 Hello, everyone, and welcome to day two of GPN20. I will start presenting our speaker today in English, because the talk is in English as well. Welcome to dysphoric unicorn. She's a professional web developer, and will share with us insights on bad UI design choices people make to make it almost impossible to reject consent to cookies or to find certain options to cancel subscriptions and so on. She's doing web development professionally and gets annoyed with bad design when she sees it and wants to educate us on how these things work, what can be done about it, and what we can learn from it. Please welcome dysphoric unicorn and enjoy the talk. Yes, thank you very much. Yeah, come to the dark side. They have cookies, a wonderful original job that I personally came up with that no one has ever made before. Well, yeah, standing here on this big stage, I almost want to walk around, but I'm not going to cause any more problems for the walk, so I'll just stay here. So generally, as a quick thing I want to mention, it's not the word dark patterns isn't actually that used that commonly anymore. The industry standard is now deceptive design patterns that wonderful joke wouldn't have worked with deceptive design, but yeah, that's because associating darkness with bad comes from white supremacy, so people no longer want to use the word dark pattern. I will try not to use it. I changed all slides except this one. I don't think that deceptive design is the perfect word because it's not just about deception. It's also about just general user hostility. So I switch between the words deceptive design and user hostility design basically to mean the same things. OK, then let's get started. Bit about me, yeah, I'm a web developer and I kind of specialized into UX and accessibility stuff. So after learning all these rules how to do things correctly, I've got an eye for when things are done incorrectly, obviously, and I get annoyed by that. And well, yeah. I've also implemented user hostility design before at my first job. I'm not proud of it. I tried to complain, but I was just a junior dev and I didn't have much of a say in that matter. And also I made that joke yesterday already, but remember those Japanese yields that forgot what people looked like. So people were asked to video chat them. So they remember what people are doing the pandemic. That's basically me. So sorry if I speak a bit too quickly or something like that. What is deceptive design? Deceptive.design, a website by the person who actually coined the word, they define it as deceptive design patterns, also known as dark patterns, are tricks used in websites and apps that make you do things you didn't mean to, like buying or signing up for something. I've got a bit of a different definition, although those are definitely compatible. There are patterns and design choices that are intentionally inaccessible and misleading to further the cause of capitalist profit maximization. And they are evil. And they are everywhere. But most likely the first thing where you've noticed them is these wonderful consent banners, which are apparently required by law in the EU. And well, actually they're not, unless you do things that people probably don't want you to. So none of the websites I work on have one of these banners, even though we use cookies. If you don't track people, you don't need their consent to leave cookies that like store their language preferences and stuff like that. This is not legal advice, consider a lawyer. But yeah, generally you don't need them if you don't do things that users probably don't want to. And most implementations are illegal because they don't confirm to GDPR. I've also checked out a list of the 50 most popular cookie consent libraries so that you can just stick on to your website. And at time of writing, there were three libraries in this list of 50 that did not employ any dark patterns or deceptive design and were fully compliant with GDPR. So that's a bit telling, but enough of that. Let's talk about some methods. Obviously not to replicate, but to see them and to know them when they're in front of you. First of all, the most common one is the reject option styling and position. So you've got this reject button that either looks like it's disabled or doesn't look interactive or looks like regular text. Or maybe it says something that is not reject, but manage my choices or something like that. Yeah. And it's usually not reachable in one click, while accept obviously is. Here I've got an example that I did not find, but someone else did. That was the unsubscribed link in an email, which was white text on white background. That's not used commonly, but I just found I wanted to show it here. Misleading language is another thing that's often used. It's difficult to understand. Not always in the user preferred language, even if the website is. There's also sometimes double negatives abstain from sending me no marketing mails, except underneath specific settings that just resets what the user chose, even though they think that it just accepts their choices. And here I've got an example where they asked me to accept everything. In addition to, I would like to get emails, but I'm pretty sure if I had said accept everything, I