 So, dark patterns. What is this? Probably everyone who has used the internet recently has seen this obnoxious banner. You need to use cookies to use the site. And then you are presented with an easy answer in green and shiny yes to all. You can reject them and have to click 400 individual track boxes. This is a dark pattern. And Dark Unicorn will now present us with the details about it from a developer's perspective and what you can do about it and how do we want to discuss this. So, welcome and a round of applause in front of your screen. Thank you. Yeah, thank you. Exactly. I'm going to shake my screen accidentally. Yes, I want to talk a bit about the parts of dark patterns that make them so obnoxious and where they work. And also as a developer who, as a web developer, I want to talk a bit about the business side of things. And so, yeah, let's just get started. What are dark patterns? Well, dark patterns are tricks used in websites and apps that make you do things that you didn't mean to. Like buying or signing up for something, which is the definition from darkpatterns.org, which is a very good site on the topic. What does that mean? I'm defining them as design choices that are intentionally inaccessible to further the cost of capitalist profit maximization, which definitely is a bit politically charged, but that's intentional. So a bit more specific, well, XKCD has also made this perfect example for a very annoying dark pattern that is like the most common form that you encounter basically every day. So yes, cookie consent forms. Or I wouldn't actually call them consent because that's not what consent means. So why are dark patterns? Well, first of all, obviously capitalism, profit maximization being valued over a good user experience, seeing the customers as simple numbers, not people. And sadly, another part of it is that journalism is dying because they can't finance themselves if no one buys the newspaper subscriptions anymore. So they need to finance themselves and they fall back to dark patterns, sadly. Everybody's doing it. It's also kind of a reason because there are these pre-built libraries that you just include to be GDPR safe that includes dark patterns. So it's rather easy to add the dark pattern to your side by accident or by incompetence, whatever. So and there's also the botched privacy regulations like the GDPR, which in general was a very good idea, like giving people more control over their own data, limiting how the data can be abused by other companies. However, it wasn't written in a good way, especially around cookies. So yeah, these consent forms that are legal and in the end only hurt the customer because your data is still being stolen. However, you just have to click away some annoying popup every time you use the internet. So let's dissect some examples as to how dark patterns work and what they're doing. The first thing that you can see a lot is reject option styling and position. So accept is always the primary color that usually you want to click every time you just want to finish a task. The reject button is either grayed out so it doesn't look like you can click it at all, which is also really bad if the contrast is too low to actually read what the button was saying, or they don't look like a button at all. So we have this wonderful example from the Windows 10 installation. The red border was added to show actually where one has to click if they want to install the OS without creating a Microsoft account. So that usually is just this limited experience text that is where you would usually have to click if you wanted to go back a step because you want to delete some setting you already made. That's definitely one way where you simply, if you're not an expert in pausing these things, you simply don't know how to not consent. Another thing is interesting use of language. So obviously difficult to understand language from non-technical folks. Switching language between site text and content form, which is common that the site is in German, for example, and then the content form is in English. Or as this wonderful example here is the form switches languages in between saying what it is about and what the actual cookies are used for, which definitely would be an issue if I didn't speak both languages. So there's also the double negative, do not send me no marketing email. So you just have to think a bit what you're actually saying if you hit that checkbox and also learn more. That doesn't equal no. And on most sites where you have to learn more to say no, which doesn't actually make that much sense. So another thing is blocking the user from quickly closing the pop-up. Some sites go as far as ruining the scrolling to make it impossible to close in-app browsers. Like in many in-app browsers you have to scroll up to make the little X button visible to close the in-app browser and they ruin your scrolling so you can't close it, which is especially annoying if you've accidentally clicked some link in Twitter or whatever. And then you can't go out of these websites without closing the whole app. The close buttons also doesn't mean I consent, but sites simply say it does. So if it's a modal and you just hit the close X on the corner or if you just hit the backdrop, which will close the modal in many sites, they will say that means I consent, but it does not mean that. There's also the way too many checkboxes. I've got an example where there's a bunch of text and there's a small little frame that scrolls individually where all the checkboxes are. So you always have to scroll to see every single change, everything you might want to change, which is definitely annoying. And there's the wonderful disregard my choices button underneath the checkboxes. So you just went through all of these 400 checkboxes, said no to everything you want, and then you hit accept all and suddenly your choices aren't worth anything. Then there's also one thing because this isn't just about cookie consent. It's about trying to sell your subscriptions when you don't want to. Many sites will default to some kind of subscription when you buy something. I think we've got these subscribe and save things from Amazon where the button that usually would buy just one means that you will get like every two months a new delivery without looking any different than buying a single product. And if you're tired or not very adapted to language or simply just got this pop up fatigue you just constantly have to click the lighting up button