If you follow cybersecurity hacker methods — or just watch Mr. Robot — you probably know that the best way to get someone’s password is to ask for it. Sure, you probably can’t just say “Hi, I’m a bad guy. Can I have your password?” But there are all sorts of tricks you can use like pretending to be in the person’s IT department, someone in management, or by making up a crisis to overcome their better judgement with a sense. But of course, as wise computer people, we are immune to such things, right? We also don’t need those kinds of tricks in our arsenal.
Is that true? It is amazing how many subtle things influence what we think are rational decisions, no matter who we are. Consider going to eat in a restaurant. Simple, right? You look at the menu, pick what you want, and order. No one is influencing you. But they are. According to a BBC article, there’s a whole industry of menu “engineering” that figures out how to get you to order pricey food.
You might not think social engineering for menus is a great skill for us. But maybe your new open source project needs collaborators. Maybe your startup company needs investors. Maybe you’d like someone to look at your resume. Maybe the same tricks that work with diners will work in those cases, too.
Not Just Menus
It isn’t just menus. Grocery stores have a whole science about where to put things like milk to make sure you get a chance to buy other things. They also know what locations sell things. Casinos are wise, too. Slots that are highly visible often pay out more than ones tucked in a corner. Unless they are visible from the high-profit table games where they might annoy high rollers.
The TV show Brain Games did an experiment about “the decoy effect.” They offered moviegoers a choice of a small popcorn for $3 or a large popcorn for $7. They sold virtually no large popcorns and — when asked — customers complained about the cost of a large. Later, they offered similar customers three choices. The small and large were still the same, but they included a $6.50 medium size. Everyone wanted the medium size but then would realize that they could get the large size for only 50¢ more and did that. The way the menu options were presented moved the results from small to large and consumers were none the wiser.
Back to Your Regularly Scheduled Menu
As the popcorn experiment shows, our sensibility around pricing on menus is inexplicable. Dishes that use longer words on a menu tend to cost more and diners don’t mind. Restaurants will also place the most expensive items up top so when you get to the lower-priced items, they seem more reasonable.
So what entices diners? Simple things like typefaces and color apparently can make big changes. Italics convey quality and — paradoxically — ornate script may be hard to read but may make things seem to taste better. Apparently, wine labelled with a hard-to-read script font got higher marks than the same wine in a more legible bottle.
Studies show that people associate round typefaces with sweet foods and angular ones with salty food. Doesn’t make sense, but it is apparently true.
Obviously, fries don’t sell as well as “thick crispy fries.” Penn and Teller’s show, Bullshit! did an episode on this where diners were served horrible food in an upscale restaurant and loved it because the waiter sold everything. Store-brand whipped topping was a hand-whipped mousse, for example. Most people ate the cheap corner market fare as though it were a five-star meal.
Menu experts claim that descriptive language can increase sales by 27%. Stanford found that “sweet sizzling green beans” were ordered 23% more often than “green beans.” That stands to reason, but it is strange that even though you know it is hyperbole, it still affects you.
Consider this text from the description of a McDonald’s Quarter Pounder:
…hot, deliciously juicy and cooked when you order. It’s seasoned with just a pinch of salt and pepper, sizzled on a flat iron grill, then topped with slivered onions, tangy pickles and two slices of melty American cheese on a sesame seed bun.
A flat iron grill? Do other places have non-tangy pickles or cheese that doesn’t melt on a hot burger? Is the McDonald’s chef back there pinching a little seasoning into your burger? But it still works. You are probably ordering one on your phone right now.
Pictures and videos are a mixed bag. Sometimes diners associate food pictures with low quality. Also, there’s the fear that the food you see in the picture — which is often not really food as you’ll see in the video below, since food is hard to photograph well — will look better than the food that arrives at your table. If you’ve eaten at a fast-food joint, you know that isn’t at all unlikely.
You may think this kind of social engineering is only for the shopkeeper or the restaurateur. But how many times do you pick a tool like, say, Chrome over a comparable tool like Firefox? If you want people to use your work, maybe some social engineering is in order.
We’ve all seen great projects and companies falter while lesser ones flourish. Without naming names, operating systems, Linux distributions, editors, programming languages, and video formats have all seen this effect. So when you write your next great IoT library, maybe it shouldn’t be “functions that let you control devices using network requests.” Maybe it should be “a robust and secure library that makes it easy to take control of devices from anywhere in the world simplifying and enhancing your high tech lifestyle.” Sure, it sounds ridiculous, but it’s proven to work.
59 thoughts on “Social Engineering And Menus”
Social in a group that’s traditionally not noted for it.
That just means to be truly exceptional and really stand out, all you need to do is show up. Those opportunities are pure gold.
