Tricky interfaces in smart speakers, internet TVs, and other devices can nudge users into giving up privacy, security, and even their money
"Legitimate interest" under GDPR can be a loophole for data collection due to ambiguity and varying interpretations. This research reveals 6 deceptive patterns in privacy notices, and a mismatch with user expectations.
"According to the mystery shopping exercise, 97% of the most popular websites and apps used by EU consumers deployed at least one dark pattern and the most prevalent were (1) hidden information/false hierarchy, (2) preselection, (3) nagging, (4) difficult cancellations, and (5) forced registration."
This article identifies seventeen types of "dark patterns," manipulative design techniques used in apps and websites, and proposes a new taxonomy consistent with the Unfair Commercial Practices Directive (UCPD). Focusing on "Information Asymmetry" and "Free Choice Repression" categories, the paper offers policy recommendations to enhance the regulation of dark patterns for commercial purposes.
This paper examines whether individuals subjected to dark patterns can seek redress, using consent interactions and GDPR consent requirements as a case study through a comprehensive literature review and case law analysis by an interdisciplinary team of HCI and legal scholars.
"This report proposes a working definition of dark commercial patterns, sets out evidence of their prevalence, effectiveness and harms, and identifies possible policy and enforcement responses to assist consumer policy makers and authorities in addressing them. It also documents possible approaches that consumers and businesses may take to mitigate dark commercial patterns."
The Consumer Financial Protection Bureau detailed the findings of an inquiry into popular “buy now, pay later” programs Affirm, Afterpay, Klarna, PayPal and Zip. The CFPB identified “several areas of risk of consumer harm” and said the industry will be subject to the same oversight as credit card companies.
"In addition to a report on dark patterns, the commission made clear that gig companies shouldn't lie about how much money workers can earn."
“Our report shows how more and more companies are using digital dark patterns to trick people into buying products and giving away their personal information,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “This report—and our cases—send a clear message that these traps will not be tolerated.”
E-Commerce websites with most dark patterns found:
@SHEIN_Official, @AliExpress_EN, @amazon.
"a top European court upheld a ruling that it broke competition rules and fined it a record 4.1 billion euros, in a move that may encourage other regulators to ratchet up pressure on the U.S. giant."
A study by Public Eye and FRC shows that online platforms use a wide variety of tricks to generate sales. (Deutsche)
It is rare for expert witness reports to be released to the public, so this thread provides a treasure trove of insights.
While many are looking forward to the DSA to bring order against the use of dark patterns in online interfaces, the impact of this Regulation might be limited. The proposed ban of dark patterns will indeed only apply to the restricted category of providers of online platforms and the use of dark patterns, which are already covered under the Unfair Commercial Practice Directive (UCPD) and the General Data Protection Regulation (GDPR), will fall outside the scope of the DSA. Consequently, the DSA might not be the salvatory Regulation that many were hoping for.
Financial catastrophe is now only a few clicks away, a problem that is showing quiet signs of becoming a crisis. "I can't just get rid of my phone," one problem gambler says.
In this episode Mikhail and Colin talk about dark patterns, different types of dark patterns, how marketers can recognize them, why companies use dark patterns, how to engage less in this type of manipulation, what to do if your company requires you to implement something you consider to be unethical and more.
If you thought cookie pop-ups were an annoying nuisance, just wait until you have to scan your face for some third party to “verify your age” after California’s new design code becomes law.
"...the DMA may root out some dark patterns, but only for “gatekeeper” companies, and only in contexts where those dark patterns relate directly to the law’s other provisions [...] Ithe DSA might have had a decisive impact on the prevalence of dark patterns online. However, those hoping for a broad, aggressive approach to dark patterns may be underwhelmed..."
“Continue without care and repair” - Note how you can’t click the big “continue” unless you buy insurance.
The Consumer Policy Research Centre (CPRC) found that more than eight in 10 Australians (83%) have lost money, lost control of their data or have been manipulated by a business to make a choice that isn't in their interest.
After a user pays for Dominos Pizza (UK), they are shown a deceptive ad that looks like a "Continue" button when in fact it's a monthly subscription plan.
"There was one a man from Rizal, who wanted to cancel Adobe's free trial. He opened his account, only to find out, he'll owe thousands - if he does - tragical"
Dark patterns and the façade of decisional privacy; Attempts to regulate dark patterns globally; Legal implications of dark patterns in India.
The Federal Trade Commission has reportedly deepened its investigation into Amazon’s employment of dark patterns in the Amazon Prime subscription cancellation process. As EPIC explained in a complaint to the D.C. Attorney General last year, Amazon employs dark patterns to deter customers from canceling their Prime subscriptions.
