While there are good arguments against A/B testing UI changes and doing p-hacking, much of the modern web's current UX and UI improvements are in part due to this. How else would we truly know what affects user on a broad scale?
The cost would be "creativity" but consider the gains.
Think of a database where there are no rules for how data is entered, no formats, no validation, nothing. Sure, it allows maximum creativity for the input but its value as a source of information can actually be less than if strict rules were enforced.
The web is largely unstructured data precisely because there are few if any rules for input. This makes it extremely difficult to manage as an information source. Few companies, let alone individual users, can even attempt to wrangle it into something useful. Every website is potentially "unique" in so many ways.
Even something as simple as a uniform, standard web form for e-commerce could be a vast improvement. No more differences between ordering from Amazon versus everywhere else. With a standard format for collecting payment information that does not vary from merchant to merchant, there could be significant gains. Predictability. Easier to design intercompatibility.
As always, feel free to shoot this idea down. "It will never work because ...." or "That already exists..."
However no one can deny there are huge problems with the haphazard way things are done today. Complaints about such things form a large part of each day's HN commentary.
Sometimes creativity is not the best thing. Certainly it is unrestrained "creativity" that allows many "dark pattern" to exist.
Such a system would become so inherently complex, because even in things as simple as "e-commerce" there is so much variation in how the whole purchasing experience works.
It would start by supporting only a few "mainstream" business model, then growing more and more complex to handle all the different sorts of shops (bulk discounts? split payment methods? multiple destinations? group buy? subscriptions?) to the point where it would become basically as complex as the Web.
Just look at the Web, becoming more complex as to be basically its own operating system running inside an operating system.
Occasionally the adjudicator could publish a guide for "Things we're always going to say are dark patterns" to make it a bit easier to avoid getting fined.
What if the large companies with lots of cash can just pay the fines without impairment to their business? What if they just keep repeat offending?
In paying the fines would this mean websites would have to have to be more transparent regarding who is behind each website? This is assuming they will be paying in real currency (not cryptocurrency).
Who will bank the money recieved from the fines and how will that money be used?
The ban could be a percentage of revenue. For persistent offenders their DNS entries could be banned.
The money raised from fines would pay for the service. Anything left over would be paid to me. :)
As for the OS inside an OS comment, I think that relates to today's corporate web browsers not the web. Those programs can definitely take over a computer -- they do much more than "browse" the web. I think of the web though as web servers and the content they serve. The HTML pages on one server may be hyperlinked to pages on other servers and that linkage may resemble a "web". The web is not the functional equivalent of an OS, but those corporate browsers might be. The web is more like files, e.g., documents and scripts. File servers with documents that hyperlink to documents on other file servers. That is why we say "access the web". The browser is not the web, it is a program we use to access the web.
Until they find ways of getting around it.
For example - what if instead of having a "cookie", you just trained an AI model on a person, to be later recognize by inference?
I think it will be like tax law.
>The authors seem genuinely surprised by recent developments and have distanced themselves from dark patterns
Time and again, people just refuse to accept that there are unintended consequences to their well-intentioned actions. There's a reason knowledge like this is often referred to as a Pandora's box, and it seems like not many people really take those old fables to heart. Like, it had never once entered into these people's minds that these might get warped given the a perverse set of incentives? "They were so preoccupied with whether or not they could, they didn't stop to think if they should."
Q&A from 49:30 and at 59:30 are relevant. Someone asked about the responsibility of those who looked into these kinds of things; and about "if we have facts about addiction the bad people will use them".
Przybylski argued that it's better to have the facts about how people behave, rather than act based on opinion.
Enough of us doing this and I guess they'll get the message.
They push the responsibility of getting rid of unwanted stuff in our mailboxes to us. It's not a single company doing this, but most of them. That's sometimes dozens of emails a week! We shouldn't waste our time reading, parsing and fighting the unsubscribe forms - many times fortified with cookie-consent walls!
The average internet user will not do that anyway, so the spammers rely on user's laziness and dulled senses, just like ad blindness, so they slowly start to accept this sick situation as the new normal. For us it becomes the new normal. For our children - the only normal.
