Hacker News new | comments | ask | show | jobs | submit login
Design Tricks Facebook Uses To Affect Your Privacy Decisions (techcrunch.com)
195 points by nreece on Aug 26, 2012 | hide | past | web | favorite | 69 comments

Can you imagine walking up to a guy on the street and saying something like "Hey there. If you tell me the names and contact information for all of your friends, the conversations you've had with them, the type of products you like, your occupation and lots of other demographic information? I'll let you play this little game with bottle caps"

Yet to many technologists working on the internet this seems like a perfectly reasonable trade to ask people to make.

So are people aware of what they are doing and are making a fair trade? Or are we taking advantage of folks simply because the technology is new?

There is a moral component to modern software development. Many of us technology folks don't like to talk about it, but simply because we don't talk about it doesn't mean that it doesn't exist.

That's not a fair analogy, because the bottle cap game does not need that information. It's more close to a doctor asking you about your and your family's medical past. If you trust the doctor its fine, if you don't it's a hard situation to figure out.

Edit: this is not supposed to be a direct analogy (obviously Facebook does not have your medical records yet, afaik). Games want to have the ability to find out who is your friend and to post on your behalf, it's not absolutely necessary but millions of people understand it's the price they pay for a free game.

What games are you claiming need the same level of information about me as a doctor?

Frankly, your analogy is ridiculous. Facebook apps aren't integral parts of my health and well-being. They don't need to delve into my personal life.

They want to. That's one way to exploit me to advertisers. But a Doctor absolutely needs to, for my own well being. Games and the advertisers they serve don't have that claim.

But how can advertisers target their ads to your special interests if they don't know everything about you? Advertisers are just as essential to your well being as the doctor is, if not even more. </preemptive sarcasm>

The social element is absolutely essential to such simple games. If it weren't for the constant nagging of your friends there wouldn't be much fun they would practically not work.

If you feel the games exploit you (or the doctor invades your life) , then avoid them.

> If it weren't for the constant nagging of your friends there wouldn't be much fun they would practically not work.

"It wouldn't work without constant nagging" is supposed to support your point?

> If you feel the games exploit you (or the doctor invades your life) , then avoid them.

The entire point of the article is that Facebook is intentionally making it less obvious that these games are exploiting your personal information.

And Farmville needs to know that same information? Or is it Farmville Dr.?

Anybody know how to read techcrunch articles on an iPad these days?

I get fifteen seconds of article, then get redirected to that "download our app" thing. No combination of back/forward or clicking "no, let me read the article" results in me being able to actually read the article.

I'm not about to pollute my iPad just for one site, so I guess from here on out I just have to make a mental note to stay away from techcrunch articles when they come through here.

Techcrunch wants you to install their app so they can steal your mobile data while you read about how Facebook steals your personal data...

Everything is an app today! Yay!

Is that allowed though? Microsoft was penalized heavily for not providing options to Internet Explorer. Can this fall under a lawsuit?

Not sure how that's relevant. Are you implying that Apple is like Microsoft regarding anti-trust, because TechCrunch makes itself hard to read in Mobile Safari without downloading a specific app?

It's super-annoying, but the easiest alternative is to wait that the page has loaded and click Safari's Reader button. It doesn't matter that the page is showing the iPad ad at the same time, the content is still there but hidden.

You can click the X to stop page load once the article has loaded up.

That's the X on the address bar that's a refresh circle icon as you read this.

It's <insert swear word here> awful isn't it.

I have to hit the stop button really quickly. I am also trying to stay away but it seems like a good percentage or article posted on HN come from techcrunch.

This exceptionally annoying trend is not even limited to Techrunch but is becoming more common on other sites too. I started to avoid Techrunch links for this reason as well.

In addition, does anyone have an issue with font resizing on Techrunch? When I zoom in to the text it becomes pixelated and unreadable. I end up being forced to read tiny text at original site resolution.

Horrible UX. I expect more tech savvy from Techrunch.

If it leads to fewer people reading techcrunch, that's all to the good.

If you're using Chrome, you should be able to "request the desktop version", which I expect changes your user agent and stops the popup.

Install Opera Mini. Opera (the company) hosts the servers that will preprocess and send you significantly less bandwidth and processor demanding results. You don't have to do anything special for that, just use Opera Mini as a normal browser.

There are pages that can crash Safari on iOS which are no problem to be read in Opera Mini.

I've just followed the link and the whole page is fully readable.