"Because of a bug in the code somewhere, you end up showing the wrong discounted price in the cart until checkout. [...] this bug actually increases conversion. [...] The bug is now a "feature".
"So what do you want us to do, fight?"
This case study is part of a mediation effort by the LINC on the design of interfaces. It translates in the form of a fictitious service decisions made by the CNIL in order to make them clear and accessible.
This study examines Facebook's issues by analyzing leaked documents and published news articles. It outlines the dark patterns that the company has applied, and discusses how they promote toxic behavior, hate speech and disinformation.
"On the Internet, traps aim to make us click where we don't want to. The English-speaking world calls them “dark patterns” – or “rigged interfaces”. What is the difference with the nudge , which aims to guide our actions by acting on “the architecture of our choices ”? Where is the line between influence and manipulation?"
Following actions of the Netherlands Authority for Consumers and Markets (ACM), online platform Wish has banned its merchants from using fake discounts on its platform. In addition, Wish has blocked the use of personalized pricing in the EU since May 25, 2022. This has been the result of actions taken by ACM.
California Privacy Rights Act provisions that will go into effect in January will provide more control to consumers over how companies use their data.
Despite Electronic Arts’ (EA) insistence that loot boxes are not gambling, and are, in fact, “surprise mechanics,” several studies have shown there is a link between loot boxes and gambling addiction.
Heated seats, remote start key fobs, and other creature comforts are likely to be subject to monthly or annual fees
The CFPB says it’s hiring 25 technologists over the next year to help its staff of mainly economists and lawyers actually probe these new leads. The move is as sure a sign as any that the bureau’s ongoing efforts to investigate and hold tech companies accountable for financial wrongdoing are only accelerating.
"Friction isn’t always a bad thing [...] The trick is learning to differentiate good friction from bad, and to understand when and where adding good friction to your customer journey can give customers the agency and autonomy to improve choice, "
All over the world, governments are using nudges as regulatory tools. Is this ethical? Much of the answer depends on whether nudges promote or instead undermine welfare, autonomy, and dignity.
As Companies Wrongly Invoke the Guide to Justify Deception, Agency Seeks Public Input on Possible Revisions Around Dark Patterns and Other Deceptive Tactics
"Recently, the European Data Protection Board (EDPB) adopted for public consultation its 'Guidelines [...] These guidelines, like the AEPD guide, take article 5.1.a of the RGPD as a starting point to assess when a design pattern in a user interface corresponds to a dark pattern."
This paper discusses the regulation of "dark patterns" using two European Union legal frameworks, highlighting that the General Data Protection Regulation (GDPR) offers potential through data-protection-by-design but struggles due to unclear fairness definitions. It suggests that a pluralistic approach combining the strengths of GDPR and the EU's consumer protection acquis would be more effective in addressing manipulative design techniques.
"By analysing CMP services on an empty experimental website, we identify manipulation of website publishers towards subscription to the CMPs paid plans and then determine that default consent pop-ups often violate the law"
Introductory video about Dark Patterns by NNgroup
The use of unfair practices to distort consumers’ economic behaviour is not new, but it takes a new important dimension as a result of the massive collection of data and the use of technology to build consumer profiles and anticipate consumer behaviour. EU consumer law already has partial capacity to address these situations, but it is currently not sufficiently enforced. In addition, EU law must be updated to tackle these unfair practices and ensure consumers are not harmed by misleading user interfaces and data personalisation techniques.
EU data protection authorities find that the consent popups that plagued Europeans for years are illegal. All data collected through them must be deleted. This decision impacts Google’s, Amazon’s and Microsoft’s online advertising businesses.
In this post (Part Two), we examine the FTC’s approach to this issue, now and in the past. Here, we conclude that, despite the new terminology, the practices that comprise today’s dark patterns have been core elements of FTC law and policy for years.
State and federal regulators have definitely put a new emphasis on combatting so-called “dark patterns” – but other than a catchy name, is there really anything new about the types of conduct that state and federal officials are calling illegal? This two-part blogpost will take a closer look at that question.
In this article and associated twitter thread Cennydd Bowles opines that design is not manipulative by definition. In his words: "Design influences. It persuades. But if it manipulates, something’s wrong.".
"The bitter truth of addiction is obscured by the smarmy ads and compromising relationships, and yet federal oversight is downright nonexistent."
The CMA has secured improvements for Xbox online players, following concerns about Microsoft’s use of auto-renewing subscriptions for online gaming services.
