Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Dear websites, stop asking for ransom sign-ups (iamvishnu.com)
326 points by vishnuharidas on Aug 1, 2023 | hide | past | favorite | 209 comments


I hate those too.

On the other hand, I've been adjacent to the decision to add them before. You're under a lot of pressure to increase conversion in your onboarding funnel, so you test out moving your email capture up a bit in your conversion flow (ie to before you deliver results) and it works! Conversion increases throughout the funnel! So you keep it.

Dark patterns like this persist because they measurably work. Some people (you and me) get extra pissed off, but we're in the small minority relative to the people who sign up at an elevated rate. :(


> You're under a lot of pressure to increase conversion in your onboarding funnel, so you test out moving your email capture up a bit in your conversion flow (ie to before you deliver results) and it works! Conversion increases throughout the funnel! So you keep it.

I think this is the fundamental problem. Too many people trying to increase conversion in their onboarding funnels, crowding out people who want to put interesting stuff on the internet for purposes other than farming people for money.


> other than farming people for money

Which is a beautiful way to live life.

Until you quit your job and build some indie thing and try to make money and fuck, that’s difficult.

And you’re broke. And you worked really hard on this thing. Turns out ‘farming people for money’ = ‘paying rent’.

And you realise, shit man, if I make it a bit worse according to my ethics and taste, I’ll actually make money. And I won’t have to go and take some other job.

And I’ll be sad that this is how humans work, but it is how humans work, and am I going to change that or just tag along for the ride?


Yeah well my life would be sweeter if I conned pensioners out of their savings. It's always easy to follow how people explain their unethical decisions - but it doesn't make them an inch less unethical though and people that use your line of thought to do harmful things are scum.


Sign-up popups are annoying, but not inherently unethical. Nobody's on the street because one dev tried to convert people.


We’re not talking about sign-up pop-ups though. Those are an annoying fact of digital life that isn’t _really_ that bad.

We’re talking about creating a flow and perception that you can use a thing built around an assumption that you then intentionally change at some next step. It’s a breakdown of an implicit contract you create with the user, for the purposes of farming data, getting more signups, increasing conversions, or whatever else. It’s just dishonest.

A few years ago a family member contacted me about this very thing. They had found a nice looking website to accomplish a thing. The website had published pricing for packages of their service, and provided a “free” sample. Except after you spent all the time to get that free sample running, you couldn’t actually use it without paying.


If feels to me like estoppel: misleading someone to do something to then use against them later.


It is a tragedy of the commons. My Internet is shittier because other people are trying to monetize it. Same as my back yard and the air I breath.


What I hear you saying is that you're OK with harming others as long as it lines your pocket.


Harming? By asking for an email address?


No, not by asking for an email address. By not asking for the email address until after the user has invested time and energy into things.

That's pure psychological manipulation, and is harmful.


That and not enough pushback from devs. Devs, of all people, should be the ones advocating for their customers.


> Devs, of all people, should be the ones advocating for their customers.

why?


Because we're the ones building the product. If we don't keep our customer's interests in mind, who will?

Don't we all want to make the best product possible?


We want everything for free and we get what we deserve.

The web is a brutal place for everyone.

I’m not a fan of these choices but we as users demand a lot for free and sites are going to do what they can to try to survive.


The other part of it is service providers wanting growth from cheap tricks. The mental laziness and expecting to have their cake and eat it too is the same.

At some point there needs to be more than sterns looks to discourage these behaviors.


I don't demand anything for free. I'll use it but go ahead and don't offer a service instead, won't bother me at all. User-abuse is not justified by calling usage service-abuse.


Not really - the market tempts you with free to hook you in. You cannot honestly say that the market has asked for every abusive free product that existed.


Users don’t pay up front.

You don’t get any traction that way.

User behavior is a part of this mess.


It was normal to pay up-front for software until about 10 years ago, just a few years after the 2008 crash where startups decided MRR/ARR was the metric for success

Enter the subscription model, holding your tech hostage for periodic payments and predictable cash flow

It’s not a coincidence that MTX happened in gaming at the same time, post 2008. Before then it was horse armour in oblivion.


Users have always paid upfront for software, until software companies with lots of capital started this non sense. All copies of Microsoft Office were paid upfront. Users are just reacting to what the software industry did.


Not really. There has always been shareware, aka trial demos.


Fair, but I don't think this negates the overall point, that people actually paid for software, and it was usually a one-time fee (often with the choice to pay again later for upgrades, or continue to use the old version forever). The "try before you buy" and expiring nature of shareware was nearly always known at the time of download, before investing time in using the software.


Those were only utilities and games, not enterprise software.


Indie shareware vendors predate "software companies with lots of capital" by decades. The big fishes seldom innovate anything.


Shareware is not SaaS/subscription-based software. That's the bad part, not "try before you buy".


No, the users definitely play a role here.

Remember how it became a meme to just pirate Adobe software because they were so bloody expensive? Well Adobe wants their earnings, regardless if their desire is justified, so Adobe and the rest of the industry changed gears to a model that greatly inhibits piracy and, at least in theory, reduces the upfront cost a customer has to pay in exchange for a higher cost over time.


Adobe is basically a monopoly and it is well documented that they allowed piracy because it meant that the pirates would become dependent on their tools.

Doesn’t matter how you edited a photo technically, it is still photoshopped.


Yup, same with Microsoft - they won the desktop OS and office productivity markets thanks, in big part, to their tacit approval of individual-level pirating of Windows and Office.


Users do what they think their corporate IT or manager will let them do.

Which, by policy, is often little.


Why does everything has to become paid? The web is large enough that the output delta can be held back by investment rather than pushed by it.

For example the image conversion site can be replaced with instructions how to do it on device.


No, I'm okay with things not being free, but that needs to be stated upfront.


Consider the “ransom” your notice.


