Companies are Subtly Tricking Users Online with 'Dark Patterns' (cnn.com) 46
CNN reports:
An "unsubscribe" option that's a little too hard to find. A tiny box you click, thinking it simply takes you to the next page, but it also grants access to your data. And any number of unexpected charges that appear during checkout that weren't made clearer earlier in the process. Countless popular websites and apps, from retailers and travel services to social media companies, make use of so-called "dark patterns," or gently coercive design tactics that critics say are used to manipulate peoples' digital behaviors.
The term "dark patterns" was coined by Harry Brignull, a U.K.-based user experience specialist and researcher of human-computer interactions. Brignull began noticing that when he reported to one of his clients that most test subjects felt deceived by an aspect of their website or app design, the client seemed to welcome the feedback. "That was always intriguing for me as a researcher, because normally the name of the game is to find the flaws and fix them," Brignull told CNN Business. "Now we're finding 'flaws' that the client seems to like, and want to keep."
To put it in the parlance of Silicon Valley, he realized it was a feature, not a bug....
Brignull, for his part, said he has spent time testifying as an expert witness in some class action lawsuits related to dark patterns in the UK. "The scams don't work when the victim knows what the scammer is trying to do," Brignull said. "If they know what the scam is, then they're not going to get taken in — and that's why I've enjoyed so much exposing these things, and showing it to other consumers."
The article notes that America's Federal Trade Commission "is ramping up its enforcement in response to 'a rising number of complaints about the financial harms caused by deceptive sign-up tactics, including unauthorized charges or ongoing billing that is impossible cancel.'"
The term "dark patterns" was coined by Harry Brignull, a U.K.-based user experience specialist and researcher of human-computer interactions. Brignull began noticing that when he reported to one of his clients that most test subjects felt deceived by an aspect of their website or app design, the client seemed to welcome the feedback. "That was always intriguing for me as a researcher, because normally the name of the game is to find the flaws and fix them," Brignull told CNN Business. "Now we're finding 'flaws' that the client seems to like, and want to keep."
To put it in the parlance of Silicon Valley, he realized it was a feature, not a bug....
Brignull, for his part, said he has spent time testifying as an expert witness in some class action lawsuits related to dark patterns in the UK. "The scams don't work when the victim knows what the scammer is trying to do," Brignull said. "If they know what the scam is, then they're not going to get taken in — and that's why I've enjoyed so much exposing these things, and showing it to other consumers."
The article notes that America's Federal Trade Commission "is ramping up its enforcement in response to 'a rising number of complaints about the financial harms caused by deceptive sign-up tactics, including unauthorized charges or ongoing billing that is impossible cancel.'"
Windows 10 updgrade trickery (Score:5, Interesting)
My favorite recent example was the Windows 10 upgrade dialog Microsoft deliberately designed to trick users into upgrading when they didn't necessarily want to. And of course, Amazon's been under fire by the EU for it's slightly-too-obtuse method of cancelling Prime.
Fortunately, things aren't quite as bad as they used to be, but only thanks to stricter laws. For example, it use to be possible to sign up for services electronically, but you'd have to actually call someone to cancel. That's kind of the ultimate in dark patterns IMO, and is thankfully illegal in many places now.
Re: (Score:1)
Re: (Score:2)
The most common one is cookie banners that induce the user to agree, when in reality most people don't want to be tracked.
I'm currently pushing a dispute with Techcrunch over that through the regulatory process. They have 26 days to justify whey their obviously deceptive and non-compliant website meets the clearly defined requirements of Recital 32 of the GDPR.
Unsubscribe trickery (Score:4, Informative)
I've noticed that a lot of unsubscribe options are not only hard to see, but not even linked from the main page or the user page.
I had a trial subscription to one site that didn't have a visible unsubscribe option - and the only way I found it was to do a web search and use the Google link to the correct page. I assume they had to have an existing unsubscribe page that they could point to when someone sues them or complains to the credit card companies...
