Slashdot Mirror
Facebook, Google, and Microsoft Use Design To Trick You Into Handing Over Your Data, Report Warns (gizmodo.com)
An anonymous reader quotes a report from Gizmodo: A study from the Norwegian Consumer Council dug into the underhanded tactics used by Microsoft, Facebook, and Google to collect user data. "The findings include privacy intrusive default settings, misleading wording, giving users an illusion of control, hiding away privacy-friendly choices, take-it-or-leave-it choices, and choice architectures where choosing the privacy friendly option requires more effort for the users," states the report, which includes images and examples of confusing design choices and strangely worded statements involving the collection and use of personal data.
Google makes opting out of personalized ads more of a chore than it needs to be and uses multiple pages of text, unclear design language, and, as described by the report, "hidden defaults" to push users toward the company's desired action. "If the user tried to turn the setting off, a popup window appeared explaining what happens if Ads Personalization is turned off, and asked users to reaffirm their choice," the report explained. "There was no explanation about the possible benefits of turning off Ads Personalization, or negative sides of leaving it turned on." Those who wish to completely avoid personalized ads must traverse multiple menus, making that "I agree" option seem like the lesser of two evils. In Windows 10, if a user wants to opt out of "tailored experiences with diagnostic data," they have to click a dimmed lightbulb, while the symbol for opting in is a brightly shining bulb, says the report.
Another example has to do with Facebook. The social media site makes the "Agree and continue" option much more appealing and less intimidating than the grey "Manage Data Settings" option. The report says the company-suggested option is the easiest to use. "This 'easy road' consisted of four clicks to get through the process, which entailed accepting personalized ads from third parties and the use of face recognition. In contrast, users who wanted to limit data collection and use had to go through 13 clicks."
Google makes opting out of personalized ads more of a chore than it needs to be and uses multiple pages of text, unclear design language, and, as described by the report, "hidden defaults" to push users toward the company's desired action. "If the user tried to turn the setting off, a popup window appeared explaining what happens if Ads Personalization is turned off, and asked users to reaffirm their choice," the report explained. "There was no explanation about the possible benefits of turning off Ads Personalization, or negative sides of leaving it turned on." Those who wish to completely avoid personalized ads must traverse multiple menus, making that "I agree" option seem like the lesser of two evils. In Windows 10, if a user wants to opt out of "tailored experiences with diagnostic data," they have to click a dimmed lightbulb, while the symbol for opting in is a brightly shining bulb, says the report.
Another example has to do with Facebook. The social media site makes the "Agree and continue" option much more appealing and less intimidating than the grey "Manage Data Settings" option. The report says the company-suggested option is the easiest to use. "This 'easy road' consisted of four clicks to get through the process, which entailed accepting personalized ads from third parties and the use of face recognition. In contrast, users who wanted to limit data collection and use had to go through 13 clicks."
a target.
This info has been out there for years yet no one is listening and/or cares. The mantra of people seems to be "it's free" so why not. I have long ago seen this coming. Use Fedora Linux or Debian. Use an iPhone over Android despite Apple having some issues. Use P2P apps in lieu of things like Skype. Own your own domain and use that for email. It's cheap and you have control of your user name and domain name. Tie that domain name to a privacy-respecting service like Fastmail.
Don't use spy devices like Alexa or Google Home. These exist not to help you but to harvest your data 24/7. Roll your own solutions, especially if you're technical or in IT. Use your own skills. Run a Pi-hole, block and defund the ad companies and tracking companies. Like drugs, just say no...
I just can't believe that companies like Microsoft or Facebook or Google would ever do anything underhanded or manipulative! I mean, it's not like have years of history of doing this, right? Right?
(As someone else posted, opting out probably gets you scrutinized even more, perhaps as a test subject for even trickier under-the-radar manipulation.)
Just cruising through this digital world at 33 1/3 rpm...
1) You grant app from vendor X the right to some data Y.
2) You *think* you've granted the *APP* access, but because network access permission is on by default, you've actually granted the *company* that made the app permission.
3) All your private data is slurped up regularly and sold to data brokers.
They rely on you confusing the app they're giving permission to, with the company that made the app, they're *actually* giving permission to.
Of course when it comes to Google, all of this never happens, Google simply grabs permission by default, and you log into Google's site to disable Google examining data it *already* grabbed from your device.
e.g. on and Android phone, go to Settings, Apps, Google, look at permissions lower down, it will already have been granted access to your contacts, calendar, location, SMSs, microphone, and telephone. You didn't grant those permissions, Google granted themselves those permissions. Notice that "Network access" isn't a permission here, it's granted as a default to everything.
You *think* you're granting a Google app the right to search your calendar for upcoming events, but actually that data is slurped to Google and the search is done there, both for searches you do, and for searches that Google can do within it's own interpretation of it's own unread privacy EULAs.
i know you can live without facebook (i just helped someone sort out their facebook settings. after digging through the fucked up ui, they just opted to deactivate and opt out of further emails instead), without google, without amazon or apple.
but many can't do without windows. and the more privacy-friendly win7 is eol in 19 months. even if you lock down windows 10 with something like shutup10, it still leaks your data like a mofo and sucks your bandwidth like a lot lizard in heat. a sub for 'enterprise' is not a solution. so what are we supposed to do in this fucked-up 'take it or leave it' scenario? where you have no choice but to use windows 10, for whatever reason (work, gaming, lack of skill set for proper linux setup and use, etc)...
and many can't do without a wireless phone, even a flip phone gives the same location data and shit to carriers, unscrupulous merchants and others using cell repeaters or bluetooth or wifi radios to track people, the feds, etc... 'smart phones' are the worst offenders here in all this, locked down hardware, no control over hardware, hidden or unavailable settings, no disclosure, poor security, rogue apps siphoning off data, you name it.. it happens... basically everything microsoft wants for for windows 10 (even the fucked up security).
where are the fucking lawsuits on this already.
He said targeted, not tracked.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
While Facebook is avoidable good luck avoiding Microsoft and Google if you're not a member of the zombie Steve Jobs fan club...that said, whatever they extract is far less damaging than the Equifax breach, after that I'd say cell phone carriers and all of the historical gps data they share with third parties without your consent. Just like the instigators of the 2008 global financial meltdown the penalties = zero dollars.
Slashdot's no better. I've lost count of the times I've told it that I don't consent to processing my data for personalisation of advertising. Since refusing consent may not be punished, it's almost certainly in violation of GDPR.
Just because you'd pay $4.99/month, doesn't mean they won't use your data anyway.
You sound like a Google employee. There's no doubt about Google tracking. At least DuckDuckGo has a stated policy of not tracking, and is an alternative to the Google Goliath.
I think a lot of people also don't realize how much it costs to provide a service like Gmail because it's all electronic, and so they don't apply the 'nothing is for free' maxim to it.
"What lies behind us, and what lies before us are tiny matters compared to what lies within us." Ralph Waldo Emerson
The thing I hate about such things is that you need to decline each and every time (/. no has it as well). Yet when you agree once, you will not be able to remove it or it is very hard to find the setting ti change it or they hope you forget.
If they would ask you each month, regardless of the answer you gave last month, it would be ok.
Don't fight for your country, if your country does not fight for you.