DOCSLIB.ORG

Tales from the Dark Side: Privacy Dark Strategies and Privacy Dark Patterns

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Proceedings on Privacy Enhancing Technologies ; 2016 (4):237–254 Christoph Bösch*, Benjamin Erb, Frank Kargl, Henning Kopp, and Stefan Pfattheicher Tales from the Dark Side: Privacy Dark Strategies and Privacy Dark Patterns Abstract: Privacy strategies and privacy patterns are However, online service providers have become more fundamental concepts of the privacy-by-design engineer- and more sophisticated in deceiving users to hand over ing approach. While they support a privacy-aware de- their personal information. Up until now, privacy re- velopment process for IT systems, the concepts used by search has not studied this development. malicious, privacy-threatening parties are generally less An example for this development is the Tripadvi- understood and known. We argue that understanding sor mobile app (depicted in Figure 1), which is a review the “dark side”, namely how personal data is abused, platform for travel-related content. At first glance, the is of equal importance. In this paper, we introduce the starting page asks the user to log in with a personal concept of privacy dark strategies and privacy dark pat- Google+, Facebook, or email account. Taking a closer terns and present a framework that collects, documents, look, one notices that a third option is given that offers and analyzes such malicious concepts. In addition, we the creation of a Tripadvisor account. Furthermore, a investigate from a psychological perspective why privacy “Skip”-button is hidden in the upper right corner, which dark strategies are effective. The resulting framework which skips the login process entirely. When signing in allows for a better understanding of these dark con- with Facebook, Tripadvisor wants to gain access to the cepts, fosters awareness, and supports the development friend list, photos, likes, and other information (cf. Fig- of countermeasures. We aim to contribute to an eas- ure 1b). This is unnecessary for the main features of the ier detection and successive removal of such approaches service. from the Internet to the benefit of its users. Skipping the login process shows the user some fea- tures which are available only after signing in (cf. Fig- Keywords: Privacy, Patterns ure 1c). In addition, the “Later”-button, which finally DOI 10.1515/popets-2016-0038 leads to the app, is located on the left side. Placed on the Received 2016-02-29; revised 2016-06-02; accepted 2016-06-02. right side is a “Sign in”-button which leads back to the starting page. This influencing towards logging in via Facebook/Google+ or creating a personal account gives 1 Motivation and Introduction Tripadvisor access to personal information. Figure 1 il- lustrates general reusable strategies for deceiving users Over the last years, privacy research has primarily fo- to share more of their personal information. cused on (i) a better conceptual understanding of pri- In this paper, we deliberately change sides and ex- vacy, (ii) approaches for improving and enhancing pri- plore the techniques used by the “bad guys” to col- vacy protection, as well as (iii) technical mechanisms for lect privacy-sensitive data more efficiently. Similar to implementing these approaches. the collection of well-established privacy solutions (so- called privacy patterns [14, 24]) as part of the privacy- by-design strategy, we identify and collect malicious pat- terns that intentionally weaken or exploit the privacy of users, often by making them disclose personal data or *Corresponding Author: Christoph Bösch: Insti- consent against their real interest. tute of Distributed Systems, Ulm University, E-mail: This approach may initially seem suspicious, as it [email protected] Benjamin Erb: Institute of Distributed Systems, Ulm Uni- could provide guidance for malign stakeholders such as versity, E-mail: [email protected] data-driven companies or criminals. However, we believe Frank Kargl: Institute of Distributed Systems, Ulm Univer- that this shift in perspective is helpful and necessary for sity, E-mail: [email protected] privacy research, as it introduces several benefits: (i) Henning Kopp: Institute of Distributed Systems, Ulm Uni- A detailed analysis and documentation of privacy dark versity, E-mail: [email protected] Stefan Pfattheicher: Department of Social Psychology, Ulm patterns allows for a better understanding of the under- University, E-mail: [email protected] lying concepts and mechanisms threatening the users’ Unauthenticated Download Date | 10/23/16 6:36 PM Tales from the Dark Side: Privacy Dark Strategies and Privacy Dark Patterns 238 (a) The starting page. (b) Log-in with Facebook. (c) Skipped sign-in process. Fig. 1. Screenshots of the Tripadvisor mobile app. (a) shows the starting page. Note the small “Skip” button in the upper right corner. (b) shows the requested personal information when logging in with Facebook. Some of the information is unnecessary for providing the service. (c) shows what happens after skipping the sign-in process. privacy. (ii) A collection of privacy dark patterns fos- of chambers in such a way that a further