Dark Patterns in UI Design

Dark patterns are everywhere on the web. As companies try to get your email address, get your business, get you to purchase upgrades, and even keep you as a client, many companies will engage in practices that are borderline unethnical and possibly even of dubious legality. A lot of this episode comes from content at DarkPatterns.org, which is a website that names and shames these patterns. It’s really a useful study in development ethics and in correctly obtaining consent from your users before undertaking an action.

“A dark pattern is an element of a manipulative interface designed to trick the user into taking actions that they might not have done freely.” ~ Whatis.techtarget.com

There is another side to these unethical patterns. In addition to being deceptive and eroding trust, these patterns may well get you into legal trouble someday. While prosecutions and lawsuits haven’t really struck this sort of behavior on the web, it’s probably only a matter of time.

Dark patterns in user interfaces are everywhere on the web. As companies and individuals are more and more desperate to compete in a huge global market, they will probably become more common, at least until governments start stepping in. These patterns often enable various forms of fraud and are not a good long-term play in the design of a website. They also are unethical and probably not something you should do if you value having a clear conscience.

Episode Breakdown

10:55 The Bait and Switch

This occurs when the user intends to do one thing, but is tricked into doing a different, undesirable thing. The windows 10 upgrade kerfluffle was an example of this. The GWX (Get Windows 10) application would periodically pop up and suggest upgrading to Windows 10. As time went on, Microsoft got more aggressive with these popups. This eventually culminated with the company making the “close” button in the upper right hand corner of the screen mean “Upgrade now” instead of “go away”. This resulted in a huge number of problems, lost data, and general inconvenience. Paypal has done similar things by showing the continue button first, and then loading the “Credit” button in exactly the same place, causing people to click on the wrong one.

Be honest and don’t try to trick users by breaking expectations. If your user interface usually uses certain user interface metaphors in a predictable manner, don’t use this to force users to do something that is to your benefit. Realistically, if you want to get something from your users, you need to give them something first. A free forced upgrade to an operating system with extensive telemetry and forced updates is only a “give” in the same sense that someone “gives” you the flu.

15:10 Confirmshaming

The act of guilt-tripping a user into opting in to something. Putting up a popup that has two options: “Sign up for my newsletter” or “No, I’d rather go kick a puppy”. Not only is this insulting to your users, but it’s a blatant attempt to appeal to emotions. It’s also unnecessary, if you’ve done everything else well.

This seems to be in fashion on every single blog with a newsletter sign up. Honestly, if you aren’t seeing this at least daily, you probably don’t do much web browsing.

Instead have a message that says “No thank you”. Give something to get somethin. If your offer is compelling, you don’t have to trick people into taking it. This also points to a general disrespect for your clients.

18:35 Disguised Advertisements

Advertisements that masquerade as other types of content. Note that this is different than an affiliate link. A better example is stuff like a “Next” button in an ad placed right at the bottom of a multi-part article. The user would click on the “Next” button in the ad, instead of the next button that takes them to the next step, and would be transferred to a site selling something. Ads are acceptable, so long as it is obviously an ad.

“It’s the overly attached girlfriend of digital advertising.”

This is also common on some software download sites, where advertisements will occasionally show up that have fake download buttons that lead to another site. Another good example of this is where a site is giving product reviews and sends the users to an affiliate link, while not disclosing that they make money from sales. This will get you in trouble with the Federal Trade Commission in the US.

Try being honest. If someone got good information from your website, you don’t have to deceive them to make money. If people like your stuff, a lot of them will purposefully seek out your affiliate links so they can help someone they like. Whereas, hidden advertisements will erode trust in you and your products.

25:30 Forced Continuity

This occurs when you have to enter a credit card number to try software out, and you are silently charged when the trial period ends. It has become common practice to ask for credit card numbers before letting someone try out a piece of software. Companies do this to filter out people who aren’t serious. However, it becomes a problem when a software trial period ends and they just silently charge your card.

Another example of this is a redirect during or after a payment workflow that tries to trick you into buying some up-sell by defaulting a checkbox to checked. If you are quickly trying to check out on something simple like a domain purchase and clicking through, you might not notice the part that adds up-sells to the cart, or makes your domain purchase for 5 years instead of 1.

Amazon also sometimes does this inline to try to get you to get on Prime. Will has a recurring task to call Comcast on the phone and scream at them, because they tack on extra fees and raise the bill.

Don’t be a slime-ball who is successful because they haven’t gotten caught yet. Don’t put deceptive things into your checkout flows. Don’t set the default value of a checkbox to something that costs money.

30:35 Friend Spam

This is where a site asks you for email or social media permission under a pretense, and then abuses your trust to spam your friends. It’s pretty common for companies in two-sided markets or having a social component to do this, usually because they need to fund revenue growth quickly to satisfy investors. You probably aren’t going to see this as much in more mature companies or companies that aren’t being funded with venture capital.

“This is a Silicon Valley disease.”

LinkedIn was the best example, where they went through your email account and looked for people to connect you with, while spamming any addresses they didn’t have.

Pretty much any social network will attempt to do this to some degree. Another thing that used to happen was where sites would let you “send a coupon to a friend” and then capture their email address. In the US, it’s real easy for this to run afoul of the CAN-SPAM act, whereas in Europe, GDPR provisions may apply.

Suggest giving the user a coupon that they can send to their friends themselves. When their friends sign up, let them enter the name/email of the person who referred them, and then give that person a bonus. Don’t do this crap through emails you send. At best, you put your deliverability in the toilet, and at worst, you invite regulatory attention.

35:25 Hidden Costs

This happens when you go through an online checkout process, only to discover some unexpected cost crammed on at the last minute. This is often because they don’t have all the required information to know about all the fees. Taxes and shipping fees are unfortunately included in this, but are not as big of an issue, because people expect them. They usually drop this on you on the final step of checkout, primarily so that you’ll engage in the sunk cost fallacy instead of just cancelling.

