
Dark Patterns: Past, Present, and Future - randomwalker
https://queue.acm.org/detail.cfm?id=3400901
======
saagarjha
A/B testing is the worst. I'm always on the bleeding edge of products I use
and _extremely_ tolerant about changes and regressions–to the point the
browser I am using crashes every couple of hours, likely due to a longstanding
threading issue–but I just cannot stand constant A/B changes. If you change
the font of your website even once, I will know. If you tweak the spacing of
some elements, I will know. If you change a color slightly, I will know. Even
if you pretend like nothing changed at all, I can tell and it drives me out of
my mind because something seems "off" and I must find what it is. I spent half
an hour once searching for why Hacker News's text area font seemed to have
randomly changed from Courier to Menlo before emailing 'dang in desperation to
figure out what was different (turns out it was a new lang="en" attribute).
Please, don't change things randomly and silently.

~~~
totaldex
I understand the frustration, but A/B testing is one of the more objectively
tools we have at our disposal.

While there are good arguments against A/B testing UI changes and doing
p-hacking, much of the modern web's current UX and UI improvements are in part
due to this. How else would we truly know what affects user on a broad scale?

~~~
saagarjha
In theory, yes, A/B testing sounds great. However, whenever I see it
implemented it invariably becomes some sort of annealing process for a metric
that doesn't actually make the site more pleasant for end users ("engagement",
usually) and you have people shipping apps with seven different UIs in them
and users who are accustomed to features moving around and disappearing
completely unpredictably. As I was searching for a picture of "Courier" Google
gave me a completely different "cards" UI that went back to how it was before
when I searched "Menlo". My last couple weeks with Slack on iOS have been a
nightmare as it constantly switches between its fairly decent UI and some new
abomination depending on which workspace I'm in and the phase of the moon. It
seems like nobody really knows how to do A/B testing properly. (Perhaps the
companies that do are doing it in such a way that I cannot notice. But there
is ample evidence of a lot of products where I _can_.)

------
pwdisswordfish2
Much of this could be legislated away.

The cost would be "creativity" but consider the gains.

Think of a database where there are no rules for how data is entered, no
formats, no validation, nothing. Sure, it allows maximum creativity for the
input but its value as a source of information can actually be less than if
strict rules were enforced.

The web is largely unstructured data precisely because there are few if any
rules for input. This makes it extremely difficult to manage as an information
source. Few companies, let alone individual users, can even attempt to wrangle
it into something useful. Every website is potentially "unique" in so many
ways.

Even something as simple as a uniform, standard web form for e-commerce could
be a vast improvement. No more differences between ordering from Amazon versus
everywhere else. With a standard format for collecting payment information
that does not vary from merchant to merchant, there could be significant
gains. Predictability. Easier to design intercompatibility.

As always, feel free to shoot this idea down. "It will never work because
...." or "That already exists..."

However no one can deny there are huge problems with the haphazard way things
are done today. Complaints about such things form a large part of each day's
HN commentary.

Sometimes creativity is not the best thing. Certainly it is unrestrained
"creativity" that allows many "dark pattern" to exist.

~~~
kroltan
I agree with the intention... But!

Such a system would become so inherently complex, because even in things as
simple as "e-commerce" there is _so much variation_ in how the whole
purchasing experience works.

It would start by supporting only a few "mainstream" business model, then
growing more and more complex to handle all the different sorts of shops (bulk
discounts? split payment methods? multiple destinations? group buy?
subscriptions?) to the point where it would become basically as complex as the
Web.

Just look at the Web, becoming more complex as to be basically its own
operating system running inside an operating system.

~~~
onion2k
There's no need for a law that specifically allows or disallows
implementations of things. There just needs to be a legal body that allows
someone to refer a website to an adjudicator if they believe it's using a dark
pattern, and a significant fine if the adjudicator finds that they are. Let
each case be judged on its own merit.

Occasionally the adjudicator could publish a guide for "Things we're always
going to say are dark patterns" to make it a bit easier to avoid getting
fined.

~~~
pwdisswordfish2
That would be a lot of work for an adjudicator considering how many websites
and how many offended users. How many adjudicators would we need?

What if the large companies with lots of cash can just pay the fines without
impairment to their business? What if they just keep repeat offending?

In paying the fines would this mean websites would have to have to be more
transparent regarding who is behind each website? This is assuming they will
be paying in real currency (not cryptocurrency).

Who will bank the money recieved from the fines and how will that money be
used?

~~~
onion2k
_What if the large companies with lots of cash can just pay the fines without
impairment to their business? What if they just keep repeat offending?_

The ban could be a percentage of revenue. For persistent offenders their DNS
entries could be banned.

 _Who will bank the money recieved from the fines and how will that money be
used?_

The money raised from fines would pay for the service. Anything left over
would be paid to me. :)

~~~
pwdisswordfish2
Those adjudicators might try to milk the system. There might not be anything
left over!

------
hoorayimhelping
This stuck out to me the most:

> _The authors seem genuinely surprised by recent developments and have
> distanced themselves from dark patterns_

Time and again, people just refuse to accept that there are unintended
consequences to their well-intentioned actions. There's a reason knowledge
like this is often referred to as a Pandora's box, and it seems like not many
people really take those old fables to heart. Like, it had never once entered
into these people's minds that these might get warped given the a perverse set
of incentives? "They were so preoccupied with whether or not they could, they
didn't stop to think if they should."

~~~
rgoulter
A related question came up in Andrew Przybylski's 2019 GDC talk about the
science of gaming addiction.
[https://www.youtube.com/watch?v=vVwu4RDChsY](https://www.youtube.com/watch?v=vVwu4RDChsY)

Q&A from 49:30 and at 59:30 are relevant. Someone asked about the
responsibility of those who looked into these kinds of things; and about "if
we have facts about addiction the bad people will use them".

