Good summary of dark patterns and consent, on page 7:<p><i>> In digital services, design of user interfaces is in many ways even more important than the words used ... Dark patterns are considered ethically problematic, because they mislead users into making choices that are not in their interest, and deprive them of their agency.<p>> This is particularly problematic given the power imbalances and information asymmetries that already exist between many service providers and their users ... a suspicion that tampering with default settings might remove important functionality, may affect the tendency to leave default settings alone.<p>> ... information asymmetry in many digital services becomes particularly large because most users cannot accurately ascertain the risks of exposing their privacy. If a user is asked to trade their personal data for a short-term financial benefit, such as a discount, the actual cost of the trade-off is difficult to grasp. In this case, the short-term gain (discount) is tangible and immediate, while the potential loss (privacy) long term.</i>
Those flowcharts and color coding are amazing.<p>Everyone: even if you skim the rest of the article (mind, it's ALL worth reading), scroll to the last few pages and LOOK at those.<p>They're color-coded by <i>ease of flow</i> (and yes, a definition of that was selected and clearly explained).<p>I'm excited by this because I feel that often when we talk about Dark Patterns, conversations often devolve into a "both-sides"-ism pattern -- something which is as useless in UX discussion as it is in politics. These clear visualizations and starkly color-coded call-outs of flows that add extra work make it easy to compare flows, and point out ones which are obviously arcane.
Page 14: [edit: number corrected, thanks]<p>> <i>As the screenshots below illustrate, the Facebook GDPR popup requires users to go into “Manage data settings” to turn off ads based on data from third parties. If the user simply clicks “Accept and continue”, the setting is automatically turned on. This is not privacy by default.</i><p>Beautiful! A minimal demonstration of a clear violation of the principal of data protection by default (article 25 of the GDPR).<p>It will we really hard to talk oneself out of this one.
Im kind of torn on this.<p>On one hand, I agree that these "dark patterns" undermine what legislators and voters want in terms of consumer protections and rights. Consumers and legislators need to be aware of it.<p>On the other, I think it leads to a banal conclusion. Legislation tried to achieve something by putting responsibilities/restrictions on corporations. It did not achieve its goals, because companies "implementing" the law have different things they want to achieve.<p>One common sense conclusion is "moral failings." I expect most journalists and legislators refering to this report will be in this category. Google is greedy. FB is cynical. Nowhere to go from here but moral righteousness.<p>Another common conclusion will be "loopholes." This will send us down the legislative rabbit Warren that financial regulation and tax law has been down.<p>The right (imo) conclusion is that the whole approach is wrong. We cannot rely on explicit (or even implicit) contracts between a website and every person who visits it.<p>There must be rules, not contracts. Where users need control or an agreement has to be made, these need to be baked into browsers, where the party implementing "user empowerment" are not the ones losing from it.<p>Moving to a world where an average consumer "signs" multiple agreements with companies per day.. that's not what our legal conventions were made for.
God, I wish someone added Quora to that list. After you read the first article, Quora masks all its content and forces you down the throat to sign up or sign in, pretending to be part of an age verification process (irrespective of the topic).<p>I remember when this happened - I was so pissed off that I made an add-on called "fuck quora" that will simply reset their cookies to have unlimited reading possible without signing in. Will be happy to open source if the need be :)
There was an interesting post related to this a few months ago, that maybe some of you missed and would enjoy... "Dark Patterns, The Ratchet"<p><a href="https://jacquesmattheij.com/dark-patterns-the-ratchet/" rel="nofollow">https://jacquesmattheij.com/dark-patterns-the-ratchet/</a>
I was expecting "dark patterns" to be a hyperbole but these are clear violations of GDPR. This will probably catch public attention when the press gets hold of it and makes the screen shots more accessible (not hidden deep down in a PDF).
Especially on mobile some of these cookie management screens I've seen lately are HORRIBLE. If you're gonna make me click on every single partner to opt out of their tracking, I'm just not gonna use your site.
I just went through the "Manage Your Information" option on the FB website itself. It's terrible, every individual option only has a link to a long document you must read to figure out how to manage your information for only that one particular setting. Then you must separately do that yourself following the instructions, then go back to the Manage Your Information screen and select another of the many topics there and do it all again -- for each individual item in the list.<p>FB really does <i>not</i> want to make it easy for you to quickly change all your settings.
What a surprise! Microsoft villianised over the decades seems to be better than Google and Facebook. This brings us to the question. Have you paid XX money for a service that doesn’t show ads. Are you happy with it?
