (44 page PDF)

How tech companies use dark patterns to discourage us from exercising our rights to privacy
1 Summary 
In this report, we analyze a sample of settings in Facebook, Google and Windows 10, and show how default settings and dark patterns , techniques and features of interface design meant to manipulate users, are used to nudge users towards privacy intrusive options. The findings include privacy intrusive default settings, misleading wording, giving users an illusion of control, hiding away privacy - friendly choices, take - it - or - leave - it choices, and choice architectures where choosing the privacy friendly option requires more effort for the users.

Facebook and Google have privacy intrusive defaults, where users who want the privacy friendly option have to go through a significantly longer process. They even obscure some of these settings so that the user cannot know that the more privacy intrusive option was preselected.

The popups from Facebook, Google and Windows 10 have design, symbols and wording that nudge users away from the privacy friendly choices. Choices are worded to compel users to make certain choices, while key inform ation is omitted or downplayed. None of them lets the user freely postpone decisions. Also, Facebook and Google threaten users with loss of functionality or deletion of the user account if the user does not choose the privacy intrusive option.

The GDPR set tings from Facebook, Google and Windows 10 provide users with granular choices regarding the collection and use of personal data. At the same time, we find that the service providers employ numerous tactics in order to nudge or push consumers toward sharing as much data as possible.

To complement the analysis, we use two examples of how users are given an illusion of control through privacy settings. Firstly, Facebook gives the user an impression of control over use of third party data to show ads, while it turns out that the control is much more limited than it initially appears. Secondly, Google’s privacy dashboard promises to let the user easily delete user data, but the dashboard turns out to be difficult to navigate, more resembling a maze than a tool for user control....

Wikipedia on Dark Patterns: 
In graphic and web design, a dark pattern is "a user interface that has been carefully crafted to trick users into doing things, such as buying insurance with their purchase or signing up for recurring bills."[1][2][3] The neologism dark pattern was coined by Harry Brignull in August 2010 with the registration of, a "pattern library with the specific goal of naming and shaming deceptive user interfaces."[4][5] ...