"The first edition of the book came out in 2013, and our knowledge on some topics, such as social networks and mental health, is changed A LOT."
This investigation provides extensive information about the scope of the data flows and the web of third-party companies that receive that data to build detailed and intimate profiles of individuals, often without their knowledge.
The complaints allege the company has deployed ‘dark patterns,’ design tricks that can subtly influence users’ decisions in ways that are advantageous for a business
Article 13a in the DSA "explicitly forbids the use of specific techniques to extort consent to collect personal data, for instance, via repeatedly showing pop-ups. It also prevents platforms from requesting such consent if users already choose via ‘automated means’, which might be a setting in the web browser or operating system."
"If [the sellers] can confuse the consumer enough then the consumers won't necessary know what choice they're making and they can be talked into just about anything." - Richard Cordray (Former Director of CFPB, 2014)
The French data protection authority hit Facebook and Google with multimillion-dollar fines yesterday for their use of deceptive design in their cookie consent banners.
Today, the CNIL said it’s fined Google €150M (~$170M) and Facebook €60M (~$68M) for breaching French law, following investigations of how they present tracking choices to users of google.fr, youtube.com and facebook.com.
FTC has made clear that to comply with the law, businesses must ensure sign-ups are clear, consensual, and easy to cancel.
Following investigations, the CNIL noted that the websites facebook.com, google.fr and youtube.com do not make refusing cookies as easy as to accept them. It thus fines FACEBOOK 60 million euros and GOOGLE 150 million euros and orders them to comply within three months.
"Google for years has used misleading notifications to lure users into disabling its rival’s browser extensions [...] The changes include requiring users to answer whether they would rather “Change back to Google search” after adding the DuckDuckGo extension and showing users a larger, highlighted button when giving them the option to “Change it back”.
Many of health apps also have a dark side — selling your most personal data to third parties like advertisers, insurers and tech companies. [Podcast episode]
"Cancel anytime" actually means "you need to call a phone number, wait for someone to pick up and maybe you can cancel then. Or not."
"Slack-fill is the difference between the actual capacity of a container and the volume of product contained therein."
"A container that does not allow the consumer to fully view its contents shall be considered to be filled as to be MISLEADING if it contains [...] slack-fill"
On 14 December 2021, the Internal Market and Consumer Protection (IMCO) Committee of the European Parliament adopted its report on the Digital Services Act.
In a world with the EU Digital Services Act, online platforms must design web services in a way that does not trick users into giving away their personal data. If they fail, they’ll be held accountable.
Feature requires subscription even though it doesn’t use connected services.
Hidden away in #Google adtech antitrust complaint, in ref to internal docs: “We have been successful in slowing down and delaying the [ePrivacy Regulation] process and have been working behind the scenes hand in hand with the other companies.”
A digital research platform linking together theory, methods, and practice for mapping media manipulation and disinformation campaigns.
"The roughly translated “big data swindling” (大数据杀熟, dà shùjù shā shú [...] is a hotly debated term used to describe a mix of dark patterns and dynamic pricing that online platforms employ to exploit users..."
This german language article on spiegel.de introduces the concept of dark patterns.
A review of recent (2020) work on dark patterns. The authors demonstrate that the literature does not reflect a singular concern or consistent definition, but rather a set of thematically related considerations.
Academic analysis of how Fortnite is using its platform to manipulate users.
The 'platformisation' of the games industry is posing some serious challenges for Europe and the internet at large.
The third-party cookie is dying, and Google is trying to create its replacement. No one should mourn the death of the cookie as we know it.
WASHINGTON – U.S. Sen. Mark R. Warner (D-VA) released the following statement after Governor Ralph Northam signed the Consumer Data Protection Act into state law:
Font size can be the difference between compliance and a class action lawsuit
News article summarising the findings from the research paper "Price Salience and Product Choice". "StubHub concluded that so-called “drip pricing” [...] resulted in people spending about 21% more."
"In today's video, we will go through dark patterns in UI and UX. These patterns are often misleading and almost blackmailing in nature. They make you feel bad about certain decisions you take and only benefit the business."
Des fenêtres de navigation qui s’ouvrent inopinément, des couleurs criardes qui attirent l’œil, des caractères minuscules… Internet est rempli de désagréments en tout genre. Tout ceci est savamment conçu pour piéger l’internaute et porte un nom : les dark patterns. Explications.
A not-for-profit project building a collaborative, online directory of ethical companies of all kinds.
This paper emphasizes the potential of consumer protection legislation as a powerful enforcer against dark patterns, offering more protection and enforcement opportunities than the GDPR. The modernization of consumer protection rules and enhanced harmonization, along with stronger remedies and enforcement capabilities, are expected to contribute to a more effective response to manipulative design features in digital environments.
