A common one is fake consent popups for system notifications.
Websites need to ask for consent before sending system notifications via the Notifications API. If a user declines, that website is blocked from asking again (for obvious reasons)
But many websites cheat this by showing a fake consent popup designed to mimic what the browser would show. If a user clicks "Decline" on the fake popup, the website won't show the real one to avoid being blocked. So the next time you visit the site, they'll be able to show you that popup again as many times as they want.
If a user finally clicks "Accept" on the fake popup (out of frustration probably) then they'll show the real popup. To most people, seeing two popups might seem like a glitch, and will just mindlessly click "Accept" twice.
The only way to circumvent this is to click "Accept" on the fake popup, and then click "Decline" on the real one. 99% of people aren't going to know how to do that.
...I'd post this myself as a comment, but I don't like that it's asking for so much personal information (full name, email, state, city, phone, etc)
A similar one is asking you to rate the app via the native modal (which does nothing) and if you rate with 5 stars they redirect you to the app store to vote there (where it counts). If you rate them with 1-3 stars they prompt you to leave feedback instead.
I agree that this is a dark pattern, but I also empathise with whoever first implemented this. Negative reviews are often just "this doesn't work", no further information. That's not actionable at all as a developer, and even if you somehow do fix the underlying issue, it's pretty difficult (or impossible) to get people to update their reviews.
The only problems here are the use of UI that mimics the native one and opening the App Store without users intent.
It's actually a good idea to ask the user for feedback internally, a lot of low star reviews are bug reports or help requests that wouldn't help anyone(those who don't have the app yet wouldn't know how relevant that issue is for them and the developers won't have a channel to communicate and help the user who is having the issues).
> It's actually a good idea to ask the user for feedback internally, a lot of low star reviews are bug reports or help requests that wouldn't help anyone
But importantly ask the user once, and only once, do not force the user to leave a review. Doing so will lead to more one star reviews along the lines of “wouldn’t stop asking for a review”
Also I immediately hate any app asking for a review. It may be useful for the developer but it’s user hostile imo.
That's really about the relationship with the user and timing of the request. The best practice is to ask user for a favour right after something good happens and they get value from your app as they will be glad that this app exists. You first give something to the user and ask the user to give you something back later, like "If you like the app please give us a review, it helps a lot" request. It's not a coincidence that all the successful YouTubers ask for a like and subscription if you like the video.
Interrupting a user action on the other hand, asking for a review over and over again are extremely annoying and can easily backfire. For the official review UI, Apple enforces "2 times per year per user per app" restrictions but if you annoy the user enough through your self made review request dialogs, they can get angry enough to find their way into your App Store page and give you 1 star review.
Forcing the user do something, trying to coerce them into a 5 star review in order to use the app backfires easily.
> hat's really about the relationship with the user and timing of the request. The best practice is to ask user for a favour right after something good happens and they get value from your app as they will be glad that this app exists.
There’s that user hostility again! Also I’m not sure how the YouTube example is related. When a YouTuber says hit subscribe the user can take a second to do it. They don’t stop what they’re doing and get forwarded to a different website entirely.
I recall experiencing at least one application that would crash if you declined to rate it in the app store. I'm sure it was just shoddy implementation, not handling some condition correctly, but it was hard not to feel like it was intentional.
On a related note, Google Maps has on occasion deleted reviews from businesses that used software that employed this tactic for requesting reviews. I’ve seen several businesses lose hundreds of five star reviews because of it.
To a certain extent I can't blame apps for doing this. It would be much better for Android and iOS to have a better experience for leaving feedback or giving reviews.
This is commonly referred to as a “soft ask.” The reasons for it are not always nefarious. On some platforms you cannot provide any commentary on why you want to send push notifications and so the soft ask provides a way to give more context on the next (real) permission dialog.
I’m not saying this isn’t abused all over, but when used effectively it can provide the user with more information to decide if they want to accept or not as well as allow the website to request it again at a future time possibly for a different reason.
I'm not referring to "soft asks". The dark pattern is creating a fake dialog that mimics the real system dialog in order to mislead, and circumvent a feature designed to protect users from spam/abuse.
Telling a user why they're about to get a permissions dialog, and displaying a real system dialog, is obviously not a dark pattern.
They're common as hell, but I can't seem to find a live example of what I'm talking about right now.
Almost every small local news website that wants to send you push notifications has started doing this—a sticky popup that they can show you as many times as they want, providing only a little more information then the actual permissions pop-up would, allowing them to bypass "only request permissions after user interaction" schemes and reducing their (UA-visible) decline rates.
> This is commonly referred to as a “soft ask.” The reasons for it are not always nefarious. On some platforms you cannot provide any commentary on why you want to send push notifications and so the soft ask provides a way to give more context on the next (real) permission dialog.
What I'm reading here is that you (not you specifically) want to ask for my browser permission, but know that the popup is non-descriptive and your one shot.
If you are nefarious, creating a fake popup makes perfect sense. You lower the risk and increase your chances.
If you are not nefarious, why even go for fake popups? Why not have a button in the corner? A choice in some menu? "Hey? Want updates from us? Click here!"
Wanting to do more commentary on why you want to send push notifications never non-nefariously leads to creating fake popups.
Why not make a user who wants notifications click a special button taking them to a special page where you show the notifications popup?
I'm sure if you asked, everyone who does this is going to tell you that "MY use of it is not nefarious. It's everyone else's fault that technique is abused."
Stop breaking the users browser. If you are, regardless of your intent; you are making a shitty experience for somebody, somewhere.
As long as it doesn't mimic the browser. (Another reason why user agent strings and other ways websites can identify the user's browser are a bad idea).
It doesn't matter if it mimics the browser. If you are trying to stop the browser from protecting the user as intended, it is a dark pattern, regardless of how well you camoflage the attempt.
In principle yes. But why would you imitate the browser if not to mislead the user? And who wants to mislead the user but has qualms imitating the browser?
People do all kinds of mental gymnastics to justify doing stuff they know is wrong. I would be unsuprised that people use the lack of camoflage as an excuse to justify using a dark pattern.
I get these all the time on mobile websites, and arrived at the same solution you did: tap Accept on the fake popup and then Block on the real consent box.
I suppose a site could trick me by making their fake popup look exactly like the real one. But in that case I would tap Block and be no worse off, other than seeing the same notification again the next time, at which point I would probably figure out their trick.
I thought of explaining this to some friends to help spare them some needless popups, but decided it was too complicated and would likely just confuse them. This is not an insult toward my friends, just a reminder that something that seems simple to you or me may be very puzzling for most people, no matter how intelligent they are.
Case in point, countless relatives calling "I have a virus on my computer!" because they have a Windows-XP popup on a website "you have a virus" (they are on Windows 10, or Mac OS).
App developers do this in their apps too when asking to rate the app in the App Store. They first show you a fake popup asking if you are enjoying the app OR want to send feedback. They will only show you the real iOS popup for reviewing the app if you tap "Yes" to the enjoying app.
It sort of is against the rules (disallow custom review prompts) but it doesn't seem to get enforced as far as I can tell. Even top apps like YouTube do this.
> Use the provided API to prompt users to review your app; this functionality allows customers to provide an App Store rating and review without the inconvenience of leaving your app, and we will disallow custom review prompts.
I took the risk and posted the (relevant) text of this comment and one of the replies. Someone's gotta at least try to bring this to the official sources, right?
Thank you! This is something that has been annoying the hell out of me on instagram using desktop Firefox.
Every time I login it prompts to show notifications; I always decline so it shows it again next time I log in. This time I accepted, but blocked it from within firefox.
I get it's not a dark pattern because it's clear it's not the browser asking, but still it's very annoying.
I’ve done this for an app but not for nefarious reasons. A huge part of the app is location based and users would deny location permissions and then not be able to turn it back on (you can go through settings but an awful lot of people don’t know how). The soft ask is one time when your start the app (with an explanation as to why) and if you deny access there it’ll only ever ask again if you tap something like the ‘use my location’ button.
If a site does something like this, a) You know that site is malicious. b) Choose another site. c) As users get more sophisticated these kind of tricks won't work.
I found that a lot of those have commonly named elements you can create rules for in noscript so you never see them. Not sure if it would effect the dark pattern ones though.
Highly debatable. In fact, trying to classify it as a dark pattern may derail the very valid discussion that the FTC is trying to have. There are significantly worse patterns out there. See [1].
What the push notification pattern is, is annoying. And it is specially annoying because of a prevalence of confirmation dialogs all over the Web with GDPR/CCPA, paid subscriptions, etc. But does it cause harm or monetary loss as the sneak into basket pattern? Or the opt-out unnecessary "insurance" that airlines continue to put in the checkout flow?
We do a disservice to ourselves littering the web with these constant asks. But it's not what needs regulation and enforcement.
The pattern tries to avoid an outcome desired by the user: permanently revoking consent for some permission. Only asking when you are confident the answer is Yes goes against the intent of the platform functionality, and I’d argue that’s a major dark pattern.
Similar to how apps used to ask “how do you like app?” And then only prompt to review the app if you responded favorably. Goes entirely against the app store’s intent to uniformly sample users, and I’m glad Apple at least has cracked down on this practice.
Just honestly make a product and stop trying to fool the user!
Like eBay asking over and over for me to trust the site for payment transactions. No, no. I have a separate paypal account with 2fa enabled rather than giving you my credit card for a reason. Asking 1,000 times will never change my answer, but eBay remains ever hopeful.
It’s a trick to try to take a yes / no choice and sneakily turn it into a “yes / ask me again later” choice. Silicon Valley in general seems to have a huge problem with the idea of user consent and permanently revoking consent.
The "hold-your-offline-device-hostage-until-you-attempt-to-connect" pattern. It goes something like this:
When setting up a new unlinked kindle device, Amazon tries to trick you into connecting to the internet by showing a wifi setup screen that cannot be skipped. The only way to skip it is to supply the device with bad credentials and let it attempt to connect and fail. Only when it fails will it allow its owner to skip that step.
Microsoft has also started employing the same strategy in windows 10. Within the first year of setting up windows 10 locally, the user will be presented with a screen they can't dismiss until they link their local user account with an online microsoft account. Again, the workaround here is to let windows try to connect with bad credentials. Once it has failed to login, it will allow the user, a child who urgently needed to get to her online classes in my case, to skip this step.
Words can't describe the contempt I have for companies who engage in these patterns.
Since beginning of the year, I have installed two Win10 two times. As I expected some dark patterns, I made sure that these machines were not physically connected to any network. Even this worked, it still managed to piss me of by forcing security questions for admin user. Seems that only way to avoid this "feature", is to modify register. Even on pro-version.
There might have been some obscure way of avoiding connecting via installer (perhaps a link inside EULA text). But as long the internet is not available for the machine I believe that this workaround should be possible to use, until MS decides that internet is required for installation.
Edit:
After doing the install without Internet, I do remember that they were trying to get me to create MS account. However I have not created one. It is possible that they give up after some time or maybe I found some way of disabling this.
The way I avoid that (forced questions) is to enter no password during setup. Then add the password later in settings. This was also how you avoid setting up a pin in a previous version of windows.
This was for windows pro, I believe they are more pushy on online accounts in windows home.
Not sure when they'll inevitably change install again to try to force more issues.
Microsoft has really pushed this in the recent(?) versions of Windows 10. When it was first released it wasn't this bad, now it pretty much forces you during install to link an account then also forces you later (as you mentioned).
Yeah this is still happening in Windows 10. I reinstalled Win 10 Pro recently and the only way to make a local account during initial setup was to unplug the ethernet cable on my desktop. As long as an internet connection is up, it isn't even a hidden option.
I did a reinstall of windows pro N last week, and had the PC connected to the network. It required a few non-prominent buttons, but I manged to only make a local account. I was still caught out by the security questions though.
I suppose this might be the difference due to the N version. If I recall this leaves out some of the default media encoders to avoid some anti-trust legislation in Europe. Might be that they are slightly less aggresive with these dark patterns in that version.
I think this is probably the darkest pattern of all.
So many offline devices are forced to have an online component.
Simple IoT devices with just bluetooth - they require an app that will phone home.
More complicated devices with wifi or ethernet - they will nag you again and again until you are connected to the mothership.
Even apple with all it's "privacy is a right" won't turn off bluetooth or wifi in the quick menu - they just toggle it and it comes back. You have to dig into settings to turn them off "for real".
TrustArc is a company used by major brands that utilizes dark patterns to FAKE opt-out time for GDRP compliance. Major companies employ lies. It will hold your browser captive for 2 minutes in hopes that you cancel or accept all. If you don't, it shows "We are processing the requested change to your cookie preferences. This may take up to a few minutes to process.". Not even incompetence could make this an honest process.
The way GDPR works, I think the companies using TrustArc are more likely to be held liable than TrustArc itself. Unless TrustArc makes the unforced error of getting itself classified as a Data Controller.
> Unless TrustArc makes the unforced error of getting itself classified as a Data Controller.
Knowing how some scams and tax evasion schemes work I wouldn't be surprised if they could just set up a separate company that ends up with all the liability without any of the assets and just have that declare bankruptcy the moment the first fines hit. Rinse/Repeat as often as necessary.
I get this on docker.com without my script blocker.
Essential only -> Processing please wait (but you can cancel)
Customize -> Trying to trick me into allowing more, then processing as above
Accept -> Instant success
Took some screenshots since this is ridiculous (I may just not be used to the modern web since I aggressively block scripts): https://imgur.com/a/fJB0aHz
My favorite part is having to pull a bar up to decrease my consent-level.
Based in SV with ~370 employees on LinkedIn and over 17K followers. this above comment needs to be posted verbatim into one of their most recent posts with a mention that GDPR makes its EU customers liable and an additional link to the FTC for public comments. It would make them scramble I think.
LinkedIn is underrated as a platform to call out brands, it's where many spend a lot of their money on PR / image.
I don't understand why most companies even bother. If they aren't going to be compliant in how they handle getting permission, why even pretend?
I think one reason is that we have reached a tipping point where website owners now view these banners as a signal of a "legitimate" website, without bothering to look into actual compliance.
Without enforcement, these things shouldn't exist. They are just a nuisance to everyone
Well, given that some sites employ hundreds of trackers and other barely-above-malware stuff, it does make sense for these requests to take ages.
Unfortunately, many people simply click on the "accept all" button and don't care about their privacy that much.
The idea of GDPR was that consumers would be hesitant upon seeing the massive amount of third parties that use your data and demand change from the providers, turns out people don't care / providers rather let privacy-oriented customers suffer than to take a hit on their advertising profits.
> Well, given that some sites employ hundreds of trackers and other barely-above-malware stuff, it does make sense for these requests to take ages.
Last time I checked, there were no requests being made client-side in the 1-2 minutes it took to cancel. It was pretty much the same number of requests for both accepting and denying. Maybe they changed it since it's too blatant.
Also, since it should be opt-in, then accepting should obviously take longer.
If it's the TrustArc Ads Compliance Manager, it makes a call to all the ad networks requesting the network's opt out cookie. The opt out cookie prevents the user from being tracked by that ad network across all sites. Cookie banner opt outs usually only prevent tracking from the site you are one.
Unlike GDPR, which uses a website as the gate for all cookies, the ad industry also has self-regulatory programs. Participation in these programs require that a website allow a user to opt out of all ad networks present on their site. TrustArc built a module to do that: https://preferences-mgr.truste.com/.
If you run the tool there, it will make a call to the ad networks listed. Of course if you're running an ad blocker, the call will get blocked and it will look like the tool doesn't do anything.
The problem is you're being presented a mandatory popup for what appears to be used as GDPR compliance but realize that it isn't because real ones are instant. This is fake GDPR in the sense that it isn't (compliant); it's other things, as you note. If the purpose is to facilitate GDPR, that opt-out time shouldn't be conflated (the ad stuff shouldn't be bundled), given that GDPR appears to have a requisite "It shall be as easy to withdraw as to give consent.". Is that a correct interpretation? You're suddenly notified you can't operate for minutes (unless you opt-in), which is definitely dark, and unnecessary (unless you want to achieve the action they're doing, but you didn't; you just need GDPR). Sitting captive for minutes is not a modern day web experience anyone finds acceptable, that's why Google is so focused on empowering loading speed inspection/resolution. The experience made me wonder if they use users who don't opt out (I almost gave up just to get out of being locked out) as a selling point. There wasn't, that I could find, an instant GDPR-compliant way around this obstruction. Why would any company care for this experience? If they wanted to be polite and do extra action (this ad network regulations thing), they have the tech to do it asynchronously/unobtrusively, right?
Reddit is just as guilty of this. If you want to see all the comments on a thread on their mobile site, you're pushed to install their official app and presumably create an account when doing so. As far as I can tell, the best workaround is to use the desktop site.
And on iOS at least, whenever you visit the site you'll get a popup that blocks the page with two options: continue in mobile app, or continue in safari.
It's basically "install our shitty app, or keep using the web version?", except it's worded and displayed in a confusing/misleading way with what seems to be an attempt to mimic a system dialog.
Not to mention how awful their AMP pages (redundant, blame grammar) are already. Searching for topics on Reddit is a nightmare, you’re stuck with their awful native search, their awful mobile app, or the awful mobile site.
Thank you! I almost universally use the mobile website but it just keeps getting worse, presumably on purpose. I installed the official app but it’s very bad. I’ll download this one now!
You will still have the annoyance of search results only opening the official client but Apollo is a great app made by a single developer who has put a lot of time and effort into the app. He (Christian) is also very active on the /r/apolloapp subreddit and communicates upcoming features/bug fixes. Apollo does have an option to scan your Copy/Paste buffer so when you open the app, and if there is a reddit link in your buffer, it can open it for you. The downside is you will always see "Apollo read the clipboard" (or whatever the iOS message is) when you open Apollo. Another workaround is to create (or use an existing [0]) iOS shortcut. The way this works is you will pretend you are sharing the reddit page and then click on the shortcut and it will launch Apollo and open the page you are on. The shortcut is pretty basic, just uses some string replacement and Apollo's url scheme to achieve it.
Just to add to this: I can highly recommend Apollo as well, it's the official app in my mind. Nothing else even comes close. Also, there is no need for a shortcut. If I open the sharing menu, "Open in Apollo" is already present and I never needed to add the shortcut.
Can confirm that you cannot use the app with logging in with a Reddit account.
Just yesterday, I got tired of the annoying "use the app or login" messages when tapping to view more comments on a post, so I caved and installed the app - given the language of the nag, I thought I wouldn't have to login, and the Reddit UX of constant full-page reloads just to view more comments is such a joke I figured the app had to be better.
But no, you have to login with a Reddit account to use the app :/
I don't know about macOS specifically, but elsewhere it can be defeated. The link to join from the browser appears if you dismiss the initial offer to open the app and force a retry. It's absolutely disgusting. https://gauginggadgets.com/join-zoom-meeting-without-install...
Long pressing and opening in a new tab works for expanding child comment threads (but not for viewing all 500+ commends under a post).
Once that stops working, I'll have to always use old.reddit on my phone, which won't be great UI on mobile - but I suppose it can't be too hard to make a Stylus stylesheet to make it usable. And once old.reddit is gone, well, that's the end of Reddit for me.
On mobile, reddit.com/.compact is an option. It's pretty stripped down but has some solid pros: it's fast, it has evenly sized (height) posts, the comments are easy to view. The post links with in-reddit photos/video do direct to the bad site, unfortunately. Another con (or pro) is infinite scrolling.
Has anyone else noticed reddit on mobile browsers being ridiculously slow? My experience is that the page loads fine, but then there's 10 seconds or so of loading animation before the page displays. Requesting desktop site makes it load immediately. I'm 95% sure they just have a timer they make you sit through in an effort to get you onto their app.
Just opened a Reddit page on Desktop and it has 7.77mb resources and 97 requests and 4 seconds till DOM loads. Its bloated, probably to boost app downloads. Imgur also features fighter plane levels of bloat to show an image and comments.
On Reddit's mobile web page, after clicking the 'continue in browser' button, go to hamburger menu -> settings -> "Ask to Open In App" and uncheck the checkbox. Removes all the 'reminders'.
Now reddit have gone from blocking 'adult' content on mobile browser to flagging stuff as 'unknown content' and trying to force you to install app.
I was trying to research a vinyl cutter purchase instore with spotty coverage and every bloody reddit page would be blocked within seconds of loading with this stupid unknown content crap.
So I’m in the same boat but I’ve noticed an interesting dark pattern they use now to discourage old Reddit.
I often land in a comment section of a specific post, and then want to see more of the subreddit by clicking the link of the subreddit in the top of the page. Since about a month now, every subreddit shows me it’s only available through the app. I used to then preface the url with old. however now they’ve somehow done it that I will see the specific (locked) subreddit page, but the url will just be Reddit.com with nothing else, effectively making it impossible to add the old. before the url.
Discord does this as well. If they detect a mobile user agent they disable the button to hide the member list which makes group chats unusable. If you just change your user agent the button re-appears and you don't even need the app unless your browser doesn't handle voice and you need that.
Edit: Doing some digging, on the iOS user agent, the `toolbar` portion is null, while with the Chrome windows user agent it's set to include the entire element:
So it's just a 'if mobile' check - maybe it breaks on some mobile screens (on a iphone 5/SE you end up being unable to view the channel name, not that it's an enjoyable experience anyways https://i.judge.sh/brave/Flare/chrome_nW26bTRXDe.png) or maybe it's a motive to get you to use the mobile app. This is just the desktop UI with some `if mobile` checks probably thrown in by a small number developers that want to support mobile browser support but aren't getting paid to do it.
I'm just impressed how bad slack is on mobile. Either I'm getting messages on my computer and phone (on phone after I've responded on the computer) or not at all.
I've been having this problem with push notifications for quite a few apps, but Slack just seems to genuinely do whatever the hell it wants, regardless of whatever I've set preferences to.
Yeah I know what you mean. Like sometimes I'll get messages hours after they are sent. Even when my main computer is off so would be considered "away". Now I just have to frequently check slack and that in itself feels like a dark pattern.
Slack app has 4 trackers, requests 21 permissions on Android. Harder to block trackers, while their more tech-oriented audience probably uses browser adblockers more often.
As an engineering manager in an unrelated field... this could also be a way to not have to support a feature on X platform because I don't have the resources to make it work on every possible mobile browser. Or the mobile browsers don't support X feature and I don't want to (or can't) spend the resources to make it work there, QA it there etc. It's not something likely to be able to curb with regulations.
I mean I personally keep Slack on my Dock since it's open pretty frequently. This integrates it even more into my workflow since I can quickly check and see if I have any unreads/etc. making it more grating to switch to another chat app. Maybe it's not a "dark pattern" but it certainly is a method to increase adoption.
I don't know that they do, but they could potentially read your local files as part of telemetry, gps, nearby wifi network ssids and MAC addresses, etc.
Does this mean that all apps that can’t also be used via the web are a ‘dark pattern’?
I ask because I can easily imagine that if most customers are using apps, they might choose to remove functionality from the website rather than maintain it, just because it’s not worth it.
It can be used via the web, but it hides those features from you. If you're on a system where the desktop app cannot be installed, it reveals those features again. It's not that the features don't exist at all in the web version, they do but are hidden if you're capable of installing the app.
It's a dark pattern because the usual reason is to be able to gather more data from the user, and to limit user control. By that notion I would say any design decision that helps the company while harming the user is a dark pattern.
When the "app" in question is essentially a less accessible web page, then I think it's safe to assume something shady is going on.
To be clear, I'm mostly talking about apps that are just a collection of views for a remote API. The only valid reason I can think of for these kinds of apps is because you're an ios/android developer and you're not good at making webpages. In that case, the best tool is the one you know.
iOS apps that use system controls generally have far better accessibility than web pages do, indeed accessibility is a primary reason for creating a native app.
I only have some anecdotal data on this one, and maybe I'm comparing to apps that are not using system controls.
My mother struggles with any ios App because of how the zoom is implemented in the different apps. She can get by with the built in magnifier tool, but only when she already knows the app well.
Personally, I recently had nerve damage in my hands, and it was very difficult for me to enter text. There were many times in native apps where it would have been much better for me to copy/paste random text on the screen, but I was not able to. I know that some web developers like to try to block that too, but I would also consider that a dark pattern.
Yeah - I’m sure that would have been useful for you, but it doesn’t really compare to the wide array of accessibility options that exist across the system.
Also copying a pasting working across all text is often an anti-feature for accessibility too depending on what condition you are working with. For people who have trouble with fine motor control, it’s much easier to have only the content text selectable and not the controls.
There is no one-size fits all accessibility solution.
This seems to be a good argument for an accessibility option to make all text selectable, and nothing to do with dark patterns.