Re: (Score:1)
Some don't even let you cancel without calling a number, like NBC parent company Comcast. NYT is a pain to cancel. There are so many cases of this, it's amazing nothing is done. Maybe not amazing, but rather, we may need to start having a parallel congress of Digital Representatives the people elect for them. We spend more time in virtual scenarios (apps, games, websites) than in the real world and nobody is really representing us.
Re: (Score:1)
Some companies, you have to fight the "loss prevention/retention officer", and hope they don't hang up on you. Other companies pretty much don't allow cancelling, and if one just blocks the credit card, about six months later, they ding your credit. I've had to cancel some places with a legal C&D order from a lawyer, served via a constable. This works, but guarantees you will forevermore be on the company's shit list.
Hell, this is why I like Apple Pay so much. If I want to cancel the NYT, I just log
Re: (Score:2)
Some don't even let you cancel without calling a number, like NBC parent company Comcast. NYT is a pain to cancel. There are so many cases of this, it's amazing nothing is done. Maybe not amazing, but rather, we may need to start having a parallel congress of Digital Representatives the people elect for them. We spend more time in virtual scenarios (apps, games, websites) than in the real world and nobody is really representing us.
Actually, something IS already being done. Some states like CA are passing legislation to prohibit predatory and harassing practices like this, and I think it will eventually spread... probably as more and more legislators get annoyed by this like the rest of us.
https://www.connectsafely.org/... [connectsafely.org]
NYT (Score:3, Interesting)
Re:Unsubscribe trickery (Score:5, Informative)
I've noticed that a lot of unsubscribe options are not only hard to see, but not even linked from the main page or the user page.
I had a trial subscription to one site that didn't have a visible unsubscribe option - and the only way I found it was to do a web search and use the Google link to the correct page. I assume they had to have an existing unsubscribe page that they could point to when someone sues them or complains to the credit card companies...
I had a trial subscription with Scribd, unsubscribed, then a month later was charged a subscription payment.
Turns out clicking unsubscribe led to a pay with a big "Sorry to see you go!" followed by a long scroll down where it turns out you haven't actually unsubscribed and in the words of Scribd [scribd.com] (emphasis added):
Once you click on the link to start the cancellation process, you'll see a few pages of confirmations. Read and review before moving forward.
I disputed the payment with both Scribd and Paypal, never heard back from either.
Re: (Score:2)
This kind of thing is why I never get trial subscriptions to any online service.
Re: (Score:2)
It's best to avoid using PayPal because they are middle-men, meaning you can't easily do a chargeback (or Section 75 in the UK) because technically PayPal didn't breech their rules, and your transaction was with them and not the actual vendor.
Unsubscribe from your bank (Score:2)
Its everywhere (Score:4, Funny)
Even relatively trusted download sources play the fuckheaded game of "guess which download icon isn't an ad?"pu
CNN shows us... (Score:5, Interesting)
... that now everyone, even CNN, knows about web design dark patterns.
They provide you with a good example on your first visit to their website:
The "Accept All" cookies button is highlighted with contrasting colour, but the option to reject them is a low-contrast text with a vague "Manage Cookies".
The "Manage cookies" pop-over gives you another, invitingly green, "Accept All" button at the top. Only by scrolling the box do you find "Save Preferences" to avoid accepting all cookies.
Even then, hidden behind headings you must expand, are "legitimate interests" about advertising content, market research, and other things not necessary to serve the web page. To avoid these, you must find them and click on them. The "legitimate" excuse here appears to be that they are entitled to use any means possible to turn a buck. That's pretty dark morals, isn't it?
CNN doesn't need to write about dark patterns in web design in any other website. They just need to show their own website is as rotten as any other they may report on.
Re: (Score:2)
And they do this.. Every.. Fucking.. Time.. Because storing a cookie with the information that "No I don't want cookies!" is not considered a "functional" cookie, necessary to the functioning of the site (which of course, is technically true).
Re: (Score:2)
That's incompetent bullshit. The cookie preference cookie is essential to site functioning and every regulator agrees.