@duxup Please don't try to justify this despicable behavior. You're not making the world a better place.


I met someone once where it later developed that they had begun lying to me from the very beginning.

It ended poorly.


The faster a web site asks me for an email address determines how fast I bail on even looking at their product/tool, or if I have no choice I put in a bogus email address to get past it, if it is one of those damn forms that sends you a link I use one of the various public inbox/temporary email address sites so I don't have to deal with the attempts to bring me back into the conversion funnel when I was just seeking information.


The site owners don’t care. If something works on 99% of people and pushes away 1%, they will keep doing it.


I'm sure that's true.

But I am fairly sure we live in the world where when something works on 3% of the visitors and the previous thing works on 2.6%, the company does the new thing. That's nearly 20% growth!

Meanwhile, 97% reject their service.


Are you saying ransom sign-ups can convert 99% of a site’s visitors?


The actual numbers are made up, but the point is that more people are either signing up or ignoring, than people leaving the site.


This has been a pet peeve of mine as well. I avoid sites that require logins. I’ve been experimenting with alternate authentication/authorization mechanisms.

It’s a major reason why I created https://prose.sh to explore what’s possible. We don’t require an email and only ask for it on https://feeds.sh because it’s an rss-to-email notification service.

Read only websites and write SSH apps are pretty congruent to the HN bubble.

There’s an added benefit that only people that can open a terminal can create an account.


I avoid apps that require logins too, unless there's some obvious reason why they need them. I shitcan most new apps I download now because:

1. They insist on a login for a utility that clearly runs locally on my phone.

2. They require permissions like location or contacts that they clearly don't need.

3. They start sending me upsell notifications once an hour, forever when even once a year is too much. I know I can turn off notifications but it's a PITA to do it manually every time I install a new app.


Would it be better if I hold off until you scroll?

After all, you’re more engaged then!


I would prefer if you during page load first rendered the most obvious call for action and then, at the exact moment I try to click it you dynamically render another action button at the exact position of the first, bringing me to instead go to the register newsletter form while making me feel extremely enraged, sry, engaged. Happy, no. Engaged (in rage), very much so.


The good news is so many people are signing up for our email!

The bad news is for some reason email reads and click through just dropped off a cliff, is like the emails no longer arrive or something.


Side issue but it still amuses me that companies think they can accurately measure email reads. I'm not talking about mass marketers where it doesn't matter but banks, which are required by law to switch you back to paper mail if they think your email address isn't working.

The reason you think I'm not reading my emails is that my email client doesn't autoload images, and I keep it that way because it turns off a malware infection vector, you dim bulbs.


Yeah, it was creepy the first few times Chase bank begged for more ways to contact me "because you don't seem to read our emails" for marketing. So far they haven't threatened to move me back to paper bills I guess cause the email isn't bouncing.

I've noticed over the last couple of years in particular that more and more emails coming in are image based only, with no plain text or even alternate text so that if you won't load images you can't even tell what the email was about. Yeah those I never read.


Don't forget to pop-up a full overlay on the screen if I happen to move my mouse outside of the browser rendering window asking me for my email address, so that if I did tab away from the page now all I see is a full screen ad and not the content I was looking at before.


Just because a psychological trick works doesn’t mean you must use it.

Have some respect for your users, developers. ‘Cause you’re one of them.


Unless the playing field between the companies are on the same level (reads: dark patters are deemed illegal, and I think it should be!), or you are in some sort of monopolistic industry, to my understanding you will lose to your competitors. I've never been in a situation to implement such patterns, but play these mental gymnastics to give the implementor some benefit of the doubt.


This is absolutely it!

In the marketplace, only results matter and companies that deliver them displace those that don’t. In this case, result mean profit or at least conversions.

The same was true for banks who were over extended on risky loans in the late aughts. If you didn’t do that, you were criticized by analysts and Wall Street for being too conservative, and anyway look how much these other banks are making. And by the government: you’re being too stingy with loans to the buyers who need them most.


> In the marketplace, only results matter and companies that deliver them displace those that don’t. In this case, result mean profit or at least conversions.

Were this the unalterable truth, mom and pop shops wouldn't exist. Companies who invest profits back into themselves would not exist. Public companies who pay living wages wouldn't exist.

But they all do.

Which means there's more to the formula; and that formula can include things like respecting their users.


All 3 structures you've noted participate in immoral behaviors, some of them far more grave in impact than psychological trickery.

Do you believe businesses/people out there have the intention to disrespect their users? Most often, that's not the case. Hence, we need regulations to combat good intentions gone awry (and most certainly bad intentions).


> Which means there's more to the formula;

Yes: the market isn't 100% instant and efficient, so here and there, the kind of companies you describe can survive, for a while. Some are in the process of being outcompeted. Others survive in the cracks, not worth even considering to compete with, the same way you're not competing for food with ants. And some just pretend to be nice.

Point being, GP's statement is true in general - it's the overall behavior dictated by the economic system. "Reality has surprising amount of detail", so there are always exceptions to any rule or pattern, but they don't invalidate the rule: those exceptions survive because they're rare - they won't grow in amount to replace the regular case.


>> mom and pop shops wouldn't exist

Why not? Mom and pop shops can (and often are) be more profitable than any other business that would serve that market.

>> Companies who invest profits back into themselves would not exist.

Why not? Investing in your own business can be very profitable if you have good ways to expand your business.

>> Public companies who pay living wages wouldn't exist.

Why not? Public companies can't pay workers less than those workers demand.


> but play these mental gymnastics to give the implementor some benefit of the doubt.

No.

Using psychological tricks to get people to act against their best interests is immoral.

“But if I don’t implement it, someone else will.” That’s merely a justification to make you sleep easier at night. Let that someone else do it.