would have gotten emails. Overwhelming the user. Way too many checkboxes. Sometimes a tiny part of the site is scrollable, and has all the checkboxes, even though there's a lot of white space. But the checkboxes are really constrained. An easily reachable close button that is considered as consent, or that that's what you want the user to do, even though they might not want to do it. I just want to get rid of all this pop-up, so I accept whatever. Also, these really annoying pop-ups that say, hey, continue in browser. I use very much better apps. That's just, well, yeah, a browser that opens the website, but doesn't show the pop-up, and tracks you. And also, this lock-in with Google on every single sub-page. Maybe you've noticed when you're reading medium blocks. So what better way to showcase overwhelming design than with a site that is way too crowded? We've got a couple of examples. Like, we also have the, so many people are looking at this right now, bye-bye-bye, which is also a bit overwhelming and just stressful to the user. Another thing is forced action. Like, pop-ups that are not possible to close, making users lock-in on a disabled ad block, making users download an app. Like, here we've got the cart website, which is all user-submitted content. But in order to access it on a mobile device, you have to download the app. It won't let you swipe to see our cart. Or only allowing consent revocation through browser settings, while most pages just ignore those settings, is also a bit annoying. And yeah, you've probably seen these news websites, which are also like, hey, you could pay, or you could agree to ads and tracking. Then there's also unfriendly defaults. Adding a monthly subscription instead of a one-time purchase, you probably know this one. You're buying, like, Sriracha sauce online, or something like that. The default will always be, send me one every month. I don't use that much Sriracha sauce. But yeah. Pre-checking the IWantSpam checkboxes, not legal, but still commonly done. Showing reduced prices by default is something I've recently seen. Like, there's rebates for people under a certain age, or for a specific time frame, or just rebates that simply do not exist at all. So you first think it's cheap, but then it's a lot more expensive. Then there's also abusingly lost cost fallacy. So introducing things a user does not want after they've already completed some work to do what they wanted. Service charters and stripping that are only visible after you've already basically completed your purchase on one example, or a DRM that only allows using purchased media with certain devices or software, which is something I had to deal with, because I don't know that some books for this event to read on the way. But whatever. There's also the Roach Motel, something where agreeing is easy, but revoking is hard, or getting into the situation is easy, but you can't really get out again. Like, you can subscribe via the website, but you've got to call or even send a letter or fax to cancel. Then you've also got these, yeah, maybe not these days, but yeah, text this number for a wonderful ringtone switch. Also create a subscription that is difficult to get out of. Subscriptions added to your cart without your knowledge. And three triads that also add that directly switch to a paid plan, which is also very, very common. Forced wait times. Not taking the option the site provider wants you to take has an added unnecessary delay. So let's look at the time, because this slide is three minutes long. So if I have to waste some time, I could make you look at it for the entire time. But yeah, it takes three minutes. Two minutes of that are after it's already reached 100%. And this is in a browser without adblog enabled. It just has the default tracking. Yeah, I don't. I won't force you to look at all this. There's also the rejection of standards, not supporting industry standards to login customers to specific stores like these Tesla superchargers. Most things about Apple, actually the reason why I'm presenting this on an iPad instead of a laptop is that, well, the web version of Keynote, which is the software I wanted to use because I like its usability, simply does not allow adding or playing video. You can add GIFs, and they will perfectly play inside the added view. But once you go to present, it won't play the GIFs. Wonderful. I only realized after all my free talks were already done. Yeah, also, Kindle device is not supporting EPUB files without conversion and also printer ink, like many printers that won't take cheap ink. Another thing, user hostile design is not just in the domain of tech. We've also got supermarkets, which are designed pretty hostile. Like, they've got candy near the checkout, so children will complain to their parents, I'm bored, I'm in this candy, or even more evil like tobacco and aqua products that trigger addiction craving if you stare at them too long. Placing inexpensive products lower, high in the shelves and expensive ones where they're easy to reach and where you can easily see them. There are escalators that make you walk around this thing before you can go down again, so you'll hopefully see some great sale that you're gonna make use of or something. And