distance from ters awareness and makes it easier to identify such ma- the building’s entrance allows for increased intimacy. licious patterns in the wild. (iii) Furthermore, the doc- In 1987, the idea of patterns was readopted by Kent umentation of a privacy dark pattern can be used as a and Cunningham [10] and introduced into the realm of starting point for the development of countermeasures, computer science and software development. The Port- which disarm the pattern and re-establish privacy. The land Pattern Repository of Kent and Cunningham col- discussion is similar to IT security, where investigation lected patterns for programmers using object-oriented and publication of vulnerabilities proved to be key for programming languages.1 The idea of using patterns in actually enhancing the security level in real systems. software design gained wide acceptance in 1994, when the so-called Gang of Four released their well-known book on design patterns for reusable object-oriented 1.1 Introduction to Patterns software [19]. Since then, the usage of patterns has spread to various different branches of computer science In many disciplines recurring problems have been ad- and software engineering, including distributed architec- dressed over and over again, yielding similar and recur- tures [18, 25], user interface design [46], IT security [41], ring solutions. The idea of a pattern is to capture an and privacy [14, 22, 40, 42]. instance of a problem and a corresponding solution, ab- The success of patterns in software engineering has stract it from a specific use case, and shape it in a more entailed novel classes of patterns with different seman- generic way, so that it can be applied and reused in tics, namely anti patterns [14] and dark patterns [11]. various matching scenarios. Traditional design patterns capture a reasonable and Patterns originate from the realm of architecture, established solution. In contrast, an anti pattern docu- where Alexander et al. [5] released a seminal book on ments a solution approach that should be avoided, be- architectural design patterns in 1977. In this book, the cause it has been proven to represent a bad practice. authors compiled a list of archetypal designs for build- ings and cities which were presented as reusable solu- tions for other architects. Interestingly, Alexander et al. already came up with patterns for privacy. For instance, 1 Historical side note: the online version of the pattern reposi- their Intimacy Gradient pattern postulates a placement tory, WikiWikiWeb (http://c2.com/cgi/wiki), became the first- ever wiki on the World Wide Web Unauthenticated Download Date | 10/23/16 6:36 PM Tales from the Dark Side: Privacy Dark Strategies and Privacy Dark Patterns 239 Hence, anti patterns raise awareness of sub-par solu- general terminology for privacy dark patterns and es- tions and advocate against their usage. tablishes a template for documenting privacy dark pat- Anti patterns often target solutions that may seem terns. Our framework suggests a list of malicious privacy obvious to the system developer at a first glance, but in- strategies and psychological aspects for categorizing pri- clude a number of less obvious negative implications and vacy dark patterns. Based on the pattern template of consequences. Even established design patterns some- our framework, we discuss common privacy dark pat- times become obsolete and are downgraded to anti pat- terns that we extracted from real-world occurrences. terns due to new considerations. For instance, the Gang of Four suggested a pattern for restricting the instan- tiation of a class to a single instance, the so-called 1.3 Contribution Singleton pattern. Only after concurrent programming and multi-core architectures became more widespread, Our contribution can be summarized as follows: shortcomings of this pattern eventually became appar- 1. We introduce the concept of privacy dark strategies ent. Today, the Singleton pattern is widely considered and privacy dark patterns. an anti pattern. 2. We present a framework for privacy dark patterns The term dark pattern was first used by Brignull, that takes into account traditional privacy patterns, who collected malicious user interface patterns [11] for empirical evidence of malign patterns, underlying better awareness. A UI dark pattern tricks users into malicious strategies, and their psychological back- performing unintended and unwanted actions, based on ground. The resulting framework provides a tem- a misleading interface design. More generally speaking, plate for documenting and collecting arbitrary pri- a dark pattern describes an established solution for ex- vacy dark patterns. ploiting and deceiving users in a generic form. 3. We provide an initial set of exemplary dark patterns In summary, anti patterns collect the Don’ts for that we encountered in the wild. good intentions and dark patterns collect potential Dos 4. We launched the website dark.privacypatterns.eu as for malicious intents. In this paper, we present a first an online collection for privacy dark patterns.
Recommended publications
  • Techlash, Loot Boxes, and Regulating “Dark Patterns” in the Video Game Industry’S Monetization Strategies

