now browsing by tag


#deepweb | Online shops use ‘dark patterns’ to trick you into buying and signing up for more, study suggests

Source: National Cyber Security – Produced By Gregory Evans

Many online shopping sites use our psychology against us by subverting user decision-making through design choices called “dark patterns,” and oftentimes, this causes shoppers to make decisions they otherwise wouldn’t.

According to a new study that analyzed data from more than 11,000 popular shopping sites, these tactics are more pervasive than most people realize.

Dark patterns coerce, steer or deceive users into making decisions that they might not if they were otherwise fully informed or given an alternative.

This includes things like using a countdown timer to pressure shoppers into “snagging a deal” even though the deal doesn’t end after the timer runs out, generating deceptive notifications in a random fashion (e.g. using a random number generator to tell shoppers how many others are “currently viewing” a product) and “confirmshaming” — when a site’s pop-up urges users to sign up and phrases the “no” option as a shameful choice, e.g., “No thanks, I like paying full price.”

It’s an increasingly common choice to implement dark patterns in the design of online spaces, including social media sites, e-commerce sites, mobile apps and video games, and the research team at Princeton wanted to get a better idea of just how often dark patterns are being used and in what ways.

Out of the 11,000 websites analyzed, researchers found that about 11 percent were using some kind of dark pattern on their user interface, and a total of 183 sites were using deceptive tactics specifically.

According to data, the more popular the site, the more likely it was to be using dark patterns.

“At best, dark patterns annoy and frustrate users,” the study’s authors said, “At worst, they can mislead and deceive users. This includes causing financial loss, tricking users into giving up vast amounts of personal data, or inducing compulsive and addictive behavior in adults and children.”

One worry about digital shops in particular is that they have a much greater ability to manipulate shoppers’ cognitive limitations and biases.

“For example, unlike brick-and-mortar stores, digital marketplaces can capture and retain user behavior information, design and mediate user interaction, and proactively reach out to users,” the study’s authors said. “Other studies have suggested that certain elements in shopping websites can influence impulse buying behavior.”

The elements to which the authors are referring are things such as product reviews and ratings, discounts and quick add-to-cart buttons, which are all meant to impact a shopper’s decision-making.

The term “dark patterns” was coined by UX Specialist Harry Brignull in 2010, and he describes them as “tricks used in websites and apps that make you buy or sign up for things that you didn’t mean to.”

A new study from Princeton University found that many online shops use manipulative tactics, called dark patterns, to trick shoppers into buying and signing up for more. (Neil Godwin/Future Publishing via Getty Images)

While the tactic of using dark patterns has been studied before, those analyses relied on anecdotal data or data collected from user submissions. New research from a team at Princeton University provides the the first large-scale evidence documenting the prevalence of dark patterns.

Researchers developed an automated approach to collecting data about the user experience on shopping sites by creating a web crawler, which simulates a user browsing experience and identifies elements of the design interface. They then extracted all of the user interface designs and inspected the resulting clusters for instances of dark patterns. Finally, they categorized and labeled the dark patterns that they identified.

The research was focused solely on shopping websites for the study, and researchers used the web crawler to visit more than 11,000 of the most popular e-commerce sites worldwide, searching for dark patterns that trick people into signing up for recurring subscriptions or making unwanted purchases that result in financial loss.

They discovered 1,818 instances of dark patterns, which represented 15 dark pattern types across seven broad categories. These instances were found on 1,254 sites out of the more than 11,000 sites included in the data set, which equates to about 11 percent, and 183 sites were found to display deceptive messaging.

Researchers also identified 22 third-party entities that provide e-commerce sites with the ability to create and implement dark patterns on their sites.

The majority of dark patterns were found to be covert, deceptive and information-hiding in nature.

Covert dark patterns steer the user into making specific purchases without their knowledge — such as introducing a decoy to make certain other choices seem more appealing. Deceptive dark patterns induce false beliefs either through affirmative misstatements, misleading statements or omissions, such as a site offering up a discount that seems to be time-limited, when in reality it appears each time the web page is opened or refreshed.

Information-hiding dark tactics obscure or delay the presentation of necessary information to the user, such as when a site doesn’t disclose that additional charges will be added at the very end of checkout.

Researchers also found that most types of dark patterns work by exploiting peoples’ cognitive biases. The researchers cited these cognitive biases as main targets of dark patterns:

  • Anchoring effect: The tendency of an individual to over-rely on an initial piece of information (the “anchor”) in future decisions.
  • Bandwagon effect: The tendency of an individual to want or value something more because other people value it (or at least seem to).
  • Default effect: The tendency of an individual to choose an assigned, default option because it’s easier than seeking out other options.
  • Framing effect: The tendency of an individual to reach different conclusions from the same information when it is presented differently.
  • Scarcity bias: The tendency to place higher value on things that seem scarce.
  • Sunk Cost Fallacy: The tendency of an individual to carry on with an action because they have already invested time and energy into it, even if they might end up worse off overall.

The study’s authors said that users are becoming increasingly more aware of these tactics, but their new data set could be used to build further countermeasures to help consumers make more informed decisions.

