Norwegian Consumer Council: Microsoft, Facebook, Google deliberately deceive people into surrendering their personal and private data

[Delicieuxz]

 

Deceived by Design - How tech companies use dark patterns to discourage us from exercising our rights to privacy
 

Excerpt:

Quote

 

In this report, we analyze a sample of settings in Facebook, Google and Windows 10, and show how default settings and dark patterns, techniques and features of interface design meant to manipulate users, are used to nudge users towards privacy intrusive options. The findings include privacy intrusive default settings, misleading wording, giving users an illusion of control, hiding away privacy-friendly choices, take-it-or-leave-it choices, and choice architectures where choosing the privacy friendly option requires more effort for the users.

 

Facebook and Google have privacy intrusive defaults, where users who want the privacy friendly option have to go through a significantly longer process. They even obscure some of these settings so that the user cannot know that the more privacy intrusive option was preselected.

The popups from Facebook, Google and Windows 10 have design, symbols and wording that nudge users away from the privacy friendly choices. Choices are worded to compel users to make certain choices, while key information is omitted or downplayed. None of them lets the user freely postpone decisions. Also, Facebook and Google threaten users with loss of functionality or deletion of the user account if the user does not choose the privacy intrusive option. 

 

The GDPR settings from Facebook, Google and Windows 10 provide users with granular choices regarding the collection and use of personal data. At the same time, we find that the service providers employ numerous tactics in order to nudge or push consumers toward sharing as much data as possible. 

 

...

 

As we argue below, providers of digital services use a vast array of user design techniques in order to nudge users toward clicking and choosing certain options. This is not in itself a problem, but the use of exploitative design choices, or “dark patterns”, is arguably an unethical attempt to push consumers toward choices that benefit the service provider. We find that the use of these techniques could in some cases be deceptive and manipulative and we find it relevant to raise  questions whether this is in accordance with important data protection principles in the GDPR, such as data protection by design and data protection by default.

 

 

Of course, corporations are not people, let alone good people, and aiding the employment of unethical and exploitative practices to manipulate people into doing something contrary to their informed will and for the sole benefit of shady corporations is not something that any good person would be willing to do. And so, the people who work with these corporations to build these monsters of societal and individual abuse have sold their morality for a cheque and are not good people. Yet, there seems to be enough not-good people out there to continually aid and abet these unscrupulous corporations as they constantly push the extent that they are disregarding people's right to privacy, security, and control over their own property (which their personal data is).

 

And that is why it is imperative to stamp out these immoral practices while they're still in their early stages (and, yes, as bad as they are right now, these are still the early stages) with strict regulatory legislation that ensures that all people will always have the right and the tools to deny corporations' insatiable desire for personal user data.

 

The US state of California has proposed legislation to stamp out companies' unfettered and unwanted exploitation of personal and private data, and I hope that more regions and countries will follow suit. I've written about California's initiative in this thread:

 

 

[yian88]

We desperately need alternatives to Micrososft OS, google's chrome, google android and their services, facebuk is dead for me for many years now, im deeply concerned about services and software that has no alternative, i mean they do but they cant achieve the same level as big corporations.

Linux is terrible because of driver issue, no unity between communities of dev's to work togheter, and not enough software/games available, same story for phone OS's based on linux/android without play store they are useless to say the least.

This is only going to get worse, fuck EU they care more about link taxes they cant even implement FML but they cant make MS/Google/FB make EU special versions of their software without data collection, if i turn it off it must be off.

[ElderKarr]

53 minutes ago, yian88 said:

We desperately need alternatives to Micrososft OS, google's chrome, google android and their services, facebuk is dead for me for many years now, im deeply concerned about services and software that has no alternative, i mean they do but they cant achieve the same level as big corporations.

Linux is terrible because of driver issue, no unity between communities of dev's to work togheter, and not enough software/games available, same story for phone OS's based on linux/android without play store they are useless to say the least.

