Potentially uncomfortable but true: if you're doing A/B testing of any kind on users who did not explicitly consent to be part of such a test, you're performing unethical research on human subjects.
(Repost dug up from an old 
thread of mine.)
Now that you've heard this, stop doing it. If your employer is telling you to do it, tell them it's unethical research, that you didn't realize this in the past, but that you can't continue to do it in the future.
This includes things as stupid as whether to place the button on the left or right, or what color scheme to use. If you want to conduct tests to make those decisions, HIRE and PAY testers. Don't make unwitting users your guinea pigs.
@dalias@hachyderm.io There is no guarantee that testers will be a representative sample. In fact, they almost certainly will not be. Paid testers are a necessity, but they are not a substitute for data from actual users in the field.
Iβll leave the consent question to those who actually work in human subject research, which I do not.
@dalias@hachyderm.io this is an extremely conservative stance and one that doesn't match what I've seen both in my training as an IRB administrator and in the general research ethics training on human subjects; plenty of stuff is exempt and even consent exempt. I understand the concerns people are raising in this thread about behavioral experiments, but minimal product research? Collecting consent itself introduces risk for things like personal data storage. It is just more complicated than you're saying.
@grimalkina@mastodon.social @dalias@hachyderm.io Itβs possible to handle the consent entirely client-side.
@grimalkina@mastodon.social @dalias@hachyderm.io Itβs possible to handle the consent entirely client-side.
@alwayscurious@infosec.exchange @dalias@hachyderm.io this was such a funny response thank you for that
@alwayscurious@infosec.exchange @dalias@hachyderm.io this was such a funny response thank you for that
@grimalkina@mastodon.social @dalias@hachyderm.io what is so funny about it?
@grimalkina@mastodon.social @dalias@hachyderm.io what is so funny about it?
Cassandrich