also, tiny bagging areas near checkout because once you've paid, once you've done what they wanted you to, basically you have to leave as soon as possible, so they make the checkout areas really small, so you're stressed out. I absolutely hate eligible ads, like ads that you can't really understand, so you get closer or you spend more time on them. I don't have an example right now, but I'm pretty sure you've came across this. And also another thing, probably not everyone will agree with me on this, but CardiPen and Suburban sprawl is also user hostile design in my opinion, because like, especially in North America, there are these huge suburbs where you cannot walk or bike anywhere, public transit was destroyed, and like, you obviously need a car, you need to buy gas, and this is very lucrative for the people that sell those things. Yes, who doesn't hurt the most? Because like, I may get annoyed by it, but I'm not the one who gets hurt the most. Like, first of all, disabled people have got illegible color contrasts that may be difficult for me to see, but impossible to see for some of color blindness. Phone cards, to cancel something are hard or even impossible for many people, so they're gonna need to find someone who helps them cancel that subscription. More physical emotion is necessary to accomplish intended tasks or refuse data mining, so if you have trouble using the mouse, that may be an issue. Text is often not easily understandable, so you don't know what you're agreeing to, and especially like, dyslexic people will only be able to skim many pages, so they won't know they've signed a contract that requires a monthly payment because it's usually hidden somewhere. Yeah, it also definitely hurts people without much money a lot more. Disagreeing to data collection is very time consuming, cheap monitors also just handle contrast poorly, so it's basically like you're color blind. Reloads after selecting more options will use more bandwidth and data, which is bad if you're on a metered plan, and also they tend to spend then, they tend to re-render the entire page, which means more time spent rendering, especially on low-powered devices. Monthly expenses can become existence threatening, like a subscription you didn't know you had. I actually had Amazon Prime for a couple of months without realizing it because I thought I had canceled, and then realized it because, yeah, money is not that much of an issue for me, for other people, this would have been a really big thing. And also, especially in places where education is expensive, less education may lead to less knowledge about how to avoid being manipulated. So, who is at fault for this? I've got that gift there because I thought it was funny. Actually, I think developers are the one who are probably at least at fault, where capitalism, obviously, because this is all about profit maximization. If we didn't have to maximize profits, if we didn't have to press every single penny out of our users, we wouldn't have this issue. Legislators, GDPR, in my opinion, was a great idea, but the implementation isn't so good. And also, there isn't enough enforcement of it. Like, recently, Google had to announce that they would add an easily reachable disagree button because of it, because they were getting some repercussions. But, yeah, generally, most companies tend to ignore or just badly implement what they have to. Also, much of this is not illegal while it definitely should be. Yeah, also, developers, open source libraries that contain dark patterns, or deceptive design, user hostile design. As I said, basically, every package you can just download and put into your site will include user hostile design. Underpaying the harm done is also a thing I've often seen. Like, yeah, it's not such much of a problem. It doesn't matter, or whatever. And also, not pushing back hard enough when forced to implement user hostile design. That definitely depends on how privileged a person is who is not fighting back as hard, because, well, if you can easily switch jobs, if you're not dependent on the job, if the company is dependent on you, you can obviously push back harder than if you're a lower grade employee or if you're in a place where getting a new job is more difficult. So, a bit of a call to action. What can you do? First of all, if you're a web developer, refuse to implement user hostile design patterns. A union or a worker's counselor can help you with that, especially if you threatened because you refused. Educating others, many do not know how big this issue is. Many just think it's a bit of an annoyance, but it can be really difficult for some people. Also, just being attentive, looking at everything critically and maybe if you're seeing hostile design patterns somewhere where you wouldn't have expected them talk to the people behind those sites or designs, because maybe they don't even know what they're doing right now, because they just copied what everyone else was doing. So, maybe they might change it. You could also talk to politicians if you're really happy they might even listen. If you're really lucky, they might even listen. Thank you for listening. I was way too quick. I'm sorry for that. Journey union, if you haven't already, I usually put on