That is a real problem. My wife just bought me an iPad and ESPN does the same thing as well. I've considered installing a 3rd party browser because of this.

We have pulled the offending ad. Sorry about that. -Ned

Can you do user agent spoofing on an iPad? Because iPad browser is perfectly capable of viewing desktop websites except those with Flash.

Yes. I use the 'Atomic Web Browser' for that. http://itunes.apple.com/us/app/atomic-web-browser/id34792941...

Safari does not, but iCab mobile lets you change browser agents.

I use m.techcrunch.com when I'm on my pad or phone. Both safari and chrome crash trying to load the behemoth otherwise.

It's better than it used to be. Today, the only consequence of their stupid banner is that i'm unable to read techcrunch. previously, that banner has always locked up the browser on my iPad, so that the whole internet app was unusable until i did a hard reset of the device.

This has been driving me insane lately. Every site I follow a link to gives me an app splash page. What is particularly frustrating is that usually its a complete waste of both of our time since I already have the app. LinkedIn in particular drives me nuts with this.

There is a 'click here to continue' link in white link but it has been (intentionally?) blended into the screenshot image. Even so, clicking the link does not make the nag go away. So basically i can't read TC on the ipad

You must stop page loading, but you must act fast - i.e Press fast, stop loading button in your iPad broswer/chrome.

Hitting the reader on mobile Safari does the trick (I'm on iOS 5.1.1).

I also find this TC "feature" very annoying.

Apple should threaten action on any media company app whose corresponding website has an egregious iOS device only popup.

That or enable desktop user agent reporting via a toggle ala third party browser apps Atomic and Sleipnir.

Why would Apple do that? The website promotes Apple's appstore, which can cross/up sell other stuff that Apple receives money from...

It's annoying but I don't see Apple addressing it.

I was on gmail and suddenly got a offer from google to have video chat turned on. I thought I already had video chat, but clicked ok anyway. By doing so, it turned out I was upgrading to google plus.

They make/offer you the chance sign up to Google Plus in so many places it's infuriating.

That's clever!


Some more of these tricks, not specific to Facebook, are compiled here: http://wiki.darkpatterns.org/Main_Page

This wiki has been around for a number of years and I always thought it was a great idea. Shame it hasn’t really seemed to have taken off.

Security confirmations are always tricky, because most of the time users aren't able to fully (or even partially) understand the full implications of the response they give.

If I accept this certificate, what does it mean? Is something bad going to happen to my computer?

So they can access my name, picture, gender etc... but what are they going to do with it?

It's quite obvious to see that this new style of confirmation would increase conversion and more people will click 'Play Game' than 'Allow'. Higher conversion means more money.

At the end of the day, for facebook it's a question of who they want to keep happy. Their users by keeping their privacy and giving them the best tools to make informed decisions, or the app publishers - who want to get as many users as they can, and need some way to make money out of those users. Considering that users aren't directly paying anything to facebook, and app publishers are more likely to increase fb's revenue - I think it's clear which side facebook would pick.

Good point about security confirmations, but it isn't as simple as users versus app publishers. Leading users down the garden path like this helps users who don't care about app privacy, or who already have a default understanding that apps may post on their wall, by letting them get on with playing the game without having to understand a page of stuff they don't care about or already know.

If FB is so evil TC, why are you using them for your comments :-)

Lazyness? Hypocrisy?

But does it really matter? If I had a grandma she wouldn't be using techcrunch, she'd be using facebook.

Google Play does a similar thing: Instead of showing all the permissions an app uses, they show a couple, then show the OK button, then hide the rest of the permissions behind a "See all..." screen after the OK button.

Facebook is simply not trustworthy. I feel sorry for people having to create an account simply to use Spotify.

You don't have to use the same account for everything.

I have one for social interactions with all privacy settings maxed out (including opting out of the Facebook platform [0]), and one for apps, with no friends.

The same goes for Twitter. http://twitter.com/loganloginski

[0] Otherwise the apps of your friends have access to your data.

It's against the Facebook ToS to have more than one account.

Facebook recently caught up with me and all of my "fake" accounts.

That assumes there's no way to (or interest in) linking accounts.

I choose to vote with my feet and not get a Spotify account at all. I don't want to support a company that strongarms their customers like htat.

Luckily I signed up for Spotify soon enough after they came to the US that I have an actual Spotify account. I probably wouldn't use Spotify now if I had to use Facebook to sign in.

Some of this seems evil to me, some of it doesn't.