    Techlash, Loot Boxes, and Regulating “Dark Patterns” in the Video Game Industry’S Monetization Strategies

    12. GOODSTEIN.DOCX (DO NOT DELETE) 12/2/20 7:53 AM WHEN THE CAT’S AWAY: TECHLASH, LOOT BOXES, AND REGULATING “DARK PATTERNS” IN THE VIDEO GAME INDUSTRY’S MONETIZATION STRATEGIES Scott A. Goodstein* INTRODUCTION .......................................................................... 287 I. DEFINING DARK PATTERNS AND OTHER INVASIVE ASPECTS OF THE VIDEO GAME INDUSTRY ....................... 294 A. Dark Patterns ............................................................ 294 1. Video Game Dark Patterns Identified by Lewis, Björk, and Zagal ...................................... 297 2. A Loot Box is Simply a Monetized Rivalries Dark Pattern, Sometimes Combined with a Currency Confusion Dark Pattern ..................... 300 B. Psychology, Consumer Surveillance, and Data Research .................................................................... 302 II. TECHLASH IN THE VIDEO GAME INDUSTRY ..................... 306 A. Political Recognition of Exploitative Video Game Design ........................................................................ 308 B. Consumers Should Not Expect or Be Forced to Rely Upon the Video Game Industry to Self- Correct its Predatory Practices ................................. 311 III. LEGISLATIVE ATTEMPTS TO CURB MANIPULATIVE INTERFACE DESIGN .......................................................... 314 A. The Protecting Children from Abusive Games Act .. 315 *J.D. Candidate 2021, University of Colorado Law School; Associate Editor, Univer- sity of Colorado Law Review. I would like to thank all my fellow Law Review
  • Dark Patterns and the Legal Requirements of Consent Banners: an Interaction Criticism Perspective

    Dark Patterns and the Legal Requirements of Consent Banners: an Interaction Criticism Perspective

    Dark Patterns and the Legal Requirements of Consent Banners: An Interaction Criticism Perspective Colin M. Gray Cristiana Santos [email protected] [email protected] Purdue University Utrecht University West Lafayette, Indiana, United States The Netherlands Nataliia Bielova Damian Clifford Michael Toth [email protected] [email protected] Australian National University [email protected] Australia Inria France ABSTRACT ACM Reference Format: User engagement with data privacy and security through consent Colin M. Gray, Cristiana Santos, Nataliia Bielova, Michael Toth, and Damian Clifford. 2021. Dark Patterns and the Legal Requirements of Consent Ban- banners has become a ubiquitous part of interacting with inter- ners: An Interaction Criticism Perspective. In CHI Conference on Human net services. While previous work has addressed consent banners Factors in Computing Systems (CHI ’21), May 8–13, 2021, Yokohama, Japan. from either interaction design, legal, and ethics-focused perspec- ACM, New York, NY, USA, 18 pages. https://doi.org/10.1145/3411764.3445779 tives, little research addresses the connections among multiple disciplinary approaches, including tensions and opportunities that transcend disciplinary boundaries. In this paper, we draw together 1 INTRODUCTION perspectives and commentary from HCI, design, privacy and data protection, and legal research communities, using the language and The language of ethics and values increasingly dominates both the strategies of “dark patterns” to perform an interaction criticism read- academic discourse and the lived experiences of everyday users ing of three different types of consent banners. Our analysis builds as they engage with designed technological systems and services. upon designer, interface, user, and social context lenses to raise Within the HCI community, there has been a long history of en- tensions and synergies that arise together in complex, contingent, gagement with ethical impact, including important revisions of the and conflicting ways in the act of designing consent banners.
  • The Dark (Patterns) Side of UX Design

    The Dark (Patterns) Side of UX Design

    The Dark (Patterns) Side of UX Design Colin M. Gray, Yubo Kou, Bryan Battles, Joseph Hoggatt, and Austin L. Toombs Purdue University West Lafayette, IN {gray42; kou2; bbattles; jhoggatt; toombsa}@purdue.edu ABSTRACT We focus specifically on the practitioner-created construct of Interest in critical scholarship that engages with the complex- "dark patterns" and its emergence in the practitioner lexicon, ity of user experience (UX) practice is rapidly expanding, defining a co-opting of human-centered values in the service yet the vocabulary for describing and assessing criticality in of deceptive or malicious aims. practice is currently lacking. In this paper, we outline and While ethics and values have been studied extensively in the explore the limits of a specific ethical phenomenon known HCI and Science & Technology Studies (STS) literature (e.g., as "dark patterns," where user value is supplanted in favor of value levers [63], values at play [25], critical design [10,7, 23], shareholder value. We assembled a corpus of examples of reflective design [60, 61]), these conversations are frequently practitioner-identified dark patterns and performed a content bound to the academic community and related discourses, analysis to determine the ethical concerns contained in these making practitioner access to these conversations difficult and examples. This analysis revealed a wide range of ethical issues activation of their implications problematic. While there are raised by practitioners that were frequently conflated under clear uptakes from these conversations for UX practice, it is the umbrella term of dark patterns, while also underscoring a unclear whether these methods or approaches are used in UX shared concern that UX designers could easily become com- practice to raise or foreground awareness of criticality, an issue plicit in manipulative or unreasonably persuasive practices.
  • Are Dark Patterns Anticompetitive?

    Are Dark Patterns Anticompetitive?

    044BBC27-503D-4AFB-B1D9-B7BAF6F2C013.DOCX (DO NOT DELETE) 11/5/2020 7:00 PM ARE DARK PATTERNS ANTICOMPETITIVE? Gregory Day and Abbey Stemler INTRODUCTION ............................................................................................................ 2 I. PLATFORMS, ATTENTION, AND ONLINE MANIPULATION ......................... 7 A. The Economic Value of Attention ................................................................. 8 B. The Attention Cycle ..................................................................................... 10 C. Dark Patterns and Online Manipulation .................................................... 14 II. PRIVACY AND PRIVACY PROTECTION .......................................................... 16 A. Privacy and Decisional Privacy..................................................................... 17 B. The Individual and Societal Costs of Online Manipulation .......................... 19 C. The Lack of Regulation of Online Manipulation ......................................... 22 III. PRIVACY AND MANIPULATION IN MODERN ANTITRUST ......................... 24 A. Digital Markets and Antitrust .................................................................... 25 B. Persuasion or Coercion in Digital Markets?................................................. 27 1. Persuasion ............................................................................................ 28 2. Coercion ............................................................................................... 31 C. Anticompetitive
  • Dark Patterns': the Case for Regulatory Pluralism Dr M.R