And if you lose your job over not implementing a dark pattern, was it a job worth having? If they’re willing to let you go for refusing to a task you view as immoral, they aren’t worth your loyalty in the first place.


> And if you lose your job over not implementing a dark pattern, was it a job worth having?

Not everyone can afford to lose their job over their principles. It's a sad state of affairs, definitely. This is what we get for allowing employers to have so much power over us.


It is immoral for you and I, but most of engineers and product managers don’t think so. “It’s a feature that’s been implemented by everyone else and it works” would be the argument during its proposal. If the users really opposed to it they would vote with their browser by closing the tab (like I do). It’s like calling “heavy JS websites” as a burden on user, when most of the users, time upon time, showed how they don’t care.

“Let your employer fire you” argument also doesn’t sit well with me. Like this is not some hardcore feature that will be tasked out to some principal engineer with decades of experience that can find a job easily. Some recent grad will be just labeled as “not a team player” and sidelined. If we want a fair game, we should demote these kind of features (and stuff like 20 clicks to cancel your subscription) in one way or another.


What happened to the idea of winning because you make a superior product? Why is it necessary to play dirty tricks on your users to win? If a market is that saturated, and product so trivial to build that it's hard to differentiate, maybe don't participate in that market?


You'll enjoy this https://userinyerface.com/


>Have some respect for your users, developers. ‘Cause you’re one of them.

No, they're not, not for most devs. Most devs don't use the stuff they produce. They're just hired guns, building something they're told to make. If they refuse to implement what they're told, they'll be fired for insubordination.


It's not really a trick, it's just that the vast majority of freemium users are negative-value.


>Just because a psychological trick works doesn’t mean you must use it.

Your hand is forced if the other guy uses it and blows past you.

Reality cares not for niceties, and good people finish dead fucking last. You need to balance being a good man and an evil man to win or even just survive.


You are new to this "capitalism" thing aren't you? /s


What does “conversion” actually mean in this context? Does it mean bullshit “growth & engagement” aka the numbers of (mostly non-consensual) subscribers in the spam list going up, or does it mean actual profit?

I could definitely see it working for the first case, which is all that your typical product/marketing person needs to justify their salary thus why the practice is popular, but I wonder if this actually ends up translating to actual profit (whether the spammed people end up buying stuff they wouldn’t have otherwise bought, and whether any prospective buyers that would’ve converted otherwise were driven away).


That's a pretty good question. Ideally you're measuring "paid us money" as conversion, and that was the case for the anecdote I had in mind in the above post: we had a checkout screen with a decent price tag at the end of the flow that we could measure against. We could track the impact of changes throughout that funnel on the bottom line.

But I have seen other decisions made based on proxies to "paid us money." Eg we find that X% people who perform action Y wind up paying us money, and for really long funnels it's easier to get statistical significance for action Y than for "paid us money." And so we make some change, find that it increases the rate at which people do action Y, and declare victory. We try to keep in mind potential downstream impacts (like loss of trust), but it's hard to argue a vague, potential downside against a solid, measured number sitting in a google doc in front of you. I suspect the phenomenon you call out is somewhat common.


If this measurement was done by product or marketing people, my lived experience was that the experiment design was flawed, the conclusions they reach are likely not correct ones.


Yeah it's unavoidable, if you rely on growth (especially if you have a free or freemium service) you need to do this crap (though the author describes the most hostile form of it).

The business models of the web trap everyone within these incentives in order to be competitive - everyone hates it, but moloch demands it [0].

To escape it you have to escape the business model, to do that you have to escape the incentives, and to do that you have to boil the ocean and hope it works out [1].

[0]: https://slatestarcodex.com/2014/07/30/meditations-on-moloch/

[1]: https://moronlab.blogspot.com/2010/01/urbit-functional-progr...


Incentives are fine. Misleading and deceiving people about them is not.


Of course it increases sign ups. That doesn't mean the users like it. And those extra sign ups are almost certainly costing you trust from your users (and potential users). And most of those additional sign ups will probably never use your site again. So other than increasing a metric that isn't actually what matters, and maybe getting someone a bonus or promotion for increasing said metric it doesn't help the business, especially in the long term.


Sure, I absolutely believe that if you create a "ransom" situation, some percentage of those extorted will pay the ransom where otherwise they would not gift you the ransom. That does not imply it's good for your business.

Besides putting the business in a negative light for the new convert, I imagine a subset of those would feel more entitled than before. I probably would - if I had to give you something to convert my picture "for free", I would definitely feel entitled to good results. I would be far more likely to complain/badger customer assistance in case of insufficient (for my needs) results.


The sad truth is that businesses follow consumers. It’s been borne out through app insights . Consumers need to stop first


Just another example of enshittification, or whatever you want to call it - capitalism placing growth and greed above the health and privacy of the individual.

It works because it's manipulative and most people don't have the context to understand. Some may think they now have to sign up or they'll lose something.

"Preying on the uninformed and less tech literate" works, sure, the same way basically every other scam works, by pressuring people to do things they normally wouldn't.


Adobe's web-based JPG to PNG converter is exactly like this. Upload a JPG, hit convert - it uploads the file, processes it on their end, and then refuses to give you the result until you "sign up for a free adobe account that we conveniently didn't tell you about until now!"

Similar enough - some shopping websites will grab your email address when you start doing a guest checkout but eventually decide not to purchase from them. They'll then start spamming you without your consent a day later.

Ransom sign-ups belong in the same tier of horrible.

Modern downloadable software does this too. You download a "free" partition manager or "free" PDF converter, or whatever "free" - you install it, get through their wizard/main workflow to do what you want, but then it says "oops, sorry, you have to pay for this!"

Anti-consumer stuff it all is. What a shame software and websites like this are allowed to exist.


