And my related pet-peeve, entry of credit card number comes before display of shipping and handling charges for the order. I've abandoned carts at sites that did not provide S/H before they wanted my credit card number.
I fought (and lost) against this payflow at a job because Marketing guessed that the sunk cost of time spent filling out the CC info form made users more likely to just click "buy" once the final cost was revealed. Stats backed them up :(
This is how stats lie. Success is based on measurements across short time spans because that's the only way to reliably correlate features to behaviors. There's no good way to measure the impact of a bad decision across years or decades, so the dark pattern gets away scot free. The only thing stopping it would be a particularly impactful survey or focus group, or worse yet user outcry.
> in the us maybe you can file complaints with the ftc
As someone with complaints relevant to the FTC... where do I file a complaint with the FTC that falls outside of their website workflow? Their website appears to shoehorn everyone into payment disputes and fraud. But the FTC is supposed to protect consumers from more than just payment disputes and fraud.
Tried to book a flight a week ago. One site was showing the price 30% less than other sites. Last step, entered my CC info and clicked "Purchase". "Oops, the flight is no longer available for that price, current price: x (the price other sites were showing). Do you want to buy anyway?". To be fair, the dialog with the "Buy anyway" and "Cancel" buttons weren't using any further dark patterns.
No, I would not like to buy anyway, but to welcome to you to the list od websites I'll never use again, [redacted].com...
Unfortunately the airline industry is both filled with caches upon caches upon caches when it comes to prices and also deceptive dark patterns.
The dark patterns have got better over time (as meta-search like Skyscanner and Kayak drive so much traffic to sites and demand honest pricing - travel agents either have to clean up their act or forgo meta search traffic) but the many, many layers of caches remain.
Delta was doing that to me a few years back. I was so frustrated I called them to complain and actually got the ticket for the price they advertised. Still annoying when you go through the checkout multiple times on different days only to get the same not available anymore alert.
That looks to be a classic bait-and-switch, which is considered a form of fraudulent advertising in many jurisdictions. It may not be worth the hassle for you, but you probably could report them if you want.
Probably depends on whether the entity baiting you is the same as (or represents) the entity you're ultimately purchasing from. If the aggregator is merely redirecting you to the airline and getting a kickback, as opposed to actually being a middleman, maybe that's a loophole in bait-and-switch law?
On the other hand, since GP furnished payment details to the baiter, I guess it really is a middleman, in which case you're absolutely correct.
That sucks, but to be fair that's not usually intentional, but simply a cached price that hasn't updated. You see this especially with flights for some reason due to the complexity -- airlines change prices incredibly frequently but aggregator sites can't refresh them all instantly. I'd forgive a site if I only saw this happen once/occasionally, but I'd report it to regulators if I saw it happen as a pattern.
Not updating the cache before/when asking for CC information is at the very least knowingly ignoring the problem, and likely intentionally ignoring the problem because the user is more likely to continue anyway once you've tricked them into giving their CC information and they just need to click yes to be done...
I hope jurisdictions that have "truth in advertising" laws bring the hammer down on such "negligent" violations.
With how laggy those sites are, I figured they are indeed pulling the price from the origin... Interesting that they'd have their own cache and still be so slow.
Some only ship within the country, listing the shipping cost directly. Others link to their page listing the shipping costs, which could be e.g. having costs for each country with a "free if over XX EUR" note.
Many commerce sites estimate your location by IP address, and give a shipping cost and time estimate right out. They of course allow you to enter your real address and get a more precise figure.
It is not true for the United States. The cost varies based on the distance between the shipper and the receiver. Shipping from New York to New Jersey is much less expensive than from New York to San Francisco.
I know, it's just how it works for most countries, because most countries are smaller than the US and often the national post offices have a mandate to treat remote parts the same way as the more accessible parts.
Yes, we all understand the goal for the national post. USPS charges the same for a first-class letter no matter what and has some flat-rate options based on size. But even they discriminate based on location on most packages. And we're talking about private sellers who are incented to minimize costs, using private shipping companies.
It might be different in the US but in most places I know, the national carrier is cheapest and the private ones like FedEx or TNT are used for special requirements, like faster shipping or special dimensions. There are a few cheap private shipping companies but they are also flat rate.
It in no way justifies it but this is usually because left hand doesn't know about the right something something good engineering. You have the site that's independently run and exists as nothing but a client to the other system that handles inventory and fulfillment blah blah business! And that system isn't made in-house so you're at the whim of whatever order submission "thing" (because it's not always an API, the horror) it exposes to you and sadly a lot of them the only way to see if you can actually complete a purchase is to try and see if it errs.
Suplemental:
Stop listing things in product pages and search results, just to click through and find it's out of stock.