To show up for this one all you need to do is set aside the technical magic you did and remember why you started the project in the first place. Rekindle the fire that got you through the challenge, and then if you can’t think of the ornate language of marketing, grab coffee with someone who can, and share your excitement with them. Then listen very closely when they recap or retell your story.
“90% of success is just showing up.”
“86.5 percent of statistics are made up, with a decimal point added to increase the illusion of accuracy”
I like social distancing.
You wouldn’t if you realised just how dependent it has been on marketing, look up Laura Dodsworth’s ” a state of fear”.
Nah, I practiced it for years before it became the thing to do.
A friend of mine told me I was practicing social distancing before it was cool. We didn’t even know anything had changed :)
Great feeling, init?
The techniques used for making the commercial videos (and menu photos) sound like they are misleading, but this is not quite fair. It is very important for every ingredient to be visible on a visual menu (or a commercial), or the customer could be very surprised when they find a hidden ingredient (that really wouldn’t show up if you just took a picture of one hot off the grill) in what they order — some people never read a description of what they’re ordering, and that’s the only way to know what will be in it.
This. I know perfectly well that those photos are fake. I don’t care. I don’t want a *visually* realistic photo. I want a photo that will inform me about the taste, texture and ingredients of what I’m ordering. I want a photo that will inform me (if a bit optimistically) about what it’s like to *eat* the thing I’m ordering.
Some of the effects above are explained by “concordant self image”, which is a fancy way of saying that your brain will change its beliefs to become consistent with how you act.
A good example is hazing for club memberships like fraternities and military groups. Members who go through the hazing like their groups *better* than people who don’t. The extreme displeasure causes their brains to say, “I had to go through this effort to get here, so I must like it”.
You can even change peoples’ opinions this way, without their knowing it. At a public event, a concert for instance, if you ask people “how did you like the event” on their way out shy people will be polite and say they liked it even when they didn’t. The curious thing is that these people will later report that they actually *did* like the concert: their brain noticed that their actions didn’t match their belief state, and changed their state to compensate. And didn’t note the fact, so the people believe that they liked the concert from the outset.
This is why making the fonts hard to read makes the result seem better – it’s extra work you had to do to get the result. Of course you must have liked it better – you did all that work to get it, didn’t you?
I’m right now making a project that other makers can use to improve motivation for finishing projects, and this is one effect I’m using to accomplish this. If you say to yourself “I am a writer” (or welder, or costume-maker, or whatever describes your project), and write that word down on a slip of paper and carry it around in your wallet/pocketbook, you can change your brain’s self image. “Fake it until you make it” is based on psychology.
After all, you took the trouble to write the word and save it, there must be *some* reason you did that…
This is how I feel every time I break in a new pair of expensive shoes.
And the cheap shoes wear out in a few months…
On the hazing it is even more interesting. A while back a frat killed a kid with hazing. It was a big news story and the kids parents were appalled. It is interesting that they did not see that had their kid not died, he would have become one of monsters they were so appalled by. Apparently the parents were OK with their kid potentially killing other kids, but it bothered them when their kid got the short straw.
What’s your point?
Most likely the parents never knew what was going on, so you can’t fault them for being “ok” with how the fraternity was handling things.
I believe this explains Linux popularity.
I get the point of the article, but despite snobbery, there is a reason that McDonalds sells billions of burgers and fries or, for example, Bud Light outsells all other beer. Marketing surely has a lot to do with it but if it actually tasted like hot garbage, no amount of PR spin would save it. “Store brand whipped topping” is also a viable, profitable commercial product and, like or not, sells for a reason without a fancy restaurant behind it.
When I was in school I made a few extra bucks here and there doing pre-market product testing and none of them involved looking at labels or anything, they were all blind taste tests. My friend did a couple for razors where he took them home and used them then reported back, and even got some blue jeans then they asked him about comfort, etc. I’m not saying marketing isn’t a big deal, but that these major companies (McDo, Amheiser [sp?] Bush, even Prego or Levi’s) do put in the R&D money up front. So I think the point should be make your product not suck first, then spin it later to maximize profit.
I’m also not saying I’m immune to food marketing, but yeah I’ve had some really gross pickles, refuse to eat “cheese” at most fast food places and so on. But I’m weird, I have no emotional connection with food, it just is a chore. I realized the other 99% of people don’t feel that way though so, sure, enjoy your “hot, deliciously juicy” burger. Sounds like a gross oxymoron to me but whatever.
The amount of effort that goes into selling products is far greater than what goes into making them, too ofteb. Coca cola isn’t a magic recipe it’s brown fizzy sugar water that reminds you of the Olympics and polar bears.
If your first exposure to Coke was through the advertisements, then yeah, it’s Olympics and polar bears.
For me, Coke is an ice cold drink on a hot, sweaty summer day when you’ve been out playing too hard or mowing lawns all day. It’s the time six year old me opened a can that was shaken up from the drive down a dusty, bumpy road and nearly drenched the neighbor kid with the stream that shot from the can.
Similar. But I think that’s also part of the strategy. Have the drink available, especially in touristy or hot places, so you associate it with those memories, and as refreshing or as resting time after fun.
Much more effective than this status, star and other wannabe crap.
Bud Light is bland and so is McDonalds. When I say McDonalds is bland I mean you can’t taste the meat. You taste the condiments and onions. I think the trick here is good advertising and making your food bland enough to not offend people’s taste buds while not making it actually taste disgusting. Which would be similar as to why most foods on menus that are noted as “spicy” are often not all that spicy if it all.
The Rick Sanchez password acquisition method? Ask for it
Speaking of which, have you noticed people who “roleplay” Rick Sanchez in comment boards, inserting the burps and farts in between text. It’s extremely annoying.
Food is critical to mood, empirically it has been found that people doing surveys to rate a service, generally give higher scores a short while after lunch than before lunch.
After a meal, the digestive process begins, and blood flow to the stomach and intestines increases because the brain dilates the blood vessels supplying the digestive system. When this happens, your body in effect decreases the supply of blood(oxygen) to the brain and elsewhere. This reduced supply of oxygen makes you feel a bit sleepy after eating. Because of this your brain is not firing on all cylinders.
Sorry, I left out my point which is that this could be leveraged as an advantage in social engineering. Next time when talking about a raise with your manager, maybe start the conversation shortly after lunch.
Luckily, that crap doesn’t work on me, but I have one for you… the missing small sized items. Go to a fast food joint and order a small fry. “Sir, we don’t have small. We have medium, large and extra-large.” I have literally argued with them that if you have three sizes – call them whatever you want; call it a tugboat, a yacht and and the Titanic – but the smallest size is a small. The girl could not grasp that concept.
Words can be just labels, not connected to their dictionary meaning. For instance, when I go to the car wash and ask for the “Gold Level” service, I do not expect them to apply a thin layer of gold to my car. Also, McDonald’s does not sell a “Small Mac” and that doesn’t seem to be a problem.
The whole world knows that Big in Big Mac is just a part of the name. When you order a small fry, the small denotes size. You’re comparing apples to oranges and I was just showing the lengths they go to in subliminal advertising.
“Oh, you mean a venti.”
come on, just give a link :)
“a robust and secure library that makes it easy to take control of devices from anywhere in the world simplifying and enhancing your high tech lifestyle.”
I’d be careful of claiming robustness or security unless you explictly designed for them, if you do then who might end up using your project as a buggy or insecure layer somewhere at the bottom of a large and complex stack?
I might be able to help you out there:
“Robust”: The binary is very very large.
“Secure”: It’s not really documented, so we don’t expect issues.
I noted recently that Wendys have gotten worse with this.
Their latest drive-through menu boards have been simplified. For the common options, they now show only two prices – the sandwich-only price, or the meal price. When you order a meal you get asked “medium or large”.
That false dichotomy doesn’t match the meal price on the board which are, of course, for the small meal. It’s legal, but borderline bait and switch. Incidentally, small drinks are now 20oz. Absolutely absurd.
You want to ask for ‘Junior Size’.
#52: Keynote – Paul Fenwick, discussed the brain and in particular, social engineering, at length.
Of course, if you want to entice someone in a restaurant, don’t write this:
And remember to get someone to proof-read carefully:
Hmmm. I recall some serious pricing studies that show it is the Large that no one buys. In a bar you have the bargain beer, your high profit beer, and an expensive premium beer. If you set the high profit beer at the right point below the premium, people will see the middle one as the smart choice. You stock almost none of the premium beer. This is true throughout retail. Maybe there is something about British culture that makes them buy the “posh” version?
And I don’t think Casino’s in the US do that payout thing anymore.
1 When shopping take a list and stick to it
2 When eating in a restaurant, Don’t – Try cooking your own food cheaper and more nutritious.
3 When going to the movies , Don’t – Wait until it comes on free to air TV and make your own popcorn ( about $0.50).
4 When watching TV watch the ads carefully – Look for errors, analyze the target market, etc. You will be surprised at the number of continuity errors etc in the average TV ad > This one drives my wife mad (bonus).
5 When buying beer, find one that you like and doesn’t give you a hangover if you should have a few too many and STICK TO IT. they do exist.. I haven’t changed my beer of choice for 50 years.
6 When on the internet, Use a privacy hardened browser with good ad blocking, and a privacy spoofing plugin or Two. Use a VPN, and a good selection of junk email addresses and never check them. Most importantly have your own DNS where Google, Facebook, Twitter, etc,etc, are blocked and if they sneak one through make sure you add the IP to the block list.
6 Most importantly be happy in your own skin. Don’t look to others to validate your existence. To some of us covid lock downs have been a real joy.