This is only going to get worse, fuck EU they care more about link taxes they cant even implement FML but they cant make MS/Google/FB make EU special versions of their software without data collection, if i turn it off it must be off.

Hear hear

[MotionFlex]

1 hour ago, yian88 said:

We desperately need alternatives to Micrososft OS, google's chrome, google android and their services, facebuk is dead for me for many years now, im deeply concerned about services and software that has no alternative, i mean they do but they cant achieve the same level as big corporations.

Linux is terrible because of driver issue, no unity between communities of dev's to work togheter, and not enough software/games available, same story for phone OS's based on linux/android without play store they are useless to say the least.

This is only going to get worse, fuck EU they care more about link taxes they cant even implement FML but they cant make MS/Google/FB make EU special versions of their software without data collection, if i turn it off it must be off.

The thing is, you have listed all the reason why there is no viable alternative at this moment (except for Chrome).

All of those problem will still remain with a new OS.

[Guest]

2 hours ago, yian88 said:

We desperately need alternatives to Micrososft OS, google's chrome, google android and their services, facebuk is dead for me for many years now, im deeply concerned about services and software that has no alternative, i mean they do but they cant achieve the same level as big corporations.

Linux is terrible because of driver issue, no unity between communities of dev's to work togheter, and not enough software/games available, same story for phone OS's based on linux/android without play store they are useless to say the least.

This is only going to get worse, fuck EU they care more about link taxes they cant even implement FML but they cant make MS/Google/FB make EU special versions of their software without data collection, if i turn it off it must be off.

I just wish there was an option thats not Windows or Linux out there  

[suicidalfranco]

45 minutes ago, RorzNZ said:

I just wish there was an option thats not Windows or Linux out there  

BSD

[Mihle]

They want to collect data, so ofc do they make it too hard to turn off... 

[mr moose]

Interesting, I'm not sure what their intention with this is but first and foremost I'd just like to say:  well duh!!  Of course Facebook and Google want all your information and will set defaults and language to coerce the consumer into giving it. Their business model depends on that data for it's revenue.

 

 

Having said that, there are a few interesting claims they make:

Quote

It should be noted that Facebook and Google have somewhat different business
models than Microsoft. Facebook and Google provide their services free of
charge, and monetize user data. Microsoft’s Windows 10 is not dependent on
the same level of user data monetization. Therefore, we have chosen to have
our main focus on Facebook and Google, but we still find it relevant to have
examples from the Windows update.

Any interesting decisions, I would have thought an in depth review of such practices would require equal treatment of all parties. Otherwise they effectively paint all parties with the same result even though one party wasn't thoroughly analyzed and could be better or worse than the other two.

 

Quote

 

The Windows 10 update requires users to actively click on the choice they
prefer for every step. There are no preselected choices, so in order to progress
the user must make an affirmative selection. The use of design and wording is
elaborated upon in 4.3, but the choice architecture is an example of giving users
an explicit choice, rather preselecting an option that is preferred from the
service provider’s side.

Quote

By requiring users actively to opt in to data collection, Microsoft and the
Windows 10 update is the only one of the three services to respect user agency
through not preselecting a default option.

So off the bat windows is not in the same boat and clearly does not employ the same defaults which the article claims are the worst of it.

 

Then they go on to talk about loaded questions. Specifically requiring a yes no answer does not indicate a question is loaded.  According to this assumption,  the question "GPS directions and mapping requires location to work, Do you wish to enable location"?  is a loaded question*.  The problem with that is the alternative is give the user no information and hope like mess that they work out why the GPS isn't working.  Because with some of these options you can't have your cake and eat it too.

 

Quote

The Windows 10 update used similarly
loaded language in the same way as
Google and Facebook. When asking users
to choose whether Microsoft can allow
apps to use the users’ Advertising ID to
personalise ads, users were only told that denying this permission would result
in less relevant ads. Additionally, every setting in the process was framed as a
statement, such as “Improve inking and typing recognition” and “Get tailored
experiences with diagnostic data”. Allowing data sharing was always framed as
a positive “Yes”, while restricting sharing and collection was a negative “No”.