“If you need that .99 put that into the price of the product.”

Many sites will not show you the real price until the last step of checkout, where the hidden fees come out. This can be anything from “handling fees” to forcing you to sign up for a paid membership card to get the discount. This can also include upsells that are required for the thing to actually work. Airlines are notorious for this, but they usually hit you at the gate with baggage fees.

Express the correct costs as soon as you have the information to do so. Get that information as early as possible. For instance, provide estimated shipping costs up front based on what you can get from the client’s IP address, then have them manually enter their zip code later to get the real, adjusted price. This at least makes an effort to be right.

39:00 Price Comparison Prevention

The retailer makes it hard to compare item prices and features, keeping you from making an informed decision. If you don’t have a basis for comparing, it can be really easy to make a less optimal choice. Further, it’s easier to trick you into a less optimal choice. Another trick is to change the prices based on how long you’ve been on the site.

A good example of this would be using different units on similar items. For instance, pricing based on weight on one item, units on another, and volume on a third. Other examples include adding different bonuses of unknown value to all the items. Charging by the number of users in one price tier and by data volume (or some other measure) in another pricing tier.

Base price on consistent units. Not only is it less confusing, but it helps customers purchase faster, rather than wasting time. Base prices on something that actually costs your company money. Not only is this a good way of making sure you are making a profit, but it makes it easier to adjust prices when your company’s cost changes. It’s a nightmare otherwise.

44:30 Privacy Zuckering

Verbing the noun, this practice is one where a vendor puts a clause in their terms of service that lets them share data they collect with third parties. Once you’ve been zucked, data brokers can combine your data from one site with data from another and learn a lot about you. Go ahead, pull your data from facebook and have a look at it. Did you tell them all that stuff…?

There was an incident with Target years ago where they sent women coupons for baby supplies, when those women didn’t yet know they were pregnant. Essentially they figured out some set of things that women (or their husbands) purchase that indicates that they may be thinking about having children and might be in the right age range to do so. While this resulted in an outcry, it didn’t do as much damage as it could have. For example, imagine what happens to people with unconventional beliefs, relationships, or jobs who get picked up by such a system for the purposes of advertising.

Companies might say that they won’t give your data out except within their organization for the purposes of whatever you are interacting with them for. Then they buy another company that is a little less moral and make that company a subsidiary. Then they alter the terms of service after the fact.

Be open about what data you collect, be minimalist about it, and allow users to delete their data when they no longer wish you to have it. This doesn’t necessarily mean that you delete it all. You don’t want to be touching your backups to remove data, rather you want to clear out as much as you can out of the running system, and then mark the record(s) to indicate that they shouldn’t be used.

48:25 The Roach Motel

A design that makes it easy for you to sign up, and difficult to get out. If you remember the music services you could get in the 80s and 90s where you paid a monthly fee and got tapes/CDs, you have a pretty good idea of what this is. They hooked you with a good offer, then wouldn’t let you leave.

A good example of this is adding a paid service to your account whilst doing something else and then requiring a printed form to cancel if the user discovers it later and wants to opt out.

Facebook again. Talk to your family and exchange pictures. Oh, you don’t want us selling your private data to advertisers? Sure, we’ll delete it, after wasting dozens of hours of your life.

Make it easy for people to get back out of your system. This is a nicer way to treat customers. It also helps with customer acquisition and retention, because people are more likely to sign up for something they can leave. It also makes marketing cheaper, because you aren’t marketing to a disengaged user base.

51:55 Trick Questions

Occurs when an option looks like it means one thing, but actually means something else. This could just as easily be a bad design decision as an intentional deception. Basically, they are taking advantage of you being in a hurry to make you make a bad decision.

A good example would be having a checkbox for “Yes, sign me up” right after a checkbox saying “Don’t sign me up”. People will tend to read the first checkbox, assume that checking a box keeps you off a list, and then check both.

People with newsletter popups on their (English-speaking) websites report a high number of email sign-ups from foreign countries. This is often because the website visitors don’t have English as a first language, and assume that they can’t read blog posts without signing up. “Do you want to install windows 10? [Do it now] [Later]”. Notice the lack of a “go away” option. Having a big, obvious button for “Yes, Keep my subscription” and tiny, hard to see text for “unsubscribe” isn’t quite a trick question, but is in the same vein.

Proper UX design. Make things do what they appear to do and follow well-established UX metaphors in regards to what controls mean. Be aware that English is not everyone’s first or primary language, and consider what people might infer about the meaning of your interface if they don’t speak your language.

IoTease: Article

5 ways IoT has taken gaming beyond the digital world


One of the more annoying things about modern gaming systems is they assume you have constant internet access. However that assumption does mean that you can do some fun things with connected devices. This article talks about how the internet of things has changed gaming. From turning normal devices into gaming systems to gamifying health and working out this article is a fun read.

Tricks of the Trade

Will didn’t write anything here

Will didn’t create a write-up for this weeks Tricks of the Trade. Help him out by writing up your understanding of the Tricks of the Trade this week. Send it to neckbeards@completedeveloperpodcast.com or comment with it in the show notes. If your write up is chosen it will be read by Will on our April 1st episode in 2019 and you will receive a CDP water bottle.

Tagged with: , , , , , , , , , ,
One comment on “Dark Patterns in UI Design
  1. Johan Wigert says:

    Tricks of the Trade:
    Fraud is almost always more expensive than honesty. If you have a strategy of lying your way out of stuff it will catch up with you eventually, whereas if you have a strategy of being generally honest that will catch up with you eventually as well but in a good way. Just be honest with your customers.