Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

gchq-hacking-news

How the internet tricks you out of privacy using ‘dark patterns’ of design

April 30, 2018

The padlock is the internet’s talisman of privacy and safety.

It’s in the corner of your browser when you have a secure website connection. It appears on a Twitter protected profile. It indicates where to find Facebook’s privacy settings.

But in the words of Inigo Montoya in The Princess Bride, “I do not think it means what you think it means”.

Or so said Woodrow Hartzog, a professor of law and computer science at Northeastern University in the United States.

Deceptive design nudges, tricks and goads you into sharing more than you might intend to online, Professor Hartzog argues in his new book, Privacy’s Blueprint: The Battle to Control the Design of New Technologies.

And when you think you’re in control of your own data, you rarely are.

“If you want to know when social media companies are trying to manipulate you into disclosing information or engaging more, the answer is always,” he said.

The ‘dark patterns’ of privacy
Online platforms, from social media apps to ecommerce sites, want you to feel safe.

If you feel secure, you engage — share posts, send emails, join groups.
For companies like Google, Snapchat, Twitter and Facebook, which make the majority of their income from advertising, more action equals more data. All the better to understand you and sell that understanding to brands.

Professor Hartzog said consumers need to watch out for the tricks and symbols that denote safety and control — the padlock icon being one of the most common — and ask themselves whether they can be relied on.

These tricks of perception of privacy can be “dark patterns”.
A term coined by British designer Harry Brignull, dark patterns are online design choices that obscure and manipulate a website’s true intention or function.

Ian Muir, managing director of IDM Design Labs, said these signifiers have evolved over time.

In the early days of ecommerce, for example, the padlock and the key were good representative symbols. Brands marks, including banking logos, were also used to suggest legitimacy.

“In a broad sense, just having a professional looking site was sometimes a bit misleading, but it was a cue for people to say ‘oh, this must be OK’,” he said.

A false sense of control
Have you noticed how eager the big technology companies are to tell you that you are in control of your own data?

“It allows companies to over-leverage the notion of control in a way that makes us think we have it, but really our exposure is pre-ordained,” Professor Hartzog argued.

Users may also be given choices that oversimplify the impact on their privacy — they can be binary and lack nuance.

Consider a switch to turn facial recognition on or off, for example.

“If you turn it on, you get all the benefits of facial recognition and the risks that comes with that — if you turn it off, then, like Willy Wonka says, ‘Charlie, you get nothing’,” he said.

But the alternative can be just as troubling. If you get too much control — dozens of toggles and switches — you drown in a sea of choices.

A 2012 Carnegie Mellon University study suggested that if users are given “fine-grained privacy controls”, they may be more willing to risk sharing personal information.

“Privacy control settings give people more rope to hang themselves,” one of the study’s authors Professor George Loewenstein recently told the New York Times.

“Facebook has figured this out, so they give you incredibly granular controls.”

In Facebook’s ad settings, for example, you can stop brands that have your contact details from showing you marketing material — but you have to click ‘no’ to each one individually (I currently have over 300 brands to say ‘no’ to).

“There’s an old saying about security by obscurity,” Mr Muir said.

“It doesn’t actually create security, but what should be done is obscured by the complexity of it all. It’s so complex people can’t figure it out, and therefore it is assumed to be safe.”
This complexity is also reflected in language, he suggested. The use of double negatives, for example.

Just think about the last time you tried to opt-out of an email newsletter — were you given the option to ‘No, Cancel’, effectively ending your effort to unsubscribe, or ‘Learn More’?
Fight for obscurity
Companies that rely on extracting user data as a business model need users to believe they are safe and in control.

But are we secure and empowered? Professor Hartzog said no, despite what the platforms’ privacy settings may suggest

After all, most companies never stop asking for your data.

“Even if you say no, even if you turn all the knobs to ‘off’, what’s going to happen is you’re going to get nudged or outright ‘platform-bullied’ into saying ‘yes’ over time,” he said.

“Anyone who has downloaded Facebook’s messenger app and turns notifications off is all too familiar with the ceaseless requests when you open the app to get you to turn notifications on.”
Professor Hartzog said we need new platform design rules that respect our need for obscurity. We expect our restaurant conversations to disappear into the ether, for example, so why not our text messages?

Collecting data from even the smallest online interaction makes this obscurity impossible — every choice, every line is loud, collected and stored indefinitely.

But he believes these apps and websites can be designed differently, and regulation may be needed to force the issue.

Lawmakers need to get ahead of this issue, because coming facial recognition capabilities, in Professor Hartzog’s view, are an “obscurity-eviscerating” technology.

“We need to focus on making sure the incentives for companies are different, because right now, companies have every incentive to extract every ounce of value from the user,” he said.

Tags: ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
privacy-coins-and-bitcoin-dominance-guide
Privacy Coins and Bitcoin Dominance Guide
August 7, 2018

The advent of Bitcoin has proved to be a key landmark in the way that money is thought about because...

Read more
Web threat
Privacy Coins Fall Through The Ranks As Market Caps Decline
July 30, 2018

Bitcoin.com has reported that the market caps for many privacy coins have decreased significantly ov...

Read more
venmo_pub_priv
SECURITY NEWS THIS WEEK: MAYBE GO AHEAD AND MAKE YOUR VENMO PRIVATE
July 25, 2018

THIS WEEK STARTED with a controversial, widely derided meeting between President Trump and Russian l...

Read more
4000
WhatsApp WARNING – Chat app blasted in damning new report on privacy
July 17, 2018

The Electronic Frontiers Foundation, EFF, has published its latest annual privacy audit, dubbed Who ...

Read more
imrs
SECURITY NEWS THIS WEEK: CARRIERS STOP SELLING LOCATION DATA IN A RARE PRIVACY WIN
June 26, 2018

WHAT'S THAT? A week with nearly as much good news as bad in the world of privacy and security? It's ...

Read more