This is a little tangential, but your post reminded me that I've struggled with converting images at work because our vpn blocks a lot of those file conversation sites (presumably for good reason, but I'm not privy). Converting common file formats seems like such a common use case that I really feel like there should be a tool built into modern operating systems for it. It seems like an obvious add to me, but then again the Windows search functionality barely works so I'm not sure they're incentived to actually help their users right now.


Grab a copy of netpbm or GraphicsMagick that's compiled for Windows.

Or, grab a free image editor (https://www.getpaint.net/ is popular for Windows), open in one format, save in the other.


This. I honestly don't understand why people use online image converters when there are high-quality OSS programs that will do the job locally. I'll bet that the majority of the online converters are using these programs to do the actual conversion anyway.


https://www.google.com/search?q=convert+jpg+to+png

That’s why. And also because sometimes it just works. I’ve done some packet-level work recently and wanted to decode text. The tools I’ve used were some online converters, not iconv or base64. Because experimenting with their modes adds mental overhead even if I more or less can use them without man. Choosing from-to and pasting text into a textbox takes no brain capacity.

25+ years ago, when internet wasn’t very accessible, there were multiple simple windows apps to do small things like this. Now they are online, but open source and new apps world in general never figured out that users still need it - simple, discoverable, easy to use tools. I’m not gonna scroll through pages of magick options and (in case it just works based on .ext, which I also should re-figure out from the lack of such option) try to remember if there’s -i and -o required for input and output.


Tinypng consistently creates better looking jpg and ping files than the Photoshop’s exporting algorithm- at the same filesize.

I have optimage and imageoptim on MacOS too and they are good enough at this point.


Converting common file formats seems like such a common use case that I really feel like there should be a tool built into modern operating systems for it.

It is in modern operating systems. Maybe not Windows, but modern operating systems like macOS have it built in.

You can do it a number of ways, including using Automator, Preview, or even access it from the Finder. I did it about 30 times today.

Select file > right click > Quick Service > Convert


MacOS can convert between pretty much any reasonable combination of formats using its automation/shortcuts framework. RTF→HTML→word or HEIC→jpg→png, whatever.


The most trivial solution is to open it in paint and save as -> destination format.

The most comprehensive solution is to download imagemagick.


Especially since almost all conversions can be done in the browser with JavaScript libraries now.


A browser + JavaScript seems like a pretty heavy lift to do something as trivial as converting an image from one format to another. ImageMagick is simple, fast, and available for just about every system imaginable.


If you use a web service to convert from jpg to png you've already lost.


It's oddly impressive how small-scale Adobe went with enforcing these registrations. Considering that converting between JPG and PNG is such a granular and common task that there are hundreds of websites just for that, in addition to it being built into almost every major OS.. it's very petty to ask for registration for something this small, rather than leave it open, like their color wheel tool.


Yesterday I was using a website to generate a logo (not mentioning them they don’t deserve any publicity), and after entering the details, refining what to emphasize on, description, my email and logo requirements, they generated some and refused to show it unless I pay, not just signing up.. literal scumbags, why would I pay before even seeing the logo ffs, what if I didn’t like it? How about all the time and details I put there?!


> How about all the time and details I put there?!

That's the whole point, they want you to be invested.


Imagine buying an ikea cabinet for cheap and after assembling 90% they want a large sum for the missing bits.


Imagine getting bits and pieces of a cabinet and having to pay before leaving the store.


This really isn't the same thing because you know how stores work. The whole argument here is that these websites aren't being upfront about what they expect from you. If you said "sign up for a free account and you can get some samples" we walk into the situation with eyes open and that is not what this article is complaining about.


Inkscape has been a godsend


They just released a new version too! A bunch of really nice features!

Long live native desktop software (FOSS and perpetual licensed proprietary)! SAAS-ified desktop apps and subscription software can’t disappear fast enough, if you ask me. I think most of it will, besides the big players (Adobe and Autodesk), because it relies too heavily on traffic from Google (slowly drowning in SEO spam).


I don't really understand who this post is addressed to. The people that decide to do this just want more money. they won't stop because of some rant by a random stranger on the internet. The programmers who implement this have to do what their boss tells them to, or change jobs, and this isn't something worth changing jobs over. Everybody else already knows that it's a thing, knows why it happens and can't do anything about it.


> The programmers who implement this have to do what their boss tells them to, or change jobs, and this isn't something worth changing jobs over.

I disagree. I've been very intentional about the places I work and have managed to build a successful career while never implementing a dark pattern.

"I was just following orders" is not an excuse. Take responsibility for your actions.


I've walked out of jobs for being outright abusive before. This has made the job search much more difficult for me and has been a point of controversy in the hiring decision before. I held out for many months without employment but the savings dry up. This isn't a viable path for everyone to take. It has stunted my personal development and put me in a very difficult financial position.


Walking out might not be the best strategy.

Part of my success in this has been being more selective in the job search so that I'm not working at such a company to begin with.

I'll note that jobs which don't behave ethically with regards to dark patterns, also tend not to behave ethically with regards to their employees. If people care more about making money than doing what's right, that tends to be pretty pervasive in their behavior.


Great. I have a disability and jobs I can do are difficult to find. The moral high ground is just a little bit harder to hold when your medical care isn't at stake.


What makes you think my medical care isn't at stake?

That said, I realize there's some privilege implicit in what I said.


Great that it has worked for you. Life is not black and white though. It's easy to have a spine when you have fuck you money in the bank, but not so easy when you have family to feed. Would you starve you kids on principle just because you want to "take responsibility" at work?


I'd have no problem taking responsibility for my actions if my actions were "I implemented an unethical dark pattern for my employer because the alternative was letting my kids starve". "I was just following orders" isn't an excuse, but I'd venture "I was feeding my children" IS a pretty good excuse.

But that likely isn't the reality of the situation. If you're employed in software in the West it is very unlikely that your children are on the verge of starvation. Much more likely is that you might have to accept a slightly lower standard of living to work at companies that behave ethically, and I'm not particularly sympathetic to that.