to just do what you were trying to do. This is definitely very likely to trick you. There's also this humble bundle example here where this add to cart button seems like it would add the bundle to your cart because it says total one item zero euros. So it looks like you don't actually have the bundle in your cart at that point, which you don't because you haven't selected an amount. But if you hit add to cart you will add this 16 euro subscription, which doesn't really have anything to do with the bundle you were trying to buy. Then there's also a forced action with things like impossible to close pop ups, like login to continue, which is especially annoying if the site let you see some parts of it like Instagram does. So you were shown some link to their Instagram, you were scrolling down and suddenly you have to log into Instagram or install the app to continue seeing what you were trying to see. And there's also many news sites do this, a button, if you want to read the article you have to disable your ad block. Otherwise you're just going to see this annoying page. I don't actually know how they're doing it to disable the ad block, but probably there's some API. And another thing I found interesting is that sites tell you you cannot not consent to cookies if your browser setting doesn't say do not track. They also tell you how to set that setting. However, that's a lot of steps and also many sites simply disregard that setting or refuse to work if it's set. So when the do not track setting was first added, I remember enabling it and suddenly being left with an unusable internet. So yeah, that's also a dark pattern because people have to go out of their way to not be tracked. Another like smaller thing is this login with Google everywhere. It pops up on every sub page on sites that included. And I don't really see any benefit in logging in with Google to read some blog posts because I just want to read some text. It's nothing I have to write a comment or anything. And every time I open a new sub page, this pop up will annoy me. So I might just click at this button once and then it's gone for as long as the session cookie lasts. Then there's the building up pressure, which is especially common on hotel booking sites. So you have time sensitive deals that commonly aren't time sensitive at all, but they look like it. Like you see here, 19% today off tomorrow. It will also be 90% off, but it's today. There will also be the almost sold out here. We have three different kinds of rooms in some hotel. And they only have five left for every single one. I guess they only had five to begin with, but now it looks like in red text. It looks like that's little a small amount. So you just got a book now to not miss out on it. And there's also the ex people are looking at this right now. I was actually trying to find it on a hotel booking site, but apparently even they know that in 2021, no one would believe that that some hotel booking site is heavily trafficked and you have to buy now. But here's the a bit less bad example from eBay where it says this was opened 17 times. 86 were already sold and we only have eight left. So by now or you're not going to get it at all. And a whole collection of dark patterns. That's what you will find if you try to cancel your prime membership. I actually thought I had canceled my prime membership a couple of months ago before checking for the stock. So in order to cancel your prime membership, you have to go to this my prime. Then you go to advanced controls, go to my prime membership, then you have to open this little carrot thing. Which allows you to end your membership. Then you will get a very scary alert message attention by canceling. You will lose the following benefits. Then there will be a button not let me cancel, but it is I do not want my benefits or I want to keep my benefits. But we're not done even if we hit the I do not want my benefits button because then you will be sent to another site which says well good news exclusively for you prime for less money. That is not an exclusive deal. It's simply if you decide to pay once a year and that's available for everyone at all times. So that's actually kind of a lie. So let's say okay that deal didn't get me to keep my membership. So I will hit and membership. Then I will be sent to yet another sub site where I finally get to end my membership and prime benefits like at the next possible time. And then once you click that you will be redirected to a site which will show multiple scary alerts. Like you've just made some mistake, which you can obviously undo with a single click because they make subscribing as easy as they can. You will also get multiple emails and when you buy something for the next time, it will give you some actual deal. I think I don't know if you can get prime for a euro for a week and some red text alerts telling you, yeah, you really want. You really want to resubscribe to prime for some reason and they keep changing main languages is kind of annoying, but not the point here. However, one thing that's good about Amazon. It was possible to unsubscribe online. So this is the New York Times. Theoretically you could chat with a customer care advocate to unsubscribe. However, all of them are currently occupied so you could call this US phone number, which definitely is not possible for everyone. And it's a huge additional step just to cancel some subscription that you definitely did not use a phone call to start. And when looking at these things, it's also important to note that these things are a lot worse if you're disabled. So phone calls may not be possible for anxiety reason or if you're there for a whole lot of different reasons. Low contrasts like in these disagree buttons may not be visible. And in general, there's a lot more physical motion necessary to accomplish your goals. And it's likely that they will also not have the appropriate tab index setting set photos checkboxes where you can theoretically disagree. In addition to being worse if you're disabled, they are also a lot worse if you don't have much money because not consenting is a very time consuming thing to do. And if you're just on your break and just want to catch up on some news, that's possible. That's not possible in many cases. Sheep monitors also handle low contrast really badly. So even if you're not colorblind, you might not be able to see the contrast because your screen is just too cheap. When you hit more options or learn more or whatever sites