The reality here is that the free market rewards this awful behavior, so it won't be solved until regulation is applied.
From the sending side, I have one business right now where our outgoing emails are apparently being blocked or even silently dropped by at least three ISPs spread across two different continents. We have never sent anything even remotely spammy in our entire trading history. We have all the usual shouldn't-be-needed-but-are extras like SPF properly configured. The sending mail server hasn't found its way onto any of the big blacklists as far as we can tell. And the mails being blocked are actually quite important things like password reset requests, emails with copies of documentation that we are legally required to send attached, or even replies to customers contacting us to ask where their password reset emails are when they've been requesting them!
From the receiving side, I'm fed up with helping friends and family who are trying to work out why they aren't getting important messages, and with the ISPs who have screwed up their mail configuration or deliberately set up overly aggressive anti-spam policies but then have front-line support drones who just intone that you should check your junk mail folder as an instinctive reaction to any complaint about missing mail.
I think that with email now effectively being both the effective root password to so many online accounts and the primary means of communication between a lot of people and organisations with genuine reasons to contact them, the medium of email needs the same kinds of legal safeguards that other essential means of communications like postal mail have enjoyed for a long time. I don't think it should be left to big name mail services or some random ISP to decide whether or not their users are going to receive legitimate emails any more. Blocking false positives is far more damaging than missing false negatives when it comes to spam, and the situation is out of control. It's time to regulate.
1. Spam from people who are just brute-forcing the space of possible email addresses. In this case, yes, clicking unsubscribe gives them information. But I will say, this spam is generally pretty well taken care of by existing spam filters, so personally I'm not concerned about this.
2. Spam from people who got your email address via some interaction. Maybe you bought something from them, for example. This sort of spam, they already have your email address and know it works. The upside here is that if you've made a purchase from them, it's much harder for them to avoid regulation due to the money trail, so if you unsubscribe, they have to actually unsubscribe you. There are loopholes in regulation, however.
How strong is the assumption that all users have only one email address and will keep that address long-term? I remember hearing that one could keep getting AWS free trials simply by signing up with a new email address.
In apple mail, even if you turn it off it will happily load the remote images if you try to forward the email.
I found this particularly troublesome when I wanted to forward a phishing attempt to IT, and Little Snitch showed mail trying to connect to the phishing site.
(this was not on catalina, maybe it is fixed?)
We do need an open discussion in this matter, and actions must be taken as a result of the discussion. While regulators are likely to be pressed by the business to relax the rules, designers and behavioural researchers ofter don't think about long-term consequences of their choices, so there is a need for a third group there. People who see through the tricks and can recognise dark patterns.
The problem has become so prevalent that even tech-savvy folk sometimes gets tricked into giving up bits of their private data. Where does that leave the average consumer? It's evidently exploiting the fact that physically people just don't have the time and expertise to parse and understand what is being forced upon them.
As for Dark-Patterns-As-A-Service companies, there must be a way to detect and block their software using browser plugins. Isn't this effectively malware?
Email can be fixed only gradually. There is no way the world will stop using it and move overnight to something else, no matter how great.
As a related topic, I propose a dedicated footer field to put an end to emails containing two sentences and several meters of logos, badges, ads! and legal notes, which clutter our email threads and JIRAs. There is substantial potential in cutting down mental effort and IT resources necessary to process and store it.
Most malware today is not aimed to destroy local data, but rather to exfiltrate it. Instead of bloated antivirus software a more effective and lightweight solution is curated hosts files. No need to rely on external DNS, which can be hijacked. I'm working on electron-based desktop tool that does just that.
Another dark pattern I discovered on ala.co.uk, a popular GAP insurer in the UK. Their Get A Quote page is silently siphoning data from a complex form which triggers sending the whole form on field change, before you press Send. Beware of auto-filling by the browser!
And there is that: https://techcrunch.com/2020/05/06/no-cookie-consent-walls-an...
Legislation vs clear guidelines and enforcement.
I guess the strategy is to wear us down with nagging, nudging and whatnot to make a mistake, and once our data is out, there is no reversing it.