“One such countermeasure could be a public-facing website that scores shopping websites based on their use of dark patterns,” the authors said. “Our data set can also enable the development of browser extensions that automatically detect and flag dark patterns.”

The researchers warned that their estimates are likely the lower bound of prevalence due to the limitations of their automated method, which only scraped text data from pages containing products on each site, the site’s cart and the checkout interface.

While this means that dark patterns are probably far more pervasive than the average online shopper realizes, a little awareness can cut down on a lot of subversive manipulation — and hopefully pad your pocketbook in the process.

This story was reported from Los Angeles. 

Source link

The post #deepweb | <p> Online shops use ‘dark patterns’ to trick you into buying and signing up for more, study suggests <p> appeared first on National Cyber Security.

View full post on National Cyber Security

The #Auto #Repair Shop’s Role in #Connected Car #Cybersecurity

Source: National Cyber Security – Produced By Gregory Evans

“We collect 100 million miles of road per year,” says the co-founder and CTO of Nexar. “We can end up indexing the real world, structuring the real world the same way Google structures the web.”

Nexar will continue to build vehicle-to-vehicle (V2V) networks around the world, tracking connected cars’ movements and data. The connected car market is expected to continue to grow at a rapid rate (quadrupling by 2021, according to Statista), which means more companies like Nexar will be needed.

And as cars become more and more connected, vehicle cybersecurity concerns will increase. Given Nexar’s workload, it’s clear this is no longer a problem of the future—vehicle security is a concern right now. In turn, as advanced driver-assist systems (ADAS) and telematics technology become a daily component of repair shops’ work mix, the automotive aftermarket must become aware of and adapt to those security concerns.

That’s why the Alliance for Telecommunications Industry Solutions (ATIS)—a forum where information and communications technology (ICT) companies convene to find solutions to their most pressing shared challenges—published its report, “Improving Vehicle Cybersecurity: ICT Industry Experience & Perspectives,” in which the organization proposes a collaborative approach that could prove to complement smart cities initiatives, improve vehicle reliability and enhance overall customer experience in a new world of connected vehicles.

And it’s important for automotive repair shops to understand their place in that equation and secure their networks to protect customers, ATIS representatives state.

The Scope

As ATIS notes in its report, connected and self-driving vehicles will give consumers unprecedented new options, but the risks of cyber intrusion will only grow because of it. Dangers range from access to the owner’s, driver’s or passenger’s personal and financial information to outright loss of physical control of the vehicle.

“The network reaches into new frontiers as it provides vehicle connectivity for advanced applications and data collection,” says ATIS president and CEO Susan Miller. ”[This report] positions both the ICT industry and vehicle OEMs to work collaboratively to secure the network and block cyber attacks.”

And since independent repair shops seek to obtain OEM information, they are introduced to the cybersecurity problem, as well.

The Risk of Exposure

There’s no way around it, says Tom Gage: In order to properly repair radar systems and video sensors increasingly appearing in vehicles, automotive repair technicians will soon need to incorporate advanced driver-assist systems (ADAS) into their regular training schedules.

“Instead of a one-hour repair time for windshield that has sensors embedded, it takes another hour to make sure camera is appropriately calibrated,” says Gage, an ATIS board member who is also the CEO of Marconi Pacific. “We know the crash avoidance and automation world is increasingly appreciating and likely to increase the severity of accidents in terms of dollars because of sensors, and the increased software complexity adds another layer of demand on the whole vehicle ecosystem.”

Knowing how to calibrate vehicle systems back to original settings isn’t just a vehicle safety concern, but a cyber safety concern. Because if your shop’s network isn’t secure, it could lead to a cybersecurity breach for your customers.

“The fact [shop owners] will access the communications in these vehicles means they are part of that ecosystem that has to be considered,” says Jim McEachern, ATIS senior technology consultant. “Otherwise, servers in shop get infected by malware, and it will affect all their customers, which would be bad for the industry.”

Along with the growing presence of ADAS, Gage says to consider one of the other main concerns for auto repair shops: diagnostic reports generated from aftermarket OBD-II connectors—a huge player in the growing telematics industry. If your shop sets up an OBD-II connection with a customer, that’s another avenue for cyber attacks to occur.

A Secure Network

If you plan to perform more diagnostic work or vehicle reprogramming, or have plans to utilize telematics technology, Gage says it’s important to address these network concerns with any OEMs or third parties with which you’re working.

On top of that, it is worth having cybersecurity experts and consultants evaluate your network to ensure your shop and customers are as best protected as possible.

“If I’m an auto shop and I have to do some sort of an update to the software,” Gage says, “are all the connections I have secure? Is Wi-Fi secure? Are the servers I’m operating on secure? These are things you need to ensure to prevent the possibility of a cyber attack.”

There is, of course, “no magic key or silver bullet,” McEachern says. It’s a multi-layered problem.

But because it’s multi layered, each layer needs to do its part in ensuring cybersecurity—and that includes even the smallest of automotive repair shops.

The post The #Auto #Repair Shop’s Role in #Connected Car #Cybersecurity appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures