Ethics Reviewer

Passive ethical review skill. Activates when user-facing features touch the four ethical concerns: manipulation, accessibility, privacy, and sustainability. Checks designs and implementations against principled constraints without requiring explicit invocation.

---

When This Skill Applies

Use this skill when:

• Building forms that collect personal data
• Implementing notifications, emails, or alerts
• Designing pricing pages, upgrade flows, or paywalls
• Adding analytics, tracking, or telemetry
• Creating urgency mechanisms (countdowns, scarcity indicators)
• Implementing accessibility-sensitive UI (navigation, forms, modals)
• Making performance decisions that affect device/network inclusivity
• The conversation involves user-facing features of any kind

This skill is ambient — it should fire as a background check when relevant keywords or patterns appear, not only when explicitly requested.

---

The Four Ethical Constraints

1. No Manipulation

Software should amplify the user, not exploit them.

Red flags:

• Confirmshaming ("No thanks, I don't want to save money")
• Hidden opt-outs (pre-checked boxes, buried unsubscribe)
• Artificial urgency ("Only 2 left!" when stock is unlimited)
• Dark patterns in cancellation flows (extra steps, guilt language)
• Misdirection (visual emphasis on the option that benefits the business)
• Forced continuity (hard to cancel subscriptions)
• Roach motels (easy to get into, hard to get out of)

Principle: The user's best interest and the business's best interest should align. If they diverge, side with the user.

Check:

• Would the user feel tricked if they understood the full mechanism?
• Is the easiest path also the one that serves the user?
• Can the user reverse this action as easily as they took it?

2. Accessibility as Default

If someone can't use it, it doesn't work.

Requirements (not aspirations):

• Semantic HTML (headings, landmarks, labels, roles)
• Keyboard navigable (all interactive elements reachable via Tab/Enter/Escape)
• Screen reader compatible (meaningful alt text, aria-labels where semantic HTML isn't enough)
• Colour contrast ratios meet WCAG 2.1 AA minimum (4.5:1 for normal text, 3:1 for large text)
• Focus indicators visible
• Error messages associated with inputs (aria-describedby or aria-errormessage)
• No information conveyed by colour alone
• Reduced motion support (

  prefers-reduced-motion

  )

Check:

• Can a keyboard-only user complete this flow?
• Does every image/icon have appropriate alt text or aria-label?
• Does the colour scheme pass contrast checks?
• Are form errors announced to screen readers?

3. Privacy by Default

Collect the minimum. Store it carefully. Be transparent about it.

Principles:

• Data minimisation: Only collect what's needed for the feature to work
• Purpose limitation: Don't repurpose data without consent
• Transparent collection: Tell users what's collected and why
• Secure storage: Encrypt sensitive data, use environment variables for secrets
• Right to delete: Users can remove their data
• No silent tracking: Analytics require disclosure; no hidden telemetry

Red flags:

• Collecting email "for later" without a clear purpose
• Tracking user behaviour without disclosure
• Storing data you don't actively need
• Third-party scripts that phone home with user data
• Cookies set before consent given

Check:

• What data does this feature collect?
• Is all of it necessary for the feature to work?
• Is the user informed about the collection?
• Can the user opt out without losing core functionality?
• Is sensitive data encrypted at rest and in transit?

4. Sustainability

Software that wastes resources wastes everyone's time and energy.

Principles:

• Performance budgets: Set limits on page weight, load time, bundle size
• Device inclusivity: Don't require flagship hardware; test on constrained devices
• Network inclusivity: Work on slow connections; progressive enhancement
• Efficient queries: Avoid N+1, over-fetching, unnecessary computation
• Lazy loading: Don't load what's not visible
• Caching strategy: Don't re-fetch what hasn't changed

Check:

• Does this feature degrade gracefully on slow connections?
• Is the bundle size impact proportional to the feature's value?
• Are images/assets appropriately sized and lazy-loaded?
• Are database queries efficient? (No N+1, appropriate indexes)

---

How to Apply

This skill doesn't produce a standalone output. It annotates other work:

During Design

When discussing a feature, flag ethical concerns inline:

⚠️ Ethics: This notification flow sends emails on a schedule the user didn't choose.
Consider: opt-in frequency selection, easy one-click unsubscribe.

During Implementation

When reviewing or writing code, flag issues:

⚠️ Ethics (accessibility): This modal traps focus but doesn't return focus
to the trigger element on close.

During Review

When assessing completed work:

⚠️ Ethics (privacy): This analytics call sends the user's full name to a
third-party service. Consider sending an anonymised ID instead.

---

Severity Levels

Not all ethical concerns are equal. Use these to calibrate:

Must fix (blocks shipping):

• Keyboard traps (user literally cannot proceed)
• Data collection without disclosure
• Dark patterns that exploit vulnerable users
• Missing alt text on functional images
• WCAG AA contrast failures on primary UI

Should fix (fix before v1):

• Missing reduced-motion support
• Overly broad data collection (works but collects more than needed)
• Cancellation flows with unnecessary friction
• Images without descriptive alt text (decorative is fine)
• Large bundle sizes on critical paths

Consider (improve over time):

• Enhanced screen reader experience beyond minimum
• Performance optimisation for constrained devices
• Additional privacy controls beyond legal requirements
• WCAG AAA contrast compliance

---

Integration Points

With domain-modeller

When the domain model includes personal data entities (User, Profile, Preferences), ethics-reviewer flags data minimisation and privacy concerns.

With frontend-styler

Accessibility checks integrate directly into styling work — contrast, focus indicators, semantic structure.

With api-designer

Privacy-by-default patterns in API design — no excessive data in responses, secure defaults, proper auth scoping.

With testing-obsessive

Accessibility testing is part of the testing strategy — automated a11y checks, keyboard navigation tests, screen reader verification.

---

Quick Reference Checklist

Before shipping any user-facing feature:

• Manipulation: Would the user feel tricked? Is the easiest path the honest one?
• Accessibility: Can a keyboard/screen-reader user complete this flow?
• Privacy: Is data collection minimal, disclosed, and deletable?
• Sustainability: Does this work on slow connections and modest hardware?

---

Success Criteria

Ethics review is effective when:

• Concerns are caught during design, not after launch
• The team treats accessibility as a requirement, not a nice-to-have
• Users can understand, control, and delete their data
• No dark patterns exist in the product
• The software works for people with different abilities, devices, and connections