Przybylski argued that it's better to have the facts about how people behave,
rather than act based on opinion.

~~~
TeMPOraL
I wish people would take it to its natural conclusion, though. That is, if you
have facts about how people behave, and then your product creates pathological
behavior, then you're fully responsible for it because you've done it on
purpose. This particularly applies to all the skinner-box "games" that are so
popular in mobile scene these days. They're purposefully optimized to be as
addicting as possible, so their authors should be made to face consequences of
all the problems caused by the addiction of their players.

------
kerkeslager
Honestly, this doesn't even point out some of the worst dark patterns. In the
US, it's become ubiquitous to no longer even ask to send you spam: if I
understand correctly, the legal justification is that they put the email
consent in the Terms of Use (which are "conveniently" "consented to" by a non-
optional, pre-checked checkbox).

~~~
kaoD
When I get subscribed to any mailing list I didn't explicitly opt-in to I just
mark them as spam (which it is) on GMail and move on.

Enough of us doing this and I guess they'll get the message.

~~~
kerkeslager
That doesn't work and it really _can 't_ work. If you order from foo.com, you
want to receive the receipt, but you don't want to receive "Top ten deals of
the summer from foo.com". But these come from the same email address, from the
same server, etc. Maybe AI filtering will get good enough to deal with this
stuff reliably in the future, but right now, it seems like we're stuck with
it.

The reality here is that the free market rewards this awful behavior, so it
won't be solved until regulation is applied.

~~~
Silhouette
It's particularly annoying because the spammers are not only causing trouble
in their own right but also motivating an overreaction from major mail
services in response.

From the sending side, I have one business right now where our outgoing emails
are apparently being blocked or even silently dropped by at least three ISPs
spread across two different continents. We have never sent anything even
remotely spammy in our entire trading history. We have all the usual
shouldn't-be-needed-but-are extras like SPF properly configured. The sending
mail server hasn't found its way onto any of the big blacklists as far as we
can tell. And the mails being blocked are actually quite important things like
password reset requests, emails with copies of documentation that we are
legally required to send attached, or even replies to customers contacting us
to ask where their password reset emails are when they've been requesting
them!

From the receiving side, I'm fed up with helping friends and family who are
trying to work out why they aren't getting important messages, and with the
ISPs who have screwed up their mail configuration or deliberately set up
overly aggressive anti-spam policies but then have front-line support drones
who just intone that you should check your junk mail folder as an instinctive
reaction to any complaint about missing mail.

I think that with email now effectively being both the effective root password
to so many online accounts and the primary means of communication between a
lot of people and organisations with genuine reasons to contact them, the
medium of email needs the same kinds of legal safeguards that other essential
means of communications like postal mail have enjoyed for a long time. I don't
think it should be left to big name mail services or some random ISP to decide
whether or not their users are going to receive legitimate emails any more.
Blocking false positives is far more damaging than missing false negatives
when it comes to spam, and the situation is out of control. It's time to
regulate.

------
axismundi
Arvind, Arunesh, Marshini and Mihir - thank you for this article, it's very
informative and well researched, as evident from the footnotes.

We do need an open discussion in this matter, and actions must be taken as a
result of the discussion. While regulators are likely to be pressed by the
business to relax the rules, designers and behavioural researchers ofter don't
think about long-term consequences of their choices, so there is a need for a
third group there. People who see through the tricks and can recognise dark
patterns.

The problem has become so prevalent that even tech-savvy folk sometimes gets
tricked into giving up bits of their private data. Where does that leave the
average consumer? It's evidently exploiting the fact that physically people
just don't have the time and expertise to parse and understand what is being
forced upon them.

As for Dark-Patterns-As-A-Service companies, there must be a way to detect and
block their software using browser plugins. Isn't this effectively malware?

Email can be fixed only gradually. There is no way the world will stop using
it and move overnight to something else, no matter how great. As a related
topic, I propose a dedicated footer field to put an end to emails containing
two sentences and several meters of logos, badges, ads! and legal notes, which
clutter our email threads and JIRAs. There is substantial potential in cutting
down mental effort and IT resources necessary to process and store it.

Most malware today is not aimed to destroy local data, but rather to
exfiltrate it. Instead of bloated antivirus software a more effective and
lightweight solution is curated hosts files. No need to rely on external DNS,
which can be hijacked. I'm working on electron-based desktop tool that does
just that.

Another dark pattern I discovered on ala.co.uk, a popular GAP insurer in the
UK. Their Get A Quote page is silently siphoning data from a complex form
which triggers sending the whole form on field change, before you press Send.
Beware of auto-filling by the browser!

And there is that: [https://techcrunch.com/2020/05/06/no-cookie-consent-walls-
an...](https://techcrunch.com/2020/05/06/no-cookie-consent-walls-and-no-
scrolling-isnt-consent-says-eu-data-protection-body/) Legislation vs clear
guidelines and enforcement.

I guess the strategy is to wear us down with nagging, nudging and whatnot to
make a mistake, and once our data is out, there is no reversing it.

------
akg_67
One of the recent dark pattern is what current US administration has employed.
Taking the issues, however minor, from the fringe, bring those issues to
mainstream, turning the fringe believers into supporters.

------
naringas
the countdown pattern reminds me of shopping television's "but call within the
next fifteen minutes to receive a second FREE product!"

~~~
taneq
The countdown pattern is useful if you consider it a flag to indicate the site
is sketchy. Especially you go back to the site later and the countdown has
changed... (as in the time that it will elapse has changed)