    Dark Patterns': the Case for Regulatory Pluralism Dr M.R

    'Dark Patterns': the case for regulatory pluralism Dr M.R. Leiser1 Abstract ‘Dark patterns’ is a term commonly used by the web collective to describe a user interface that exploits users into doing something that they would not normally do. It is a coercive and manipulative design technique used by web designers when some sort of action is needed from a user - typically to begin the processing of personal data or indication of agreement to a contract. As dark patterns can compromise legal requirements like consent and privacy-by-design and legal principles found in both regimes, like fairness and transparency, this article analyses ‘dark patterns’ from a regulatory perspective. Two frameworks are critiqued: the European Union’s regime for data privacy and consumer protection. The paper also provides an overview of the enforcement measures available for the regulation of dark patterns. It concludes that a pluralistic approach that mixes the strengths of one regulatory regime while compensating for its weaknesses by the use of the other is needed to harness dark patterns. Keywords: dark patterns, consumer protection, data protection, law, regulation Introduction ‘Dark patterns’ are ‘interface design choices that benefit an online service by coercing, steering, and/or deceiving users into making decisions that, if fully informed and capable of selecting alternatives, they might not make’.2 Via specific design choices, many e-commerce and social media platforms prioritize capturing user attention while obfuscating information that might help them make more informed decisions. These techniques, including information overload, fine-tuned personalization, and distorted social cues, pave the way for the manipulation of users and compromise rational decision- making.
  • DECEIVED by DESIGN How Tech Companies Use Dark Patterns to Discourage Us from Exercising Our Rights to Privacy 27.06.2018 Table of Contents 1 Summary

    DECEIVED by DESIGN How Tech Companies Use Dark Patterns to Discourage Us from Exercising Our Rights to Privacy 27.06.2018 Table of Contents 1 Summary

    DECEIVED BY DESIGN How tech companies use dark patterns to discourage us from exercising our rights to privacy 27.06.2018 Table of contents 1 Summary .............................................................................................. 3 2 Introduction ......................................................................................... 4 3 Background .......................................................................................... 5 3.1 From nudging to exploitation through dark patterns .................................. 6 3.2 European data protection legislation .......................................................... 8 3.3 Methodology .............................................................................................. 10 4 Dark patterns in prominent digital services.......................................... 12 4.1 Default settings - Privacy by default? ........................................................ 13 4.2 Ease - Making the privacy option more cumbersome ............................... 19 4.3 Framing – Positive and negative wording .................................................. 22 4.4 Rewards and punishment .......................................................................... 25 4.5 Forced action and timing ........................................................................... 27 5 Illusion of control ................................................................................ 31 5.1 Facebook: “You control whether we use data from partners to show you ads” ...........................................................................................
  • DECEIVED by DESIGN How Tech Companies Use Dark Patterns to Discourage Us from Exercising Our Rights to Privacy 27.06.2018 Table of Contents 1 Summary

    DECEIVED by DESIGN How Tech Companies Use Dark Patterns to Discourage Us from Exercising Our Rights to Privacy 27.06.2018 Table of Contents 1 Summary

    DECEIVED BY DESIGN How tech companies use dark patterns to discourage us from exercising our rights to privacy 27.06.2018 Table of contents 1 Summary .............................................................................................. 3 2 Introduction ......................................................................................... 4 3 Background .......................................................................................... 5 3.1 From nudging to exploitation through dark patterns .................................. 6 3.2 European data protection legislation .......................................................... 8 3.3 Methodology .............................................................................................. 10 4 Dark patterns in prominent digital services.......................................... 12 4.1 Default settings - Privacy by default? ........................................................ 13 4.2 Ease - Making the privacy option more cumbersome ............................... 19 4.3 Framing – Positive and negative wording .................................................. 22 4.4 Rewards and punishment .......................................................................... 25 4.5 Forced action and timing ........................................................................... 27 5 Illusion of control ................................................................................ 31 5.1 Facebook: “You control whether we use data from partners to show you ads” ...........................................................................................