People need to keep in mind that these are the ads in apps that are supported by ad revenue,  not ads in windows itself.  Whilst I personally don't like the idea of having an advertising id nor understand the relevance of inking, There are those that do want it and I'm not sure how else a company is supposed to inform you at the time of install  why it needs said permissions.  The other issue with this is that the article is insinuating that MS might be doing something else with that data, No such evidence exists to that end.  Answering yes to those questions does not give MS carte blanche access to sell your data to anyone. They are specific questions that only apply to those services.

 

To me there is a fine line between an informed customer and a manipulated one.  As always with these discussions, without evidence it's just speculation.

 

*a question you will experience with all phone OS's

[Delicieuxz]

Quote

By requiring users actively to opt in to data collection, Microsoft and the
Windows 10 update is the only one of the three services to respect user agency
through not preselecting a default option.

 

28 minutes ago, mr moose said:

So off the bat windows is not in the same boat and clearly does not employ the same defaults which the article claims are the worst of it.

 

Ironically, that part makes it sound as though the Norwegian Consumer Council investigating deceptive practices used to get people's data were themselves deceived by the presentation of the Windows 10 accessorial data-harvesting settings, which are only in addition to the non-configurable over-3,500 points of data that Microsoft harvests at the very minimum setting in Windows 10 Home and Pro. And not even in the Enterprise edition of Windows 10 can data-harvesting be fully turned off.

 

Perhaps they would have focused some more on Microsoft in their report if they had known the settings panel they referred to is only for additional data, while those settings don't address the bulk of data that Windows 10 harvests, for which there is no user configuration offered. So, it could be said that Microsoft is worse than Facebook and Google.

 

28 minutes ago, mr moose said:

The other issue with this is that the article is insinuating that MS might be doing something else with that data, No such evidence exists to that end.

Not presented in the article, though Microsoft has said for themselves that they sell the personal Windows owner data they collect:

 

https://blogs.technet.microsoft.com/netro/2015/09/09/windows-7-windows-8-and-windows-10-telemetry-updates-diagnostic-tracking/

 

"The Microsoft Data Management Service routes information to internal cloud storage, where it's compiled into business reports for analysis and research."

"The privacy governance team permits access only to people with a valid business justification."

"However, we do share business reports with partners that include aggregated, anonymous telemetry information."

Microsoft isn't its own partner, a partner means a 3rd-party. A business agreement with a 3rd-party means a profitable transaction. What Microsoft is saying, in a sterilized PR manner, is that they sell the data they collect through Windows 10 to whoever has the money to pay for it. And sharing business reports with business partners is a lot more open-ended as to the possibilities than an explanation of 'for targeted ads' would be. I take Microsoft's very vague mention that they sell personal data to indicate that Microsoft is exploiting it through a wide variety of profitable ventures.

[leadeater]

24 minutes ago, Delicieuxz said:

"However, we do share business reports with partners that include aggregated, anonymous telemetry information."

 

24 minutes ago, Delicieuxz said:

I take Microsoft's very vague mention that they sell personal data to indicate that Microsoft is exploiting it through a wide variety of profitable ventures.

 

Just saying, they can't be selling personal data if it's being anonymized. On selling actually personal data to 3rd parties without explicit consent breaks more than just GDPR, even with consent there are still rules/laws about that stuff.

 

Think Steam hardware survey type of data, that is what 3rd parties would be getting not "Joe Bloggs, Austria, [IP], is running Windows 10 [Build] etc etc".

[jagdtigger]

Now this is gonna get interesting. I really hope they gonna hit them hard...

[Trixanity]

1 hour ago, leadeater said:

Just saying, they can't be selling personal data if it's being anonymized. 

