Reading list

Do not browse the web in in-app browsers (e.g. in apps like Facebook, Instagram, TikTok). Experience is bad. Those apps also INJECT TRACKING INSTRUCTIONS. They control every interaction, all that is typed, clicked... Browse with normal web browsers.

"Because instant ink bills at the end of each billing cycle, I will receive one final bill for $11.99, plus charges for any additional pages printed. I will lose rollover pages associated with my account."

Treatwell uses trick questions - alternating sentiment for its checkbox labels - to trick users into agreeing to emails or tracking.

Sign up for CapitalOne Shopping and you get Confirmshaming and Privacy Zuckering. BTW thanks to Safari for making the data you’re trying to harvest so very obvious.

"Sorry, you can only disable your account once a week. Try again in a few days."

"There was one a man from Rizal, who wanted to cancel Adobe's free trial. He opened his account, only to find out, he'll owe thousands - if he does - tragical"

Nice cookie selection dark pattern from Sedo to start the morning.

"There’s a spectrum of behavior — some of which is just smart business and tech practices, and some of which is more nefarious. But using the term “dark patterns” to broadly describe anything that we don’t understand, or can’t see that is designed to get you to do something… becomes problematic pretty quickly. "

Noticed my Skype client on the iPad started doing this sneaky crap where when you open the app it presents a prompt that asks you to approve sharing all your contacts w/ Skype. And there's no visible way to say "no."

"...the DMA may root out some dark patterns, but only for “gatekeeper” companies, and only in contexts where those dark patterns relate directly to the law’s other provisions [...] Ithe DSA might have had a decisive impact on the prevalence of dark patterns online. However, those hoping for a broad, aggressive approach to dark patterns may be underwhelmed..."

'"We use A/B testing to optimize nearly everything related to our products, from new gamification features, to our learning content, to our Super [Duolingo] purchase page design, and even to the notifications that learners receive as reminders to do their lessons," said von Ahn'

Wow, didn't know you could pay to continue your broken streak on Duolingo. Not sure how I feel about this.

"Still raising cash off stealing Top Secret documents."

The CFPB says it’s hiring 25 technologists over the next year to help its staff of mainly economists and lawyers actually probe these new leads. The move is as sure a sign as any that the bureau’s ongoing efforts to investigate and hold tech companies accountable for financial wrongdoing are only accelerating.

The Consumer Policy Research Centre (CPRC) found that more than eight in 10 Australians (83%) have lost money, lost control of their data or have been manipulated by a business to make a choice that isn't in their interest.

Luton airport website shows a disguised ad. It appears to be a "continue" button leading on from the checkout, but in fact tricks users into subscribing to a totally unrelated service.

"Last month we had debit card fraud, where bank sent us new card. [...] Meanwhile, everything Amazon shut down for us. Amazon, Alexa, smart thermometers. Worst of all - the last season of #BetterCallSaul, which I *paid* for."

"How nice of you to hide the unsubscribe link "

“Continue without care and repair” - Note how you can’t click the big “continue” unless you buy insurance.

After a user pays for Dominos Pizza (UK), they are shown a deceptive ad that looks like a "Continue" button when in fact it's a monthly subscription plan.

The FTC wants Amazon to fork over any disappearing messages that executives used to discuss Prime.The federal agency has been probing Amazon over potentially misleading tactics used to get people to subscribe. Insider reported in March that Amazon execs were worried customers felt tricked into signing up but did nothing.

Dark patterns and the façade of decisional privacy; Attempts to regulate dark patterns globally; Legal implications of dark patterns in India.

"A 6 minute video below that explains how Facebook's UI employs dark patterns that make users share more data than they may intend."

This study examines Facebook's issues by analyzing leaked documents and published news articles. It outlines the dark patterns that the company has applied, and discusses how they promote toxic behavior, hate speech and disinformation.

"Recently, the European Data Protection Board (EDPB) adopted for public consultation its 'Guidelines [...] These guidelines, like the AEPD guide, take article 5.1.a of the RGPD as a starting point to assess when a design pattern in a user interface corresponds to a dark pattern."

"It's easy to dunk on Adobe software quality, I know. But I hit "Save" in Illustrator and got this hilariously huge cloudsell."

"On the Internet, traps aim to make us click where we don't want to. The English-speaking world calls them “dark patterns” – or “rigged interfaces”. What is the difference with the nudge , which aims to guide our actions by acting on “the architecture of our choices ”? Where is the line between influence and manipulation?"

"Because of a bug in the code somewhere, you end up showing the wrong discounted price in the cart until checkout. [...] this bug actually increases conversion. [...] The bug is now a "feature".

"this is a gross dark pattern from ⁦@thefarmersdog⁩. you have to affirm the marketing material before you’re allowed to see a price."

"Such unclear langage is probably not GDPR compliant. What is really happening when I click on “Reject All” and then “Accept”? I hope it’s not a dark pattern to force me to “accept” your cookies."

"AKA “We will automatically uncheck your stated preferences and ruin your experience once a month until we wear you down and you stop manually re-checking them.”"

"So what do you want us to do, fight?"