>and doesn’t give you a hangover
Ethanol gives you hangover. It’s got nothing to do with the beer. Anything else is superstition unless you’re drinking some literal rotgut that has methanol in it (hint: not legal to sell).
Ethanol plus presertives = hangover. 6 stubies of Coopers Sparkeling Ale (5.7%) no hangover, 3 stubbies of VB (4.4%) = Oh god let me die!
There’s no special preservatives in VB, just malts and hops as any beer. Also, who in the world gets a hangover from three small beers? (stubbie = 375 ml)
Sounds like you got food poisoning.
I checked out the recipe for VB, and it’s got a lot of sucrose added to it (up to 30%) which is liable to turn a batch foul if the conditions aren’t right. The end result is a load of acetaldehyde instead of ethanol, which is the stuff your liver makes when it breaks down ethanol, which would make a bad batch produce an instant hangover effect.
The liver normally breaks acetaldehyde right down to acetate which is not harmful, but after processing a lot of ethanol it runs out of the enzymes to do that and can’t make more in a hurry, so you get a buildup of acetaldehyde and a banging hangover.
If it’s already in the beer, then you get instant hangover as well. However, you would notice because acetaldehyde is very irritating and smells awful.
Also, a tiny amount of acetaldehyde is said to smell like green apples. Certainly there are some beers which are intentionally sour, and they have trace amounts of acetaldehyde.
“4 When watching TV watch the ads carefully” – try watching the ads with the sound muted. VERY interesting. You can suddenly see a lot of the tricks in the construction of the ads.
I agree… but for point 6, it’s worth pointing out that if you practice sensible digital sanitation (e.g, a VPN, not saving cookies, using a private browser tab) sites like Gmail and Facebook will fail because they “don’t recognise the device.” Think for a second how screwed up that is. And that junk email you used to sign up? Now you can’t even get the unlock code.
Again, i agree with your points. Unfortunately the big players are specifically discouraging people who practice sensible security on the web.
_hot_, _deliciously_ _juicy_ and cooked when you order. It’s _seasoned_ with just a _pinch_ of salt and pepper, _sizzled_ on a flat iron grill, then topped with _slivered_ onions, _tangy_ pickles and two slices of _melty_ American cheese on a sesame seed bun.
These words are all thrown in there to activate the sensory regions of the brain. You can taste the tang, hear the sizzle, feel the pinch of salt, see the hot cheese melting. You could take all these words out, and the description would still be fine, but it wouldn’t give your brain the sensory experience that makes you crave some maccas.
Someone once said (something like) this: “If advertising didn’t work then we wouldn’t use it.”
Same with this. There is a science to everything and everything has a science. We’ve just elevated ourselves to more smarter forms of manipulation. Then there are the conjunctions of sciences where enterprising people link social science and machine learning and low-and-behold: we end up with Amazon, Youtube, Instagram or whatever other “advertisement delivery platform” you want.
Same rubbish, different form factors.
Besides, isn’t this all just neuro-linguistics?
>“If advertising didn’t work then we wouldn’t use it.”
Yes we would.
Look at how many people pray to God every day.
Also notice, that the biggest victims of advertising are the businesses who advertise. The advertising agencies and distributors are basically duping companies into believing that advertising works, and that’s the only sort of advertising that really has to work – all the rest that follows can be any old BS.
Basically, it doesn’t matter whether advertising works or not, as long as you believe it does, so companies like Google can make money out of your business.
So, if you’re coding a GUI, make sure that any menus have lavish descriptive items, with the items YOU want people to select close to the top!
Or just hide all the menu options behind obfuscated buttons so people won’t bw able to find them.
Go looking for a way to make an offline account in windows 10. Or turn off location services in android. Or connect your own service with Comcast. Hint . . . you can’t. (Well Windows eventually lets you if you unplug the network, and Google says they turn off tracking when they haven’t, if you tell Comcast you are setting up XFi they let you enter your account details in the cable ‘modem’ without getting the comcast app from the store.)
I’ve never told Google where my home is, but there a big pin is on my maps. I hear you can make a decoy home to prevent that. Here is hoping open alternatives come about. Phones I’m not sure on. I think all the manufacturers and service providers get too many kick backs to allow open products.
The fact you need an ‘account’ for personal hardware is concerning. So yeah, unplug that cable or turn off your wifi for the Local Account.
I would never pick Chrome over Firefox. And those that do probably also have a Gmail account and that ‘service’ running in the background.
cZ gets it! Why would anyone use a web browser made by an advertising company?
I find restaurant menus a complete gamble. You gotta decipher all these wordy options, and often need google translate for some type of cheese or cured meat. I look at the photos on google maps to ensure I get something tasty and substantial. It’s like my superpower (although my partner thinks it’s embarrassing while she’s reading the 400 word menu) 😁
Please be kind and respectful to help make the comments section excellent. (Comment Policy)