an email address, but I always forgot to reply to those. So, like, I'm on 3D words, I must have done, you could message me there. I'm more likely to reply there, but there's also a contact email on my blog. So, yeah. Thank you. Thank you so much for your talk. Despite being quick, it was very informative and it leaves us enough time to get all your questions you might have so we can discuss them. If you have any questions, raise your hand. I will come to you with a microphone and you can talk into it clearly and loudly. Please keep it coming. I try. Hey, I want to know, do you have any advice on how we can improve skipping those cookies or something? Is there some plug-in for certain browsers or so that I don't waste my time trying to figure out which button to press? So, if you've got an ad blocker, you can usually install added lists to that and you could install a list which is called pre-bake, which will remove most of these things, but many sites will consider removing them as a form of consent. It obviously isn't. So, you should probably get a list which removes the consent banners and then an add-on which removes the trackers in addition to that. I will have a talk at four about it, so attend the talk and learn about how to get rid of this because it's my research, actually, to do this thing. That's very good. Any more questions? What would you like to know about these patterns? Normal questions? Ah, there. Hey. Is it legal that news are hidden behind banners like that that you can only see them if you consent to cookies or you pay for something? I'm not sure, because in my interpretation of what I've read, it's not, but so many sites do this and very big ones at that. They've got tons of lawyers who probably checked that and maybe it's legal, but it definitely should not be. I would be then curious if you are developing websites that don't, you claim that they don't need the consent, so are you not collecting any aggregated statistics like about what pages are being loaded by the users because already these basically require consent by the ePrivacy Directive? I don't get any statistics on my pages, so what I do at work, we've got something that does some stat collecting, but that one is like they've got lawyers that checked it and we also don't check cross-site or anything, but on my personal sites, you will not be checked at all. I don't even know how many people read my blog posts. Probably no one, but yeah. I'm facing the same, yeah. At the top of your head, can you think of an instance where you found a really user-friendly feature like an anti-dark pattern basically? Well, one thing that I think is at least somewhat positive is when I signed up for a free trial for some app, I got multiple emails that this free trial would be continued if I did not cancel it, so I actually knew about it and I was reminded that I should cancel it. That one was not necessary on their part, but it was nice. Any more questions from the audience? Like you have a bonus card or something? Maybe what would you wish from the legislators because I would actually stand for an opinion that European legislation compared to the rest of the world is ahead and even the GDPR led to a lot of these annoying pop-ups, still if you compare the dark patterns from US and from Europe, numerous studies showed how significantly better it is in Europe, so what would you maybe wish from the legislators do better because I think they also need input actually from us, from developers. Yes, absolutely, we're pretty lucky here that we've actually got some legislation that they tried and what I want them to do is to listen to the voices from developers, from users and implement that because like often in the legislative process they don't really listen to the experts that much and also I think I obviously don't want to make any allegations but probably listen a bit less to lobbyists who tell you that all this is not as much of an issue as it actually is. So we maybe have time for another few questions if you have any, raise your hand if you want to fit your question in before the next talk. I'm not prepared to hear my voice yet. What information are they getting while they're tracking you and how bad is it that they're getting that information? So that obviously depends, one of the things is that they track you across different sites so they basically have your entire browsing history and they can use that for advertising but also like you might not think it's as bad but they actually create these profiles of people which are like groups of people which have funny names which combine a lot of people who might be a leftist or might be having a walking impairment or something and then people can buy these lists of people in that category and they can use it for targeted advertisement and in general I simply don't believe that this data should be collected at all about who you are unless you personally write it into the net. Also some sites want your accurate geolocation that's pretty common and I don't think any website unless I'm ordering food or something should know my accurate geolocation. Last question real quick, if not, it's time to give another big round of applause to the Sporig Uniform, thank you so much for your talk.