I thought we had established that with enough data points anonymized data is no longer anonymous.

And they have a lot of data.

[NMS]

7 minutes ago, Trixanity said:

I thought we had established that with enough data points anonymized data is no longer anonymous.

And they have a lot of data.

Pretty much this, if for example Microsoft truly does collect only anonymous data, with everything that we do online sooner or later it can be traced back to us.

In some instances, it can be as easy as looking through someone's browsing history and seeing that their narcissistic personality made them google themselves>.>

[leadeater]

13 minutes ago, Trixanity said:

I thought we had established that with enough data points anonymized data is no longer anonymous.

And they have a lot of data.

True, but that doesn't mean what they give 3rd parties is enough though.

[LAwLz]

1 hour ago, leadeater said:

True, but that doesn't mean what they give 3rd parties is enough though.

I think the point trying to be made is that nothing is hindering Microsoft from selling your data to third parties. Their contracts are deliberately written in a way that allows for it, and I doubt that wasn't very intentional. 

 

In any case, it's clear that all three of the companies want to be able to collect a bunch of personal data from their users, so it should come as no surprise that they try and encourage users to allow it to happen.

Personally I am happy that these type of practices gets investigated and called out. It would be great if some companies could get sued for it as well, setting a precedence that users should be informed and the data harvesting process should be transparent. 

 

I can't speak for everyone, but right now I try and limit all types of data collection (where it is practical). I would be inclined to share more data if I knew what was being collected and how it was used. Right now though, even letting a single thing collect data might mean my data ends up at 100 different companies and is used for 500 different purposes I have no control over. 

[JoostinOnline]

This isn't really new though. It's a shitty practice, but old as time. Earlier a website prompted me to sign up for their mailing list, and I had to choose the "No, I don't want to stay informed" (or something like that) option if I wanted to keep my address private.

[captain_to_fire]

15 hours ago, yian88 said:

We desperately need alternatives to... , google's chrome, google android...

I call Mozilla Firefox and iOS as alternatives. 

[mr moose]

3 hours ago, leadeater said:

True, but that doesn't mean what they give 3rd parties is enough though.

this, just because you can doesn't mean they do.  There is a reason we call it speculation and not evidence.

 

5 hours ago, Delicieuxz said:

 

 

Ironically, that part makes it sound as though the Norwegian Consumer Council investigating deceptive practices used to get people's data were themselves deceived by the presentation of the Windows 10 accessorial data-harvesting settings, which are only in addition to the non-configurable over-3,500 points of data that Microsoft harvests at the very minimum setting in Windows 10 Home and Pro. And not even in the Enterprise edition of Windows 10 can data-harvesting be fully turned off.

 

Perhaps they would have focused some more on Microsoft in their report if they had known the settings panel they referred to is only for additional data, while those settings don't address the bulk of data that Windows 10 harvests, for which there is no user configuration offered. So, it could be said that Microsoft is worse than Facebook and Google.

 

Not presented in the article, though Microsoft has said for themselves that they sell the personal Windows owner data they collect:

 

https://blogs.technet.microsoft.com/netro/2015/09/09/windows-7-windows-8-and-windows-10-telemetry-updates-diagnostic-tracking/

 

"The Microsoft Data Management Service routes information to internal cloud storage, where it's compiled into business reports for analysis and research."

"The privacy governance team permits access only to people with a valid business justification."

"However, we do share business reports with partners that include aggregated, anonymous telemetry information."

Microsoft isn't its own partner, a partner means a 3rd-party. A business agreement with a 3rd-party means a profitable transaction. What Microsoft is saying, in a sterilized PR manner, is that they sell the data they collect through Windows 10 to whoever has the money to pay for it. And sharing business reports with business partners is a lot more open-ended as to the possibilities than an explanation of 'for targeted ads' would be. I take Microsoft's very vague mention that they sell personal data to indicate that Microsoft is exploiting it through a wide variety of profitable ventures.