often reload, which uses more bandwidth and more time spent rendering, especially on low powered hardware. And also fading to cancel a subscription can hurt a lot financially. Like I just said, I didn't realize that I hadn't canceled my prime subscription. That is a sign of real financial privilege that I have in this case. So if I didn't have that, it would be a huge problem to just spend eight euros a month for something I didn't want. And yeah, so I've got something to admit because I have actually implemented the dark pattern before. It was at my first real job after I've got my apprenticeship. And it was at the company where I had actually thought they would never do such a thing because they were really popular and kind of like caring about their customers, at least what they show to the outside. I also tried to try to talk management out of it, but that wasn't possible at the time. So about six months later, I left the company. I was pretty burnt out and like leaving your first job this early also makes one doubt their skills a lot. Because like especially if you've already got low savings team, that's really difficult. And I also definitely felt like shit for ignoring my moral standards because I do not want dark patterns on the internet and I had just implemented one. However, I'm happy it turned out that way. I'm not no longer at the company. I'm at a different one where I'm a lot happier. But well, that's my personal story. But yeah, what does it say about your job if you have to implement a dark pattern? It says that your employer sees maximizing profits is more important than respecting their users because shoving a dark pattern down their throat is definitely no sign of respect. So they probably think of their customers in terms of how much money they can make from them. So they're likely to think of their employees similarly, which often needs to things like not enough appreciation for your work, too many tasks and too little time or no ways to use work time for non directly money making activities such as education, which definitely would profit them if they allowed you to educate yourself on time. However, it only profits them after a bit of time. So they want to make as much money as quickly as possible so they will not allow you to do that in many cases, definitely not always. And you simply do not have to accept this. Well, what can you do against it? First step, obviously talk with your employer, maybe they can be reasoned with. Maybe they didn't know how bad it was to implement something like that. So that's definitely a good idea. If that doesn't lead to anything, you could join a labor union, which gets you a better bargaining position with your employer and try to talk with them again. Found a workers council, which allows you to speak for everyone who voted for you, which means employers often tend to isolate your issues like you're the only one who doesn't want this dark pattern. So it's a personal issue that you have. If you're a part of a workers council, you can say, no, it isn't these people all voted for me. It's my job to talk to you about it and I can speak for them. And if none of that is possible or doesn't work, you can quit your job because tech professionals are always in high demand, even during a pandemic where it's a bit more difficult to find a job, but it is possible. And you may even get like-minded colleagues to leave with you and maybe found a corporation where you would end up with a lot better working environment. Well, thank you all for listening. Slides will be published on my blog. I'm also reaching around that email address. If you couldn't find, if you weren't able to ask in the following Q&A, which we have a bunch of time left for. So yes, have a nice remaining conference everyone. And thank you for your time. Okay, thank you. So we are going to go through the questions. The first one is, could you give some details about what dark patterns they wanted from you? Like I guess what you were asked to implement at your first job, if you want to answer that? Well, I can't exactly say it because like NDA stuff, but it was about making customers use, spend more money because they were like nudged to go with a different, with different plan. Next question. Well, it's more of a remark. As you spoke about Amazon Prime, that sky is probably also difficult to cancel your subscription. And we obviously don't have that many questions this time. I see something top typed in right now. So everyone who is still in the IRC chat or looking at the pad or at the stream, you find that in the video description, there's a link to this question and answering pad. And I see people are using it right now, so they are coming in. And yeah, so let's just wait for a minute for more questions to come in. And do you have any more remarks that you want to fill the time with maybe? So I just chose Amazon Prime because I wanted some really bad example and I just knew it was one of the worst experiences to cancel Prime because I remember doing it before and I apparently failed at doing so. So yeah, obviously lots of pages are similar. It's not like Amazon is the only bad player here. And obviously there's a monetary incentive for companies to nudge people in this direction and also if the network effects or everyone is doing that, so we should do that too, is obviously a concern. So if you are in a position to discuss or even change that, you can make for a better internet for everyone basically because you inhibit as a precedent a bad example and you can change that indirectly so that others don't see it as a bad example that they have to copy. So there's a lot of questions coming in. Oh, I'm sorry, I interrupted you. Yes, that's also really true because the more websites use dark patterns, the less bad it feels for people to implement them because everyone's doing it, why wouldn't I? So yeah, definitely. If you can block a dark pattern, definitely do so. Oh yeah, now people are waking up and posting questions. So let's see if we get short answers to short questions. So you already said you had concerns in your first job. Did the management come up with excuses or justifications or did they just like we pay you to do this, so do it please? I don't think there was a place in there. I wasn't able to speak directly with the people making the decisions. I was talking with my team lead and he said he didn't think it was a bad thing, but he said, okay, if you're concerned about this, I talk to management and I