为啥网站已经替我打了勾？揭穿科技公司骗取用户数据的常见手段

近日，两名美国参议员提出了一项两党连立议案，该议案拟禁止网站的“操纵型”设计功能和提示——比如谷歌和脸书等大型网站就经常通过这种诱导性设计，“欺骗消费者交出他们的个人数据”。

根据民主党籍参议员马克·华纳的办公室发布的新闻通稿，两周前，华纳和共和党籍参议员黛比·费舍尔联名提交了这项所谓的“黑暗模式”议案。据介绍，网站的这些操纵手法都是有行为心理学依据的。比如网站经常在服务条款中预先帮你打好了勾，或者经常会在你进行某项活动（比如网购、看文章）时弹出一个对话框，诱使用户同意网站收集其个人数据。

该法案只针对那些月活跃用户超过1亿人的大网站。随着人们对那些大型互联网平台愈发不满，呼吁加强监管的声浪也越来越高。虽然本周二提交的这项法案属于两党连立议案，但国会负责网络隐私立法的几个关键委员会尚未就此跟进。到目前为止，在国会中获得支持最多的意见还是立一部国家层面的隐私法。

华纳也是参议院情报委员会的副主席。他表示：“这些年来，社交媒体平台依赖各种各样的花招和工具，说服用户在并不真正了解实情的情况下交出他们的个人数据。”该法案的正式名称叫做“减少在线用户被欺骗体验法案”，简称“DETOUR法案”。

脸书和推特的代表拒绝对此事发表评论，不过他们都表示会对该法案的内容进行评估。谷歌公司的代表并未及时回复我们的评论请求。

“黑暗模式”的概念是由设计学研究员、认知科学家哈利·布里格纳尔在2010年首次提出的，指的是网站或应用程序采用诱导性或胁迫性设计，迫使用户采取或不采取某种行动。在周二发布的一系列推文中，华纳列举了几个网站和应用程序常用的欺诈性手段，比如在广告中故意放一个明显的污渍或碎发图案，用户往往不自觉地想用手把它抹去，结果就点开了广告。布里格纳尔本周二也表示，“黑暗模式”在网络上随处可见，更是脸书、推特和谷歌做生意时的常用法门。

比如众所周知，如果用户有一段时间没有访问过脸书，脸书就会向用户发电子邮件和短信息，敦促用户回到网站来。以前很多科技公司都默认开户数据分享功能，或者是通过层层设置隐藏了选择不共享的功能。

布里格纳尔表示：“过去10年间，这些伎俩变得更加普遍了，所有大型科技平台都会使用这样或那样的类似伎俩。”

去年，欧洲通过了一系列具有里程碑意义的网络隐私规定，目标之一就是使互联网用户更清楚地了解自己同意了哪些事项。然而这也导致用户每次登陆一个网站时，都会弹出一个窗口向用户索要数据，很多人为了避免麻烦，干脆点击“同意”了事。

本周二的这项法案明确界定，“为达到迷惑、损害、削弱用户的自主权、决策权或选择权的目的，或为了达到以上效果，而设计、修改或操纵用户界面，以获取用户同意或用户数据”的行为属于违法。此外，该法案还明文禁止网站未经用户同意，对消费者进行划分以开展行为实验。同时，该法案还禁止了旨在“令儿童产生冲动性消费”的设计。

华纳办公室的一名女发言人表示，该法案不会因脸书和YouTube等大型平台上的广告采取了“黑暗模式”，就对其进行处罚，因为很多广告都是由第三方公司创建和付费的。

这项法案得到了微软公司政策主管弗雷德·汉弗莱斯的高度赞扬。汉弗莱斯表示，微软支持立法者们为保护民众免受商业剥削和欺骗所做的努力。微软此前曾呼吁为人工智能业务制订伦理标准，并呼吁对网络隐私和传播内容加强责任监督。如果这两项成为现实，则也会对大型社交媒体网站及其广告业务产生影响。

此前，有四名参议员表示他们正在起草一项全面的隐私法案，本月初，几名权威共和党参议员对此事表示了乐观态度，不过他们并未透露隐私法的立法还需要等多久，也未透露他们是否已与民主党就一些核心条款达成共识，包括各州法律的角色等。

除了加强监管（比如联邦贸易委员会就曾对脸书的数据分享行为进行过调查），美国立法者和活动人士也表达了对其他一些问题的担忧，如不雅内容、针对儿童的产品植入、假新闻、数据流失、干扰选举、宣扬政治偏见等，并呼吁对此加强监管。议会已经有人起草了几项相关法案，但近期通过的可能性并不高。不过随着华盛顿逐步着手解决与科技有关的政策问题，这些提案中的部分理念，或许未来真的能够体现在立法中。

本周二，众议院的一个委员会还就白人至上主义现象举行了一场听证会，谷歌和脸书的代表都在听证会上作了证。（财富中文网）

译者：朴成奎

Two U.S. senators introduced a bipartisan bill that would ban “manipulative” design features and prompts that let large websites such as Alphabet’s Google or Facebook “trick consumers into handing over their personal data.”

