Slashdot Mirror
Facebook, Google, and Microsoft Use Design To Trick You Into Handing Over Your Data, Report Warns (gizmodo.com)
An anonymous reader quotes a report from Gizmodo: A study from the Norwegian Consumer Council dug into the underhanded tactics used by Microsoft, Facebook, and Google to collect user data. "The findings include privacy intrusive default settings, misleading wording, giving users an illusion of control, hiding away privacy-friendly choices, take-it-or-leave-it choices, and choice architectures where choosing the privacy friendly option requires more effort for the users," states the report, which includes images and examples of confusing design choices and strangely worded statements involving the collection and use of personal data.
Google makes opting out of personalized ads more of a chore than it needs to be and uses multiple pages of text, unclear design language, and, as described by the report, "hidden defaults" to push users toward the company's desired action. "If the user tried to turn the setting off, a popup window appeared explaining what happens if Ads Personalization is turned off, and asked users to reaffirm their choice," the report explained. "There was no explanation about the possible benefits of turning off Ads Personalization, or negative sides of leaving it turned on." Those who wish to completely avoid personalized ads must traverse multiple menus, making that "I agree" option seem like the lesser of two evils. In Windows 10, if a user wants to opt out of "tailored experiences with diagnostic data," they have to click a dimmed lightbulb, while the symbol for opting in is a brightly shining bulb, says the report.
Another example has to do with Facebook. The social media site makes the "Agree and continue" option much more appealing and less intimidating than the grey "Manage Data Settings" option. The report says the company-suggested option is the easiest to use. "This 'easy road' consisted of four clicks to get through the process, which entailed accepting personalized ads from third parties and the use of face recognition. In contrast, users who wanted to limit data collection and use had to go through 13 clicks."
Google makes opting out of personalized ads more of a chore than it needs to be and uses multiple pages of text, unclear design language, and, as described by the report, "hidden defaults" to push users toward the company's desired action. "If the user tried to turn the setting off, a popup window appeared explaining what happens if Ads Personalization is turned off, and asked users to reaffirm their choice," the report explained. "There was no explanation about the possible benefits of turning off Ads Personalization, or negative sides of leaving it turned on." Those who wish to completely avoid personalized ads must traverse multiple menus, making that "I agree" option seem like the lesser of two evils. In Windows 10, if a user wants to opt out of "tailored experiences with diagnostic data," they have to click a dimmed lightbulb, while the symbol for opting in is a brightly shining bulb, says the report.
Another example has to do with Facebook. The social media site makes the "Agree and continue" option much more appealing and less intimidating than the grey "Manage Data Settings" option. The report says the company-suggested option is the easiest to use. "This 'easy road' consisted of four clicks to get through the process, which entailed accepting personalized ads from third parties and the use of face recognition. In contrast, users who wanted to limit data collection and use had to go through 13 clicks."
a target.
This info has been out there for years yet no one is listening and/or cares. The mantra of people seems to be "it's free" so why not. I have long ago seen this coming. Use Fedora Linux or Debian. Use an iPhone over Android despite Apple having some issues. Use P2P apps in lieu of things like Skype. Own your own domain and use that for email. It's cheap and you have control of your user name and domain name. Tie that domain name to a privacy-respecting service like Fastmail.
Don't use spy devices like Alexa or Google Home. These exist not to help you but to harvest your data 24/7. Roll your own solutions, especially if you're technical or in IT. Use your own skills. Run a Pi-hole, block and defund the ad companies and tracking companies. Like drugs, just say no...
I just can't believe that companies like Microsoft or Facebook or Google would ever do anything underhanded or manipulative! I mean, it's not like have years of history of doing this, right? Right?
(As someone else posted, opting out probably gets you scrutinized even more, perhaps as a test subject for even trickier under-the-radar manipulation.)
Just cruising through this digital world at 33 1/3 rpm...
1) You grant app from vendor X the right to some data Y.
2) You *think* you've granted the *APP* access, but because network access permission is on by default, you've actually granted the *company* that made the app permission.
3) All your private data is slurped up regularly and sold to data brokers.
They rely on you confusing the app they're giving permission to, with the company that made the app, they're *actually* giving permission to.
Of course when it comes to Google, all of this never happens, Google simply grabs permission by default, and you log into Google's site to disable Google examining data it *already* grabbed from your device.
e.g. on and Android phone, go to Settings, Apps, Google, look at permissions lower down, it will already have been granted access to your contacts, calendar, location, SMSs, microphone, and telephone. You didn't grant those permissions, Google granted themselves those permissions. Notice that "Network access" isn't a permission here, it's granted as a default to everything.
You *think* you're granting a Google app the right to search your calendar for upcoming events, but actually that data is slurped to Google and the search is done there, both for searches you do, and for searches that Google can do within it's own interpretation of it's own unread privacy EULAs.
i know you can live without facebook (i just helped someone sort out their facebook settings. after digging through the fucked up ui, they just opted to deactivate and opt out of further emails instead), without google, without amazon or apple.
but many can't do without windows. and the more privacy-friendly win7 is eol in 19 months. even if you lock down windows 10 with something like shutup10, it still leaks your data like a mofo and sucks your bandwidth like a lot lizard in heat. a sub for 'enterprise' is not a solution. so what are we supposed to do in this fucked-up 'take it or leave it' scenario? where you have no choice but to use windows 10, for whatever reason (work, gaming, lack of skill set for proper linux setup and use, etc)...
and many can't do without a wireless phone, even a flip phone gives the same location data and shit to carriers, unscrupulous merchants and others using cell repeaters or bluetooth or wifi radios to track people, the feds, etc... 'smart phones' are the worst offenders here in all this, locked down hardware, no control over hardware, hidden or unavailable settings, no disclosure, poor security, rogue apps siphoning off data, you name it.. it happens... basically everything microsoft wants for for windows 10 (even the fucked up security).
where are the fucking lawsuits on this already.
Say what? You're hitting an if-I-stick-my-head-in-the-sand-nobody-can-see-me level of stupid yourself, friend.
Think you can't be tracked if you don't allow ads (or cookies, for that matter)? Guess again.
Il n'y a pas de Planet B.
"Another example has to do with Facebook. The social media site makes the "Agree and continue" option much more appealing and less intimidating than the grey "Manage Data Settings" option".
That's a bit rich for /. to post that. This site does the very same thing. At least in Europe it does. When opening the site we get the "We value your privacy" pop-up asking us to agree to all the advertising shenanigans. Oh look, the big "I agree" button is all coloured and in green, the universal colour for go, good or safe. The opt-out is just plain boring white.
Windows 10 greets me with a security warning every month, because I have switched off the option of submitting code samples for virus protection.
I develop my own software and I do *not* want it to go to Microsoft.
Every month I have to re-affirm that I have opted out of delivering my software to them. Stop that sh*t!
To Terminate, or not to Terminate, that's the question - SCSIROB
He said targeted, not tracked.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
Not necessarily. How can an ad you aren't seeing target you? Now yes, targeting does imply tracking, but not the other way around. I keep track of my wallet, keys, and phone, but rarely target them.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
While Facebook is avoidable good luck avoiding Microsoft and Google if you're not a member of the zombie Steve Jobs fan club...that said, whatever they extract is far less damaging than the Equifax breach, after that I'd say cell phone carriers and all of the historical gps data they share with third parties without your consent. Just like the instigators of the 2008 global financial meltdown the penalties = zero dollars.
And we're talking about ads targeting you. Not tracking. Please, do try to keep up.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
Slashdot's no better. I've lost count of the times I've told it that I don't consent to processing my data for personalisation of advertising. Since refusing consent may not be punished, it's almost certainly in violation of GDPR.
You seem to be keeping your gaze too low. You are not just a target for buying stuff; you are also a target for modifying your opinion and behaviour in politics and other questions.
You can be targeted through other vectors than traditional ads, e.g. notification flows, news flows, ads-or-propaganda-disguised-as-news, product placement, insurance company policies, employability, police knocking on your door, ...
As an extreme, think China. The view we outsiders get is that if they collect the wrong data about you, they will *target* you in a way that no ad-blocker will stop.
Have you ever read their EULA?
"When you upload, submit, store, send or receive content to or through our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. "
"You can be targeted through other vectors than traditional ads" - you can, but it doesn't seem to happen a lot. The main motivation is ads, this is where money presently are. If you block all ads, tracking you is a waste of time.
Opinion manipulation is frowned upon after Cambridge Analytica. No legal protection though. Still, if you are not using platform that customizes news for you, you are immune.
VPN is cheap. Pretend you are from Netherlands, get GDPR protection. It might still be technically possible to track you, but it is much more difficult and results are less reliable. With 99% of population ignoring privacy completely no one will care to track you.
what can be attributed to three companies who are some of the worst offenders of screwing up general UI design.
