How Companies Can Trick You into Accepting Their Privacy Settings

Privacy Settings

Our brains need to process a huge amount of information in a short amount of time. To make it easier on itself, your brain takes a few shortcuts to make this process easier and faster. User Interface and User Experience (UI&UX) uses these same shortcuts to guide users through an app or website. While in most cases they are harmless, sometimes they can exploit the user using “Dark Patterns”.

While not as ominous as they sound, Dark Patterns are still problematic. They are “…features of interface design crafted to trick users into doing things that they might not want to do, but which benefits the business in question.”

How do they work?

There is a pretty big list of ways companies can trick you into accepting something you might not want in the first place. Here is one example of how it can work:

Dark Pattern ExampleAt first glance when you see the above screen, it doesn’t seem like you have an option other than accepting a trial. The different plans are in cards of their own, with bright colours to draw your attention. It’s only when you look at the top right corner, with low contrast text, that you notice the “Continue with Free plan”. While a way out is available, it is practically hidden, tricking you into thinking that the way out does not exist.

How does this tie into privacy settings?

These practices do not stop there. A recent report highlights how the GDPR notice of both Google and Facebook, use dark patterns to trick you into accepting their privacy settings.

Facebook GDPR Popup

A central part of GDPR is consent. Without it, companies have no right to collect, store or use your data. On Facebooks GDPR notice, “Accept and Continue” is in a bright blue button. “Manage Data Settings” on the other hand, is in a white button with very little contrast with the background. Psychologically, you are automatically drawn towards the blue button. Another bias that is exploited is that we tend to prefer short-term rewards over long-term rewards. Pressing accept and continue will mean that you’ll avoid the admittedly boring process of checking your privacy settings. And Facebook is by no means the only one. Google also hide their privacy settings behind a slightly less attractive button.

Google GDPR Notice

And in all of these cases, the least privacy-friendly options are turned on. This means that if you do not want any of your data collected, you need to manually go through all of these menus, turning them off one by one.

Of the 3 companies that the report mentions, only one, Microsoft, make the options obvious and transparent.

Microsoft GDPR

After a recent Microsoft update, you were probably met with this screen. They very plainly give you the option of not collecting any data. They do try and push you into pressing yes with how they word the explanation. But to their credit, they do not turn them on by default and expect you to navigate menus to turn them off.

What can we do about them?

Unfortunately, not much. But, knowing about these patterns will make it easier for you not to fall for them. Until then, make sure to go through your privacy settings, I know it’s boring. But going through, and understanding what companies are collecting will avoid any nasty surprises if this information falls into the wrong hands.

Have you seen any companies using these tricks? Would you like to see them gone? Let us know in the comment section below.