Who has control of your data online? It’s you, right?
Not so fast. The answer is complicated.
A recent report by the Norwegian Consumer Council reveals that tech companies are misleading you into giving away rights to your data.
Using what the Council calls “dark patterns,” companies like Facebook, Google, and Microsoft are taking advantage of psychological biases to increase the likelihood that you’ll make privacy choices that may not be in your interest.
No one expects tech companies to protect consumer privacy, but this might be a new low. Let’s take a look at these dark patterns and how they might be influencing you.
What Are Dark Patterns?
(Watch the video for a great example of a dark pattern on Amazon.)
DarkPatterns.org defines dark patterns as “tricks used in websites and apps that make you buy or sign up for things that you didn’t mean to.”
There are all kinds of examples: Bad user interface design. Misleading wording. Hidden options. Even color choice can be part of a dark pattern.
The site lists 12 types of dark pattern:
- Bait and switch
- Disguised ads
- Forced continuity
- Friend spam
- Hidden costs
- Price comparison prevention
- Privacy zuckering
- Roach motel
- Sneak into basket
- Trick questions
I highly recommend reading about each of these dark patterns. You’ll immediately recognize quite a few of them (especially Mark Zuckerberg’s preferred tactic, privacy zuckering).
The big problem with these tactics is that humans aren’t well equipped to deal with them. We have psychological biases called heuristics that make us more likely to respond in certain ways. And when companies take advantage of those heuristics, the argument goes, they’re taking away our agency as consumers.
How Companies Trick You Into Giving Up Your Privacy
The report shows several tactics used by Facebook, Google, and Microsoft to trick you into selecting the options that decrease your privacy.
1. Default Settings
The new GDPR regulations say that “default settings should not allow for more data collection or use of personal data than is required to provide the service, and that the use of personal data for other purposes requires an explicit opt in consent.”
This one almost isn’t worth mentioning. Of course these companies are going to default to collecting a lot of your data. That’s how they make money. Does this policy violate the GDPR regulations? You can make a strong argument that it does.
Both Facebook and Google make users go into their settings to disable information collection and sharing. That’s a dark pattern. (Microsoft’s GDPR update, in contrast, had no default settings, letting users choose whatever they want from the start.)
2. Ease of Changing Settings
How easy did the companies make it to change privacy settings? If you’ve ever used Facebook or Google’s privacy settings, you won’t be surprised to find out that it was harder to turn data-sharing off. Both services also chose images and text placement to encourage users to share more data.
Microsoft used these visual nudging cues too, but required the same number of clicks to give away data as it did to protect it.
Facebook is notorious for requiring a lot of clicks, a lot of reading, and many different screens to figure out who can see your data and what they can do with it.
In contrast, Twitter’s privacy settings are extremely straightforward:
This one’s all about how options are presented. Companies tell you the positives of letting them sell your data to advertisers—but not the negatives. And they tell you all the reasons you shouldn’t increase your privacy options, but none of the privacy concerns you might face without them.
The report gives Facebook’s facial recognition settings as an example. Facebook tells you the benefits of automatic tagging, and warns that without facial recognition, it won’t be able to identify when strangers are using a picture of you as their profile photo. Is this really a serious concern?
They also point out that people using screen readers won’t know if you’re in a picture.
They don’t tell you that advertisers might use facial-recognition technology to target ads or what else they might do with that data.
Google and Microsoft weren’t any better.
4. Reward and Punishment
You’ve probably seen this; both Facebook and Google tell you that you’ll lose functionality if you protect your data. Facebook even presents you with the option to delete your account without pointing out that you can download all of your data first.
It’s supposed to be. Look at the flowchart of Facebook’s GDPR privacy update options (which is, in itself, surely a form of punishment):
Once you’ve made all of those choices, are you really going to hit the “Delete Account” button at the end? Probably not.
And companies tell you all the time that you’ll get better service if you share your data. No big surprise there.
Microsoft, however, did include a statement that Windows would still work at full capacity if you didn’t share your data.
5. Forced Action and Timing
Do you make good decisions when you’re rushed? Do you weigh all of the options?
No. Which is why companies give you options to maintain your privacy from their mobile apps while you’re on the go. And put them in front of you when you’re trying to get to some other part of the app or service.
Facebook was especially bad at this—they locked people out of their profiles until they accepted the GDPR updated documentation.
But Google and Microsoft weren’t much better. While I was writing this article, I received this email:
The timing was just too perfect not to share it. It’s a great reminder that these same tactics are used by businesses to get you to spend more money. They work, and they get you to give away your data.
How to Shine Light on Your Privacy and Data
Unfortunately, there’s not a whole lot you can do about these types of misleading tactics. We’ve been telling you for a long time to read privacy options carefully, and to dig deep into settings to find out what you do and don’t have control over.
Knowing that companies are doing their best to mislead you into sharing more information, however, is a good step in the right direction. Even when companies look like they’re doing you a favor by making it easy to manage your privacy settings, they’re probably not.
Here’s one of the best quotes from the report: “By giving users an overwhelming amount of granular choices to micromanage, Google has designed a privacy dashboard that, according to our analysis, actually discourages users from changing or taking control of the settings or delete bulks of data.”
Google’s privacy dashboard is flashy and friendly. But it’s not actually designed to help you manage your privacy.
Remembering facts like this will help you stay alert for the dark patterns that companies use to encourage you to part with your data. (It’s also a good idea to use privacy apps that have gotten a boost with GDPR.)
Image Credit: Wavebreakmedia/Depositphotos