-
Notifications
You must be signed in to change notification settings - Fork 46
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #171 from TheDigitalStandard/2020_12_1.3.0-1
create dark patterns.md
- Loading branch information
Showing
1 changed file
with
44 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
# Dark Patterns Privacy Testing Research | ||
**Goal of this document** | ||
* Develop something that can be used along side the Digital Standard | ||
* Develop the pieces that need to exist directly inside the Digital Standard to fully asssess user experience | ||
* Figure out what should be and can be tested with respect to good/bad user design | ||
|
||
**References** | ||
* NCC’s Deception by Design and Every Step You Take reports | ||
* darkpatterns.org | ||
* https://twitter.com/spotthepattern | ||
|
||
### Things we want to measure (re: Privacy) | ||
**What is the default flow for any path-of-least-resistance user?** | ||
* Explore the space of possibility | ||
* What are the settings and features in question? | ||
* What are the defaults for those settings? | ||
* Which settings explicitly define what they control? | ||
* Which settings give sufficient fidelity on control? | ||
|
||
**How easy is it to choose the privacy friendly option (including account deletion)?** | ||
* Hidden defaults? | ||
* How many clicks does it take to enable? | ||
* Are there even settings to do so? | ||
* Are the buttons the same size, position, color, font? | ||
* Does the UX use buttons too tiny, blocked, or inactive to select, etc.? | ||
* Does the UI fool users into interacting with it? | ||
* Boxes that suddenly appear under your finger | ||
* Are there false notifications or distractions? | ||
|
||
**How easy is it to change defaults before finalizing account creation?** | ||
* Does the user have the ability to tailor their experience based on privacy? | ||
* Is the user interface designed to push the user to prefered use of service rather than explore settings (FB example from over the summer where a notification bubble distracted users from exploring settings) | ||
|
||
**Is the user repeatedly nagged or pressured to make decisions contrary to their privacy?** | ||
* Are there dialogs or prompts that appear repeatedly to ask for contacts, location, etc.? | ||
* Especially onerous when the user has already set a setting to not allow access | ||
* Does the interface imply a sense of timing that is designed to pressure the user into making a quick decision? (aka forced timing) | ||
* Does the user have access to nuanced notification controls? | ||
* Does the site use forced timing or crafted/artificial urgency mechanisms? (i.e., ticket sites) | ||
|
||
**Are there elements of the user interface designed to distract users when they are about to make a choice about their privacy?** | ||
|
||
**Are users clearly notified and able to clearly read instructions and policies that impact their privacy?** | ||
* Are privacy policies presented in a reasonable fashion that you can access later? |