Re:CNN shows us... (Score:4, Informative)
It's not incompetence, it's pure malice. Because they stop doing this the moment you "Accept All". This isn't by accident.
Re: (Score:2)
Re: (Score:2)
If you are in a GDPR country you should complain about this. It's not much effort, and now that Google has been fined again for non-compliance and is changing how their cookie banner looks, we are in a good position to force other companies to do the same.
1. Find the GDPR/privacy email contact for a company. Usually the easiest way is to go to their privacy policy and ctrl+f search for the @ symbol.
2. Email the company in question, pointing out that their website is non-compliant with GDPR Recital 32 (https
Re: (Score:2)
Not only do many of these websites make you click on the individual "types" of cookies to turn them off, they don't actually tell you tha
Re: (Score:2)
It's not just CNN. This is a standard UI that I see on lots of sites. Clearly it's being provided by some company that's made a business of it. A nice list of choices to say what kinds of cookies to allow, and then you click the big green button at the end to ignore all the choices you just made and allow all cookies regardless. Oh yeah, and there's also a less prominent, confusingly labeled button to use your choices, but who would click that?
Like how "Yes/Maybe Later" has displaced "Yes/No"? (Score:5, Insightful)
Would you like to install Microsoft Edge? Yes/Maybe later.
Would you like to send us your usage data? Yes/Maybe Later
Would you like us to send information on upcoming promotions we think you may be interested in? Yes/Maybe Later
(and so on and on and on)
I am not sure if those are dark patterns or just scumbag trickery, but changing responses from Yes/No to Yes/Maybe Later (apparently so they can ask you again, and again,and again because you can't say NO) have become ubiquitous across the www and apps, and they are ubiquitously annoying for being so obviously deceptive.
Re: (Score:2, Informative)
O&O Shutup is what I use to tell Microsoft to:
- Fuck off
- Get fucked
- Disable Cortana, completely.
- etc, etc.
It's utterly ridiculous that a Windows 10 Pro install has so much garbage.
And if people say "Well, use Enterprise", the Windows 11 Enterprise still has things in it that are actually illegal for many businesses I've worked for.
This is news? (Score:5, Insightful)
Dark patterns have been a thing since forever, spawning endless articles, commentary, and even legislation. Why pretend, especially on a technical site, that this is some kind of revelation?
Ryanair used to be a champion in this field. (Score:3)
Just have a look here: https://hallofshame.design/rya... [hallofshame.design]
They even won a Dark Patterns award of some sorts a few years ago, if I remember correctly.
Re: (Score:2)
Dell is another great example. With their "Free support (automa ticallyex ten ded.afterthefirst month.fo ronly10bucks.withthe creditcardinformat ionyo ugaveus.soitstot allylegal)" being on by default and hidden somewhere obscure.
Random spaces because fuck you Slashdot lameness filter.. *sigh*
Why do they bother? (Score:3)
Why do they bother with misdirection and dark patterns? Clearly, they can get away with just blatantly ignoring your choices and preferences.
Every web shop I've used in the last 10 years has had a checkbox to sign up for spam. I always uncheck it, sometimes many times because it always gets re-checked, and every single one of them ignores it and starts sending me spam anyway.
These services could replace their entire cancellation process with a popup that says "Fuck you, take it up with your bank" and no one will do anything about it.
Re: Why do they bother? (Score:2)
Of you got Gmail, try the 'unique email bright pattern':
Gmailname +random_unique_alias @gmail.com
Sign up each site with a unique alias, as above. The alias should be meaningful to you and remind you of the organization . No need to tell Google - they push all aliased emails to your inbox anyway.
If you start getting spammed, block the spammers. Then check the 'to' address to see if you recognize an alias. If so, sinbin that address alias, and block the original 'leaker' too, as consequence.
Re: Why do they bother? (Score:2)
Eg
Realname+examplesite2022@gmail.com
Re: Why do they bother? (Score:2)
Lots of sites will reject those email addresses. Some of them will even silently strip it when they send email.