I'm sorry you believe all that.

[Guest]

1 hour ago, captain_to_fire said:

I call Mozilla Firefox and iOS as alternatives. 

iOS doesn't actually exist it's a pyramid scheme. Thats why all us Apple fanboys are so persistent, much like the new iPhone X's persistence to dust and water damage, now with free 2-year AppleCare in select countries. 

[asus killer]

i wonder what stops any government on earth to finally put a stop to the data collecting disaster. Bla bla bla, but no one really does nothing.

 

The fines are ridiculous, the penalties non existent, and when some Marck Zuckerbeg says i'm sorry, my bad, it's business as usual and nothing changes.

[mr moose]

20 minutes ago, asus killer said:

i wonder what stops any government on earth to finally put a stop to the data collecting disaster. Bla bla bla, but no one really does nothing.

 

The fines are ridiculous, the penalties non existent, and when some Marck Zuckerbeg says i'm sorry, my bad, it's business as usual and nothing changes.

Because technically you need a large antisocial trend or incident to justify introducing controlling laws.  Governments who change laws without a suitable mandate are basically just dictatorships.

[asus killer]

15 minutes ago, mr moose said:

Because technically you need a large antisocial trend or incident to justify introducing controlling laws.  Governments who change laws without a suitable mandate are basically just dictatorships.

couldn't disagree more with you, governments don't have to wait for public opinion to be in favor of something to act or slavery wouldn't have been abolished back in the day for example. Maybe now we are seeing what you are saying more and more as a trend, they don't do what's best but what is popular.

One example is Obama, against gay marriage until public opinion in the US showed on polls to be for it, then we was too.

 

And if there was no problem the US, Europe, Norway, etc... weren't all looking into it.

Zuckerberg wasn't called to the EU and US congress because all was fine.

Now either what they see is fine, or they don't care, the problems persist.

[mr moose]

5 minutes ago, asus killer said:

couldn't disagree more with you, governments don't have to wait for public oppinion to be in favor of something to act or slavery wouldn't have been abolished back in the day for example.

And if there was no problem the US, Europe, Norway, etc... weren't all looking into it.

Zuckerberg wasn't called to the EU and US congress because all was fine.

Now either what they see is fine, or they don't care, the problems persist.

They do if it is a debatable conjuncture of liberties and laws that arguably don't oppress end users.  Signing away your personal information on facebook is not the same as slavery, so don't even go there!

 

 

[asus killer]

1 minute ago, mr moose said:

They do if it is a debatable conjuncture of liberties and laws that arguably don't oppress end users.  Signing away your personal information on facebook is not the same as slavery don't even go there!

 

 

no, they do it, if they see a problem. Don't do it, if they don't. It's that simple. The nature of the problem is whatever someone persieves to be, someone may see none, others may see one problem or another.

 

I never said slavery is the same as facebook's appetite for data, what i said is that governments should act no matter what is the opinion of the majority of the people. Governing shouldn't be a popularity contest or we could just sack all of them and decide everything by polls.

[mr moose]

1 minute ago, asus killer said:

no, they do it, if they see a problem. Don't do it, if they don't. It's that simple.

 

That simple?  I had an aneurysm trying to decode what you just said.

1 minute ago, asus killer said:

The nature of the problem is whatever someone persieves to be, someone may see none, others may see one problem or another.

 

Which is why governments can't just intercede.  They can't just rule in favor of one group over another without some sort of evidence that the ruling will benefit everyone substantially more than it hurts people.

1 minute ago, asus killer said:

I never said slavery is the same as facebook's appetite for data, what i said is that governments should act no matter what is the opinion of the majority of the people. Governing shouldn't be a popularity contest or we could just sack all of them and decide everything by polls.

No one said anything about a popularity contest, and if you don't want people to believe you think slavery = voluntarily using facebook,  then I wouldn't use them in the same sentence.