danger - largeWhat harm can browsing the Internet cause you? Perhaps, a lot. Definitely, far more than you’d imagine.  That’s because unscrupulous web designers are beginning to seize upon human psychology tricks to subconsciously manipulate readers. Sound too much like a conspiracy?   We aren’t conspiracy theorists.   We’ve analyzed hundreds of Internet infoscam sites, as well as more mainstream sites and we’ve found some troubling patterns about which you should be aware.

In the 1970s, cognitive psychologists started to realize that all humans tend to make the same categories of mistakes, which they named cognitive biases. They had effectively found a set of mental Achilles heels to which we are all vulnerable.  Around about 2005, cognitive biases became a hot topic in web design.  Like casino architects who install bright lighting and hide clocks, or advertising executives who sell products on half-truths, web designers began to deploy psychology to create subtly deceptive user interfaces that nudge or trick users into doing things they might not otherwise choose to do. Whether it’s low cost airlines that sneak travel insurance into your basket, or eCommerce sites that signs you up for a monthly membership through hidden small-print, these tricks have started to become increasingly common.

Consider the time-tested “bait and switch”, in which the user sets out to do one thing but something else happens instead. For example, consider the latest Windows 10 upgrade dialogue contains a huge bait and switch. When a user clicks the red “x” button in the top right — expecting to dismiss the upgrade — the upgrade actually initializes.   Or Hotel.com’s policy of placing a phone number beneath a hotel listing, but it’s not the hotel’s phone number — it’s the number that takes you to hotel.com’s reservation system.  Or Capital One, which when you first sign into their website to check your credit card balance. Suddenly, a physical bill will no longer come to your door, and you are expected to figure out when to pay your bill next on their website. When you figure out that you are no longer receiving a physical bill (after you’ve damaged your credit rating, most likely), and navigate to their website to resubscribe to a physical bill. You will not find the option and must call them to resubscribe.   Capital One isn’t the only one;  increasingly utility companies are turning to online billing.   They do it because with online bills, few companies will email you the detailed breakdown, citing security concerns. Instead, you have to remember to log in, then go through the tedious process of navigating to your most recent bill. As a result, a certain proportion of people just don’t bother – and as a result they forget about the costs of the service, and aren’t able to react unexpected additions to the bill.

On this site, we’ve documented the tricks used by infoscammers to make it difficult to leave a website or to fashion websites that look like reviews, but are actually affiliate seller sites.  There’s also disguised ads, usually featuring “stories” by Taboola, Outbrain or other “content distribution networks“.  There’s the “sneak into basket” technique, where a retailer automatically adds products — like a magazine subscription or travel insurance — to consumers’ shopping carts and makes it hard for them to remove the unwanted items.   More common are the “hidden costs” trick, where a hidden cost materializes when a user gets to the last step of the checkout process, only to discover some unexpected charges have appeared, e.g. delivery charges, tax, etc.  You also need to be alert to the  the “roach motel” or “walled-garden” technique, in which sites offer fast-and-easy sign-up processes but make it much more cumbersome for consumers to close accounts.  LiveNation used this trick on its customers;  after reaching the checkout on the site, not only would the user have bought what they expected to, but, if they failed to read the tiny privacy statement in the footer, they would have potentially missed the ‘opt out’ checkbox to decline a recurring subscription to Rolling Stone Magazine.  There’s also “misdirection,” in which prominent marketing come-ons may distract users from seeing check boxes that by default, say, sign them up for a newsletter or membership, spam their contacts or alter their home pages.   Ooops, we can’t forget about “forced continuity” which is the common tactic of offering “free” trial periods to test out a service.  It turns out that the companies who use this tactic are betting on the fact that you’ll forget to cancel your membership before the trial ends. At a minimum, they’ll get at least a month’s worth—or longer—of fees before you get wise and cancel.

And frequent travelers are likely aware of the “scarcity inflation” trick: “Only two hotel rooms left at this price!”  Less well known, but even more pernicious is “friend spam” where a site or game asks for your Twitter or email credentials (either via the password antipattern or via OAuth for an allegedly benign purpose e.g. finding friends who are already using that service), but then goes on to publish content or send out bulk messages using your account – i.e. from you. This technique is commonly used by viruses – but even well-known companies sometimes engage in this kind of spamming technique.

These, and other, web design schemes are hat are known as “manipulative design” or “dark patterns“.   They are increasingly utilitized not just in marketing but in health care and philanthropy.  As noted by the New York Times, countries that nudge their citizens to become organ donors — by requiring them to opt out if they don’t want to donate their body parts — have a higher rate of participation than the United States, where people can choose to sign up for organ donation when they obtain driver’s licenses or ID cards. But the same techniques that encourage citizens to do good may also be used to exploit consumers’ cognitive biases. User-experience designers and marketers are well aware that many people are so eager to start using a new service or complete a task, or are so loath to lose a perceived deal, that they will often click one “Next” button after another as if on autopilot — without necessarily understanding the terms they have agreed to along the way.

In, “The Checkbox That Ruined My Life”, industry insiders Katie Swindler (a regrettable surname, but she’s cool) and Dennis Ellis detail examples of how online services employ confusing strategies.  Among other companies, they talk about  the LinkedIn scheme that, last year, resulted in LinkedIn agreeing to pay $13 million to settle a class-action suit in which plaintiffs accused the company of sending unwanted emails to their contacts.   They also cite  Ryanair, a low-cost airline with headquarters in Ireland, which changed its checkout process after customers publicly complained about its practice of automatically adding travel insurance policies with their airfares. Whereas Ryanair once placed the insurance opt-out option in a drop-down menu of passengers’ home countries — between Denmark and Finland — it now simply gives passengers the option of adding insurance.    Ryanair also created an opt-out check box looks like an opt-in check box due to the wording, arrangement and length of the explanatory text;  if you read the whole, three sentence message, you’ll see that if you don’t want to receive marketing emails you need to check the box.

One of the most irritating design schemes that we’ve documented is the pervasive “price comparison prevention” trick where the user’s attention is focused on one thing in order to distract its attention from another.   Fandango, for example, won’t let you easily choose films by price. You have to select a date, and select a specific time in order to see the ticket price (shown below). Price comparison involves numerous clicks (aka “pogo sticking”), so it is easier to forget about the price differences and select your film showing on other merits.   Many of these manipulative designs are listed at Dark Patterns, which endeavors to catalog the Internet’s most abusive web design practices.   Harry Brignull summarized the most sinister “patterns” used by web designers at his SMX talk.   Or, you can view his YouTube presentation on this topic.   You’ll be left with the realization that browsing the Internet can be far more hazardous than you’ve ever imagined.   You are forewarned!