"fun lil deceptive UI pattern from (apparently desperate) F*cebook this morning: I updated my phone & shortly after got a push notification from FB - I’ve had those turned entirely off for at least 3-4 years! so I go spelunking in the settings…"

"A fun dark pattern from ATT: you can turn specific marketing emails OFF or you can turn Unsubscribe ON."

"We show that digital manipulation erodes users’ ability to act rationally, which empowers platforms to extract wealth and build market power without doing so on the merits. [...] our research asserts that antitrust enforcement should go further in promoting decisional privacy."

The Federal Trade Commission has reportedly deepened its investigation into Amazon’s employment of dark patterns in the Amazon Prime subscription cancellation process. As EPIC explained in a complaint to the D.C. Attorney General last year, Amazon employs dark patterns to deter customers from canceling their Prime subscriptions.

"you can't actually drill into and read reviews which makes assessing the actual quality of the restaurant difficult. And I've found that restaurants will run their own "ghost kitchen" shadow restaurant out of their main (poorly rated) location."

Gumtree UK provides a "one click" opt-in for ad tracking, yet requires dozens of clicks to opt out.

"LAST CHANCE... We won't email you again." (I got 10 more messages in the next seven hours.) It says I need to "RENEW" a membership I never had in the first place. Fake urgency of final contact to nudge action.

"Scenario: Startup wants to invite contractor (who isn't on Slack) as a single-channel guest to their team. Slack shows Startup this modal, most people pick the first one (that's the correct selection) But... this forces the contractor to pay $7/mo"

BeyondMenu used the email subject line "Your Friday reservation is confirmed..." - which was likely to alarm users, none of whom had made a reservation. When opened, the email reads "Your reservation is confirmed with your couch... Order now"

"HP at it again: Have to create an account to scan a document."

Prices on Wish were personalised, based on location and purchase behaviour. The platform failed to inform its customers about this. Following the ACM's demands the company has decided to end its price personalisation in the EU.

"boa página para quem clica em "editar subscrição" no fim do vosso email não solicitado porque tem outras newsletters que quer manter, @expresso" (Portuguese language example).

This case study is part of a mediation effort by the LINC on the design of interfaces. It translates in the form of a fictitious service decisions made by the CNIL in order to make them clear and accessible.

"Signed up for the @BostonGlobe to read an article. Article was 'meh', so wanted to cancel my sub. Cannot do it online, have to call. The agent tells me: 'You can't cancel the first 24 hours because you'll only show up in the system after...'"

Heated seats, remote start key fobs, and other creature comforts are likely to be subject to monthly or annual fees

All over the world, governments are using nudges as regulatory tools. Is this ethical? Much of the answer depends on whether nudges promote or instead undermine welfare, autonomy, and dignity.

As Companies Wrongly Invoke the Guide to Justify Deception, Agency Seeks Public Input on Possible Revisions Around Dark Patterns and Other Deceptive Tactics

Introductory video about Dark Patterns by NNgroup

EU data protection authorities find that the consent popups that plagued Europeans for years are illegal. All data collected through them must be deleted. This decision impacts Google’s, Amazon’s and Microsoft’s online advertising businesses.

State and federal regulators have definitely put a new emphasis on combatting so-called “dark patterns” – but other than a catchy name, is there really anything new about the types of conduct that state and federal officials are calling illegal? This two-part blogpost will take a closer look at that question.

In this post (Part Two), we examine the FTC’s approach to this issue, now and in the past. Here, we conclude that, despite the new terminology, the practices that comprise today’s dark patterns have been core elements of FTC law and policy for years.

"Google has now drawn a line in the sand. Give us all your local SSIDs, local bluetooth connections, with likely even more detail, or they now refuse to allow you to use Maps to navigate."

In this article and associated twitter thread Cennydd Bowles opines that design is not manipulative by definition. In his words: "Design influences. It persuades. But if it manipulates, something’s wrong.".

"The bitter truth of addiction is obscured by the smarmy ads and compromising relationships, and yet federal oversight is downright nonexistent."

A critical analysis of Amazon's purchasing user journey (spoiler: contains dark patterns!)

"The first edition of the book came out in 2013, and our knowledge on some topics, such as social networks and mental health, is changed A LOT."

This investigation provides extensive information about the scope of the data flows and the web of third-party companies that receive that data to build detailed and intimate profiles of individuals, often without their knowledge.

The CMA has secured improvements for Xbox online players, following concerns about Microsoft’s use of auto-renewing subscriptions for online gaming services.

The complaints allege the company has deployed ‘dark patterns,’ design tricks that can subtly influence users’ decisions in ways that are advantageous for a business

Article 13a in the DSA "explicitly forbids the use of specific techniques to extort consent to collect personal data, for instance, via repeatedly showing pop-ups. It also prevents platforms from requesting such consent if users already choose via ‘automated means’, which might be a setting in the web browser or operating system."

Reddit is famous for their relentless interruptions to their web experience in pushing users towards their native mobile app. Here they experiment with a "cheeky" nudge about cats and dogs.

This modal dialog box requires users to subscribe to a mandatory newsletter.

