back to article Pizza proffer punctures privacy protection, prompts pals' perfidy

Researchers from the Massachusetts Institute of Technology and Stanford University have found that people say they want privacy but make choices suggesting the opposite, and can be easily manipulated through interface design, reassuring statements, and pizza. In "Digital Privacy Paradox: Small Money, Small Costs, Small Talk," …

  1. John Mangan

    Do you want a free pizza?

    Pass on this information which doesn't affect you in any obvious way and is already 'public' anyway?

    Why not?

    Perhaps a note saying you should ask your friend if it's okay before passing on their information?

    1. Robert Carnegie Silver badge

      Re: Do you want a free pizza?

      Maybe the e-mail provided isn't a friend's. for instance.

      And presumably the offer is from an apparently trusted source. If Microsoft bought me a pizza I'd check for broken glass in it - I wouldn't eat it anyway but it would affect which recycling bucket I'd put it in.

      1. Anonymous Coward
        Anonymous Coward

        Re: Do you want a free pizza?

        Maybe the e-mail provided isn't a friend's. for instance.

        Bounced. WTH???

  2. sebt

    Sounds like fascinating research

    ... which will be eagerly read by the arseholes who have taken over the Internet, turned upside down and used to slurp even more of our data.

    A bit of Luddite smashing of datacentre hard-drives is what's needed.

  3. W4YBO

    Thanks for the reminder...

    I probably need to mention to a couple of my friends that trading my information for a trinket would be a bad thing. They aren't bad folks with nefarious intent (all but one), but they just wouldn't *think* about it before it happened.

    1. DropBear

      Re: Thanks for the reminder...

      Just mention casually, accompanied with a charming smile, that they're the only ones who got that specific version* of your email address so if they happened to leak it, you'll definitely know it was them...

      * this obviously won't work with john.doe@... - you'd need something like 1234.john.doe@... (and them not figuring out they can just send mail to the base address)

  4. DubyaG


    "If companies ask for consent, they should ask in a way that's not designed to induce the answer they want"

    Yeah, right and companies always do what they should.

    1. Mark 85

      Re: Design

      How many still think that one of Google's mantras is: "Do no evil"? I think we in IT know the answer, but what about the teeming masses?

      1. Captain DaFt

        Re: Design

        "How many still think that one of Google's mantras is: "Do no evil"?"

        I've always read a bit more into it:

        Google: "Do no evil... because we're watching you!"

  5. Anonymous Coward

    3,108 out of 4,494 undergrads who chose to participate

    So... not a real study then...

    Because as we all know, college kids would do anything for a pizza...

  6. RyokuMas

    "... people say they want privacy but make choices suggesting the opposite, and can be easily manipulated through interface design..." offering "a faster way to browse the web" all over your site's main page?

  7. Tikimon

    Easy enough solutions...

    - Make Opt-Out the default for every service.

    - Force EULAs and TOCs to be in plain-language.

    - Recognize that "legalese" is intended to hide important information and use of it is therefore fraud.

    - Force data-holders to delete all data about one on request.

    - Impose timely and painful fines for any violation of the above.

    Easy fix, but it would never get past the Vested interests...

  8. iron Silver badge

    Garbage tests = garbage results

    "reveal a friend's email address, something consumers consider almost as sensitive as social security numbers"

    1. Email addresses are nothing like social security numbers. They are more akin to a postal address or telephone number and practically public domain.

    2. You aren't testing how they think about privacy because you asked for someone else's email. You should have asked for their own email address.

    1. DropBear

      Re: Garbage tests = garbage results

      Sure as hell neither my postal address nor my phone number are public domain. You can't find them listed. My phone is a prepaid that was never registered and the flat where I live is not in my name.

      1. Alistair
        Big Brother

        Re: Garbage tests = garbage results


        "An illusion, what are you hiding" (from).

        Since I'm a homeowner, I'm not in the same boat. There are public records, and I'm sure that there are a couple of other folks around in the same boat. Your phone number is one of a sequence, so it is technically publicly available - just not directly assigned to you publicly. Certainly, someone somewhere has your phone number tagged with your name, possibly your address, and is using google. Sorry.

        <icon is appropriate>

        1. sorry, what?

          Re: Garbage tests = garbage results

          @Alistair, totally agree about the "phone number tagged with your name" thing. There are a bunch of different sites that craftily get a person to share personal data about other people, I'm thinking and LinkedIn specifically, by giving you free access or other "goodies" if you let them slurp your contacts. Personally I think this is actually encouraging people to break the law since this sort of data should be covered by the data protection act.

        2. DropBear

          Re: Garbage tests = garbage results

          @Alistair: I do sympathise with that situation, being the owner admittedly complicates things. That said (and re:phone / Google) there's rather a lot of difference between "knowable, for certain categories of privileged people, with non-negligible effort" and "practically public domain", the original remark that prompted my reply...

    2. Arthur the cat Silver badge

      Re: Garbage tests = garbage results

      A few years ago something similar was done here in the UK. They claimed they asked commuters at a railway station to tell them their login passwords in exchange for a bar of chocolate as I remember. Firstly, most true commuters would have simply ignored them or sworn at them, secondly they had no way of checking the validity of the passwords they got. Stupid publish or perish nonsense.

      My password? Oh, it's BdelliumPhthisisMnemonicCzarina(*), where's my chocolate?

      (*) Or was that Tsarina at the end?

    3. DryBones

      Re: Garbage tests = garbage results

      Exactly. Fundamentally flawed study, didn't ask whether someone would give up their OWN information. If this is protected information they've all fallen afoul of the DPA, because neither the person asked nor the asker was the owner of the address.

      This is exactly how TrueCaller operates. Suck your friends' contact list dry and pretend that means they have permission to have all those people's that data. Er, no. That's beyond needing a lawyering and straight to needing a rogering.

  9. Anonymous Coward

    Everyone is missing the important issue here...

    What toppings are on the free pizza?

    1. John Brown (no body) Silver badge

      Re: Everyone is missing the important issue here...

      Yeah, anchovies? No deal!

      1. Captain DaFt

        Re: Everyone is missing the important issue here...

        worse: "Pineapple!?!? I keeell you!"

        1. John Brown (no body) Silver badge

          Re: Everyone is missing the important issue here...

          The inventor of the Hawaiian pizza just died

  10. Nick Kew


    It's all about choice.

    There are matters in which privacy is important. There are others in which it isn't, and we'd sacrifice it for convenience or other rewards without a second thought. People perfectly rationally make different choices in different situations.

    Here's one where I had occasion to curse excessive and unnecessary privacy.

    1. sorry, what?

      Re: Choice

      @Nick Kew, you do know you can turn off connecting to public wifi on Android? Just set the correct settings and, if needed, ask it to forget the connections you don't want.

  11. scrubber

    Preponderance of Ps

    Piss poor privacy proxy program proves pizza predeliction.

  12. inmypjs Silver badge

    "no one reads privacy policies"

    Of course (almost) no one reads privacy policies - they are not worth the pixels they are written with. Starting with the "We take your privacy very seriously" lie and going downhill from there.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like