Dark Patterns Version 2



Smart Lock Security Company, Dark Pattern in Action





Introduction

The premise of this assignment is to use a dark pattern, a purposeful design that inherently coerce the user to do something they normally wouldn’t do. A good quick example is how after downloading an application, the installation wizard has an “opt out” checkbox to NOT receive emails. The dark pattern here causes the user to do extra work in order not receive emails, and therefore more people will be subscribed than if there was a checkbox to receive emails. We decided to create a faux-security company named Smart Lock to demonstrate a close-to real world example of a dark pattern.





Smart Lock is a security company that primarily produces locks for doors, devices and other entrances linked up with secure “key cards” that allow users to be sure. Smart Lock’s main goal is to keep its customers safe. Secondary goals include, convenience for proprietors (vendors of Smart Lock) and a “backdoor authentication” for police services. Starting out, apartment managers or people that want to have their doors linked up with new smart locks can have install these new locks and provide the sign up forums needed to issue out the smart key cards. Apartment managers will be able to provide renters that their building is more secure and safe because of our new smart locks, also providing that the renter can ask for more of their devices can be protected by the smart key card by going to our web page for more information. The dark pattern is in the form given to the person applying to rent and will be crucial for them filling out the information so that they can use the doors of the apartment.





Design Process











Though we did collaborate and discuss other forms of dark patterns, ultimately from the start our team was set on creating a security related dark pattern. We found that a security concept would mold perfectly into a deceptive dark pattern that the general population could fall for. Early iterations of our security company comprised of a strictly web-based system, where the security we would provide was primarily software security. We then began to discuss who would be our main target or most vulnerable to our pattern. With our target audience in mind, we did not want to limit ourselves to only web based users. We knew that if we could somehow have a physical device that the number of users would grow substantially. The idea then arose to incorporate RFID chip scanners. We realized that we could utilize this simple tech with our security company, expanding our web-based company to property security based company. With the main idea now concepted, it was time to put the hardware together. Luckily one of the members of our team was vastly equipped with the required hardware to test the use of our product. With the hardware tested and ready, the darkest part of our journey came next. As you have read about our product, it is not necessarily the physical product that holds that dark pattern but rather the registration form for our product that holds the pattern. Our goal with the registration form was to make it appear as normal as possible, allowing a naive user to enter information that they would not normally enter. We discussed the exact information we wanted to extract from our users and the various ways of asking for it. We looked at every possible way to ask for the information we wanted, even testing it on each other to see if a team member would fall for it. The creativity of the dark pattern began to emerge as the registration form grew in length and trickery. The strengths of our final iteration lie in the professionalism of the form. There are no obvious giveaways that our simple registration form hides a dark pattern within it.







Some initial notes during our first iteration of designing our dark pattern idea







Rough Draft of Smart Lock sign-up form we wanted.





Implementation phase code using an Arduino RFID module for card access




Link to the web sign-up form:

http://cs.sonoma.edu/~idavidson/cs385HCI/form.html





Worst-case Scenario for a User


The scenario starts with a student that has been on vacation all summer and as summer ends, they come home to find that they got evicted from their apartment and need to find a new place to live fast with only a week left till school starts back up. The student looks online to see a low cost, secure, safe building is available using the new “Smart Lock” home security. The student applies for the apartment and is given a bunch of online forms they must fill out. In the stressful situation the student starts to fill out each form with haste. Once the Smart Lock form is pulled up, it appears like any other signing form and agreement to get the apartment. With haste each field in the forum is filled out, not knowing that some of the fields can be left blank and some checkboxes given are there to trick the user. With all the fields filled in Smart Lock now has their SSN, email, address of their past place and new place, and subscribed to our email list to receive advertisements for our smart locks. This is a lot of information that is given, and we had many ideas on how this information could be used to keep them part of the Smart Lock system, or mess with their lives. Being signed up for Smart Lock means that in order to get into the places protected by Smart Lock. Furthermore, they must keep up with the monthly subscription costs and also keep their physical smart key card with them at all times. If the student added more devices to be protected by Smart Lock then after installation of the locks the only way to get out is to remove the locks and cancel each subscription, which is time consuming for a student that has a full load of classes.





What kinds of people/users are exploited


In general, Smart Lock is used generally in the context of leasing or renting properties as it is a home security feature. The specific population that would be using Smart Lock regularly, are the groups that primarily rent housing, being the elderly or college students. Our dark pattern works very well in the case where users are in a rush or are naive in the sense they don't think they will be exploited (from the information they give out). Often the elderly and young adults are the most exploited because of naïveness and taken advantage of in similar scams and dark patterns in a web context.





Who will Smart Lock benefit


The Smart Lock security company benefits property owners which are utilizing Smart Lock with their leases. Logistically, implementing Smart Lock would be more realistic in a context of an apartment complex or housing community. While we wouldn’t expect as many homeowners to use Smart Lock. Smart Lock will also benefit Police by giving them ease of access to doors or devices that are backed by Smart Lock. And the last one to benefit from our dark patterns is data collectors that want to know where the user’s devices are going or how often they come home, little personal information that can give companies better ways to target the user for advertisements, etc.





How can your reader protect themselves against the dark pattern you proposed?


When looking at how a potential user can avoid being exploited by Smart Lock there is the only one solid solution. Do not sign leases with rental properties which use Smart Lock. A more practical solution goes with the ideology of critically thinking, what information a user must provide for a service. If there happens to be more information required then logically needed or other risky characteristics of the service, the best advice is to entirely avoid that service. Be observant and read every checkbox with the intent that it may be a dark pattern. Be sure, as a user to take your time as well, personal information is valuable and there are many techniques able to maliciously steal data.


An alternative, roundabout way for users to protect themselves from our dark pattern would is to influence local politicians to ensure no local business or property renting company uses Smart Lock. Though this is not a very fast or short-term solution of protecting individuals. Again, the best way to avoid being exploited by the dark pattern Smart Lock uses is, to be an observant user who doesn’t willing give out unneeded information.


Conclusion


When looking at our final prototype, we have our dark pattern setup within the sign-up form that we shared. We also began the stages of designing a hardware component which the Smart Lock would physically use to open a client’s door. A strength of our sign-up form is the realisticness of content that exists and may be overlooked, like asking for the an old address, or a confusing backwards opt-out check box. An issue we had with our physical prototype, was not being able to demonstrate our RFID hardware component, while still having to spend a good amount of time working to develop that idea. While technical difficulties were unfortunate, the hardware component plays a key role to Smart Lock. If we had more time the first thing prioritized would be creating a more polished hardware component. Also, extra time would be put towards adding the process as to how interaction between Smart Lock and a user hypothetically goes; This would be expressed in the form of a storyboard.

Comments

Popular posts from this blog

385 Final Portfolio

Crowdsourcing Primer

Design Sprint: Crowdsourcing