The Norwegian Consumer Council just published an excellent report on the deceptive practices tech companies use to trick people into giving up their privacy.
From the executive summary:
Facebook and Google have privacy intrusive defaults, where users who want the privacy friendly option have to go through a significantly longer process. They even obscure some of these settings so that the user cannot know that the more privacy intrusive option was preselected.
The popups from Facebook, Google and Windows 10 have design, symbols and wording that nudge users away from the privacy friendly choices. Choices are worded to compel users to make certain choices, while key information is omitted or downplayed. None of them lets the user freely postpone decisions. Also, Facebook and Google threaten users with loss of functionality or deletion of the user account if the user does not choose the privacy intrusive option.
The combination of privacy intrusive defaults and the use of dark patterns, nudge users of Facebook and Google, and to a lesser degree Windows 10, toward the least privacy friendly options to a degree that we consider unethical. We question whether this is in accordance with the principles of data protection by default and data protection by design, and if consent given under these circumstances can be said to be explicit, informed and freely given.
I am a big fan of the Norwegian Consumer Council. They’ve published some excellent research.
Posted on June 28, 2018 at 6:29 AM •
Interesting survey of the cybersecurity culture in Norway.
96% of all Norwegian are online, more than 90% embrace new technology, and 6 of 10 feel capable of judging what is safe to do online. Still cyber-crime costs Norway approximately 19 billion NKR annually. At the same time 73.9% argue that the Internet will not be safer even if their personal computer is secure. We have also found that a majority of Norwegians accepts that their online activities may be monitored by the authorities. But less than half the population believe the Police is capable of helping them if they are subject to cybercrime, and 4 of 10 sees cyber activists (e.g. Anonymous) play a role in the fight against cybercrime and cyberwar. 44% of the participants in this study say that they have refrained from using an online service after they have learned about threats or security incidents. This should obviously influence digitalization policy.
Lots of details in the report.
Posted on October 3, 2016 at 6:23 AM •
In yet another example of what happens when you build an insecure communications infrastructure, fake cell phone towers have been found in Oslo. No one knows who has been using them to eavesdrop.
This is happening in the US, too. Remember the rule: we’re all using the same infrastructure, so we can either keep it insecure so we—and everyone else—can use it to spy, or we can secure it so that no one can use it to spy.
Posted on December 16, 2014 at 11:34 AM •
Sidebar photo of Bruce Schneier by Joe MacInnis.