[rorykoehler]

From the UX I've studied it seems that ethics is unrelated. Typically in consumer apps the goal is to increase MAU and engagement and UX is dictated by whatever moves the needle on those areas. It's hard to separate whether people are using the app more because of it's better design through UX design feedback loop iterations or if it is a dark pattern.

For example it is entirely plausible that the sms notification being sent once you put in a 2FA number is completely unrelated. In a normalised database there will only be one phone number for multiple uses. If notifications are set to send to the phone number by default and 2fa uses that phone number the app will not necessarily have knowledge whether the phone number was entered due to a 2fa prompt or something else. It only checks for a phone number and acts accordingly. The 2 people/teams who designed each feature would most probably have no idea how else the number is being used such is the nature of complexity.

[koliber]

> In a normalised database there will only be one phone number for multiple uses.

No! Normalization does not mean keeping only one copy of each piece of data, regardless of category and context. I see this behavior all the time in junior and even some senior devs, both in databases, and when they code.

A piece of information has a type, but it also has a context. A 2FA phone number is different than a marketing contact phone number. It should never be normalized into just one field.

My favorite example of this is people re-using a constant in multiple places in code just because it happens to have the same value. Imagine you have a constant defined as `USER_DISPLAY_AS = 'first_name'`. Then, somewhere, you are building sorting and want to be able to sort by first name or last name. You notice you already have a constant that contains a value 'first_name', so you use it. Not you have tied two completely different things together in your code because you thought you are being DRY.

[rorykoehler]

I don't disagree with you on the type issue but you can see in a large organisation how this would easily fall through the cracks. It's also entirely plausible that an intern came up with the sms notification idea and it wasn't caught in code review. I don't really subscribe to Hanlon's razor but in this context I can understand how it could happen quite easily.

[koliber]

This is a type of error that is often found in code and data modeling. I haven't come across a name for it yet. It most definitely can and does fall through the cracks, in small, medium, and large organizations. It is a code smell and should be eliminated whenever it starts happening. However, it is often quite subtle, and a developer's ego is often stronger than the explanation for why it should not be done that way.

I shall dub it "Krystian's Overoptimistic Denormalization Error", or KODE for short.

[solatic]

> From the UX I've studied it seems that ethics is unrelated. Typically in consumer apps the goal is to increase MAU and engagement and UX is dictated by whatever moves the needle on those areas. It's hard to separate whether people are using the app more because of it's better design through UX design feedback loop iterations or if it is a dark pattern.

No matter which metrics you choose, you run the risk of PM's ordering unethical means of increasing those metrics. A bakery can measure itself by sales volume and ensuing revenue numbers - that doesn't by itself prevent bakery managers from adding addictive drugs to the recipes, nor does it mean that those are poor metrics.

What it does mean is a) the company made some poor hiring decisions along the way, and the best way to deal with that problem is by having some b) ethical review board.

[gt_]

I like the example here. I want to outwardly acknowledge the obvious force that is preventing the baker from putting drugs in their recipe: government regulation and law enforcement.

I am an American but I am well accustomed to learning that other countries are able to prevent certain consumer abuse before it replicates at massive scale by acting early and adjusting along the way.

Does this happen in Europe?

[Normal_gaussian]

We're just introducing the GDPR Europe wide which iterates on the member states existing privacy laws to provide definitive rights to any human in Europe, and obligations to any company dealing with their information.

Abusing the 2FA number is likely illegal in most member states now, and is definitely so at the end of May.

[cja]

Probably you mean EU when you say Europe

[Normal_gaussian]

Absolutely, sorry- bad habit

[gpvos]

MAU = Monthly Active Users