Isn’t starving your kids a bit “black and white” ? I reckon you keep on working for that company for a while so you can feed your family. When they have eaten, look for a job that makes you proud.


I dunno who it was addressed to. But if it changes the mind of people that accept being submitted into refusing to submit, it's a win.


What a bizarre attitude. If you change people's minds they behave differently.

Hell even in your example, there is a difference between some programmer who tells themselves this and some person who raises a stink; suddenly doing unethical shit slows you down, costs political capital, and approaches being more trouble than its worth. Fewer shit things will get done because there will be less energy to pursue them.

I'm not even suggesting you go out and be some citizen activist - just be normal. You'd have feedback for other kinds of stupid idea.


It's ultimately on developers as the last, ethical line of defense: They're the ones typing in the code at the end of the day. Without them, the bosses couldn't implement these things. Unfortunately, for every good developer who draws a line in the sand, there's Bob, two desks down, who is happy to implement whatever dark pattern boss tells him to. Fuck Bob.

What we really need is some kind of Hippocratic Oath for Software, that we all agree to and can collectively use to resist this shit. Not going to happen, but one can dream.


> What we really need is some kind of Hippocratic Oath for Software, that we all agree to and can collectively use to resist this shit. Not going to happen, but one can dream.

Why spitball about a "Hippocratic Oath" when the ACM code of ethics exists?

You could promote the one that does exists instead of dooming that nobody will write or follow such a standard.


I don't think asking for a sign up is unethical, at least not on the same magnitude as the actual Hippocratic Oath is concerned with. I'd envision the Hippocratic Oath for Software might have something to say about writing software for ICE or despotic regimes but not asking the user to sign up. One is unethical, the other is just annoying.


At what point does the constant, ever-present, insistent barrage of annoying become significant to you?

People are literally committing suicide because of code software developers write. Not for ICE or despotic regimes, but for Facebook.

Now I'm not sure a ransom signup pattern reaches that level, but the idea that dark patterns can't reach that level isn't in evidence. While the impact of a piece of software you write on a given individual is usually small, a decision made in software has the power to reach many more people than a decision made by a doctor about a specific patient.

Software developers need to take responsibility for their actions and stop blaming their bosses or society for their actions. What we do, does matter.


Or a Union like the writers/actors guilds.


I wish there were a way for users to share the websites that do this and other dark patterns so that I can avoid them. Effectively a reputation system. Search engines used to do this, but apparently not any more. We need a replacement.



What about a browser extension doing exactly that: a distributed user populated database, karma based abuse prevention (because it will be abused) and a big indicator that turns on from yellow to red according to the level of garbage the site is throwing against its users.


What would stop them from abusing the karma itself and/or buying “influence” points from popular users?


Hopefully, the fact that the system would create its own loop, and would rely on the accuracy and usefulness of that loop. If it served inaccurate info to users, they might be tricked into opening something they wouldn't have, at which point they would lose trust in the tool upon seeing the thing it's meant to protect them from.


Not sure if we’re talking about the same. It’s clear that one could block reviews from a bad reviewer and e.g. subscribe to another one. But those who game the system will promote their own reviewer accounts and drown real useful ones in low karma via botnets, making them non-discoverable for new users. It means money to them, and it doesn’t cost much, so it’s basically free money in doing that for sites which would want to pay for a good position in such system. It’s inevitable and there are tens to hundreds of examples of third-party review sites out there. The loop is fragile by design.


Any reputation system is prone to manipulation, with its uselessness correlated to popularity.


I am optimistic that a social graph can help with this, using transitive trust and making it easy to transitively "cut off" bad parts of the graph with a blocklist. The problem is that commercial graphs do become useless, as you say.

But with the Fediverse we now have a graph that is resistant to this. I'm not aware of anyone building a reputation system on top of it, but this is something I expect will develop in the future. The system's opinion about a particular data point would then be personalized based on the people you say you trust to indicate that information, combined with the people they say they trust, and so forth.


I have an extension that lets me block websites from Google results.


I agree, we need a replacement. At the protocol level I would like life insurance policy returns and banking service as a place to store my money that allows me to pay any portion of currency I want at any time. So Facebook can be paid for the time I'm on the site, for instance. The returns from the insurance contract might even make it all free to me (it would, easily). Everyone is happy except those who rely on reaching you via forced advertisements. Oh, and the people who rely on enslaving others.

Any such protocol would be labeled as evil, filthy socialism.


Dear user, No.

Unfortunately these patterns work great so they will never stop. As more dark patterns are “discovered”, we’ll see the web becoming more of a dump.

You see it every day, successful websites and socials become successful thanks to these pattern, not in spite of them.


There are people out there who do whatever pop ups tell them to do. I was in a meeting once and we need to check something on a site the other person just clicked yes on the cookie banner without reading. I told him “You should click no on those” and he replied “I know, every keeps telling me that but I just click yes anyway”. I just blankly stared at him for a couple of seconds and returned the focus to the meeting.

This experience reminds me the “normies” use the internet very very differently than techy people and it explains a lot of the weird quirks on the web.

We are at the mercy of the lowest common denominator which happens to be a majority


To be fair, you’re often punished for clicking No (it takes longer, may cause a reload), so you’d need a very good reason to not click Yes.


I also dislike websites that get you down a path before requiring an email signup or cell phone verification.

But I much prefer the former to the latter; pretty much everyone has a spam-only email address, right? Whereas I won't give out my phone number under pretty much any circumstance (and don't have a spam-only number).


> pretty much everyone has a spam-only email address, right?

I used to, but I've since taken to just not signing up to things instead.