If they really don’t want people to use it on the web they should simply turn down the web site and tell people to use the app or GTFO. Instead they keep it up but cripple it and then repeatedly beg the user to something they clearly don’t want to do.
Reddit wants you in the app, so it’s harder to block ads. Slack doesn’t make money from ads like Reddit. So while Slack might prefer you use the app and make the web version less appealing, I’m not sure this qualifies as a “dark pattern.” Certainly not one that should be regulated.
Windows 10 does not respect the "default browser" setting when opening web-based content through apps. For example, clicking on "Help" links or search results from the start menu always opens in Edge.
This seems far worse than their IE-bundling issue back in the day... at least users have a few web browsers to choose from, but what good is that when user preference is overridden?
Google does this even more egregiously with Android - my default browser is Firefox, but any links from Google News, Google Assistant and other Google software open in Chrome.
I wish Firefox provided two intents (does Android still call it that?), one for normal browsing and one for private browsing. Then any app that opens a link doesn't automatically get your active cookies from your main browser if you don't want it to.
Settings > Private browsing (under Privacy and security) > Open links in a private tab
An alternative is to use Firefox Focus (Firefox Klar on F-Droid) as your default browser, then its "open in" feature if you want to make it a permanent session.
Yep, Samsung camera will only open Samsung gallery, and will show a "Unable to find application to perform this action" toast if you uninstall it (via adb, because it can't be uninstalled via gui). Also it's the only app you can set to open by double tapping the home button, so you can't configure another camera application with the same ease of use.
They're doing a similar thing with the gmail app, at least on iOS. Practically everything now opens within gmail instead of the actual app. Google Meet links now open in gmail instead of Google Meet. I know they're both owned by the same company... but I don't want to give the gmail app microphone and video permissions.
Doesn't Apple do the same with Safari? On macOS I think Safari opens up sometimes even though my default browser is Firefox. Maybe when clicking links in Apple Mails? Not sure.
It's funny how Apple gets away when doing the same thing or worse than Windows, yet Windows is always the one getting criticism. Like how Apple always try to enable Siri after an update. Or how managing when an update should be done is incredibly worse on macOS than on Windows.
Apple very recently added preferences for default browser/maps apps to iOS but as far as I can tell it’s totally broken. Resets all the time and only about 2/3rds of links open in the correct app even when it’s successfully set (especially for maps). Can’t speak to macOS. (The resetting may be fixed finally now, I’m not sure. I gave up for maps because it wasn’t worth it, which I guess was the goal).
Windows forces you to use bing/edge when you accidentally search from the launch programs menu, but I never intentionally search from there so it’s a minor inconvenience (for me). Never had it fail to respect that setting elsewhere. It also does a good job letting you set default apps for all types of files (and in fact letting apps change that setting themselves with a little user interaction) unlike iOS which only lets you change it for a few types of apps (and then through the worst designed settings menu I’ve ever seen). Can’t leave iOS behind though because I need my iMessaging.
Apple is actually worse. On iOS I will regularly click a link within an app, explicitly select “Open in Chrome” from the list of options, and it opens in Safari. Never seen anything that egregious from Microsoft.
Not an iOS developer but I wonder if using the default browser requires using a different intent than the former behavior of "always open safari" did. Books, to me, seems like one of the more neglected first-party apps so it honestly wouldn't surprise me if this is just something that's sitting in the P4 column.
Only reason I assume this is all the Google apps on my phone bring up a sheet when I tap a link asking which browser I want to use-- with "system default" being one of the options.
Really there's no excuse for this, it can't be too difficult to adapt system apps to fall in line with the expectations for third-party apps.
Right, but other browsers have better behaviors to some people. For example, Safari's behavior of opening links as new tabs in the foreground is very annoying to me.
If Microsoft can't hire people to be able to design a webpage that renders in all web browsers, then they have fallen much further than I would have even made fun of them.
If there's documentation that renders correctly in modern edge but is unusable in Chrome(ium) or Firefox then that would be useful to see.
It's a valid concern but I'm fairly certain it's nowhere near the top reasons that they do this. They have a history of trying to shove users into Microsoft's unwanted browser against their (often informed) wishes.
That reminds me.. On macOS, the default application to open files with the .html extension is Safari, which I found is impossible to change. A tiny thing but it still makes me angry that someone at Apple intentionally removed my ability as a user.
You might want to check again. I just checked and mine is set to (and works with) Chrome. Right click an HTML file and click "Get Info". Then look for the "Open With:" section and select your prefered browser. Then click the "Change All.." button. I just tested this with `echo "Hello World" > test.html` and then double-clicked it in Finder and it opened in Chrome.
Huh, you're right - I just did what you described, and was able to change the default application for .html files. Weird! I could have sworn I did the same thing a few times, and it kept reverting back to Safari.
Apparently this was an issue with the user, not the OS. My bad.
EDIT: Actually, I remember now that I had to use duti to change this from the command line.
Thanks for this tip! I have the opposite problem of GP; I installed Edge, and though it has never been my default browser, it's now the default browser for .html files... This fixed that issue.
Ooh, your twitter link reminded me of a twitter dark pattern. Twitter makes a distinction between a visitor who has never had an account, and a visitor who had an account but is currently logged out. I made an account in order to test their API, then logged out. From then until when I cleared cookies from twitter, every publicly visible post was denied access, prompting me to log in to view them.
Such a simple and blatant example of false advertising. Why does the FTC need to request comments? Just take action and crush this stuff! We are so careful about making businesses sad in this country.
I don't think I would call this a dark pattern as much as just false advertising. Putting an asterisk that links to teeny fine print where they say "a month is not a month" does not absolve them, and if there were enough money at stake (guessing there probably isn't) any competent lawyer should be able to get a good class action out of this.
I was asked to implement something like this at a web startup years ago (since folded): I was supposed to juice the number of active users in the last month by a large random number in the range of 50,000-100,000 or so. I refused saying I didn't want to lie to our customers. My boss said, "it's not for them, it's for the board". Which, needless to say, was even more reason to refuse.
They assigned it to another engineer. The new "feature" was deployed.
He forgot to round the random number. So let's just say the home page reported the number of active users with very fine precision.
It’s fun to imagine the implications of dramatically raising the standard for commercial speech, such that statements which intend to mislead are prohibited.
I’d argue that a simple law “companies may not lie to people,” with wide latitude for judges to define lying, would instantly and massively upend business for the better.
It would never get passed, though. The government relies on being able to force companies to lie to people for things like criminal investigations and so on.
I worked at a large online retailer in NL that got told they needed to change their delivery promise because that’s not a promise you can actually keep.
So it does happen, but probably not often enough.
I’m glad to hear that! It also lines up with my anecdotal experience overseeing a marketing department that Benelux, German, and Japanese teams were on the opposite end of the spectrum compared to American, Israeli, and Chinese teams with respect to “marketing bullshit” practices.
my point being i did some stuff on 'x' available, hurry now - and went. and they never had them, but the difference is that i traded a quantifiable unit (human life expectancy) vs those online that just annoyed people
Etsy users put things in their cart to bookmark them.
I haven't been there for six years now, but one of the problems I worked on at Etsy was getting people to stop using their cart as a bookmarking tool. While I was there I worked on the functionality to fave an item as well as the functionality to add items to a List of favorites. There was another tool called Treasuries for this purpose that we phased out, so there were at least three systems that Etsy built to try to help people keep track of items they like without putting them in their cart. I know when we introduced Lists, several colleagues and I worked on that functionality for a few months before it ever saw the light of day. Even so, users continued to put things in their cart "so they wouldn't forget them". It was a very frustrating result; this was the exact behavior we were hoping that Lists would eliminate.
It wouldn't surprise me if it's true that the item really is in that many carts. I would also agree that it's not useful or accurate information for you, another shopper, since an Etsy user "having it in their cart" is in many cases not a very strong signal that they will purchase the item in question. Inflating the number intentionally would definitely be a dark pattern. If that number is intentionally inflated or is known to be inaccurate or fictional, dark pattern for sure.
Whether the current functionality qualifies as a dark pattern or not is a lot harder to judge. Is it poor design? Yes. For sure. Is it harmful to the user? Again, I think yes.
Is it a dark pattern if you design something poorly unintentionally? Does that term measure intent or impact? In a legal context I would expect the measure to be intent, so in that context this is probably not a dark pattern, but HN is not a court of law, so in this context... probably yes?
> Inflating the number intentionally would be criminal fraud, plain and simple.
With the amount of Math.floor(Math.random() * 1000) out there, I doubt any case has proven this to be something you can bring charges against a company for.
I'm sure there is a lawyer somewhere that is counting their percentage from when they win the rain maker of cases that takes the industry down on this fact alone. If only Grisham would write that novel.
users continued to put things in their cart "so they wouldn't forget them". It was a very frustrating result; this was the exact behavior we were hoping that Lists would eliminate.
My wife does this, not just to Etsy, but on all kinds of e-commerce sites. So I apologize on her behalf.
I suspect that it's related that she's also one of those people who will never bookmark a web page. Instead, she keeps a hundred tabs open. I don't understand it. Some people are just wired that way.
Don't apologize. It's a pretty common practice. Some e-commerce vendors may not like it, because it disturbs their statistics or marketing shenanigans, but the error here is on their side - they assume that putting something in a cart is an intent to purchase. That assumption is wrong.
It's obvious why this happens. The shopping cart, as an e-commerce pattern, is a bookmarking tool. You put stuff there, it stays there while you browse the store for other stuff. If you step out for an hour and come back, things you added to the cart are still there. If you close the tab and open it later, the things are still there. If the price changes in between, it's updated. If an item goes out of stock, it's reflected on the cart screen. If it quacks and walks like a bookmarking tool, ...
The way for the e-commerce sites to stop it is obvious: put a time limit on the basket. Purge it if the user leaves it be for more than a couple hours. But for some reason, nobody seems to do that :).
As for the browser bookmarks, I also don't use them much (nor does anybody I know). They map badly to actual use cases. For short-term storage, tabs are perfect (especially when the browser saves them between restarts). For mid-to-long-term storage, you want to save your links where you can find them on any device, and often you also want to store them within the service itself (see also: stars on GitHub - they're not an expression of appreciation for the project, they're just bookmarks).
> stars on GitHub - they're not an expression of appreciation for the project, they're just bookmarks
Project maintainers often don’t think so. I think they should be just bookmarks and not a measure of popularity, better to hide the number of stars. It’d hopefully make some maintainers more humble and helpful. Maybe!
Amount of issues to infer how much library gets used? That might work, but it feels like amount of issues would depend very much on the complexity of the library itself. It would be great if this number was also on the main page then and it would be possible to sort by that, but it still feels iffy to use that.
And maybe in some cases you would like to know amount of issues per amount of stars.
With issue count if it's a simpler type of library you would imagine there are quite few issues, but you'd still like to know whether this library is validated by enough folks. If it has plenty of stars and very few issues, this seems to be indicative of a very good option.
Ideally you look at all signals, also download counts from packagist/other managers as well.
I just don't think it would be a valid idea to remove the star count in an attempt to make some folks more humbler. I doubt it would make maintainers more helpful.
I like how Amazon has a "public list" and "private list" by default, in addition to all the custom lists you can make.
Seems like the reasonable thing to do in the above case is to have a default "shopping list", and if someone puts an item into their cart and doesn't buy it within the allotted time, it gets automatically moved to the "shopping list". Make the shopping list highly visible on all the cart-related views. Problem solved?
I'm genuinely curious...what does she do when she wants to buy something then? From what you describe, she would have to remove all but what she wants, then re add everything.
I do this too. For most places I use it as a shopping list, and I just keep adding small things until I have enough for a bigger order, or until I get free delivery. Gotta save those bucks.
For places that sell expensive stuff like synths, guitars, tech stuff, I add it so I can see the total amount. Then I sleep on it. Sometimes more than one night. It might get bought along the way, so it's a great deterrent for impulse purchases.
> one of the problems I worked on at Etsy was getting people to stop using their cart as a bookmarking tool
I bookmark things in my cart in both Etsy and Reverb because the bookmarking requires an account, and I'm definitely not making one. But at least that doesn't seem to count in the "x users have this in their cart".
Intention doesn't need to be a part of defining a dark pattern. It is a dark pattern whether it was intended as such or not. However, intention could definitely be taken into account during sentencing/punishment decisions.
Anything attempting to falesly manipulate someone with FOMO should be punishable. If not with jail time, then heavy fines. If not that, they should be forced to do the GoT walk of shame.