The user needs to click a small button labelled "..." then select "Decline", then ignore the main button (despite it being the thing they requested) and select the less obvious secondary button labelled "Confirm".

"If [the sellers] can confuse the consumer enough then the consumers won't necessary know what choice they're making and they can be talked into just about anything." -  Richard Cordray (Former Director of CFPB, 2014)

"Venmo has a feature where the person that you’ve requested payment from can opt into payment protection, which adds a 1.9% fee to the transaction that the requestor pays without any sort of consent or control if opted into. It’s a dark pattern that I can’t believe is legal."

"Norton360 isn't the only antivirus product installing cryptominers. Avira, a "free" antivirus product w/ > 500M users, recently introduced users to Avira Crypto. Avira is now owned by NortonLifeLock, which also just bought Avast antivirus (500M users)"

Cancelling this New York Times subscription took about 8 minutes. Most of the time was just waiting for the CS rep to respond in live chat.

The French data protection authority hit Facebook and Google with multimillion-dollar fines yesterday for their use of deceptive design in their cookie consent banners.

FTC has made clear that to comply with the law, businesses must ensure sign-ups are clear, consensual, and easy to cancel.

"Now I know why I'm getting marketing material posted to me when I thought I'd turned this off"

Today, the CNIL said it’s fined Google €150M (~$170M) and Facebook €60M (~$68M) for breaching French law, following investigations of how they present tracking choices to users of google.fr, youtube.com and facebook.com.

Following investigations, the CNIL noted that the websites facebook.com, google.fr and youtube.com do not make refusing cookies as easy as to accept them. It thus fines FACEBOOK 60 million euros and GOOGLE 150 million euros and orders them to comply within three months.

"In order to refuse the deposit of cookies,m internet users must click on a button entitled "Accept cookies", displayed in the second window."

"Google for years has used misleading notifications to lure users into disabling its rival’s browser extensions [...] The changes include requiring users to answer whether they would rather “Change back to Google search” after adding the DuckDuckGo extension and showing users a larger, highlighted button when giving them the option to “Change it back”.

"The company should know by now, based on the dozens of previous rejections: I'm not interested!"

Many of health apps also have a dark side — selling your most personal data to third parties like advertisers, insurers and tech companies. [Podcast episode]

"Cancel anytime" actually means "you need to call a phone number, wait for someone to pick up and *maybe* you can cancel then. Or not."

"Slack-fill is the difference between the actual capacity of a container and the volume of product contained therein." "A container that does not allow the consumer to fully view its contents shall be considered to be filled as to be MISLEADING if it contains [...] slack-fill"

On 14 December 2021, the Internal Market and Consumer Protection (IMCO) Committee of the European Parliament adopted its report on the Digital Services Act.

In a world with the EU Digital Services Act, online platforms must design web services in a way that does not trick users into giving away their personal data. If they fail, they’ll be held accountable.

Are they purposefully neglecting to create cost control, projection and notification features?

This is a #privacy nightmare and an utter disgrace. @Verizon you are a pipe to the internet and that is all. I am appalled you would think you have the right to track and monetize my activity.

Feature requires subscription even though it doesn’t use connected services.

If you register with http://ebay.co.uk using the "sign in with google" feature, you get automatically opted in to marketing emails.

Hidden away in #Google adtech antitrust complaint, in ref to internal docs: “We have been successful in slowing down and delaying the [ePrivacy Regulation] process and have been working behind the scenes hand in hand with the other companies.”

A digital research platform linking together theory, methods, and practice for mapping media manipulation and disinformation campaigns.

On the intersport.de website, a random number generator was used to fake live consumer interest on product listing pages

"ummmm @Docker Hub cookies preferences take 20 seconds to be processed.. is this a @TrustArc technical challenge or a dark pattern? #darkpatterns"

Despite this being a legal requirement in various legal jurisdictions, pitchbook.com forces users to "consent" to cookies if they wish to enter the website.

A random number is added to the true count of "spam comments blocked to date" to simulate a live counter

"[...] customers received false or misleading information from Robinhood on a variety of issues, including how much money customers had in their accounts, whether they could place trades on margin and more."

"The roughly translated “big data swindling” (大数据杀熟, dà shùjù shā shú [...] is a hotly debated term used to describe a mix of dark patterns and dynamic pricing that online platforms employ to exploit users..."

The letter reads "statement of account" "FINAL NOTICE" except it's just an invitation to renew a subscription that would otherwise expire.

Linkedin asks the user a yes/no question but instead of allowing the user to answer "no", the button reads "No, show me more"

This german language article on spiegel.de introduces the concept of dark patterns.

“Yes, power users complain—and still continue using the site—but the casual user does not. These dark patterns have been normalized on other websites. These practices are done because it works”

Google has recently rebranded its Adwords advertising platform to Google Ads. Together with the new name, the interface also got a big overhaul. And as someone who spends many hours of every day on the platform, I can’t say I’m happy with the results.

A review of recent (2020) work on dark patterns. The authors demonstrate that the literature does not reflect a singular concern or consistent definition, but rather a set of thematically related considerations.