Been searching for a particular pair of skis recently, and so many places listed them, only to click through and find they have no stock in any size. Complete waste of time.
If we are complaining about credit cards, mine is the large number of sites that ask for credit card details out of order. Number, then name, then zip code, maybe month/year or some equally cursed implementation. Even better if tabbing between fields is equally random.
Have these designers never looked at their own credit card before? Or is there just an incredible desire to be different that they require a unique take for this already solved problem?
I wonder how many of these are intentionally randomizing the form you get during checkout, in an effort to thwart automated purchases by bot accounts. I don't know anything about this space, but I've definitely noticed that my bank does this with its login flow. There's at least a dozen variations and domains I might get redirected to on any given day. Does anyone who works in this space know of a similar practice for online checkout?
Really??? That sounds insanely insecure by design. If I tried to log in to a secure site and was redirected to a random site I'd assume I was the victim of a link backing attack and back out. Normalising this kind of behavior by a bank sounds like a very bad idea.
Also, why can't sites display your card number in groups of four digits just like they're shown on your card. This makes it much easier to verify your card number for people with poor eye sight. Some sites do, most don't.
Visa/MC numbers are 4x4, as you are describing but AMEX is 15 digits and Diners Club and Carte Blanche are 14 digits.
So you need to pick your poison:
Either ask people what kind of card it is and then group their numbers nicely ... or don't ask them what kind of card it is (since you can tell anyway by the numbers and schema) and have ungrouped numbers.
I prefer the latter, actually, since it annoys me to be asked a question that the site can infer the answer to ...
I’m having trouble figuring out what this was aimed at. My comment was aimed more towards what the website can do and how it formats numbers when a user enters them.
Building in accessibility is a net win to all users, even those who think they may not directly benefit, spacing things out in a reasonable and predictable way helps everyone and especially those with eyesight, memory, and attention issues.
Those drop-shipper websites which are extremely numerous (and often haven't been running for very long) are quite guilty of this.
They sometimes use this as a way of "bait and switch" - we're sorry, we're out of stock, but if you want to use the credit for this item on other things...
few days ago I was buying something on Amazon Japan and not only I had to provide credit card first, but the price of the item itself changed when for international shipping. still, I wanted the thing and and it's half the price against already imported, but what gives?
I tend to abandon prospective purchases if I'm forced to make an account.
If it's something I really need and can't get anywhere else (and if I don't intend to have a protracted business relationship with the seller) I usually sign up with snarky addresses (that I still receive) like: SellerDomain-I-hate-that-you-make-me-register@mydomain.com
Not only can I easily squelch all future email from the seller but there's at least a remote chance somebody will recognize my ire and think about their process.
I too will abandon a purchasing quest if they force that crap on me. Doubly so for all those small time sites that make me then log in or add something to my cart just to see a price.
I don't understand how this behaviour can persist when it's customer repellant. (Unless they're optimizing for a different captive market, and really aren't interested in my business).
Sometimes the "add to cart to see price" means you're getting a good price - the manufacturer set a minimum price and they're going below, and they don't want it to show up in searches.
Sometimes, at least, the 'add to cart for price' is done because the manufacturer or distributor of products will forbid retailers from advertising lower prices on their site. When I worked in an industry that had these policies enforced, the reasoning we were given was that the policy was in place to maintain healthy competition between retailers selling the same products.
It's repellant for signups, but it's positive that once a customer does sign up, you keep marketing to them for long-term value and future purchases.
The other answer is you optimize for what you can measure. It's hard to know when users are dropping off at the account-signup wall; it's easy to know when an existing user bites on your re-marketing efforts.
This is a situation where I actually like to "log in with Google"...
- The information Google gives to the merchant is usually the same that I'd give the merchant anyway to make a purchase even if I wasn't making an account, assuming Google is being truthful when telling me what information it transmits.
- I don't need to worry about whether the merchant properly hashes passwords.
- If my Google account gets closed, it doesn't matter, assuming my goal was to not have an account with the merchant in the first place.
I can't tell you how many times I've done a guest checkout, then come back to register and my order doesn't show up in the history, even if the email matches. Now I make sure to try to register first as it's such a broken experience in too many places if you don't.
I get the frustration and why it should work better. But then, why still use guest checkout ?
I totally stopped and will register an account wherever I give my credit card. The difference with guest checkout is usually infinitesimal and I actually want to keep somewhere (in my password vault in this case) the places that have my full info and where to contact them.
It's generally not done because it's a security issue as an attacker could register before you with your email and gain access to your personal info (billing and shipping address and maybe last four of credit card). What would be best if the eCommerce site would send you an email to confirm your email address to unlock your guest checkout orders. That's a fairly complicated flow for most eCommerce outfits so I think they just default to not show guest orders.