I think the biggest dark pattern is social platforms holding the browser hostage instead of opening content in the users native browser app. Social media sites are built on user generated content. By keeping users in the app like this it puts the website at an inherent disadvantage and prevents them from providing a compelling first class experience that might compete with facebook for attention, due to their inherent parent child ui design.
Anti trust regulators came after Microsoft for deep bundling of functionality of browser and OS and I think they should do the same for facebook, google, reddit, etc. for the web view.
What is good about web sites trying to force users to use their app instead? That itself one of the worst dark patterns out there.
Edit: If my comment looks confusing, the comment I replied to has been edited. "compelling first class experience" is really a more vague term for "web sites being able to push their app on users"
While I agree this is a regrettable practice, the social media sites in question do the same thing too. The argument that Facebook is acting in users best interest by preventing websites from spamming users to use an app is incredibly self serving and not really all that believable.
I too wish it would go away, but both sites not having equal access the users in a similar way is anti competitive imo. Especially for businesses who increasingly need to participate on these platforms due to the fact that so many of their customers use their services.
I agree that this practice should go away - if you believe that, then the goal should be to eliminate this shady practice entirely, not try to make it more prevalent like you were suggesting before editing your comment.
> What is good about web sites trying to force users to use their app instead?
If you're asking from the point of view of the social media site, the "good" thing is that a native app can steal much more personal information than a website.
Also (at least on iOS), content blockers don't work in the in-app browsers that FB uses. It's coded differently than a SafariWebView (which _does_ get the content blockers). Being an ad company, it makes sense that they don't want users doing that.
All the video conferencing apps do this - Teams or Webex always try to download the app before they give you the option of using the browser unless you carefully navigate things.
I had an experience a couple of days ago with exactly this type of thing (I downloaded the comment form, and I'll send it in).
In this case, it nearly cost the app maker a sale (I doubt they'll go out of business on the loss of my sale. As it happened, they didn't actually lose the sale).
I wanted to ID some of the plants in my yard, looking for native vs. introduced, so I downloaded a couple of apps. One was a good one, but was really a "crowdsourced" one. I had to sign up for an account, and participate in a community. Not a showstopper; but not really what I was looking for. I'm into instant gratification.
The other one was an ML-type app that would analyze photos in realtime.
When I started it up, it immediately wanted me to get the in-app purchase to the "premium" version, which is actually a yearly subscription.
The dark pattern, was how they did that. They obfuscated and deprecated the navigation to the free variant. It was almost impossible to see the buttons behind the premium banner, and it was difficult to actually touch them.
At first, I immediately shitcanned the app, as I assumed that you were required to get a subscription before using it at all.
I did a bit more research, and everyone was saying it was a decent app, and that it could be used without the subscription.
So I tried it again. This time, I squinted, and found the links.
It worked really well. I'll be getting the subscription.
The moral of the story is that they were so big on a dark pattern, trying to force new users to start paying immediately, that they actually drive off sales. The app works well. They don't need to hide it. That's what apps that suck do. This app does not suck.
Have you tried Seek (https://www.inaturalist.org/pages/seek_app)? It's from iNaturalist, which might be the community-based one you found, but you can easily ignore the community stuff and use it without an account. Works pretty well, I recommend it.
I should also mention that this app is a battery hog, the likes of which I have never before encountered (and I include the Facebook app in that generalization). Just running it for about three minutes, knocks 2% off my battery.
>> The moral of the story is that they were so big on a dark pattern, I'll be getting the subscription.
> Yeah thanks for rewarding them for that.
That was not a nice thing to do -altering a quote, to make it appear as if I said something I didn't. I am leaving your response in its unmodified entirety, above.
Look, you have your opinion, I have mine, but It's a decent app. I will be providing feedback to them -as a paying subscriber, there's a good chance my feedback will be heard.
But the thing I have against dark patterns, is the same thing I have against what you did -it's dishonest.
Well, the only reason why the throwaway user was dishonest was because they didn't use ellipsis to indicate snipping content in between.
They're technically correct. The app used a dark pattern and you responded by subscribing. From their intents and purposes, the dark pattern did its job rather well.
That was not intended to be read as a literal quote or an attempt to make it appear as if you said something you didn't. That's a fairly common way of picking a message apart to make a point, on some parts of the internet. Sometimes people paraphrase instead of literally copying words (esp. if there's no good short sequence of words to borrow), but quote marks are still used. I wish we had a better notation for this. I'm sorry to have caused confusion.
Anyway, the point was just to express my disappointment in that people keep supporting a company even after complaining about their horrible dark patterns. And I don't really mean to single you out personally, it's everywhere: people complain and then keep using and rewarding the service(s) they complain about. IME this rarely leads to them becoming better over time, they just get worse over time because they can get away with it. Abuse users until the very end. It seems to work, we have so many users and more are rolling in!
Of course if you're actually giving them feedback, all the power to you. I respect your opinion too.
To give you an idea where I stand, a few days ago I was thinking of buying a keyboard for my workshop PC. I have a couple Planck EZs and they're decent keyboards. So I went over to the ZSA site, started reading about their new keyboard (Moonlander), and... MODAL POPUP ADVERTISING A MAGAZINE[1]! Now I remember the time when browsers started adding popup blockers built-in, and everyone (except scummy advertisers) rejoiced. So I find it disturbing, disgusting, and extremely disrespectful to bring back popups in the form of modals. I kinda try to put my money where my mouth is, so my reaction was to unsubscribe their magazine (the way they presented it when I bought my plancks wasn't so bad) and take my shopping elsewhere.
> That's a fairly common way of picking a message apart to make a point, on some parts of the internet. Sometimes people paraphrase instead of literally copying words (esp. if there's no good short sequence of words to borrow), but quote marks are still used.
Among people who can’t make their point with an accurate representation of someone else’s words. All the descriptive words for this behaviour are negative, for good reason. I suspect you know this, hence the throwaway account.
> I wish we had a better notation for this.
The better notation for this is not to do it, that’s why there is no notation for it.
> I'm sorry to have caused confusion.
I’m not sure HN is for you. Don’t do this again if you’re really sorry.
I believe that, as a software developer, I am constantly encountering the classic "Do $20,000 worth of work for me for free." If I refuse, it can sometimes get quite unpleasant.
As it so happens, I actually do a great deal of free software. The users can sometimes be a bit on the "knucklehead" side, but they usually respect my boundaries.
The people that don't, tend to be business owners. I sort of expect it, as a good business owner is always looking for every advantage they can. I can sometimes get rather peeved by their attitudes. Around these parts, business owners tend to be especially aggressive, and NY is known for a hyper-aggressive environment and culture.
The people that wrote the app do a valuable service. They trained up a fairly effective neural network. The apps are...OK. Not outstanding, but OK. They do get their primary function done pretty effectively. That took time and skill.
They want to be paid, and I don't begrudge them. I believe that supporting paid software is a moral imperative for me. I won't go about laying my values on other people, but I choose to have this attitude, and I like to follow it with action.
Sure. I think we mostly stand on the same line here.
I just tend to take hard stance against anything I find user hostile. Nagging, dark patterns, exploiting addictions, attempts at leeching personal information, lock-in, etcetra will quickly put you on my no buy list.
I think those things are evil at worst and a waste of time and resources (in a global, zero-sum way) at best, and long term we'd be better off if everyone rejected such behavior and put their money towards business that focuses solely on providing superb service without the abuse. Unfortunately these abusive practices tend to work as far as profit is concerned.. it's like tragedy of the commons, in a way.
I want to get paid too, and live in a nicer world.
For the record, there is a way to highlight changes. An ellipses denotes that material was left out. Brackets denote that something was changed. In either case, the intent should never be to alter what was said. Using yours as an example:
> That was not intended to be read as a literal quote...[It was intended to] paraphrase instead of literally copying words (esp. if there's no good short sequence of words to borrow), but quote marks are still used. I wish we had a better notation for this. I'm sorry to have caused confusion.
One example for sure is the endless CAPTCHAs you receive on virtually any large website when you attempt to connect from TOR. Each time you solve one it takes forever just to complain about how you spending several minutes selecting every 'light' suddenly isn't good enough to prove your humanity. You're not "checking if I'm human" 60 times in a row, you're blocking me for not wanting to be tracked on your website.
I experience this using Firefox temporary container extension, some other privacy extensions/settings, and a pihole. The worst bit is when it refuses to let you use an audio captcha; I can’t believe they’re allowed to take away accessibility on a whim. Not that it really makes much difference to the website but I’ll usually give up and maybe send them an email if I care enough to let them know that it’s not accessible.
The captcha where you slide the puzzle piece into place I’ve found is a much better user experience and presumably achieves the same goals (minus helping train image recognition). It’s a little bit ugly/looks like one of those spam interactive banner ads but I wish more sites used it anyway if they need protection.
I got that captcha somewhere recently, and I found the UX appaling as a first-time user.
"Slide the control to complete the picture". I interpreted it the first time as looking like the old iOS slide-to-unlock convention: "Once I slide the control over, it will complete the picture correctly." Now, this may be a well-intentioned accessibility thing, but it wasn't obvious that the slider was connected to the puzzle piece in the same way.
This was reinforced by the fact it was a bit janky on my entirely overkill rig, so the puzzle piece was moving out of synch with the slider until after I had overshot and failed the CAPTCHA.
I always wondered if we had much hard data on both the efficacy and the necessity of captchas. If you're not selling 3080s, you probably just need the most minimal deterrence to auto-scrapers-- the old "seven + 4 = " CAPTCHA probably does enough at a very low processing and accessibility cost.
For me, Cloudflare and hCaptcha walls are solved problems with things like Privacy Pass. It's Google's never-ending captcha system that prevents me from browsing the web. They continue refusing to support Privacy Pass like other big players for some reason that is certainly not related to free labor and going around US labor laws.
This is likely coming from reCAPTCHA itself. As another commenter noted reCAPTCHA is likely detecting a large amount of interaction originating from your particular exit node's IP. This flaw is Google's responsibility, not that of the site. It's less of a dark pattern than a common usage pattern being incorrectly interpreted as hostile.
I doubt this one would get any traction given there's no way to tell between between a human and a bot request when the past 10k requests from a single IP all hit within 10 seconds of each other, likely indicating a bot. They're not going to outlaw a solution to a real problem when there's no other solution besides requiring an account or otherwise decreasing user privacy.
I hate it when Linkedin or Lunchclub does a "connect your friends!" and you accidentally click a button and it literally launches spam invites for your entire address book.
Worst part is that NO ONE has ever called them out for such a dark pattern, but the pattern forces ppl to send unsolicited emails to their contacts AND pretends it's meant to be sent by the person.
This one is kind of on the os platform though. I can’t think of a legit use case where an app should get access to every single contact in my address book. This is incredibly personal information, and should be guarded better, perhaps by asking consent for each access and for each contact. The app should have to explain in detail why it wants access to a particular contact.
I accidentally signed into gmail via LinkedIn a while back and it caused me grief for months. I had to write a number of apologetic emails, and I’m still annoyed at LinkedIn -it’s been 13 years.
Which remind me that DP of Signal is not very usable unless you give it access to your contact. When you try to send message by number it will say Error, Request failed: client error (429).
Although not software, gym memberships are notorious for using all manner of slimy tactics to keep you paying. Online reps can't do anything, your local gym somehow never has a "manager" around who can do anything. You can "freeze" your account but then they can just arbitrarily unfreeze and start charging you again. Very close to having my CC company issue a charge-back to our local gym for fraud. Very shady and hopefully these can be made illegal.
There was a chain of gyms in Boston that famously required you to go there in person to cancel. When they closed due to COVID, they continued charging their members. The closure prevented members from both cancelling and making use of gym services.
That got shut down pretty quickly, but it's telling that they even thought they could get away with something so brazen.
The Economist magazine doesn’t let you cancel your online account online. You have to call. But they closed their call centers due to covid, so there is no way to cancel your account.
Yes! Cancelling my 24 Hour Fitness membership was a nightmare. I also found out that the name is not indicative of their 6 AM to 8 PM hours. Horrible experience all around.
I’m going through this with LA Fitness. They closed their location in downtown Bellevue, WA. The next closest location to me is many miles away, and I’m not going to take an Uber there $10 each way. I’ve been in person and was told to send them a form via mail. I did that 2 months ago. They charged me for March and they just slapped a charge end of April. I’ve called them, was told to come in person again, and told to send another form in the mail. I have no recourse, and I honestly pray these predatory, dishonest criminals have their entire company shut down.