  • What Makes a Dark Pattern... Dark? Design Attributes, Normative Considerations, and Measurement Methods

    What Makes a Dark Pattern... Dark? Design Attributes, Normative Considerations, and Measurement Methods ARUNESH MATHUR, Princeton University JONATHAN MAYER, Princeton University MIHIR KSHIRSAGAR, Princeton University There is a rapidly growing literature on dark patterns, user interface designs—typically related to shopping or privacy—that researchers deem problematic. Recent work has been predominantly descriptive, documenting and categorizing objectionable user interfaces. These contributions have been invaluable in highlighting specific designs for researchers and policymakers. But the current literature lacks a conceptual foundation: What makes a user interface a dark pattern? Why are certain designs problematic for users or society? We review recent work on dark patterns and demonstrate that the literature does not reflect a singular concern or consistent definition, but rather, a set of thematically related considerations. Drawing from scholarship in psychology, economics, ethics, philosophy, and law, we articulate a set of normative perspectives for analyzing dark patterns and their effects on individuals and society. We then show how future research on dark patterns can go beyond subjective criticism of user interface designs and apply empirical methods grounded in normative perspectives. ACM Reference Format: Arunesh Mathur, Jonathan Mayer, and Mihir Kshirsagar. 2021. What Makes a Dark Pattern... Dark?: Design Attributes, Normative Considerations, and Measurement Methods. In CHI Conference on Human Factors in Computing Systems (CHI ’21), May 8–13, 2021, Yokohama, Japan. ACM, New York, NY, USA, 27 pages. https://doi.org/10.1145/3411764.3445610 1 INTRODUCTION Recent scholarship has called attention to dark patterns, user interface designs that researchers deem problematic. The preponderance of academic literature on dark patterns has curated collections of objectionable user interface designs [3, 21] and highlighted the frequency of dark patterns in specific contexts, such as privacy settings [4], online gaming [62], and online shopping [35].
  • Dark Patterns at Scale: Findings from a Crawl of 11K Shopping Websites

    Dark Patterns at Scale: Findings from a Crawl of 11K Shopping Websites

    81 Dark Patterns at Scale: Findings from a Crawl of11K Shopping Websites ARUNESH MATHUR, Princeton University, USA GUNES ACAR, Princeton University, USA MICHAEL J. FRIEDMAN, Princeton University, USA ELENA LUCHERINI, Princeton University, USA JONATHAN MAYER, Princeton University, USA MARSHINI CHETTY, University of Chicago, USA ARVIND NARAYANAN, Princeton University, USA Dark patterns are user interface design choices that benefit an online service by coercing, steering, or deceiving users into making unintended and potentially harmful decisions. We present automated techniques that enable experts to identify dark patterns on a large set of websites. Using these techniques, we study shopping websites, which often use dark patterns to influence users into making more purchases or disclosing more information than they would otherwise. Analyzing ∼53K product pages from ∼11K shopping websites, we discover 1,818 dark pattern instances, together representing 15 types and 7 broader categories. We examine these dark patterns for deceptive practices, and find 183 websites that engage in such practices. Wealso uncover 22 third-party entities that offer dark patterns as a turnkey solution. Finally, we develop a taxonomy of dark pattern characteristics that describes the underlying influence of the dark patterns and their potential harm on user decision-making. Based on our findings, we make recommendations for stakeholders including researchers and regulators to study, mitigate, and minimize the use of these patterns. CCS Concepts: • Human-centered computing → Empirical studies in HCI; HCI theory, concepts and models; • Social and professional topics → Consumer products policy; • Information systems → Browsers. Additional Key Words and Phrases: Dark Patterns; Consumer Protection; Deceptive Content; Nudging; Manipulation ACM Reference Format: Arunesh Mathur, Gunes Acar, Michael J.
  • Dark Patterns and Their Use in E-Commerce