It feels like they’re intentionally reprimanding me for doing a guest purchase when I’m actually deciding that I liked the business enough to come back. Such a customer service fumble
Part of why the vast majority of my online shopping is at very few sites, including Amazon, which I'm inclined to want to avoid but end up using anyway.
I find it especially creepy when I start checking out as a guest, decide not to proceed (often due to usurious “shipping and handling” charges), and then get an email about my abandoned cart.
I get why companies do this, but IMO if I enter my email address and have not given permission for it to be used except for a given transaction, then it shouldn’t be used at all if the transaction isn’t ratified.
It’s one step removed from tracking character input in a text box and capturing an email address that was subsequently deleted prior to submitting a form.
If you think that's bad, I worked at a company that didn't always need your email address. Their customer sites would add their third-party cookie, so if you enter your email on any of their customer sites they could send you a cart abandonment email (I don't think you even had to SUBMIT your email, as it would be sent to the server as soon as it looked like a valid email). Fortunately I quit working for them once they started going down that evil route.
If you're in the EU, GDPR provides you with a mechanism to go after companies that do this, although the details for how you do that will be country-specific.
As someone who started a wiki... yea... people really don't want to make accounts. The second I started letting people just edit things without being logged in, the wiki immediately became dramatically more useful to everyone. I was worried about vandalism, but it's really not an issue exactly because nobody actually cares about the site at all.
I guess this illuminates why Wikipedia still allows anonymous edits. It's something I would never have considered precisely because of vandalism, but I suppose the urge to add information is low enough for most people that any distraction will lead them to not go through.
I've made two edits to Wikipedia ever. Once in college over 20 years ago in an article about Thomas Hobbes, and once a few months ago in an article about the Slayer album Reign in Blood. I quite appreciate that they did not try to make me create an account that I would use once every 20 years.
On my site having an account unlocks a bunch of useful features. Mainly, a version control system. Anyone trying to vandalize will have a harder time doing it than a 1 click reset by a user.
On the flip side, people literally go through these kinds of expedited transaction processes and use my email address, so I get receipts, requests to create accounts, "review the product" emails, etc.
Please validate emails OR let me click on a "that wasn't me" link.
If not, I will flag your email, and company, as spam.
I am aware of 4 other people who share my name, one of them has an email address one character off from mine.
I've followed their life from their employment offer, maternity leave plans, childbirth hospital trip, baby photos, pet purchases, school registration, and recently their child is registered in a gifted student program. I'm almost part of the family!
at that point (and probably about 10 years ago) i'd have made a different email address on a domain name i own.
gmail, for instance, shows off how awful google is if you stop relying on it but open it fairly often. I don't think i've received any non-automated emails on my gmail account in over a year, but now all of the tabs are chock full of junk, aliexpress, spam, aliexpress, scams, aliexpress...
I lucked out on fastmail grandfathering me in to the $5/yr plan that allows you a single MX domain endpoint, so i have any-email-i-want@mydom.ain for around $20/year including taxes, DNS, and domain registration.
I went into a sofa store in the UK a few years ago and gave them some details like my email address for a potential purchase which they input into a tablet.
Some time later, I started receiving emails about my sofa purchase, addressed nice and personally to "Paul" (not my name) and then some time after that, emails about my "finance agreement".
It was all legit, except for the fact that none of it was intended for me. Someone had been in to the store after me, and somehow they'd entered my email address on this guys form, he's never had any of his documents about his finance agreement, or when his sofa was going to be delivered, etc, because I had it all.
Hope the guy got his sofa in the end, but company made it almost impossible for me to tell them they were sending all this stuff to the wrong email, in the end I just blocked them.
There are more than 1600 people with my first and last name in North America and the UK and I have first.last@gmail.com. So, when the give a fake email… it’s mine.
A related bad UX is forcing users who do have accounts to log in to complete their purchase. I wrote a couple of WordPress/WooCommerce plugins to smooth this out – by prompting for login if an account exists matching the email address, and by adding single use passwords to emails sent from the site, so users who visit the site are already logged in when they arrive:
A friend consulted at a DMV years ago and improved their online transaction conversions a lot by dropping the login requirement for things like registrations.
Nobody wakes up and decides to pay someone else’s car tax. And if they do, if the money is good, who cares?
The other thing is the need for an account at all. With a lot of online merchants, I don’t want an ongoing relationship. Take your cash and leave me alone.
I used to work as a teller at a bank, and people would be really mystified when I wouldn't id them for deposit transactions. The rules might have changed now, but at the time anyone could put a deposit into any account they knew the number for. That's how after hours business deposit boxes work, after all.
Some people would be genuinely upset, until I pointed out that the transaction receipt only showed that a deposit had been made, and that I wasn't revealing anything that the depositor didn't already know. There was no known threat vector that we could figure.
The 2022 version is not to nag users with a registration flyover for your blog post, the instant the user visits and hasn't even read the first sentence.
I won't visit Medium or Substack blogs at all because of this awful pattern.
I used to refuse to use those services, but then I got libredirect [1] which does a great job of decrapifying them and a lot of other anti-user websites.
Don't force me to do anything. Don't force me to make an account, don't force me to uncheck a box to say I don't want you to send me spam, don't tack on "extras" like a youtube subscription that I have to notice and unselect. Let me add stuff to a cart, and then let me pay for it. Don't even ask me to make an account on your site until I have fully completed my purchase, and don't try to trick me into thinking I need one.
The thing about making an account that is so annoying is that I already need at least two accounts to buy something online, usually. I need some kind of account that lets me pay for things, like a credit card or paypal. I then also need an email account to check out, usually.
Also as a side note, let's talk of the (delivery) address.
In the EU, it is very probable that if you are registering for buying something on a "national" site (as an example a .de or a .it, particularly when the site is also only in German or Italian) you want the stuff sent to a national address.
The drop-down list almost invariably is alphabetically ordered, and contains all states in the world, i.e. it starts with Afghanistan, and often on mobile/touch these lists are not particularly easy to scroll.
It is a little thing, but still putting a pre-selected default for the state where you send like 99.999% of orders might smooth a little the attrition.
There was a recent hackernews[1] post that talked about how great McMaster is. It seems that for consumer retail businesses, a purchase is just one of many many ways the business wants to suck more value out of you. Upselling and giving the marketing team something to do are a priority. It's gross.
The dark patterns have been designed and A-B tested. They must have shown to increase in shareholder value, unfortunately, likely in the short term.
Sometime the increase is imaginary, driven by the "good" parts being easily measurable while the "bad" parts (loss of trust, abandoned carts) are not measurable, harder to measure and/or not being measured.
It's gross and comes off as desperate, to me at least. I'm far less likely to do business with a company who dicks around than straightforward ones.
For example, I was working on my furnace this weekend and needed a part. Found on supplyhouse.com. No fuckery involved, I paid them asking price and they sent me the part.
Why can't all transactions be so simple? Why does every site need a popover, multiple coupons, cookie warnings, privacy policies, etc? Maybe I'm just out of touch, but this all drives me -away-. I just want to pay money for X, receive X, and be done. If you make that hard, I'll look elsewhere.
Another fun thing to do - if they're using client-side validation, you can often just open up the html and delete the form fields, and the download link will often relent because there's no more required fields for you to provide.
I was involved in building a few decently large e-commerce sites in the early 2000s. One thing I always advocated and we did in a few places was to create an account for a user in every instance. If they ever came back to the login form, they would get a password reset email automatically.
One thing that really surprised us: a significant number of return users clicked "forgot password?" before attempting signup. We deduced that they believed they had an account but couldn't remember the password (this was before password managers).
When they'd did access their account, it had all their order history, email support history, etc all pre-populated.
This approach did not require us to retain any additional data on top of what we would have retained with only keeping their unauthenticated (guest) checkout orders on file.
I'm happy that most utility companies don't force me to open an online account to pay. They have a "guest pay" feature. Much appreciated.
I also hate websites where they hide your password while typing it in. Who can enter a password like Xaa3$#%^&*JqUIx correctly while blind? "Three attempts and your account is locked out!"
> in wintry implementations they don't allow pasting into a password field
With Firefox, setting the "dom.event.clipboardevents.enabled" about:config setting to false stops this dark pattern, allowing one to paste into fields that the website designer attempted to block one from pasting into.
> I also hate websites where they hide your password while typing it in. Who can enter a password like Xaa3$#%^&*JqUIx correctly while blind?
You may consider using a password manager[1] that allows to auto-fill the password field. Use xkcd-based passphrase[2] for the master password to make it easier to type.
[1]: just not LastPass with their regular security breaches. Personally, I recommend Bitwarden.
We’ve done the same thing with our Chrome extension. Someone can access our 2 week free trial without so much as entering an email address. We do this partly so it can be easily tried out by young students, partly because it makes things nicer for all users, and partly because it reduces customer support and refund requests.
The downside is that we can’t put folks in an e-mail drip campaign, which would help us educate our users and increase our conversion rate. But we hate spam, so we don’t view not-spamming as much of a downside.
I'm pretty sure there was one product i abandoned in spite of it being somewhat useful - all because they started to send me tips and tricks emails after i signed up.
From design standpoint, how do we design for user-related interactions though, like tracking /reviewing the purchase, informing when some error / failure happen in the middle, purchase receipt etc?