It should be illegal for any gym to force you to come in their physical location or too require mailing in forms to cancel.
I just called my credit-card company to block a company playing similar shenanigans yesterday. The credit-card representative seemed to think it would work.
Many credit card using banks now offer "virtual" credit cards, which are one time or max amount or time-dependant expiring cc account numbers. These do a great job of neutralizing the abuse of power you get recurring payment dark patterns.
Yes, this is a terrible practice. When I wanted to cancel my Planet Fitness membership during the pandemic I ended up using a third-party service to cancel it for me. It was well worth the 1-time $14-or-so fee to another company to send the required letter. Could I have done it myself? Probably, but after dealing with them I just wanted to pay once and never have to think about it again, well worth it.
That's one option that always works, and people don't seem to get that. While it's scummy that you have to do it that way (that's obviously bollocks), this would also be the way to tell them to stop charging you if their customer support won't pick up, their email server rejects yours as spam, the web form is broken, that sort of shit (people elsewhere in the thread mention a million-and-one instances of this, not realizing that there is another way). Send them a letter and be done with it.
I think a more effective route forward here is for places like YC to set standards for their portfolio companies. Only the strongest investors can do this, but once they do, it will setup a new playing field and the YC brand could mean 'no dark patterns here' in the way that buying an Apple product signifies quality hardware and privacy. It could act as an 'integrity' label that companies purchasing software would use when evaluating new products. YC companies are better than most at this, but I've seen a few bad actors lately that have caused me to question whether its true across the board.
YC, like all companies, is a brand. It is already expressed by alumni when applying for a job. It is sought by employers as a mark of validation that the person works hard and fast and knows how to innovate.
As YC scales and graduates more companies, they want to optimize their return on investment. Those companies that graduate from YC want to make sure their companies raise capital at a premium when future fundraising and ultimately IPOing or being acquired. The YC network is a thing in the VC community and a mark of a high opportunity investment.
Today, some purchasing managers are aware of its alumni companies and use it as a litmus that the company is cutting edge and innovative. Maybe most don't. Since sales ultimately lead to higher company valuations, perhaps this is something YC would want to focus on?
I think this is less about yc aiming for customer brand recognition and more about doing the right thing for the companies which want yc funding, which will serve products to said customers.
Airbnb employs dark patterns for their booking process. The daily rate isn't the all-in cost for a booking. You have to open the detail page to get cleaning fees, etc that add up to 30% of the cost. It'd be challenging to get big, successful companies to buck the trend because it's too lucrative. Dark patterns exist for a reason, and it's not for consumer benefit.
The FTC should create a set of guidelines named for example "Good Software Design Practices" (either directly or through an industry standards body) which developers can follow voluntarily. Companies or bodies should then be able to rate software objectively based on the GSDP using a lay-public friendly star rating. The rating could be further broken up into sub-ratings for specific design sub-topics.
This could then become a default way for companies to self-appraise their software on distribution platforms. Anyone including distribution platforms should be able to validate such ratings based on certain objective criteria.
Connecting to an Azure AD / Office 365 account from a desktop application will pop up a dialog box with a small hidden blue link on the bottom left corner to "log in to this application only".
The big button in the usual OK position will let the organisation manage your device, including pushing software to it and remote wiping. Even if it's not their device. Even if you're just logging in to one app, one time.
Microsoft is blatantly using dark patterns to inflate their InTune numbers, at the expense of user privacy and choice.
One other interesting interaction I found was that the org can seemingly tie certain setting to your Windows activation key. I've been using an Education license to W10 on my school laptop and it has "Some of these settings are hidden or managed by your organization".
Are you sure this isn't related to any GPOs set by yourself? I remember the same thing happening on my Windows 10 Edu install when I setup GPO's to disable start menu internet search, telemetry, tracking, Cortana, etc.
The worst one is probably trying to make it hard for users to stop paying for a service, like cancelling a subscription. That shit should be punishable by literal prison time.
About 10yrs ago NBA did this to me. They made it impossible to cancel a $99/m sub.
Their instructions were login and go to the cancel button but the cancel button was broken and said call this number. But no one ever picked up the number.
I will never buy a NBA branded thing after that obvious bullshit scam.
New York Times does this also. As far as I can tell it's literally impossible to cancel a subscription. I had to close the card attached to my account.
I'm highly in favor of making this illegal. My credit card expired and I switched my NYT subscription from through their website to through Apple (so I could cancel), and they sent my account to collections! Working with the collections agency to get it removed was easy, however.
I guess the law that I would be in favor of is twofold:
1) You must be able to cancel subscriptions from the same website that you created it from. After you cancel, the subscription must last until the end date. (So you aren't forced to set a calendar reminder for the day before.)
2) Sending an account to collections falsely should carry a 100x penalty. If they make a mistake and their billing system sends your account worth $300 to collections, they pay a $30,000 fine. Should motivate someone to write some unit tests for that.
I would be in favor of a different approach: a merchant should not, under any circumstances, be able to remove money from an account, charge a credit card, or otherwise take money from someone without the explicit authorization of the customer. In this context, explicit means one of two things:
1. The customer intentionally authorized that specific transaction. A specific transaction means one transaction. If a merchant wants to use this approach, they need to ask for authorization each time they charge.
2. The merchant may register a subscription or other recurring charge arrangement with the customer’s bank or card provider. The customer must explicitly authorize this registration at the time it occurs and may, by contacting their bank, revoke the authorization at any time. The merchant may not recreate the authorization without the customer re-authorizing it at the time of creation.
Eventually, the whole pull model of money transfers needs to go away. Taking money from someone by knowing their account number is nonsensical and should not be possible.
>The merchant may register a subscription or other recurring charge arrangement with the customer’s bank or card provider.
An advantage of Direct Debits in the UK is that I see them all in my banking app and can cancel them individually. A company is legally required to gain my consent again before charging again.
I think the explicit authorization is the contract you sign that allows for the subscription. It's already pretty risky to loan people money, and your system makes it even riskier. (Consider the business model of cloud providers; you agree to pay for whatever you use, and then they charge you for last month's usage. If you could just not pay, then the business wouldn't really be viable. You'd have to figure out what you're going to use in advance, and pre-pay, and the consequences for getting it wrong by 1 cent would be unnecessary downtime. Cloud providers of course let you pre-pay at a discount, but having both pre-pay and post-pay make a lot of sense. But, we're all paying extra because of the people that walk away at the end of the month and don't pay their bill.)
It would be worthwhile to consider not letting "click agree" create a binding contract. I think I'm in favor of that.
I agree that things like newspapers don't need to be a subscription or have a contract. On the first of the month they should just pop up a dialog that asks if you still want the subscription, and if so, it charges your card for 1 month. I would certainly like that, but it does carry a risk on my end -- if they go out of business on the second of the month, I'm stuck paying for 29 days of the subscription I can't use.
Like I said, the big problem is not being able to cancel. That's why I buy subscriptions through Apple -- there's always a cancel button. I think we should make that mandatory for every subscription provider.
This is literally what “sending you a bill” is. They don’t need to have an upfront agreement to charge your card. They need an upfront agreement that you will pay for services used at the end of the month. This is standard invoicing that these companies already do just without automatically charging cards.
When you pay your medical bills it’s still an explicit payment.
So for newspapers and whatnot, the bill is the problem, not charging your credit card. You can close your credit card to stop the payment, but you can never get out of a contract you signed.
Businesses probably need contracts in order to function, but they are overused in business-to-consumer transactions. That's the underlying problem that we should solve -- you should be able to walk away, no questions asked, from paying for a newspaper or magazine.
I think there are a couple of issues. One is that most countries consider giant piles or fine print that no one reads to be binding contracts and that customers can’t credibly negotiate them. The other is that it’s far too easy for merchants to extract money from customers without the customers’ consent.
Attacking the latter might make a large difference even if the former remains unsolved. The New York Times can get away with making cancellation difficult because they have the power to unilaterally take money from their (former?) customers. But, if anyone could trivially revoke their authorization to charge them money, I doubt that the New York Times would actually try to sue or collect from their customers en masse. Sure, they could try, but that would be a fantastic way to piss everyone off and to recover very little money.
Though I’m skeptical of cryptocurrencies as a market, I’m very bullish on the technology long-term for use-cases like this. Having programmable money where every party is able to audit something like a smart contract and see how their deposited money will be treated is huge. We could effectively get rid of pull-model money transfers and instead relegate similar functionality to open smart contract pools.
Even worse! Now you don't have protection from your credit card company not redress through the courts.
You already have the ability to "audit" the EULA/ToS/PP; it's that link you never click next to the "I agree" button.
The powerful (in money, size, skill, fame, strength, etc.) always try to (ab)use systems to bully the weak. Smart contracts only amplify their ability to do so.
Why would a company, which (reasonably) declines to deploy its limited legal resources negotiating with each user, possibly be interested in deploying its limited engineering resources to negotiate a smart contract with each user—especially when one screw-up can "legally" bankrupt the company? (See The DAO.)
If there can be no negotiation, the options are:
1. You reject their terms and don't use the service.
2. You accept their terms and legally use the service.
3. They accept your terms and you legally use the service. (Usually too risky/costly for them.)
4. You reject their terms and illegally use the service anyway.
We could legalize option 4, but that is a very bold move—the equivalent of the Chicxulub impact on legal and business practices.
I'm always amazed reading that this isn't already the case in the US. In India, every charge requires SMS based 2fa. Starting a bank mandate (ECS/NACH) for automatic transfers needs me to physically sign a paper. It can be revoked any time by the user without any involvement of the receiving party, and can be done online as well.
> You must be able to cancel subscriptions from the same website that you created it from.
More to the point, it should be required that canceling/downgrading is as easy as or easier than signing up/upgrading. Want to offer 1-click-buy, you also need to offer 1-click-cancel.
I think unlimited recurring subscriptions should just not be allowed, period: all multipay plans should have a fixed & finite pay period, after which the service expires. Only the card holder has the unilateral right to re-establish the payments.
What if the user wants to cancel before the term is up? If that's allowed, there won't be discounts for annual plans. (Maybe not a bad thing, but maybe inefficient.)
They way to do this is to run the subscription though something like Google Play. Then you cancel it on Google's side.
Be wary if a company avoids Google. For example Tinder started forcing users to subscribe directly instead of using Google. This is because most people cancel almost immediately since once you subscribe you find all your matches are bots.
The entire purpose is to make it just hard enough so you think ohh it's only 10$ a month. Another trick is to offer a month free. Hulu does this. If you cancel on their website you get several pages which try to convince you to stay.
Google also makes it easy to manage all your subscriptions in one place. What is all this crap I'm paying for, I can quickly see what and delete it. Also I'm much more likely to try a service ( I'm studying Chinese right now and have used various apps) if I can do it via Google Play .
This is one of the few things that actually makes me happy with the closed ecosystem of the App Store on iOS. There's virtually no risk with subscriptions in there- they can all be canceled in a few clicks in the Subscriptions section of your Apple ID. And if something's straight up a scam or an accidental (but unconsumed) purchase, you can request a refund from Apple with rather little friction.
First-party trials annoy me since cancelation is instant, unlike trials from third-party apps (those cancel after the trial period if you cancel during). Fortunately, you can go to Report A Problem and just say you didn't mean to have the subscription charged and they'll refund it as long as it's a few days from the charge date.
I'd need to see the purchase page to fully form an opinion on this. Apple has rather strict guidelines for displaying cost and that appears to be one of the most important parts of app review. I'd equate someone being surprised by a subscription cost to someone not looking at menu prices when eating out: all purchases through the app store use the same sheet to display price, renewal period, free trial, etc when requesting payment.
Of course, the app's premise is a scam, but my comment was about the ease of canceling and managing subscriptions. Dare I say that apps like this would be even more bold and prevalent if alternative app stores were available.
There are also scams costing people money without using iOS, for example where the person is tricked into thinking they have a debt and sending thousands of dollars in cash to a random address[1]. What’s your point?
> Tinder started forcing users to subscribe directly instead of using Google. This is because most people cancel almost immediately since once you subscribe you find all your matches are bots.
More likely it's because Google takes a 30% cut. Adyen takes a ~4% cut. I still maintain that if Apple and Google took a 5% cut from their app stores, no one would have complained.
NY Magazine too. After renewing my subscription at 2x the original rate I paid, they made it incredibly difficult to cancel. When I called their customer support, they told me I had purchased my subscription through a third party so they couldn’t cancel it for me and I’d have to contact the third party.