    Dark Patterns and Their Use in E-Commerce

    Emma Nevala DARK PATTERNS AND THEIR USE IN E-COMMERCE JYVÄSKYLÄN YLIOPISTO INFORMAATIOTEKNOLOGIAN TIEDEKUNTA 2020 ABSTRACT Nevala, Emma Dark patterns and their use in e-commerce Jyväskylä: University of Jyväskylä, 2020, 33 p. Information systems science, Bachelor’s thesis Supervisor: Kyppö, Jorma Growing competition in the field of e-commerce has led retailers to adopt different strategies to engage users and guide them through the digital buying process. Some retailers use digital nudges that aim to guide user through the shopping process. Some e- commerce sites have resorted to the use of dark patterns – user interface elements that manipulate the user into making a choice they might not have made, had they had the chance to choose freely. This thesis has three research questions: 1.) What are dark patterns? 2.) Why do dark patterns work? 3.) Why are dark patterns used in e-commerce? This thesis defines dark patterns as “intentional, deceptive design decisions that were made to take advantage of psychology, to manipulate the user into making decisions that were unintended and unwanted; creating value for the service that employs them”. There seems to be four factors that explain the effectiveness of dark patterns: technological, cognitive, social and motivational. Each of these factors is looked at in detail. Dark patterns are widely used in e-commerce. The prevalence of dark patterns has created an industrial drift that has led to the adoption of dark patterns on a much larger scale. Dark patterns have also been used to promote customer engagement, which, in turn, has been associated with higher levels of economic success.
  • End User Accounts of Dark Patterns As Felt Manipulation

    End User Accounts of Dark Patterns As Felt Manipulation

    End User Accounts of Dark Patterns as Felt Manipulation COLIN M. GRAY, JINGLE CHEN, SHRUTHI SAI CHIVUKULA, and LIYANG QU, Purdue University Manipulation defines many of our experiences as a consumer, including subtle nudges and overt advertising campaigns thatseek to gain our attention and money. With the advent of digital services that can continuously optimize online experiences to favor stakeholder requirements, increasingly designers and developers make use of “dark patterns”—forms of manipulation that prey on human psychology—to encourage certain behaviors and discourage others in ways that present unequal value to the end user. In this paper, we provide an account of end user perceptions of manipulation that builds on and extends notions of dark patterns. We report on the results of a survey of users conducted in English and Mandarin Chinese (n=169), including follow-up interviews from nine survey respondents. We used a card sorting method to support thematic analysis of responses from each cultural context, identifying both qualitatively-supported insights to describe end users’ felt experiences of manipulative products, and a continuum of manipulation. We further support this analysis through a quantitative analysis of survey results and the presentation of vignettes from the interviews. We conclude with implications for future research, considerations for public policy, and guidance on how to further empower and give users autonomy in their experiences with digital services. CCS Concepts: • Security and privacy ! Social aspects of security and privacy; • Human-centered computing ! Empirical studies in HCI; Empirical studies in interaction design. Additional Key Words and Phrases: dark patterns, ethics, manipulation, user experience Draft: October 20, 2020 1 INTRODUCTION Digital products create and reinforce structures that guide our modern lives, providing a means to connect with others, share our experiences, perform mundane everyday tasks, and purchase goods and services.
  • Dark Patterns: Regulating Digital Design

    Dark Patterns: Regulating Digital Design

    May 2020 ∙ Sebastian Rieger & Caroline Sinders Dark Patterns: Regulating Digital Design How digital design practices un- dermine public policy efforts & how governments and regulators can respond Think Tank at the Intersection of Technology and Society Sebastian Rieger & Caroline Sinders May 2020 Regulating Digital Design Executive Summary How easy it is to order a book on an online shop’s website, how intuitive maps or navigation services are to use in everyday life, or how laborious it is to set up a customer account for a car-sharing service, these features and ‘user !ows’ have become incredibly important to the every customer. Today, the “user friendliness” of a digital platform or service can therefore have a sig- ni"cant in!uence on how well a product sells or what market share it gains. Therefore, not only operators of large online platforms, but also companies in more traditional sectors of the economy are increasing investments into designing websites, apps or software in such a way that they can be used easily, intuitively and as time-saving as possible. This approach to product design is called user-centered design (UX design) and is based on the observations of how people interact with digital pro- ducts, developing prototypes and testing them in experiments. These me- thods are not only used to improve the user-friendliness of digital interfaces but also to improve certain performance indicators which are relevant to the business – whether it is raising the number of users who register as new customers, increasing the sales volume per user or encouraging as many users as possible to share personal data.