It is likely that many people really are searching for the button that allows them to fucking play the game. (The people joining Facebook now must be the trailing end of the trailing end of computer-savviness.)

On the other hand, Facebook has decided not to try to educate these users any more. They wash their hands of the whole affair.

Funny, now it's obvious that they could have been that evil to start with. I wonder what's changed. It might be personnel changes and/or share price...?

Funny, now it's obvious that they could have been that evil to start with. I wonder what's changed.

Time passed. Like someone who first makes lewd remarks, doesn't encounter (enough) resistance, then tries for a grope.

Wow. Feeling like this will be a predictable cycle.. I remember how difficult it was for me to convince my friends to install an app on Facebook due to the FarmVille Fatigue. Led to me and others writing "we will never post on your wall without your permission". This definitely feels loose and ripe for manipulation/privacy backlash. Well, let the "viral coefficient" loose...

When reading this I could not help but think of Maxwell Smart, Agent 86, from Get Smart: "It's the old .... trick"

Those Facebook guys are just so clever. Pat yourselves on the back you wily "engineers". You guys are so productive. How do you do it?

Excellent post, it's crazy what Facebook is doing to invade our privacy. That's why I use http://mypermissions.org to scan all the apps I've connected with.

I'm not sure I trust mypermissions.org any more than Facebook. Not even an "About" page or a FAQ page? Nothing explaining what they do, how it works, etc? Just click on a button with no explanation of what will happen? Sorry, but that rings all of my alarm bells. Not to mention that their solution to keeping apps from getting private info is...another app?

what's crazy is that privacy conscious people still use facebook. if you don't want your personal information posted on the internet, don't post it on the internet.

or, i guess, you could share your personal information with a third, totally unknown and untrusted party, in the hopes that they'll protect you from facebook.

Disgusting, but not in any way surprising.

I don't see a whole lot to demonize facebook for here. With the old design, it probably took one, maybe two viewings of that screen to train a user that the 'allow' button is the one they have to push to play the game, and as soon as they learn what button they have to click to proceed, they never read anything on the page ever again. With the new design, users who care about privacy continue to have access to the relevant information, and the other 99.9% get to their game a little quicker. No matter how hard you try, most people are still going to try to ignore any text they are presented with that is not absolutely necessary to achieving their goal.

But where is the "play game without disclosing my birthdate, home address, email address, and list of business contacts" button?

there isn't one. you pay to play with your information instead of with money, there is no 'play without paying' button, just like there is no 'steal' button in itunes.

Another dirty trick they use is refusing to fix the button to turn off apps, plugins, and Facebook integration on other websites. Log in to Facebook, click the down arrow next to your name, click "Privacy Settings", click edit settings next to "Ads, Apps, and Websites", then in "Apps you use" click "Turn off". You will see this error:

"There was an error while disabling applications and websites. Please try again."

I reported this to Facebook three months ago and haven't heard anything back. This has been broken for three months. I believe it is intentionally broken. Shame on you Facebook!

Is this implementation open to all developer accounts? Anyone have more information about it?

This is a small nit-pick, but I feel like the word "design" gets thrown around a lot these days, until it doesn't even mean anything anymore.

I would expect a "design trick" to be using color, contrast, or typography to achieve a result. If getting rid of the "don't allow" button counts as "design", then I wonder if "design" has become too broad a term to still be useful.

That's because you had a very limited definition of what design is. Design is not just how it looks, it is much more about how it works (and in a highly visual media like the web, how it looks is of course a big part of that).

Edit to add some nuance: I didn't mean to take this out on you personally. Your limited definition of what "design" as "visual design" is actually fairly pervasive these days and as a (non visual) designer this bothers me to no end. I'm blaming the use of design as a noun for this. People want to have something that is "design", whatever that means. Design, however, is also a verb. It is the process of shaping a product to fit its users' needs. For software, that means figuring out what it should and shouldn't do, how it should do it, how to organise information, what language (visual and verbal) to use and testing, testing, testing. To do this right, you need more than just a talented artist that can make a pretty picture.

Design IS a broad term. There is architectural design, industrial design and user interface design for example. What you are describing is generally called visual design. Quite contrary to what you argued, many people, including Steve Jobs, have emphasized that design is much more than visual design.

Considering which buttons your site needs, and where to place them, is arguably more "design" than the font of the text on them.

"Design" is any sort of intentional non-obvious, non-arbitrary choice made in the process of creation, as contrasted against using whatever defaults come from the environment and tools at hand.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact