Very interesting studies, @amathur! We are collecting info on dark patterns here, and intent to follow up on useful information on the forum at a later stage (using other tools; in preparation). Thank you!
Upon entering the website you are shown this dialog:
You must at least check the first checkbox to accept cookies, before saving settings is enabled. Note that it says that you can change your mind at any time.
The second option is confusing. It seems like checking it leads to less advertising being shown, but I read it as the opt-in option to allow 3rd-party trackers and targeted advertising, so I did not choose it.
I think this is a misleading choice, where the UI entices you to click the option The Guardian prefers you to click, but does not lead to the best privacy protection.
Now, I wanted to check how I could ‘change my mind’ as advertised. Then you have to go to the cookies policy where it gets all murky:
To just go to the first one: AppNexus.com. Here you are bombarded with legal mumbo-jumbo information (and must accept the cookies of that site too).
In this site they don’t mention the EU, but call it EEA (presumably European Economic Area), and they say that if you want to manage your cookies, you will need to accept their special cookie, and thus they say:
- The opt out cookie may not work if your browser is configured to block third-party cookies.
- If you delete your cookies, you will need to opt out again.
- The opt out only applies to the browser profile in which you set it.
- If you opt out, data may still be collected about your web browsing activities and you will still see advertising.
And this is just one tracker site, on one device. You’ll need to take some weeks off to do your cookies if you want to be ‘protected’!!
Conclusion: Install ad-blockers and tracker-blockers like Privacy Badger!
I was pointed to this beauty of a Dark Pattern - a real typical example - by @patm, who was adjusting her Facebook privacy settings:
Or freely translated:
“We would like to do some scare-mongering to have you choose the option that enables us - with your full consent - to tag and track you in any image and video material we can lay our hands on, now and forever, and to make the choice easier we’ll also let you feel guilty about excluding impaired people, if you choose to ignore our facial recognition ‘protection’ feature! See how ethical and caring we have become?”
Honestly, it is a good feature if screen readers are able to tell the visual impaired people who are in a picture, but you should be aware what data you are giving away for that. The implications are large. The invasion of your privacy by facial recognition is huge! And make no mistake: FB collects it to monetize it in any way they see fit, without your control over how it is used.
(Note also that with deep fakes, someone who creates a bot account, no longer has to use a profile picture of a real person. These can be generated really well by AI now.)
Thank you for posting this. I decided to reject the option of enabling face recognition for a couple of reasons, the primary one being, of course, that Facebook’s attempt to manipulate was so offensive. In my opinion, grouping the visually impaired with potential criminals is heinous.
After weighing the few benefits of the technology, I decided to reject it. I felt that it would be better for everyone, not just myself, to do so.
The following cookie dialog appeared on a Dutch site, but it is of a kind that you often encounter, so I decided to add it anyway:
It has 2 buttons:
- No, do not optimize
- Yes, optimize for me
Note that the ‘Yes’ option is green, and has a thumbs-up icon. Who doesn’t want an optimized experience, right? But of course, this is the option that places all cookies on your computer and will track you the most.
Where are dark patterns gathered, other than on this site (which seems to update infrequently) and in the proposed Ledger of Harms (which atm seems to focus on effect more than method)?
They are gathered at the site in my first post, but not in any structural way by the CHT community. Which seems like a good idea to be doing in future.
Yes! As this conversation continues, I think we should create a summary wiki of all the pattens identified. @metasj ideas for how / where to best do this?
A Dark Pattern on LinkedIn. I recently found out that, when looking at my post activity, I can no longer go back further than 2 months in time, and even before that the metrics (number of reads) also become unavailable. So I decided to download my personal data set to see if older posts are still in their data centers.
This brings you to the following page:
Here you have 2 options for your data:
- The Works
- Pick and choose
The 2nd option is sort of clear in its meaning, but the first one is not. What does ‘The Works’ mean? Is this all of your data? The Help Center doesn’t help you here. It does not explain the meaning of your choice.
Furthermore - and what leads me to think that the first option yields the most interesting results - selecting The Works leads to a download requests that can be handled within 24 hrs, while the second choice can be done in just 10 mins.
This is another dark pattern, as LI probably expect most people to be impatient and opting for the 2nd choice, rather than waiting this long. IMHO there is no reason the 1st option should take that long (maybe if it constitutes significantly more data, and they want to schedule the data collection to a time when the data center is quiet --> but I received this download already after 5 mins.)
I have received an email notification stating that ‘the first installment of my download’ is available. Let’s see if a second installment is coming later
Edit: After 10 hrs the 2nd email hasn’t arrived yet. The first download does not contain post history anyway.
Another LinkedIn dark pattern I noticed for some time. It is a subtle one, but it has to do with the text shown in notifications (note: I edited the screenshot for privacy reasons):
Notice what the text says: “<connection> and 1 other replied to and liked your comment”…
So how many people liked my comment, and how many people replied to it? This could well be 2 likes and 2 comments… wow, I should check it out!
It appears that only one person (<connection>) both liked and replied to it. So one like, one reply.
By formulating this way the notification looks more interesting, making it more likely that you check the article, and stay longer than you’d liked onto the LI app.
Another thing I notice, if I have been quiet for a while on LI (not much to notify me about), that the previous notification suddenly appears again. Whoops, I am in the LI app again…
Privacy issues surrounding your smartphone
As we know, Twitter is a platform for spewing bad language to many. In this case it may be warranted given the especially Dark Pattern that Adobe Acrobat Reader posed to this user:
Wonderful discussion and very enlightening examples of dark patterns. I will propose to add a possible video project in the awareness campaign, which would depict a bunch of fictitious tech company executives brainstorming such dark patterns to increase addiction.
On that note, I deleted my Linkedin account a few days ago. When 10 years ago, I received an invitation to join Linkedin from a colleague, my thinking was “We are already colleagues, why the hell do you want me to join this bloody thing and “connect with you”?”
Years later, when I started my own business, I thought “Well, this may be a very easy way to find prospects and partners.” It actually worked to some extent, but compared to the massive effort involved in getting your new and artificial connections excited, the results are not worth it, compared to good old networking methods.
Now the bloody thing is downright manipulative and appeals to our fears not to miss out and our vanity. “Look, your connection is in the news!” Damn, I also want more followers. Let me write some article on Linkedin and see how many likes I get. Wow, this guy has over 500 connections. I only have 120. Let us try to invite some strangers so I look like a real connected guy. “You are now connected to John Doe. Start a conversation!” Yeah, let us waste some time chatting some unknown guy who doesn’t give a damn about me.
Another example. You want to reach out to someone you are really keen to connect with. “Your connection’s connection is connected to John Doe. Ask for an introduction.” Yeah, let us try to bother a guy I don’t know and ask him to introduce me to a guy he doesn’t really know.
Massive waste of time and energy, no real purpose.
Important note: Until I became more aware of humane tech principles, I also fell for this shit. Once I was looking for staff and I asked each candidate for a link to their Linkedin profile. I wanted to have a glimpse on how they presented themselves and what kind of connections they had (Ok, it was for a sales job). Shame on me.
A very basic dark pattern is to incentivize users to invest more time in the app to “achieve” some result and feel good about themselves. Let us say Linkedin decided not to show the number of connections you have. That would be more natural (for “followers”, I kind of think it is fine to show, just as any newspaper’s readership). By showing how many connections you have, it motivates you to invest more time in building an artificial network you don’t need. Some people are immune to this. I know someone who is a very prominent and well-know business leader, who had a mere 40 connections (so, when he accepted my invite, I knew it was meaningful). But the vast majority of us just waste time building artificial networks, where 99% of our connections will never interact with us.
Dark patterns are quite similar to efforts made by tobacco companies to make their products more addictive, through advertising and, allegedly, variations of their cigarettes formulae.
The massive settlement that was eventually reached is, while often criticized for being too lenient on the tobacco industry, a good example on how the authorities can rein in on tech companies’ manipulative practices.
I believe this legislative and judicial control is still work in progress, and tech companies pockets are so deep they don’t mind taking a chance to be fined. Awareness is the most immediate means the public has to stay away from all apps that don’t meet essential human technology criteria.
Dark patterns on Twitter:
It’s a guessing game… how many followers have I just gained? 1, 3, 4, or maybe even 5?
The correct number, of course, is just one. By the showing the text like this and even more user avatars (and the blue icon at the start of that), it all looks much more exciting than it is. Giving you a greater dopamine rush. Even when you find out, or already know that this type of notification is misleading.
BTW, I also notice that Twitter is giving me the same notifications multiple times. Particularly bad practice!
Confirmation dialogs that try to shame you in following the preferred action. A beautiful article can be found here (thank you Brandon Dorn):
And an example from the same article:
Many more examples (in fact 28 pages of them):
And this beauty I just found on Twitter:
Yeah, I’d rather bleed to death than seeing my blood drained for more data. Incredible!
A dark pattern on Facebook: A red dot that looks like a Notification hint, but really is not. It is enticing people to click on the Watch videos section, and the dot cannot be removed.
Found by @chrismessina on Twitter:
That red dot is an infuriating example of Facebook’s technomanipulation (I have unreads in every other category — they just want me to TRY to clear that dot (spoiler alert: you can’t)).
Given this UI design most people that take the effort to click ‘Cookie Details’ will still be in danger of then clicking ‘Continue with Recommended Cookies’. This button is most prominent.
What is needed to go with ‘Necessary’ cookies is clicking the ‘Save’ button - that is easily overlooked - instead. Even after accepting ‘Necessary’ cookies only Privacy Badger indicates that there are seven 3rd-party trackers in the site. Besides Google Analytics some of these are directly involved in data collection for advertising.