The design patterns can get pretty aggressive. Google right now makes my youtube.com homepage blank, asking me to turn on my watch history. A lot of time this is presented in a way not to mention privacy, but to instead promote a "feature". "Turn this feature on", not "Turn off your privacy". You get quite a lot of roadblocks when you turn off settings like this, making the products pretty hard to use.
It's nearly impossible to keep up with and figure it all out, and I'm a UX designer by trade! A lot of these dark patterns are the reasons I've moved more and more to alternative tools like Kagi and Fastmail...etc.
Google right now fills my youtube.com homepage with what is "popular" - seeing what is widely consumed crushes the last hopes I have for civilization and makes me almost want to turn back on my watch history so I can be oblivious to reality.
[0] At least this is what they think/feel
The passive aggressive "Your watch history is off" warning that you can't dismiss is the really the only thing bad about it.
Maybe there will be a backlash large enough to move away from these huge ad supported platforms to more focused platforms that actually have the users interest in mind. One can keep dreaming
That's funny, I specifically have an add on to do that for me!
Though, I find it's difficult to avoid Google on your phone. I have Google Maps where I'm not logged in but they know who I am as I'm logged into Google Voice.
It’s not even hidden, they promote this “feature”
Let's not confuse things here:
- deceptive UI/UX to encourage users to surrender their privacy
- profiling paid or unpaid users
- displaying ads
Only two of the above are issues.
People should also understand that "put onto the Internet" doesn't just mean typing something into a box and hitting the "post" button. It also means:
- "Private" messages that go through an intermediary web service
- All forms of cloud storage, including (especially) your photos
- Any browsing history that can be associated with an IP address that can be tied back to you
A lot of this stuff is one leaked password or SIM swap away from being public data.
I actively manage my footprint now, but I have to admit that getting started was a bit overwhelming. It's roughly on-par with switching over to a password manager for someone who was not using one before. It involves a lot of going through your inbox to locate accounts and then navigating a slew of different patterns for how to shut down your account, or at least to scrub information you don't want revealed from those accounts.
Once you get started, though, maintenance mode is fairly easy. Those "terms of use update" emails are very handy in picking up accounts you forgot you had and shutting them down. That, plus having a couple of templates handy to copy/paste when you get individualized outreach from sales teams.
The hardest part is that the majority of companies seem to have no idea how to comply with requests, which leads me to believe the number of people requesting removal of their data is much, much lower than I would hope or expect. It's generally incompetence, not malice. Or probably more accurately, it can be a complex technical task that requires interdepartmental cooperation to implement a good system, and few companies are jumping up and down to fund expensive or complicated compliance efforts in their sales and marketing teams .
Do you mind elaborating/sharing?
I include a snippet like this one, which is for paper mail:
I'm writing to request that you please remove me from your postal mailings list. I no longer wish to receive your mailings. Please, also, do not rent or sell my name or address to other organizations.
After many experiences of broken CCPA compliance I'm beginning to wonder if there is not a strategic component to the widespread incompetence.
Last night, I tried a CCPA request against keenan.com that a former employer had, apparently, "shared" my information with several years ago. Keenan.com recently sent out data breach announcements to let us know that they failed to properly secure the personal data they collected/hoarded on us via our [past] employers, and I wanted them to tell me what they potentially disclosed and then delete my data. From the email bounce message, they use Microsoft o356 hosted email, and configured their ccpa contact email address they list on the keenan.com website, "ccpa@assuredpartners.com" to only accept mail from internal senders on their own domain(s). Maybe the IT for keenan.com/assuredpartners.com is a clown show (they did hoard data they no longer needed, and failed to secure the data they collected/hoarded), but it seems unlikely that every company, of the many I've encountered with broken CCPA processes, would be similarly incompetent.
Several phone requests to other companies, using the CCPA contact number on their websites were answered by folks who have no idea what the CCPA even is.
One of the largest data brokers in the US failed to remove my data following a CCPA request until I contacted the VP of their legal department directly.
Most of my requests have either encountered (possibly strategic) incompetence as the above, or malicious compliance, where they make the process as time consuming and annoying as they possibly can. E.g., a web form that requires filling out the entire form repeatedly for each right you wish to exercise under the CCPA.
TLDR, maybe evil companies are just being evil?
Like when you “Press 1 to be removed” or “text STOP to opt out” — all it does is move you to the mailing list they have for people who think they’re doing something that has any effect. I’m sure that’s valuable to a lot of marketers.
You may be referring to "hiding your data from your own view" ...
For SoMe and other organizations that have very large databases it is a very common procedure (if not outright "best practice") to NOT delete anything, but in stead "mark as deleted". The data is still there, it is just no longer visible.
Of course such a practice means that your data (even if you think you have deleted it) is still vulnerable to all the standard (and non-standard) issues, from internal data mining over data breaches to governmental requests, etc.
The only surefire way to avoid exposing yourself is to avoid interacting with these services at all.
If you turn off watch history/location history/search history, I assume that Google prevents your local device from saving the history but saves all of the history data to their servers anyway. In my head, I describe my conspiracy theory as "delete your data = prevent only you from using your data".
Obviously doesn't work for anything that needs real phone# or real physical address, but anything to reduce risk of data breach, cross-referencing data, tracking helps.
I also use disposable digital credit card number (from wise.com) for non-mainstream sites.
It's a lot easier than having to navigate the 'delete all my data' maze.
At login they were asked for a phone number, which she refused and chose "skip". When she got to the end of the filling, just before submission, the system refused to move on without a mobile phone where text could be sent. Oncethe text message was sent, moved on. No way to remove the number from the account.
There is no need for the number. Deceptive design in the beginning then extortion at the end.
There are people without mobile phones by choice and by force.
Anyway, if you're like me (i.e. you expected the guide to be on the featured page), you didn't find out about the PDF until someone else (user yoaviram) posted the PDF in a comment. The word "guide" has a link to https://consciousdigital.org/deceptive-patterns/, which redirects to https://consciousdigital.org/wp-content/uploads/2023/04/dece... . The text in the PDF is real.
When you get there, you have to parse the email by hand, extracting subject, header, and body, and paste those into separate form blocks. That could be trivially automated, but no, that would make it too easy.
Gmail is about as spam-heavy as Hotmail at this point. I'm tempted to route everything not whitelisted from Google to the junk folder.
(Although, we should always consider Hanlon's Razor (https://en.wikipedia.org/wiki/Hanlon%27s_razor): "Never attribute to malice that which is adequately explained by stupidity" when levelling allegations that a given company or companies have intentionally engaged in "Deceptive Design".)
Still, "Deceptive Design" is a very descriptive phrase given its terseness...
But there must also be a "corollary phrase" -- to describe the same effect while reflecting non-malicious intent, AKA just plain stupidity and/or unintentional ignorance...
How about:
"User Intent Non-Preserving User Interface" (UINPUI)?
Anyway, from a linguistic standpoint and used properly in the correct contexts, "Deceptive Design" could be a very useful phrase...
I'm still not sure why companies want to send SMS messages to candidates. Email or phone calls aren't fast enough? Come on.