Me: what’s their contact info? Agent: inquiries@nymag.com
Me: This is a third party but they have an NY Mag email address?
Agent: Yes.
Me: ... How are they a third party then?
Agent: One second, I’m transferring you to my supervisor.
Nothing turns me off a brand I like and want to support more than 1) autorenewals at 2x your intro price and 2) making cancellations both arbitrarily difficult and insulting.
I recently cancelled without any issue... by virtue of paying for it initially with Paypal, which makes it trivial to cancel the recurring payment on my end. When I called them to cancel, and they tried giving me a runaround, I interrupted to tell them I had already cancelled the payment anyway so they literally had no choice; then I hung up. No worries! I will never subscribe to anything that doesn't accept Paypal for payment, thereby giving me the last word in controlling said payment (yes, I know a credit card would allow this, only not as easily.)
I ran into this as well with NYT (grabbed a sub for election season only). You can cancel if you chat with someone during business hours - and immediately shoot down any attempt to to extend etc.
Related, I really hate Apple taking a permanent 30% cut of iOS subs, but I will use that route whenever possible. Canceling an iOS sub is always a painless single click experience from a known location. In fact I usually subscribe and immediately cancel so I’ll renew only if I actively choose to do so.
I also was able to easily cancel online a few months ago (not in California). I'm wondering if they changed their policies recently, in which case this complaint is out of date.
I ran into this myself 18 months ago. I had subscribed years ago online, but was unable to cancel online.
I informed the person who canceled my subscription over the phone that I'd never consider doing business with them again, unless they fixed the problem.
I hope it's fixed now! That'd be a great improvement
You can change your payment option to paypal, remove your card from NYT, then remove your card from paypal. They'll complain to you for a couple weeks, but they'll cancel it for you after a while after that.
My girlfriend and I were both able to cancel. The number worked for us, but we had to say no through a bunch of sales pitches before we got it successfully canceled.
It really does make you wonder that “the paper of record” deals in such immoral actions what else they are willing to compromise on. I seem to remember Pg being completely misrepresented by the same paper [1]. Maybe they are just really unethical people with a good brand.
People who want quality journalism pay for it. It comes up in the comments here a lot, how journalism has gotten lazy/bad because of the lack of money in doing it well. The solution is to pay those doing it well.
The problem is anyone can make a blog and there are a ton of good writers. The media used to be an exclusive club like Hollywood but now anyone can make their own news blog so there’s nothing special about NY times or any of the others except their name and possibly some unique information sources from their contacts. I have read many small news blogs that are better written than the major news outlets. They also don’t choke you down with intrusive ads and pop ups and give you paywalls just to read their version of the same story being reported on other blogs for free. Their days are numbered to be sure.
I do not know how it is in the US, but where I live those automatic subscriptions are cancelable (and usually refundable) by the user via the bank or credit card company if the company collecting it is not responding. This is very easy in the first 56 days and a bit harder afterwards. They can retry to collect but you can keep doing it. The idea is you send them a official letter telling them you revoke your authorization which they have to do, not adhering to that request is their problem not yours. Depending on the contract this might trigger fines or require you to front the entire bill at once but for normal recurring subscriptions this is not an issue and otherwise should be reasonable (paying a 'fine' higher than the total sum is not allowed for instance).
It's the same in the U.S. If you do this, the failed charges might be sent to collections agencies, but that doesn't usually matter much to lenders if it's a small subscription - although this $100/mo NBA charge might cause some issues.
I wonder if someone can start a service to facilitate this for people. So many dark patterns, so many opportunities to ease the transaction costs/friction of disentangling? ;)
American debit cards generally don't have these protections, but American credit cards absolutely do have robust consumer protection mechanisms.
It's also a pretty big negative mark for merchants that get charge-backs issued against them, if just a small percentage of people used charge backs to cancel these "subscriptions" it would make their processing fees skyrocket or even get them dropped by the major processors
Companies are required to provide California residents with an easy-to-use mechanism for cancelling subscriptions, and any subscription that you sign up for online must be cancellable online [1].
This actually works quite well. I've had no trouble cancelling any subscriptions in the past few years, including the New York Times, which took maybe 3 or 4 clicks from the account screen (IIRC, there was an optional "why are you cancelling?" screen, then they offered a discount, and that was it).
Just use Privacy's virtual cards to sign up for services. If a service doesn't let you cancel, just cancel the card itself. That's what I've been doing.
Of course, it's a different story if you signed some kind of contract, but for the pay-montly kind of things, it's a no brainer. You also keep your real cards number private in case the service gets hacked and Privacy doesn't seem to check the name, so you can give a fake name to the service.
If you're in the UK, EU, New Zealand, Australia, or Singapore, I found out yesterday that Wise (TransferWise) customers get 3 virtual cards free of charge [1][2].
I'd be interested to hear about any other UK/EU firms offering similar.
The worst I’ve seen was Nord VPN. Three or four modals / screens where the action to stop your subscription was the smaller, secondary UI element, almost not even noticeable. How a dev or PM can live with themselves while implementing that I have no idea.
My Nord subscription went from $5/month to $200/month recently. When I complained, the CSR told me to just cancel the account and sign up using the special offer link and a throwaway e-mail address.
That tells me there are deeper problems, and I'm not interested in doing business with that company.
Audible does not allow you to cancel through the app, and cancelling via the web takes you through two extra pages of customer retention, "Continue Cancelling", or similar.
I haven't used the Scribd app, but cancelling the service through the web similarly takes more than one extra page of customer retention "special offer" pages.
I signed up for a one month “free” trial of Scribd. I noticed they charged my card but I (wrongly) assumed it was a pre-authorization that would fall off before it ever actually hit my account. I liked Scribd okay but I felt I hadn’t really given it a fair shake during my trial month and figured I’d pay for this month, too and then decide whether I’d keep it. Woke up yesterday and checked my card statement for the month only to find out Scribd charged me for my “free” trial. Since I didn’t notice until my free month was up they charged me for this month, too. I cancelled this morning and had to go through one “special offer” page (for “Scribd Lite” @ $4.99/month IIRC).
I’m SOL on this month’s charges but you’d better believe I disputed the original charge with Amex. Scribd even sent me a “receipt” for my “free” trial showing a total of $0.00 at the exact time they charged me $9.99.
It’s just bad business. I should have heeded the many warnings about Scribd’s deceptive billing and now they’ve added yet another unhappy customer who will complain about their shady business practices at every opportunity I get.
If a company makes it difficult to cancel, you can always talk to your card issuer. They are required to allow you to stop all future payments to a recipient but may force you to request this in writing.
However in my experience, you can usually accomplish it with a phone call and can often dispute the most recent charge as well.
IMHO, chargebacks are the best way to fight back against companies that use dark patterns in their billing/cancelation process.
And getting a new credit card used to be a reliable failsafe to stop getting billed for a hard-to-cancel service, but not so if the subscription agreement allows for automatic updating:
If it takes more than a couple of clicks from the accounts section, or so ambiguously states the cancellation process that it suddenly seems hazardous, then I just cancel the temporary privacy.com card.
Good example of this is where you can only unsubscribe via phone so they can route you to a 'specialist' that attempts to talk you out of it. i.e. you can subscribe via software but but unsubscribe via phone.
Hah. Literally an hour ago I fat-fingered the “Sign up to Amazon Music!” button in the Amazon Music App on my phone whilst putting the phone in my pocket.
To be fair to Amazon though, they do let you cancel the subscription online with no bullshit & you still get to keep the 90 day free trial -- presumably they hope you’ll like the service enough to decide to pay for it anyway.
(The worst example I know of this “single button press sign-up” pattern was Nassim Taleb accidentally signing up to pay for a software upgrade to his Tesla in the Tesla App that cost $1000s & having no way to undo it except shouting loudly at Tesla / Elon Musk on Twitter.)
Let's not give Amazon a free ride, cancelling the Prime trial was some real bullshit last time I tried.
The option was hidden behind several pages of "Here's what you'll miss out on" and "You still have x days remaining, why not check out these shows" and "confirm" buttons with slightly different position/text/color.
No kidding! I copy/pasted my HN comment verbatim, as it was also a question to verify if a tracker that runs constantly that isn't able to be blocked by domain counts as a Dark Pattern.
I can't believe that the Microsoft Teams software automatically reinstalls itself in my login items every time I open it. I don't use it often — mostly when I have calls with people at Microsoft — but this happens without fail every time.
As far as I'm concerned, this makes the Teams software malware. I have never had any other software that repeatedly put itself into my login items that wasn't clearly malware. If I worked on Teams, I would be embarrassed.
The worst one is a tool that lets you invest a lot of time in creating a result, then refuses to let you see/download/print/submit it without creating an account. This requirement is not disclosed until you have invested a lot of time in the product.
This is very common with price calculators and online image editors.
This is a very common theme in many resumé websites, preying on people desperate for work.
They won't prompt you to pay a dime, but will let you design and write up your perfect resumé for over an hour... All before charging you $x for a one-time download or losing it all.
Connecting to a Microsoft Teams of Office work account from home gives you the fantastic "Use this account everywhere on your device".
It has 4 effective choices [0] with no clue about what's going to happen to your windows account and what data or remote control permissions will be sent to your organization.
An e-commerce website that offers a subscription page for signup but requires you to contact customer service by phone or email in order for you to cancel. Went through this recently with Bespoke Post. I sent the cancellation email, their customer service person replied saying that they would instead suspend my subscription for three months, and required me to send them another email.
I'd LOVE to see an FTC rule that requires companies who take subscriptions by web have link on the account page to unsubscribe by web.
I don't know if this counts as a dark pattern but it really ticked me off when this happened: when YouTube on iPad changed to require a paid subscription to play content while the screen is turned off. What kind of fresh hell is that? I have to pay to use a hardware feature? What's the next move, requiring me to purchase a subscription to adjust the volume or the screen brightness?
Actually this reminds me of another annoyance: playing ads at a higher volume than the content. I tend to listen to content very softly to prevent hearing loss, and whenever an ad comes on I find myself turning the volume down, only to turn it up again when the content comes back.
Thank you for posting this because that's the dark pattern that I was trying to remember myself. This one has aggravated me beyond anything else on the entire internet. I hope for the return of newpipe soon.
The dark pattern I've been seeing a lot lately is billing services trying to make you go paperless. I've seen all sorts of dark patterns around it, from subtle things such as it being the second of three options where you need to check options 1 and 3 every month, to it literally being checked by default and buried in the middle of a "we are just checking up on you to make sure you have all your options set correctly" splash screen.
Genuine question: why'd you want bills to be shipped on paper? Is there some legal requirement to keep paper records in the USA and you don't want to have to own a printer or something?
Every time I get a paper bill I'm annoyed, like, just send me an email, then I drag it into the right folder and it's done. Speedy, sortable, searchable. (Of course you will want to have back-ups, but one generally wants backups for one's files anyway.) The weirdest instance of this is my electricity company that has a fairly high price but also invests in renewable energy and they send me paper bills. Like, they of all companies should get that I don't want someone to drive to my house to deliver information that, usually, I already knew about anyway. Dutch tax office also takes their time to send me letters from abroad... two weeks after I already received it digitally and opened it. They can see I read it on their website, but they still post a physical letter more than a week later. And it always contains "you owe us nothing & we owe you nothing" because I don't live/work there anymore. So stupid, I hate letters, so I'm really curious why you'd want this!
For me personally, my wife is an immigrant so a paper trail is important. Before that though, I think there was a time where companies didn't email out the records, so they'd keep the records for a year or two and then you would lose access to them, but the IRS wants several years if you get audited. Nowadays though, if it wasn't for my personal situation then I probably would have switched to saving off a digital record.
Yup, I've been fooled into going paperless on my utility bills a number of times. No idea how I did it, AND they often get "confused" when you want to restore paper service. I've had to call PG&E a number of times recently and they still are failing to send paper bills.
Am I the only one who thinks its crazy it has taken them this long to do anything about this? This has been a real problem for well over 20 years.
Anyone else remember internet explorer toolbars? So many installers would include these, and avoiding installing them became progressively more difficult over time. They started with a simple checkbox that was enabled by default (bad enough if you ask me), then progressed to hiding the checkbox behind a button labeled 'Advanced Settings' or similar, then progressed to popping up another dialog that looked like another step in the install process, but required you to press 'cancel' to not install the toolbar and go back to the regular installer. There are probably many more worse examples, but this is all that springs to mind at the moment.