When I have no choice, I use a free throwaway email service. Unfortunately it's much harder to get a throwaway phone number so it greatly annoys me when services (Twitter, specifically) require one


All of big tech is checking phone numbers against sophisticated databases to determine if it is possible for an individual to have that number associated with their cell phone device. If it isn't a real mobile number you are not getting in.


Where do these databases even get their data? IIRC the phone network is very opaque compared to IP addresses and internet routing.


Every carrier in canada and the USA sells this info for insultingly low prices.


CoD (or some similar game, sorry I don't keep up) won't even let you register with a prepaid phone number so there must be more granularity than it seems.


smspool, smspva, etc. not free but not expensive.


The only problem is - it works well. Websites get you invested before sigup on purpose to increase their conversion rate. I'm afraid it's gonna fall on deaf ears.


We desperately need a browser plugin that gardens search results to exclude websites that use dark patterns and allows a user to add a dark pattern website to the globally-shared list. Like ublock origin but for different categories of shady crap like content farms, AI-generated blogs, "product comparison" sites that slant results to the highest bidder, Cloudflare "checking your browser for security" sites, etc.

SEO experts and conversion seekers need to become very afraid of their sites getting on that list.

Of course then the problem becomes vetting the people who add sites to the list and making sure they're not just trying to shitcan their competitors. And ensuring that the maker of the plugin doesn't sell out and take $$$ to remove a site from the list.

If those problems could be solved I'd pay $5/month for such a signal-to-noise improver for search results.


I only search Reddit these days and assume the rest of the internet is garbage, which it is 99% of the time


Glad this post wasn’t hosted on Substack, I really hate that nag window asking me to sign up (thanks Kill Sticky!).


I was one of today's lucky ten thousand[0] because you cited Kill Sticky. I have just enabled it on my browsers and look forward to a much improved web experience.

Thank you.

[0] https://xkcd.com/1053/


Indeed a dark dishonest practice.

I won't touch services that do such things.


I love services like that. I love entering data into them! In fact, I love it so much that I wrote some scripts to do just that...


Almost every 'online tool' you can find is just a very inconvenient frontend to a command line tool you can find and use by yourself. These file converters can all be replaced by ffmpeg or magick. Every single pdf tool online is a bloated proxy to libpoppler


The only upsides I see are for infrequent or one-off conversions where you might not want to go through the hassle of finding/downloading/learning the tool, and for unsupported platforms like mobile phones.

I suppose it brings awareness to the tools too if credited properly. Ezgif is one converter I've used a few times, and one of their info pages lists all of the CLI tools they use on the backend. That was quite handy to learn that gifsicle existed, something I was not aware of before.


If it didn't convert, it wouldn't exist


In the example given in the article, if the website had generated 3 blog post ideas and then 7 more that were blurred and required an email sign-up, that would have been a happy medium.


Or generate three and then blur out lorem ipsum, and never point out until the user has paid that you only ever generate three ideas (or maybe just one).


Just saying, some of these sites don't have captcha or any kind of spam prevention implemented. Something something simple shell script feed them garbage data something.


It's unlikely that they are actually storing anything until you sign up. And even if they did it would take a lot of effort to feed them garbage from tons of different ip addresses.


How would this work?


curl is a very powerful tool.


This "tell me a lot of information in many small chunks before I'll do anything for you" pattern is too obvious now. I notice and leave almost immediately.


This is how I ended up getting monthly notifications that scribd has tried to charge the virtual card I used to sign up to it with and immediately there after froze.


It's largely forgotten and ignored, but in the US it is illegal to call something "free" if it requires an email signup.

https://www.ecfr.gov/current/title-16/chapter-I/subchapter-B...


Also:

TV companies, please don't show me advertisements instead of the TV show I want to watch.

Car dealers, please tell me about all the expensive feeds and add-ons before I agree to buy the car.

Phone companies, gyms, fucking everyone, please tell me about the $50, $150 "sign up fee" in addition to the $X a month cost.

etc.

I mean, good luck guy. You are a human on a planet run by humans with all the power imbalances that implies.


Not sure why you're being downvoted. It's completely true, everyone wants a reality that caters to them. The harsh reality of online business is that most consumers won't give a product the time of day before trying it for free unless it either comes highly recommended or they are compelled to use it by a higher power. So tactics such as these pay off better than what? the OP is suggesting.


It comes down to ethics. If you need dark patterns to stay in business, then I'd prefer you weren't in business.

Now what if it were _my_ business...


Completely agree.


I understand the point; ideally you want to have some free content before you actually need to sign up. However, when integrating a paid solution like OpenAI for example, the tricky part is to limit the number of free requests to prevent going bankrupt by one user. I can imagine that this would be a potential reason to ask for a sign up.


I think you might have missed the point.

The complaint isn't that an email address was asked for, it's that the ask didn't happen up front. Having someone spend time doing something and then asking for an email address before giving the results is the Bad Thing here.

I don't think the author would have complained if the email address was asked for prior to him starting to actually use the service.


It's not about being free or paid, but it's all about being honest to the users.I don't have a problem to sign up or pay for the service. But I need to know before I start using it.

It's like I install a brand new text editor software, spent some time to write a story, and when click on the "save" option, it asking for the payment - that's dishonest and shows that there can be more such dishonest behaviors in the future. But if the same software asked me for a payment upfront, that's totally understandable. Or, if it said upfront that "this is a limited demo, you can save documents up to 150 words, and if you have to save larger documents, you need to pay", that's being very straightforward to the users.


As the author mentions PNG to SVG conversion, there is Potrace [1]. I think you need to convert to BMP before. It's a pretty nice tool. I have used it a couple of times.

[1] https://potrace.sourceforge.net/


Unfortunately most of the websites willing to engage in this are already aware that this is a user-hostile pattern.


It's hostile to the people who don't want to sign up. In other words, it drives away the "free loaders" and increases conversions. I have to agree, I hate to say this but they are probably doing this because it works.