This paper provides the end-user perspective of the felt manipulation without directly using the language of dark patterns, but the examples illustrating some strategies that align with dark patterns defined in the literature.
This paper introduces the concept of "Asshole Design" and described the properties of asshole designers. The most related part of this paper is the authors differentiating dark patterns to asshole design properties, emphasizing the definition of dark patterns in relation to bad designs, value-centered, and asshole designs.
A new California law (the California Privacy Rights Act) prohibits efforts to trick consumers into handing over data or money. A bill in Washington state (SB 5062 - 2021-22) used similar language.
"UX doesn't live up to its original meaning of 'user experience.' Instead, much of the discipline today, as it's practiced in Big Tech firms, is better described by a new name. UX is now 'user exploitation.'"
The Federation of German Consumer Organisations (vzbv) filed a complaint against “advocado”, an online service that helps people find a lawyer. With its lawsuit, the consumer protection group challenged the use of dark patterns in cookie banners used.
The CPRA defines a “dark pattern” as “a user interface designed or manipulated with the substantial effect of subverting or impairing user autonomy, decision-making, or choice” and clarifies that it should be “further defined by regulation.
"First, the CPRA adds a new definition of "consent" to the CCPA. The new definition explicitly states that "[A]greement obtained through the use of dark patterns does not constitute consent." Then, paralleling the definitions from Deceived by Design and the DETOUR Act, the CPRA defines a "dark pattern" as "a user interface designed or manipulated with the substantial effect of subverting or impairing user autonomy, decision-making, or choice, as further defined by regulation." Finally, the law directs that regulations regarding the sale or sharing of personal information ensure that a business obtaining consumer consent to such sale or sharing "does not make use of any dark patterns.""
On 21 January 2019, the CNIL’s restricted committee imposed a financial penalty of 50 Million euros against the company GOOGLE LLC, in accordance with the General Data Protection Regulation (GDPR), for lack of transparency, inadequate information and lack of valid consent regarding the ads personalization.
"Video about the difference between dark patterns & things badly designed by accident. With some hilarious examples of bad design"
Like millions of others, Netflix r̶e̶c̶o̶m̶m̶e̶n̶d̶e̶d̶ autoplayed The Social Dilemma documentary to my iPhone, and it made an impression.
An interaction criticism analysis of dark patterns in consent banners.
In this video Professor Lior J. Strahilevitz presents new experimental research on Dark Patterns. He examines their effectiveness, and assesses the role of market forces and legal regulation in constraining their use.
"Last year, researchers from Princeton University and the University of Chicago published a study looking at roughly 11,000 shopping sites, and found dark patterns on more than 11 percent of them, including major retailers like Fashion Nova and J.C. Penney. The researchers discovered that the more popular the website, the more likely it was to feature dark patterns."
Some say designers are uniquely positioned to stop the madness. What will it take to make the changes we desperately need?
This paper reports on qualitative research (focus groups and interviews) carried out on the theme of Dark Patterns.
In Mexico, large Black octagons are now placed on the packaging of products that are high in saturated fat, trans fat, sugar, sodium or calories.
The findings of this paper "support the notion that the EU’s consent requirement for tracking cookies does not work as intended. Further, we give insights into why this might be the case and recommendations on how to address the issue."
Academics working with StubHub carried out a huge test on hidden fees vs vs upfront fees. Users who weren’t shown fees upfront spent ≈21% more and were 14% more likely to complete a purchase. This research involved several million participants.
"A challenging exploration of
user interactions and design patterns. To play the game, simply fill in the form as fast and accurate as possible."
Manipulative political discourse undermines voters’ autonomy and thus threatens democracy.Using a newly assembled corpus of more than 100,000 political emails from over 2,800 political campaigns and organizations sent during the 2020 U.S. election cycle, we find that manipulative tactics are the norm, not the exception. The majority of emails nudge recipients to open them by employing at least one of six manipulative tactics that we identified; the median sender uses such tactics 43% of the time. Some of these tactics are well known, such as sensationalistic subject lines. Others are more devious, such as deceptively formatted“From:” lines that attempt to trick recipients into believing that the message is a continuation of an ongoing conversation. Manipulative fundraising tactics are also rife in the bodies of emails. Our data can be browsed atelectionemails2020.org
"GDPR expects specific prerequisites for a lawful consent, which should be valid, freely given, specific, informed and active… however… the majority of people do not seem to be empowered to practice their digital right to privacy and lawful consenting"