Democratic Senator Mark Warner and Republican Senator Deb Fischer introduced the bill on so-called “dark patterns” on Tuesday, according to a news release from Warner’s office. Such features, based on behavioral psychology, include pre-checked boxes or pop-ups in the middle of an activity—such as an e-commerce purchase or reading a story online—that prompt users to consent to the collection of personal data.

The bill, which would only apply to websites with more than 100 million monthly active users, comes as anger with large internet platforms has led to rising calls for regulation. Although the bill introduced Tuesday is bipartisan, key committees that would have to legislate on the issue have not yet picked up the effort. So far, congressional efforts to pass a national privacy law have gained the most momentum with lawmakers.

“For years, social media platforms have been relying on all sorts of tricks and tools to convince users to hand over their personal data without really understanding what they are consenting to,” Warner, who serves as vice chairman of the Senate Intelligence Committee, said in a statement. The legislation is dubbed DETOUR, for “Deceptive Experiences to Online Users Reduction” Act.

Representatives for (fb, +1.57%)Facebook and Twitter declined to comment beyond saying the companies would review specifics of the bill. A representative for (goog, -0.53%)Google didn’t immediately respond to a request for comment.

The term “dark pattern” was coined by design researcher and cognitive scientist Harry Brignull in 2010 to refer to any tricky or coercive website or app design that tried to get a user to take—or not take—a certain action. In a series of tweets on Tuesday, Warner cited deceptions such as the placement of an apparent smudge or stray hair over an ad to get a click from a user trying to wipe it away. But dark patterns are all over the web, and are core to the way companies like Facebook, Twitter, and Google do business, Brignull said on Tuesday.

Facebook has a well-documented history of sending emails and text messages to users who haven’t visited the site for a while, urging them to return. Tech companies in the past have also turned on data-sharing by default, or have hidden the ability to opt out of sharing behind layers of settings.

“In the last 10 years these tricks have become much more widespread,” Brignull said. “All of the big tech platforms use these kinds of tricks one way or another.”

One of the goals of the landmark European privacy rules that came into force last year was to give internet users more clarity about what they were consenting to. That’s led to a battery of new pop-ups asking people for data every time they go to a website, prompting many to simply click yes to avoid the annoyance.

In addition to making it illegal for large platforms “to design, modify, or manipulate a user interface with the purpose or substantial effect of obscuring, subverting, or impairing user autonomy, decision-making, or choice to obtain consent or user data,” the bill would prohibit dividing up consumers to perform behavioral experiments without their consent and would stop designs that are meant “to create compulsive usage among children.”

The bill won’t penalize big advertising platforms like Facebook and Google’s YouTube for running ads that exhibited “dark patterns,” because a third party is creating and paying for the ad, a Warner spokeswoman said.

The bill attracted praise from a policy executive at Microsoft, Fred Humphries, who said the company supports the lawmakers’ efforts to protect people from exploitative and deceptive practices. Software giant Microsoft has previously called for ethics standards in its artificial intelligence business as well as regulations on privacy and content liability that could also affect large social media sites and their ad-driven businesses.

Earlier this month, top Republican senators expressed optimism about the efforts of a bipartisan foursome of lawmakers from the chamber who are seeking to write a comprehensive privacy bill, but they declined to say how close the legislation might be or if they’d reached compromises with Democrats on key divisions, including the role of state laws.

In addition to regulatory scrutiny, such as a Federal Trade Commission probe of Facebook’s data-sharing practices, lawmakers and activists have also expressed concerns about—or sought to regulate—tech issues including inappropriate content, product placement aimed at kids, fake news, data lapses, election meddling, and alleged political bias. Several bills have landed that are unlikely to pass, but incorporate ideas that could make it into future legislation as Washington comes to grips with policy issues related to technology.

On Tuesday, a House committee also held a hearing on white supremacy, where representatives from Google and Facebook testified.