Re: (Score:2)
I do this. I use my own private email server and domain, so I don't have to use my "real" email address plus something. I typically use the name of the company or website, then the date in ISO8601 order (to reduce spoofing). And they typically get either zero or one unsubscribe click before I add that address as an alias of /dev/null
But none of that should be necessary.
It's been done for years. (Score:3)
Even reputable companies does this.
Ever noticed how hard it is to remove items from your shopping bag in some online stores? I just recently perused a lot of items I wasn't entirely sure I'd purchase, but I kept them in my shopping cart for a little while, then next day I decided to remove them, but there was no "clear cart" function.
After 20 minutes or so fiddling around with the website, going down that dark path of endless support pages, and even more dead ends, the cart remained.
It turns out I had to clear EACH item by going to EACH items pages in order to do that, it was cumbersome and took a very long time, but I eventually did it.
As a bonus I was greeted with a sad smiley, your shopping cart is empty, with a huge sad smiley on the screen after I cleared the last item.
There is NO way this is a bug or not on purpose, it's all tailored to doctor you into buying and paying as fast as you can, that's easy and so convenient that you can even purchase by "mistake", but try to get rid of it and change, that's hard.
It doesn't even stop there. Many of the businesses have a so called 30-days money back policy, and that you can cancel your order straight away.
Not so - I remember I ordered something that I later regret, I managed to cancel the order as it said it was still not shipped, but 3 days later I would see the item shipped and an additional 2 days later I got a private message that we can't cancel your order because it has already been shipped.
This happened for me on 2 occasions in 2 entirely different stores, coincidence? Sure you can ship the item right back, but there's psychology behind it - they KNOW you're more likely to just accept your mistake if you already know it's shipping (even if the postal office haven't even received the package yet, not even the shipping terminal using the tracking number).
Re: (Score:3)
Then they are by definition not 'reputable'. Known, sure. Reputable, no.
Laws do not stop thieves (Score:3)
Taking payment details for free trials (Score:5, Informative)
Perhaps not a dark pattern but something highly controversial is requiring payment/card details to subscribe for all sorts of free trials. This kind of practice is in fact in breach of the rules currently binding in the EU under GDPR, where information collected from the customer must be "adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);". Since trials are free, collecting any payment information upfront is technically illegal. Sadly, no one enforces that.
Re: (Score:2)
No doubt this will change soon, but... (Score:2)
I pay for everything I buy on-line with one of my credit cards...ONLY one of my credit cards. When there's a problem, and yes, there have been problems, I don't bother dealing with the seller. I just contact my credit card people and cancel the sale. This has never, ever failed. I get my money back, and a multi-billion dollar, bank-supported corporation guts these thieves like fish. On two occasions, the unwanted item was actually delivered to my home. After having had my credit card cancel the sale,
Upgrade now, or remind me later... (Score:2)
...how about never?
Hate it when software does not offer a 3rd option here. I'll go out of my way to complete disable it then, either by denying internet access, renaming crucial files it uses for updates or disabling some background service -- as this kind of software usually also "forgot" to add a feature to turn off updates.
Gently coercive design tactic (Score:2)
It might once have been "gently coercive", but it's now obvious and blatant as companies were able to get away with it and continued to push the boundaries.
Many of the offenders - like "low-cost" airlines - have previous form with hidden charges or conditions in their print advertising which regulators have gradually got to grips with to varying extents.
There's been a general problem of regulation on the Internet being too little and too late and unfortunately this is just one example of a regulatory backlo
Deny payment and set up manual approval. (Score:2)
It's why I avoid Amazon.com... (Score:2)
Been saying this for years now (Score:2)
It is run by the same people that run every other industry now: the corporate sociopaths and hipster narcissists.
The tech industry has become the 21st century version of big tobacco. They know what they are doing and just don't care 'cause, ya know, greed.
Call it what it is (Score:1)