I benefit a lot from free internet services. This is preying on that convention.

The web would be a very different place if people felt OK paying for the value brought into their lives by services that are free today. I also feel that in that world, this would not be necessary.

So, the state of things is the state of things... :/


> The web would be a very different place if people felt OK paying for the value brought into their lives by services that are free today

I believe to contrary. A lot of services paid-only doesn’t have a decent customer support even and subpar product while registering billions in profits. We can always assume “what-if” about paying, but if it was very easy for getting people to pay up, we’d have way too many subpar things and standards would be bottom the drain. I like that services work up their standards and people interested will be very happy to pay. See kagi search, fastmail, google/fb ads, netflix, all vps hosting. If you offer some good value, you’ll get paid, if you are dubious, paying will just increase the bottom line and promote bad behavior from vendors.


People are ready to pay for something if they find it useful and worthy. But the problem is not clearly saying this beforehand. I invest a lot of time on the website and to my surprise it asks me for a payment - that's like cheating.

Imagine I spent a lot of time writing a story in a brand new text editing software, and when trying to save the document, it asking me to pay to save the file!


My biggest current peeve is not allowing me to see shipping costs until I’ve given basically all my information to a company before I’ve checked out.


This actually worked out to my advantage! I did this on a site, found out that they didn't ship to Canada so I abandoned the cart. I got all the oh no emails so I emailed them back telling them I CAN'T buy their stuff because you WON'T ship to me.

Couple of days later the company CEO emails me back. First he apologises (bonus points to a Canadian), promises to fix the cart abandon logic, and offers to ship me 2 of the things I was going to buy for free.

They will hopefully arrive this week


That sounds like a fine resolution, but I wouldn't hold your breath.

Far too many businesses are being run by people completely out of the loop.

Emails, especially from the CEO, are legally binding.


I'm not saying this would be the response from every situation like this. I was just really pleasantly surprised


Including your email address.

And then you abandon the cart, because it doesn't make sense for you to pay $50 for shipping.

But then you get those emails 'you forgot something'. No I didn't.


And you're forever on their "mailing list" because they don't process unsubscribes, since they probably just manually upload a .csv of everyone every time they want to send something to you, whether you ever opted in, or not.


I just got done switching from gmail to fastmail, and it solves this problem beautifully with a nifty feature allowing me to create a new proxy (“masked”) email address for every website but have the mail show up in my mail address. There’s a limit, but it’s like 600+ or something. So when the email gets sold and I start getting spammed, I can easy kill it, and also know who the culprit was.

This one is paid, but I’m at the point where $140 for 3 years “standard” package is fine by me. Not to mention I can actually call someone if I have a problem, instead of getting blocked by google for no particular reason without any recourse. I don’t have a huge social media following that can get me special treatment.

There may possibly be free options that allow you to proxy/mask emails, but I’ve not explored that.

Another useful service is privacy.com, which in a similar manner let’s me create proxy virtual payment cards, setting limits and redacting cards. This kills the possibility of a malicious business like a telecom still charging me for something and having the bank still allow it to go through when they shouldn’t. Now my credit union is pretty good so far, but there are a lot of banks that will happily fuck someone over without a care.

It’s nice having no mean _No_


I do this on gmail myself. I have my own domain and pay for gmail on it. I have a wildcard set to go to my mailbox and wildcard stuff gets sorted per usual. So for instance, if I buy something at target, I use/sign in w/ target@mydomain.com.

I know I should probably get off of gmail, but it's a really good service for my needs.

It's also reasonably priced and there's no limit for those email addresses since it just captures every email sent to my domain.

Downside is I can't send from those addresses but that's generally okay for me.


I used to do this but ended up in too many situations on the phone where someone says “what’s your email” and I can’t remember what email I gave them and I look like an idiot who doesn’t know what their email is.

Now I just mark any marketing email as spam and let the email service automatically move all future emails to spam.


I did too, and I’m not sure what the best fix is.

Proton has SimpleLogin after buying it, but then they own me forever as much as the next company, with the caveat that they can raise fees. Just your username and (ridiculously crazy, 26 character) password isn’t good enough anymore-“oops, we need to send you an email before you can log in” is rapidly becoming normal.


> solves this problem beautifully with a nifty feature allowing me to create a new proxy (“masked”) email address for every website but have the mail show up in my mail address ... So when the email gets sold and I start getting spammed, I can easy kill it, and also know who the culprit was

I do something like that too, but I have my own SMTP server. It doesn't use + it is just an entirely different email address for each one.

I can also easily send from any address by the -r switch.


And not just airbnb@example.com, because that can be guessed, but airbnb_itjeof@example.com, such that you can be sure it leaked from their database.


Then you are justified to put them on the spam filter.


Solution to this is to use a masked email or at the very least add a `+` tag so you can block it easily or know who's the source of the junk mail.

Fastmail offers this feature, and I think 1password might. The `+` tag should be possible with any provider, `me+hn@example.com`

Of course now you have to have a way to keep track of what email you gave to what company. I usually do `firstname_company/website@` to make it easier to remember.


That's not really a viable solution for the average, not-so-tech-savvy folk, though.

Edit: Hit me with the downvotes, I don't mind, but I also enjoy hearing about why my perspective might be wrong. From where I sit, I can imagine that plenty of people annoyed by these kinds of email harvesting patterns also don't know enough to employ the kind of method described here. I feel like that's a solution, but not one that can be prescribed to the average joe.


> That's not really a viable solution for the average, not-so-tech-savvy folk, though.

You can explain this feature of gmail/fastmail to a reasonably technical person in 5 minutes, where 'reasonably technical' means that the person understands the concept of mail folders. Sure, it might not work that easy for your grandma, but I'm reasonably certain that most people in the developed under 40 fall in that category.


That's not really a viable solution for the average, not-so-tech-savvy folk, though.

