Tuesday 1 October 2019

Microsoft Needs to Stop Screwing With Local Accounts in Windows 10

When Microsoft launched Windows 10 back in 2015, it offered the option to use an online account instead of a local computer account. Four years later, it’s clear the company wishes it had never done this. For nearly half a decade, Microsoft has made a variety of changes to the Windows setup process, including repeatedly rewording the option to create a local account or hiding it altogether, as it did with the Windows 10 1809 Update.

Windows 1903 dialed the hiding back after user outcry, but now Microsoft is at it again. Attempt to set up an account on the latest version of Windows, and you’ll be greeted by the following:

Win10-Signin-Message

“Domain join instead” is now offered where “Create a Local Account” once sat, as Hot Hardware has covered. This is not a one-time change that Microsoft made. This is not a test. This is an ongoing blatant attempt to gaslight and annoy users into creating the account type that Microsoft prefers they use rather than the account type they might want.

I am not going to bother going through the differences between an online, Microsoft-hosted account and a local account. Those differences have absolutely nothing to do with how Microsoft is repeatedly sabotaging and changing the mechanism for selecting a local account as opposed to an online one. The only point in play here is the fact that some users want local accounts and Microsoft very obviously does not want people to have local accounts. Whether because of legacy applications, corporate demands, or IT security requirements, it is apparently necessary for offline accounts to remain possible, but the company clearly doesn’t want them to be used.

This is what is known as a “dark pattern.” In the context of a UI, humans use patterns to look for recognizable elements and clues about how things function. A dark pattern, therefore, is a pattern purposefully designed to obfuscate and hide valuable information, in the hopes that people will not figure out how to use the application properly. A company with a permission form that switches from opt-out checkboxes to opt-in checkboxes in the same document is using a simple type of dark pattern. Displaying checkboxes that are grayed-out so as to appear un-selectable would be another hypothetical dark pattern — a user might not even attempt to click into them, assuming that because they are grayed-out, they are unusable.

A classic dark pattern. The top section is opt-out, the following is opt-in. If you only read the top section, you’ll opt-in to the following section below it and receive information from third parties you did not wish to receive. Credit: The Verge

Dark patterns are tricks. They hide the truth in a deliberate way while preserving plausible deniability. A number of web services use these sorts of tricks to lock you into subscribing to newsletters, signing up for more expensive services, or otherwise handing over data and personal information. Microsoft is using them to lock you into the kind of account it wants you to have.

The phrase “Domain join instead” is incomprehensible to the majority of individual users setting up their PCs. A small group of people will know that domains have something to do with corporate accounts and will choose not to explore this option out of the mistaken belief that the information it contains isn’t applicable to them. Most people will conclude that “Domain join instead” and “Use a local account” have nothing to do with each other exactly as Microsoft intends because Microsoft has hidden account options behind words that most people do not associate with the process of creating a local account. People are far more familiar with the idea of online versus offline than they are with the idea of a “domain joined” account versus an “online” account. The only reason to make a change like this is to deliberately harm end-user understanding.

Microsoft talks a big game about making Windows more intuitive and approachable. Perhaps the company should amend its marketing to make it clear that it can only be trusted not to misrepresent the contents of dialog menus when you are using its software in the manner it prefers.

It would be one thing if this was the first time Microsoft had changed this option. It isn’t. The company has previously removed it altogether, forcing end-users to disconnect from the internet or repeatedly enter bad email addresses in order to restore it. The company has already demonstrated profound bad faith on this point.

There’s already anecdotal information this latest dark pattern is working. On HotHardware, user TheEgg writes: “I was actually dealing with this over the weekend while setting up a PC for a family friend. Sat there for a good 10 minutes trying to figure out how to bypass needing to create a dummy MS account; eventually turned off the PC to be solved later.”

There is no justification for this repeated obfuscation. At best, it speaks to the colossal arrogance of a corporation who believes it knows better than its own users what settings they ought to use and is willing to tiptoe up to outright lying to force end-users to do its bidding. At worst, it magnifies every single accusation of bad faith leveled against Microsoft and its data collection and privacy practices as they concern Windows 10. I have tried to strike a middle ground on these issues by criticizing Microsoft strongly when I felt it made mistakes but also acknowledging when the company made moves that were friendlier to privacy and reduced data collection. It is much harder to do so when the company continues to make decisions that hide these basic choices.

Microsoft either needs to have the guts to remove the local account option altogether — and deal with the blowback it’ll deservedly get — or stop trying to hide important configuration options behind layers of obfuscating bullshit. It is long past time to cease this half-measure sabotage and provide people with a reasonable setup experience that doesn’t play “Hide the options” with the customer base.

No, the fact that Microsoft is hiding options and playing cute with its UI during setup doesn’t mean the company is harvesting PII (personally identifiable information) from customer data. The problem — which evidently hasn’t percolated its way up to the C-suites just yet — is that every time the company pulls this stunt, it convinces a segment of the population that they are willing to do nastier things. Given the flood of data breaches and deliberately poor practices pouring out of Silicon Valley like the breached dam of the world’s largest sewage-treatment facility, I can’t blame them.

But I’m tired of writing articles about how Microsoft is once more screwing with its customers, only to turn around in days to months and write Yet Another Article about how no, Microsoft has “learned” things now and become a kinder, gentler, company. It would be nice to make it through a six month period without having to write any articles about nasty, consumer-hostile actions Microsoft has taken like this one. Evidently, the company actually learned nothing from its Get Windows 10 debacle.

Microsoft’s motivations are irrelevant. What matters is how this constant stream of changes has played in the community, and the overwhelming response from the community is that it knows exactly what Microsoft is playing here and doesn’t like it one bit.

Knock it off. I’d like to stop using this stupid image of a corrupt salesman. I’d like to stop writing articles about how, once again, Microsoft is screwing with its users. I’d like to focus on the technical improvements and enhancements to the OS rather than things that go perennially wrong. Software bugs are a fact of life in any application. These aren’t bugs. They’re deliberate attempts to mislead people.

Microsoft is clearly trying to force people into using non-local accounts without actually going so far as to remove the option. The company refuses to have an honest discussion about its own use of dark patterns to achieve this goal. That’s all the reason I personally need to never use an online Microsoft account. Any company working this hard to seize access to user data doesn’t deserve it.

Now Read:



https://ift.tt/2o7N5lw from ExtremeTechExtremeTech https://ift.tt/2mApmd7
via IFTTT

No comments:

Post a Comment