Online games using dark designs to collect players' data
Which could be deceptive, misleading, or coercive to users, says study
image for illustrative purpose
New Delhi The privacy policies and practices of online games contain dark design patterns which could be deceptive, misleading, or coercive to users, says a study, revealing potentially questionable data collection practices of online games providers.
Gaming is a $193 billion industry -- nearly double the size of the film and music industries combined -- and there are around three billion gamers worldwide.
The new study, by scientists at Finland-based Aalto University reveals misconceptions and concerns about privacy among players.
"We had two supporting lines of inquiry in this study: what players think about games, and what games are really up to with respect to privacy,’ said Janne Lindqvist, associate professor of computer science at Aalto.
It was really surprising for study authors how nuanced the considerations of gamers were.
“For example, participants said that, to protect their privacy, they would avoid using voice chat in games unless it was absolutely necessary. Our game analysis revealed that some games try to nudge people to reveal their online identities by offering things like virtual rewards,” said Lindqvist in a paper published in the journal Proceedings of the ACM on Human-Computer Interaction.
The authors identified instances of games using dark design - interface decisions that manipulate users into doing something they otherwise wouldn’t. These could facilitate the collection of player data and encourage players to integrate their social media accounts or allow data sharing with third parties.
"When social media accounts are linked to games, players generally can’t know what access the games have to these accounts or what information they receive," said Amel Bourdoucen, doctoral researcher in usable security at Aalto.
For example, in some popular games, users can log in with (or link to) their social media accounts, but these games may not specify what data is collected through such integration. “Data handling practices of games are often hidden behind legal jargon in privacy policies,” said Bourdoucen.