I've recently got caught in a dark pattern by cheap airline in Europe - Wizzair.<p>They've cancelled one of my flights and "automatically rebooked" into different one. Turns out it wasn't really automatic - scroll down the email and there's bunch of options with buttons "Click here to login". Because I didn't really accept my new automatic flight booking, I had to pay €30 check-in fee at the airport.
I knew that someone would write about this eventually. Facebook's GDPR popup was criminal.<p>When I got the popup, I accepted some default settings accidentally. Based on the context of the popup and placement of UI elements, I thought that the "Next" button meant "Proceed to my settings management screen" but in reality it meant "Keep default settings and proceed to Facebook".
I presume this will get past to the Norwegian privacy regulator - <a href="https://www.datatilsynet.no" rel="nofollow">https://www.datatilsynet.no</a>
Without decentralization and alternatives criticism is toothless and hand wringing.<p>Google and Facebook have developed this extremely invasive dystopic surveillance model and they are not going to abandon it. Its for users to abandon them.<p>SV and the entire culture is operating in a moral vacuum, and everyone here knows it. All the talk about freedom and liberty has been exposed as posturing and what we have instead are the biggest sellouts in history.
You can do something to make a real difference. First contact data controller ex. Facebook, Google or any company which doesn't respect your privacy and rights, tell them to stop. If they refuse to take action then contact your national data authority and they will investigate it for you. <a href="https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/redress/what-should-i-do-if-i-think-my-personal-data-protection-rights-havent-been-respected_en" rel="nofollow">https://ec.europa.eu/info/law/law-topic/data-protection/refo...</a>.<p>Direct link to contact details: <a href="https://ec.europa.eu/commission/sites/beta-political/files/national-data-protection-authorities-jan_2018_en.pdf" rel="nofollow">https://ec.europa.eu/commission/sites/beta-political/files/n...</a>
I would pay money to have someone clean up my data online since I live in a GDPR country.<p>I have this weird conspiracy in my brain that big IT companies are just fronts for what the CIA/NSA/governments need to do to do their job.<p>I don't think those companies really care about getting your data, but government do, because governments saw and know that the internet is not something they directly control. Information is power, and it flows beyond the government's reach and proper authority. I don't really understand how those companies work so hard at great extents to get that data at the limit of the law or morality. I don't see how it's not the government doing this for security or economic reasons.<p>Liberty and freedom of speech are important, but until the internet, governments were able to have their eyes on sensitive tools. Now citizens have access to technologies that can do a lot of things at the speed of light, so in a way, governments are losing control, so it's natural that governments are trying to get back the control they lost.<p>Of course politically it's not going to please everyone, but I think that the golden age of information sharing is over.<p>The problem is that escaping data collection will often be seen as ambiguous, politicized or very complicated, so you can't even justify it morally, you have to consent. I'm a little worried because because at some point you could have cyber activists that could resort to "cyber-terrorism" to attack companies that do data collection, and show it to the public. Sending users their own data would be one way to stain the image of those companies. Ironically, terrorism justified data collection.<p>I don't think people realize how they are controlling their flow of thought and what they say when they know it can be heard. How many times I thought about what I was writing, knowing its trace could land somewhere that could have consequence on my image.
I'm shocked! I just assume hostility and act accordingly. Ublock origin and tampermonkey scripts at anyone who bypasses it. Cookie autodelete to remove tracking cookies every 3 seconds. Canvasblocker against fingerprinting.<p>Honestly this is how the internet makes money and I can't even be mad. Asking Facebook to respect privacy is like asking a drugdealer to find legal employment. Just don't do drugs!
On the one hand it is good to deny them explicit permission. On the other hand I am 100% certain that Facebook is still tracking every single data point of every single EU user. They are not scared of breaking the law.
Yes. Yes. Yes.<p>Dark patterns ought to be <i>illegal</i>: They exploit the innate weaknesses of human perception and cognition to get human beings unwittingly to do things they otherwise don't want to do.
Bloomberg is also surprisingly bad. I naively expected them to have more integrity.<p>Their consent page (linked from The Recycling Game story a few slots above this on HN right now) has a huge "Accept and Continue" button and a much smaller "More Information" link. The really bad thing IMO is each section has a switch with options Out and In, with a black/white slider on a black background. Not only is it unclear what Out and In mean here, it's unclear which of black or white means selected.<p>That's bad enough I'm actually tempted to write to their GC.