To an advanced user, these didn't seem like much - until you tried to use your grandma's computer and realized there were 10 toolbars installed...
Most consumers really don't care since they can just buy an iPhone and call it a day, largely distancing themselves from most dark patterns (which doesn't eliminate them). Maybe leadership or culture in the agencies involved has changed to the point where they'll actually look out for consumers before they start complaining on such a large scale.
Love the delightful conversation we're having here about dark patterns. I find them personally disgusting and I allocate a specific amount of time on a biweekly basis to have personal retrospectives on what services I am not using/have realized I hate using, so it's great that the FTC is stepping up on this front.
That being said, remember the Cobra effect and that trying to combat one problem can cause an immediately perverse, unintended consequence when you try to solve a problem in this manner. Maybe I'm misusing concepts a bit but in my thinking -
perhaps exposing all the immediately obvious "Dark Patterns" as they are perceived now will lead to immediate ingestion of this newly found consumer-originating response set (like this post) which will potentially enable the alleged actors in question who engage in these actions to be even better equipped at creating new, dare I say, darker patterns
"renewing," card billing cycles. LinkedIn advertising "renewed" the amount of my fixed ad spend multiple times, turning a ~$200 spend into almost $2,000 WITHOUT an email notification.
I did not discover it until I got my credit card bill. They use their internal support interface web tool to manage the support commitments to customers, so they memoryholed their reps commitment to refund my money, which they did not.
Any other so-called subscription services need at LEAST as much consent from you to bill you as they do to add and remove you from mailing lists.
i think there are some rather great comments/examples of Dark Patterns in this thread and I just want to remind everyone to also submit those as public comment to the FTC! Just posting it on HN won't get it in front of the people who can make a difference!
Push notifications and their subtle ability to form usage habits (see notification -> open app -> browse feed) is a "Dark Pattern" that is used all across the consumer app industry. You can tell how focused a company is on growth and engagement by how many notifications you get a day (Clubhouse for instance slammed me with notifications until I shut them off).
Clubhouse has one of the worst notification management systems ever.
There’s no way to select specific notifications you want (e.g. person you follow starts a room). Instead you get inundated with useless notifications about random rooms.
Great I'm going to submit one about how the Apple iOS store forces you to get rid of your old devices and buy new ones.
They make it extremely inconvenient to find out which apps are supported on your device. They don't hide the apps that aren't, so you are forced to download the app and wait to check to see if it's compatible or not.
I think this falls a little below the level of what should be a federal crime. It's an annoying usability issue, but ultimately which devices are supported is up to individual developers and not Apple. (It cuts both ways: there are some apps that aren't updated to run on the newest devices. So you could take that as Apple encouraging you to keep your old device and to NOT upgrade.)
Think about it this way: you want to haul Apple into federal court because they poorly cache app store search results on a CDN. The DoJ will have to hire new expert attorneys to prosecute this, and it could take years. That means they either stop prosecuting other federal crimes while working on that one, or your taxes increase to pay the new attorneys necessary for this case. The ultimate outcome for Apple will be paying some tiny fine that probably is less than a year's salary for a software engineer and being forced to fix their CDN setup, while the taxpayers pay millions of dollars. Best case. The worst case could be years of legal costs for the government, and absolutely nothing in return for the taxpayers.
I think you have to choose your battles, and this isn't the pick. Consumers aren't getting severely fucked, it's just kind of annoying to some people. We can use our limited tax dollars more effectively.
>So you could take that as Apple encouraging you to keep your old device and to NOT upgrade.
Does Apple show you apps that won't run on the newest devices/OS versions in the app store?
>It's an annoying usability issue, but ultimately which devices are supported is up to individual developers and not Apple.
But Apple runs the store, so the onus on them is to present the store in a way that gives me what is compatible with my device. When I go to the physical store, I don't expect to find kid's sizes in the adult clothing section (and vice versa). Even if the "clothing developer" in question only makes child sized clothes.
>prosecute
Whoa, hold on. We're in a thread asking for public comment on dark patterns.
Look at point 6 in the event announcement PDF:
> What harms do dark patterns pose to consumers or competition? For example, do certain dark patterns lead consumers to purchase products or services that they might not
otherwise have purchased, pay for products or services without knowing or intending to, provide personal information, waste time, spend more on a particular product or service, remain enrolled in a service they might otherwise cancel, or develop harmful usage habits?
(emphasis mine)
>Consumers aren't getting severely fucked, it's just kind of annoying to some people.
Sorry, I'm not understanding your point. Most dark patterns don't severely fuck anyone and are just kind of annoying to some people. I think that's the point of this FTC public comment - to get a consensus on what dark patterns are.
>The App Store doesn’t let me download apps that are not compatible with my device.
Let's not split hairs over this.
I just got rid of my iPad that does. You tap "get" on the app and after doing something for 5-10 seconds it pops up a modal that says it's not compatible.
Why was the app store showing apps to me that are not compatible or, rather, why was there no way to filter out the ones that are not compatible?
I’m not sure what I want with this - on MacOS it’s goddamn infuriating trying to download an OS that you want to install on a machine that isn’t the one you are browsing from.
You can’t just use the App Store and end up doing all sorts of horrible things.
I’ve commented on this before and had people send me links that show you can do it in the US App Store, but I can’t from NZ.
Oh are you talking about how you how certain things are hidden from search in the macOS app store? I found that annoying too. I had an old machine that I wanted to upgrade to Catalina and searching through the app store gave no results. Some how I found this link[0] and it magically brings me to macOS Catalina in the app store. Why didn't it come up in the search?
You aren’t being forced to do anything. Apple already supports their devices much longer than the industry standard. If you don’t like Apple stop using their products.
Everything you said is true but it still has no bearing on the fact that it's a dark pattern to make it inconvenient to have an old device. They have the means and technology to filter out incompatible apps, but they've decided not provide it.
There's a "Compatibility" section under each app which tells you whether it works on your device. You can also click on it so it tells you exactly which OS versions are supported.
So instead of filtering it out or graying out the "get" button, I need to click on the link in the app store and find the compatibility section (the last part of the page) to find out if it's compatible?
It's been a looooong time since I've had this issue, but I distinctly remember the "get" being grayed out (for example, gps-dependent apps on a non gps-enabled iPad). Has this regressed?
Yes. It's regressed. This video [0] is an example of what happens, EXCEPT on mine the pause was considerably longer before the "unable to purchase" pop up came up.
[0]: https://youtu.be/lMMrU732w6Q?t=82 (and if you look at the comments, you can see that I'm not the only consumer frustrated by this issue)
As a user, I should be able to have the experience of browsing an app store with only apps that are compatible with my device and OS version. As a user and average consumer, it was not obvious to me that there was a compatibility section at all because I have to scroll past reviews and app privacy to get that information.
This thread is a very good example of the bystander effect. There are currently 419 comments on this Hacker News thread, yet only 16 comments on regulations.gov.
It is possible to make anonymous comments on regulations.gov, which I think leaves no good reasons not to post your comments there if you want them to be heard.
Here is what I wrote:
There are straightforward language and practices that the FTC should mandate for online purchases.
1. The FIRST option in any screen or sequence that could result in a purchase must be affirmatively worded to clearly indicate a purchase is being made or a transition to a screen to purchase will be initiated by choosing that option. The word YES shall be included in any option to buy.
2. If second or subsequent options also initiate a purchase, they must similarly be affirmatively worded.
3. All sequences must TERMINATE with a negatively worded decline option, in the SAME font, size and style. 1-3 seek to enforce a standard wherein consumers can EXPECT the first and intermediate options to be BUYING options, and the last option to be a DECLINING option.
4. Double negative wording is not allowed.
5. Check boxes shall NEVER be pre-filled in. Use check boxes, they must all be blank. In general, an action by the consumer shall never be required to cancel a preinserted assent.
6. Purchasing screen. At some point, a screen is arrived at where the purchaser’s credit or bank information is obtained, and the purchase completed. Wording near the TOP of this screen, and in the LARGEST font visible on this screen must reinforce to the consumer that she is about to make a purchase. (Banks and airlines, which incur significant costs to correct purchases or payments consumers consider incorrect, are an excellent source of ideas for this screen.)
A roughly 70% solution is to mandate WCAG 2.1 AA conformance. After that the problems largely distill down to misleading and deceptive content. Deceptive content resulting in a financial harm not as a result of a technical defect is fraud.
How to prove fraud in court? Easy, make them liable for presenting accessibility conformance against the issue in question. The defendant only has to demonstrate a good faith effort to account for and correct the issue, but if they cannot do that, because fraud is intentional, take them to the cleaners.
airbnb issues refunds as credit. when you go to book a place, the default option to pay is "pay half now, half later". the trick is, they don't let you use credit for the 2nd payment. users can only find this by digging through the rules. currently dealing with this as I am just trying to use my credit due to covid cancellations (credits also EXPIRE after a year)
there's also no way to check your credit balance until you're at the payment step of a new booking. you have to ask support to tell you how much you have and when it expires. absolutely insane
AirBnB doesn’t show what the place actually costs until you get to the “Reserve” screen. Then the cleaning fee, service fee, occupancy fees and taxes are added up. I’ve seen it literally double the advertised price.
I’ve used AirBnB heavily over the past few years and am a huge fan of the business model in general. But, I view this practice as borderline unethical. I’m sure it A/B tests well, but it’s super annoying having to make several extra clicks just to see what you’re actually going to pay for the place at checkout.
I’ve noticed recently that many of the places on Airbnb are also listed on VRBO, and usually cheaper for some reason. VRBO also lets you filter by total price from the start.
Worst dark pattern IMHO these days is the free trial that requires a credit card and rolls right into subscription, especially when it defaults to annual and there’s an early cancellation fee. Canceling subscriptions is also a labyrinth that differs by site.
I confess that I don't really understand what is going on with the script running constantly behind the scenes in the PlantUML login page [0].
It seems to be constantly sending GET requests to a tracking pixel with data passed through a query in the URL; it seems to be either tracking or profiling (maybe even mining?). After some googling, this may be part of Ezoic [1], a forward proxy tracker.
Since it is a locally-hosted script, it would be hard to block by domain name alone.
Circumventing Legal Regulation by proxy: It is now illegal for an ISP to charge a modem rental fee if you are not using their modem. My Internet provider (Comcast) circumvents this by tying a bundled subscription (security monitoring) to the rented modem. If I use their rented modem I get the "Internet+security monitoring" bundled plan at a "discount rate" of aprox $80/mth (plus $15/mth for modem rental). If I do not use their rented modem, I do not qualify for the discounted bundled plan. A plain "Internet only" plan is $180/mth.
Most of those dark patterns revolve around stealing personal data to sell it to data brokers, sometimes accompanied by extortion to give more of that data. If a big international corp made money by stealing bicycles or cars, its execs would quickly end up in prison, but this is what's happening right now in the internet. If our politicians had balls and moral, they would make it a crime to steal PII, unless the firm has a contract with the customer signed by ink, not transferrable, expiring in a year at most, with gov entities exempt. Unfortunately, PII theft has become the backbone of the modern economy.
Honestly all websites should support a no-script, static version to prevent 90% of the webs BS. We used to be able to view sites with JavaScript disabled and actually things would work.
Also, instead of arbitrary cookies why not standardize authentication/authorization security mechanisms to avoid having those stupid cookie pop ups.
At this point there are common web pattern which separates the essentials from the BS—so why not get rid of the BS and keep the good stuff?
Well it’s quite clear that none of the commenters so far have read the document they’re commenting on and almost none of them seem able to distinguish between “software” and the internet.
And I can’t say I blame them. I know the fenty website isn’t software but what about facebook and amazon? I don’t really consider them software but I suppose most of their users access the site(s) through iOS and android apps which I would consider software.
You know, I really don’t know! I guess I would consider them documents - akin to a pdf with javascript enabled or an excel file that uses macros. But perhaps that’s a dated point of view?
Wow, talk about a dark pattern: [1], all checks but the necessary ones are checked by default, which looks good, but then the big green button will check and accept them anyway! So the primary option negates the standard settings! I almost fell for it but I'm getting better and better at catching myself.
It's the new online advertisement. I remember my grandma being completely flustered by all the "you're the 10.000th visitor" flashy stuff and my brain ignored it completely. In this vain my brain now hunts for that button that does not really look like a button but just enough to identify it as a button. That is the one to hit.
How about hiding user comments behind a click so that you can’t read multiple comments at once? How about requiring unnecessary PII to solicit feedback? How about presenting a redundant set of vague and unnecessary elements like a “Comment ID” AND a “Tracking Number”?