never heard anything about it again. So it wasn't really possible to speak with anyone who would actually listen and understand why it's an issue. So that proves that it's really difficult to get into that position to be able to make a choice. So there's a question regarding the eBay example. What in your eyes are the difference between a dark pattern and information and how to identify them? Yeah, the eBay example actually is a bit of a grey area for me because if something is going to be sold out soon, I kind of want to know it because it would be bad not to get what I want. But in many cases, these ex-people are looking at this right now. I aren't even real. So there are many sites where you can just refresh and it will show you a different random number every time. That's definitely a dark pattern. With the eBay example it was just something I could find quickly because I wanted to use stuff that I could screenshot and as I said, the hotel booking sites currently don't employ this because they know you won't believe it. So I guess this goes into the direction of cognitive biases and logical fallacies and simulating scarcity like just five hotel rooms, for example, left. So hurry up even if you can't verify that there's just five. Next question, there are also dark patterns for increasing engagement with a site or retention times. So people look at the site for a longer time including videos that autoplay or follow you as you scroll down. We all know that from social media of some sorts. Do you have any experience with those or a comment on that? Yeah, so the thing is these videos, I don't know anyone who actually enjoys those. I think everyone is annoyed by them but that may be just my bubble. The retention, keeping retention is definitely a large issue especially with commercialized social networks like Twitter that will not show your notifications, for example, if lots of notifications come in at once so they can spread them out over time so you get another reason to look at the app or the algorithm is built to always seem like there's new content for you so you're always kind of missing out and you get that fear of missing out on something like your best friend wrote or anything. Those are definitely very harmful. There's luckily some social media that isn't built like that so you can still get the experience of screaming into the void and pretending you're socializing so that's good but those are definitely very harmful and I know I'm easily victimized by it because I do spend too much time on social media. And I bet there's a lot of people who are very good at evoking exactly these feelings and these reactions. So you mentioned that many libraries implement the GDPR cookie setting in a bad way. Are there any libraries that offer nice cookie banner? I can't name any right now because I haven't actually on my own terms implemented anything that actually requires a cookie banner because everything that requires a cookie banner is something that most people wouldn't actually consent to like tracking people and there's even tracking libraries that don't require consent so they only track stuff that happens on your side and don't like try to steal all data they can. So there's definitely better options. I've seen some same-looking ones that had OK position buttons and the reject all button that was just there but I can't tell you any names right now. Then I will add that some listener pointed out that there's non-NGOs, non-governmental organizations like EDRI, European Digitalized or Digital Courage and so on and linked a note on ethical web development so that's value by I think. And people were appreciating your focus on especially low income situations and that's how exploitative this is. Then here is a question about if you know something about LinkedIn. I do know that it is pretty terrible from my experience. Like LinkedIn employs a bunch of dark patterns. The cookie stuff is definitely there if I remember correctly. They will always tell you that you should install their app because the experience is so much better now actually when you install the app they get more data and they sent you so many emails even if nothing actually happened. So they will send you like a daily email about where I found on ex-searchers look at LinkedIn right now even though no one actually interacted with you. That's even the reason why I had to ignore some interesting recruiters while searching for a job earlier this year because it was just a flood of useless information with just tiny bits of useful stuff in between. I actually created a whole other LinkedIn inbox and it's got 120 unread emails even though I always try to see all of my emails. So LinkedIn is a perfect example for a site that employs dark patterns in my opinion. I experienced similar things also for example with eBay that they also flood you with a lot of information that you have never asked for. So do you have suggestions how to do something about it as a user or how can you sort through this even if you can't actively change the way things are so that you don't have to quit using the service or the site or whatever but improving your experience yourself? So therefore for many popular websites there are third party clients that will employ less dark patterns so if you want to look at someone's Twitter profile there's nitta.at if I remember correctly so it's a client that simply just shows you the timeline of what someone posted. There's also YouTube front ends that don't apply as many dark patterns and don't shove some auto player suggestion down your as soon as you stop watching something. But in the end if we are forced to use those sites and if they keep using dark patterns we are kind of in a bad position because we can't do so much about it especially if sites don't have these improved third party front ends that obviously they don't like so they will commonly change their API so those front ends will no longer work or they ban them in their terms of use so I don't really know what we can do except complain and complain darkly and maybe talk with our lawmakers so they could take steps to make this whole situation a lot better for us. That's kind of sad news but I guess we have to keep trying and trying to make a difference or we also need to reboot the internet but I don't know if this will happen anytime soon. So we are done with the questions so far. I want to thank you for your presentation and your answers and so I wish everyone a nice devog and a nice Easter.