Who the hell cares about my privacy settings when I can no longer safely use maps for navigation due to its shitty settings of minimising into a useless picture in picture everytime there's a hiccup on my phone and has removed the option to force audio output throught the speaker meaning I can't hear it with bluetooth on either.
Who the hell cares about privacy settings on a website that makes it borderline impossible to easily scroll through past messages, or whose mobile app doesn't let you post pictures because it ends up in a select picture loop.
And as for Microsoft, one word... err two words: Start Menu *raises middle finger*
Just because you'd pay $4.99/month, doesn't mean they won't use your data anyway.
I suspect that when you click "Do not allow" it means the ads displayed aren't based on 3rd or 1st party tracking cookies. So the ads will still be displayed, just that they will be less relevant to you. They wont be collecting data about you. GDPR doesn't ban ads, it prevents illicit data collection and storage.
You sound like a Google employee. There's no doubt about Google tracking. At least DuckDuckGo has a stated policy of not tracking, and is an alternative to the Google Goliath.
I think a lot of people also don't realize how much it costs to provide a service like Gmail because it's all electronic, and so they don't apply the 'nothing is for free' maxim to it.
"What lies behind us, and what lies before us are tiny matters compared to what lies within us." Ralph Waldo Emerson
They aren't really. They are making it difficult to opt out and easy to opt in, and using very deceptive tricks to encourage one behaviour over the other. They should be equally easy actions, with no deception to encourage or enforce opting in. Additionally, if you look at how some sites break down cookies into categories like "essential", "performance", "tracking" and "advertising" etc., you still see a lot of unwelcome stuff in the "essential" category (which can't be disabled in many cases). That's illegal now; I should be able to disable every last bit.
id rather have gigabytes recorded about me, than be invisible as if I did not exist, at least in 100s of years in the future, I will be part of history, not deleted.
Liberty freedom are no1, not dicks in suits.
Worth asking why GNU/Linux, Diaspora and DuckDuckGo are not a viable alternative.
The assorted Linux distros vary in their usability. Mint and Kubuntu are pretty good, but there is no shortage of areas of inconsistency. A user with KDE isn't going to be able to have a useful discussion with a user running Cinnamon in the same way users share tips and tricks about using their iPhones. Most people have one or two pieces of software or hardware they use regularly that are Windows/OSX-only, with no FOSS alternative. If they don't, it's because they're used to Chromebooks, which are viable primarily because they are direct lines to the Google ecosystem.
Diaspora isn't a viable alternative to Facebook because of the network effect: Nobody is on it because nobody is on it. A quick search on my iPhone didn't show a mobile app for it either, making it far less accessible than Facebook or Instagram.
Duck Duck Go is the closest one in this list to being a viable alternative. Its search results aren't bad for garden variety internet searches, but they do have trouble with the local stuff (e.g. "sushi near me"). Additionally, DDG doesn't offer e-mail service, browser-based document creation and management, a mobile app for driving directions, or other aspects of Google's portfolio that lots of people still use daily.
It is possible to use the things you describe. It does, however, take lots of effort for most people. The article summary is about how Microsoft and Facebook make choosing the privacy-conscious options less apparent to end users and that being a problem for them. The people who are fooled by color contrasts and dimmed light bulb icons are the ones who are not going to lobotomize their workflows and make things far more difficult for themselves in order to stick it to The Man.
True (apart from the detail that I have enough karma that I don't have to see ads at all, which makes this whole thing even more irritating) but irrelevant.
Again, true but irrelevant.
The point is that after I've said once that I don't consent, the site should use either cookies or my account profile to remember that fact and not keep asking me again and again until I accidentally click the "I consent" button.
I just explained the difference 2 posts up, it's not my fault you don't get it. Maybe this will help:
track
trak/
verb
1. follow the course or trail of (someone or something), typically in order to find them or note their location at various points.
target
tärt/ verb
1. select as an object of attention or attack.
If we're all being tracked, none of us have been selected, so the tracking we are discussing here isn't targeting anyone. The information collected is used to target ads, which don't get to me, ergo I am not being targeted, though I am being tracked. Hell, I'm even being tracked with the intent to target me with ads and other offers but, at least today, I still maintain control of whether I'm actually targeted or not. Might that change in the future? Not while Facebook, Twitter, and the like remain the minority; so let's ensure that they do.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.