Leave it to the federal government to utilize three dark patterns on a website soliciting feedback on the very subject.
When creating a member account within AWS Organization it asks for root account email, this address is never validated before account is created. If you made a typo in that email and it happen to be on a valid domain you have no access to, then it is impossible to close that account and support is refusing to do anyhing, even if you contact them immediately.
I dislike it when companies allow you to sign up via mobile, but then dont allow you to cancel via the mobile app.
I had this with Hello Fresh, where I had to log in on web to cancel (which I had never done before) - seemed quite annoying and I decided to never use the service again for that reason alone.
Would companies that promise “securing your iPhone” count as a dark pattern? They just seem to trick people into thinking their phone is vulnerable and can only be protected by their software instead of an OTA update.
Maybe? We'll see what happens when/if they actually try. Lobbyists' phones are probably going off right now with big tech trying to spur them into action.
You're mixing up two completely different meanings of "unsubscribe". Gmail's unsubscribe feature is to stop you from getting emails from a mailing list. It's powerless against recurring payments.
Disgusting pop-ups are a side effect that help to demonstrate the problem. That's not the fault of GDPR. That's the fault of companies that (think they) are outside of the jurisdiction of GDPR.
> how they affect consumer behavior, including potential harms
I'd consider a dark pattern links to terms of use, privacy policies etc. which are not on the same page, which are easy enough to not read before agreeing and which are written in a way which could be misunderstood.
If something is important, it should be presented in a way which would leave little to the chance of not getting the information - it should be unimportant to be able to avoid it.
On the other hand, the paper version of that is widely used as well, so I don't hold my breath.
“Non profit” organizations employ dark patterns as well. The Burning Man Organization had a stack of them, even iterated on them last year trying to avoid refunding ticket money.
Is this a dark pattern? I'm ok with shadow bans if they're reserved for those egregiously abusive users who ruin the community for everyone else. Let them shout into the void.
I think it is dark to show you your comment as if it's not removed, and many say shadow removals are overused (see "what people say" [1]). Only the mods know it works this way.
FTC website falls victim to the darkest pattern of all: relying on javascript to manipulate html elements, so this is just a blank page; yet another anti-HTML site.
Dark patterns aren't fundamentally new, they've just recently taken on a new form in software. An example of an old dark pattern was that a company would simply mail people unsolicited merchandise, and then bill them an inflated price for it if it wasn't returned. In that case, the (US) law was changed to specify that any such unsolicited shipment is presumed to be a gift and the sender is not entitled to payment for it.
The FTC has been dealing with this kind of crap for over a century. The key is that this is in the context of advertising and trade practices, not viewpoint or artistic style. You'll still be able to include fictional dark patterns in your post-cyberpunk visual novel if you want to.
The same way one can outlaw murder and other crimes. Not sure I understand the question.
Outlawing means it can still happen, but you have to enforce, investigate, catch the perpetrator, go to trial, and punish in a way. Or just apply a fine that you can appeal.
This might not belong here but I think there's something to be said for the changes Google makes and is currently making around Performance and Page Ranking. Black box bullsh!t metrics forcing everyone to appease the magical algorithms in their highly questionable tool. Their own framework fails here significantly.
Instagram drives me nuts when you tap the search icon, then the text input, then it immediately hides your keyboard so you have to tap the text input again.
Presumably what it's doing is trying to get you to select their recommended content instead of searching for whatever you are looking for.
This might be a bit contentious, but there's no top-level comment starting the discussion about regulation of UX patterns. My concerns are mostly those that could apply to related regulation (cookies, internet traffic, etc.), but I'm wondering about other perspectives
Do we count neuromarketing activities like "5 people watching this product right now" (aka Scarcity Effect) or "this discount ends in 2 hours" and etc. (aka Loss Aversion) as a dark pattern? Or it still praised as a "growth hacking"
I did not decide if I submit it there yet, but my current, and more common annoyance is with random, unwanted and unneeded items added to my cart sneakily at the end of the checkout process. Edible arrangements, flower places are the worst with this kind of behavior.
It's really no different from the deceptive advertising, food labels, etc. that were rampant at the beginning of the 20th century. I'm glad we appear to still have functioning regulatory bodies to deal with the new incarnations of the same old schemes.
Nope. Not sarcasm. I'm going through each of the kiddo's tablets and cataloging every dark pattern, in every game. Then I'm writing up the details of our nightmare with PayPal, the couple of financial institutions I've had nightmares getting things closed out from, and possibly even chucking in a few examples of contact template language that I think qualify like "To opt out, send a hand-signed letter to yada-yada...".
I'm so tired of malicious compliance, hidden or disguised unsubscribe links, and complete disregard for the burden imposed on consumers.
Gacha games, loot boxes, that type of thing.
Basically everything listed here.
I've come to realize these types of "Dark Patterns" exist in way more than just UI's. Businesses often find ways of leveraging the fruits of them for alternate revenue streams.
I'm sure there are academics out there who'll nail down the white paper aspect, butI tend to try to supply a boots on the ground eye-view since I spend a lot of time trying to teach people what to look out for, and why it's a problem.
How about the oldie but goodie of cable companies/utilities/etc. turning off auto pay for your last bill, in the hopes you miss it in a move and get to ding you with late fees.
The best example of a dark pattern for me is Google's privacy settings.
Such a ridiculously convoluted and unintuitive process. The polar opposite of everything else they try to do.
I put in one for their own use of recaptcha. Unfairly punishes people who want to stay anonymous, and people who are disabled... All the while enriches a private companies AI.
What is the most reasonable way that "we" and people like us on HN could do to prevent Dark Patterns as they are right now? Maybe the FTC will prevent some in the future, maybe they won't, I don't put much hope into it. Lawmaking on the internet right now is a mess, and GDPR whilst it might have had good intents ended up being a big mistake imo. (Certainly the whole consent-cookie thing is a mistake)
We can all promise not to implement Dark Patterns in the software we write. But the good old "personal boycott" isn't really working, and hasn't really been working since forever. If for example Youtube won't allow you to turn off your screen on a mobile device, unless you buy premium (turning off the screen is a hardware feature, not a website feature), then the solution isn't really to stop using Youtube. There isn't an alternative.
Man, when I think about this stuff I can get kinda jaded. Antidotes like youtube-dl, or ublock origin work, but they only work for "us", and not everyone else who has to live in the Dark Pattern hellhole that the internet is turning into. I meet people who have never heard of an adblocker, still in 2021.
And even if "we" all stop implementing Dark Patterns, there will be plenty of other cheap hires who will gladly implement the same features when we refuse to do that kind of stuff. And if you're in a bad enough spot it would leave you out of work even. What if there was some kind of union? Like say something called "union of ethical software", which may more technically be a international non-profit rather than a union, which does a few different things:
1) Establishes open standards for how things should work, in regards to "ethical software", rather than say technical standards.
2) Has a donation fund which funds
A) A small team of lawyers/tech-people, who will on a strategic basis defend cases where an employee might end up in trouble refusing to implement features which are in conflict with 1). Not to primarily save employees, but to primarily scare tech-giants from going for the "do it or ill fire you stick immediately".
B) A small team of educators and speakers, who would spend time creating educational content and essentially political content as to garner public opinion in favor of all this, the types of people to appear on say TV during a big case against for example Google.
I'm just throwing ideas at the wall here though. Saw another comment here about living in a off-grid cabin. That sounds very nice, and better each day.
...The ESITF, Ethical Standards for Information Technology Foundation. Did it have a ring?
I was shopping on Eddie Bauer about 15 minutes ago. They have a great deal on t-shirts and shorts, which they plastered all over the page. It works like this - the more items you buy, you get a bigger discount.
Great - that makes sense. But there’s a catch. If I shop in a store, I simply go to the counter, get the discount upon checkout, pay, and I’m on my way.
On their website, I have to use a promo code. So I have to remember what the promo code was and enter it at checkout. Okay — that seems kind of like a dark pattern.
Here’s where they lost my trust. By the time I got to the checkout page, they asked for all my shipping and billing details and then gave me the final purchase button. I just happened to then realize that wait — I was supposed to enter in a promo code! So then I had to back out to find the promo code again, and on checkout, I have to scroll down a full screens worth of real estate BELOW the purchase button to enter the promo code.
So they advertise the discount up front but then use shady tactics hoping I either forget to use the promo code or even if I want to, I give up trying to find it and just pay full price.
Needless to say I decided not to purchase from them. It’s dishonest and not worthy of my business.
I'm thinking that that guy on youtube who builds cabins from scratch in Canada with the charming Golden Retriever ('My Self Reliance') probably has the right idea. Maybe the right answer is a terminal that does email, banking, and Amazon.
Because they are one of the few internet companies that I find actually useful. If you live in a rural area, there's really no other way. A new PC, a floor jack, large book store, decent boots, are all 60 miles away. Of course, Amazon caused part of the retail desert, although I'd mostly blame box stores (and the Sears catalog before that).
With the sites I named, I think my life would trundle on pretty much unchanged. Maybe Usenet could be added to the list for the odd bit of online socializing.
While I'm designing my personal minimal internet, I'd add that all the interfaces were text based. Potentially a person could bolt on a low/no vision voice-based front-end.
Before the Sears catalog you instead had local monopolies by general store owners who could be absolute tyrants since there weren’t any cars. Getting what you need has always been difficult unless you literally live where it’s being made, which these days is Shenzhen or Guangzhou or somewhere like that.
The Rise and Fall of American Growth [0] is a fascinating book that talks about how much the Sears catalog revolutionized commerce in rural America.
How can you bemoan what the internet has become and support Amazon in the comment?
Amazon is a lifeline for people who live in remote places, which is what I think he means by cabins in Canada.
Amazon is the new Sears Catalog, enabling people who live pretty much anywhere in North America to buy things quickly and safely that are not available to them any other way.
Pre-pandemic I spent a lot of time with people who live in places where a "supermarket run" happens every other month, when the person with the largest truck drives three hours to the nearest Costco to fill ten grocery lists for all the neighbors. Amazon handles the days in between.
Amazon annoys the living daylights out of me, but that's because of usability issues, not because of deceptive or intentionally-misleading practices. What are the ones you're thinking of?
If anything, Amazon's incompetence at search screws them out of sales they would otherwise make. Their "dark patterns" are all aimed at their own foot.
Amazon is the best thing that every happened on the web. I know people here hate it, and in the US apparently it has an issue with fake goods, haven't had any think like that happen to me here in Europe.
I can buy just about anything from one shop and have it arrive at my door. The weirdest combos ever. An HDMI cable and cat food? Yes sir that will be on your doorstep next monday. A #2 screw driver and a new bag for my vacum cleaner? A bag pack, a pair of pants and a flash light? Right you go.
I no longer have to go out to small shops and find the item I want, saving me a ton of time. Plus so, so many books.
Maybe it is different in the US where you have wallmart, but here I have to source things from different online shops, which takes time, is annoying an results in higher fees, plus I don't know which shops are any good.
Unpopular opinion, but as a developer I'm OK with using dark patterns for a certain projects when it comes to pricing, but not to churn prevention.
In niches with low margins and high competition, dark patterns are one of the few chances to survive and make money (ticket aggregators, hotel aggregations)
The user can pay $10 or $15 depends on how you communicate the value almost with the same set of features. However, for the product, the difference affects the business model and the unit economy dramatically.
Of course, subscription cancelling penalties sucks and should be ban.
> I'm OK with using dark patterns for a certain projects when it comes to pricing
You're right, it's an unpopular opinion. If you're in a niche where you have to use dark patterns to survive, grow a conscience and find a different niche.
Websites need to ask for consent before sending system notifications via the Notifications API. If a user declines, that website is blocked from asking again (for obvious reasons)
But many websites cheat this by showing a fake consent popup designed to mimic what the browser would show. If a user clicks "Decline" on the fake popup, the website won't show the real one to avoid being blocked. So the next time you visit the site, they'll be able to show you that popup again as many times as they want.
If a user finally clicks "Accept" on the fake popup (out of frustration probably) then they'll show the real popup. To most people, seeing two popups might seem like a glitch, and will just mindlessly click "Accept" twice.
The only way to circumvent this is to click "Accept" on the fake popup, and then click "Decline" on the real one. 99% of people aren't going to know how to do that.
...I'd post this myself as a comment, but I don't like that it's asking for so much personal information (full name, email, state, city, phone, etc)