Not at this moment, but we're getting close

More and more often, Safari offers to fill in an anonymized email address for me when I fill out a form.

It's not detected and offered 100% off the time, but is improving.

Even my wife has started using it, and she is not a techie.


Isn't it trivial for websites to strip out the +? I feel like between this, and the various sites that don't support + in email addresses for whatever reason, this trick isn't worth doing.


Yes, and any spammer will do this anyways. This is the digital equivalent of spelling your name backwards for anonymity. I don’t know why people still suggest it.


It still works, in my experience. Also, stripping out the plus is risky for sites, as it might actually be a part of the address, especially if it's not @gmail.com.

You can get a tad fancier and automatically mark mails without + as spam (only works for new addresses, obviously) or use a dash as separator (if your mail provider supports it). This won't block a targeted attack, yes, but it's usually sufficient to filter a lot of low quality spam and to identify companies that sell or leak your data.


>Also, stripping out the plus is risky for sites, as it might actually be a part of the address, especially if it's not @gmail.com.

Sure, stripping out everything after the + isn't specified in the RFCs, but I know of zero public email providers that allow + in email address AND treats them as separate address (eg. foo+bar@example.com is a different account than foo+baz@example.com).

>You can get a tad fancier and automatically mark mails without + as spam (only works for new addresses, obviously)

Sites that reject + in email address preclude you from doing that.


Email alias is the only reliable way. If I was writing an email spam service the first thing I would do is strip off everything after the plus sign.


the '+' is valid according to RFC822 from 1982. It's not purely per service provider.

http://www.faqs.org/rfcs/rfc822.html


I do this on purpose because about 24 hours later sometimes they'll send you a 10% off code.


This is why Amazon is still winning. The competition needs to compete better.


Amazon is at least as awful.

I cancelled Prime about a year ago - delivery sucks at my location with their logistics and I just don't want to deal with it. I still occasionally order some things that are hard to find elsewhere, I just ship it to an address where things won't be immediately stolen.

And after the huge "subscribe prime" interstitial with the tiny "not now" button, they still add prime to the order, not as a regular line-item, but as something you have to hunt around for to remove. They're cramming, just like telecom used to.

Amazon is awful if you have the temerity to fail to tithe them as they believe they are due. Fuck them.


Confirmed. I needed to purchase something from Amazon Spain and was put into Prime despite choosing "not now". I just cancelled (after hunting thousands of options) and now all the cancellation I have is that "my free period won't be renewed". So I actually have to wait until September 1st to verify I am actually out of the subscription and that no charge is made to my card. Extremely slimy and awful if you ask me.


I agree with everything you said and almost got tricked back into Prime myself. And yet, somehow, Amazon is still the least bad option for me.


Amazon isn't necessarily competing better (though they often are--even if im okay getting a slower delivery, not-Amazon vendor sites will do shit like require signature confirmation without the purchaser requesting it, which makes the package all but undeliverable to certain apartments), but they win on the guarantee that buying a product through Amazon isn't going to sign me up for an endless stream of marketing email.

Granted, Amazon has much less need for that endless stream of marketing email because they're already the de facto first choice shop. It's a lose-lose game if you're a conscious consumer and both want to support a non-Amazon monoculture for internet retail but also don't want to have to yet another drip feed of marketing email.

Ideally there'd be competition among email service providers to recognize the modern landscape of CAN-SPAM compliant but entirely unsolicited and unwanted email and provide user tools that aggressively bin non-transactional email and penalize senders that send 10 "transactional" emails for a single interaction ("here's your confirmation! here's a shipping update! here's another shipping update! are you satisfied with your purchase? leave a review!) as shadow marketing.

Either they're knowingly doing this for brand reinforcement reasons or are honestly clueless and don't recognize that a single email that links to a continuously-updated order status page is preferable. I figure mostly the former, but either way there are limited mechanisms to encourage vendors to make judicious use of email.


Amazon actually didn't win in my country. And it's because of their terribly shitty website. And their terrible commercials.


Some sites ship by weight and size instead of fixed rate. UPS and FedEx shipment prices fluctuate intra daily, and sometimes by quite a bit. I’ve used sites that required the same, and the shipping costs would update so frequently that I ran scanners to find good deals on time to buy.


That’s wild. Is this some specific gear or something?


This is why tempmail exists.


Sadly, the most shady ones will not accept anything that is not one of the gmail, outlook, yahoo and some doesn’t even accept custom domains, only gmails!

There is a lot of cheap (and even free) APIs that can accurately guess when you enter a fake e-mail! A place I worked previously used several of such APIs and generated consensus among all to determine if a signup would be allowed and eventually only focused on “must be a gmail” because few of these APIs decided to ramp up prices post COVID-19.


I dislike this as well. If I really want to see whatever the sign-up is blocking, I try temp-mail.org. Haven't had any issues with temp-mail yet but I'm sure it's only a matter of time.


That's what bugmenot was for... but they started blocking all sites and hasn't been useful for years now. There should be a "distributed "replacement" that cannot be bought out.


Not exactly the same situation but I immediately uninstalled the Arc browser after it auto played some video with music and asked me to create an account before I could even see the UI.


I hate this too. However it's important to note that the old bugmenot.com still works!

And, you're polluting the database of these cowboys by using it. Win-win


Popups are the Devil. Every web developed knew this in the 1990s. The fact that modern webdevs are bringing them back is an embarrassment to the industry.


I've been trying to order from non Amazon sites as a habit lately. A large percentage of them use the same platform, maybe it's Shopify?

During checkout, they have a checkbox asking if you also want to receive promotional emails. It's annoying that this is checked by default, but I can tolerate it to some degree since I still have the ability to opt out.

I always uncheck it. Always.

Almost without fail, I end up receiving marketing emails from these companies. (And not just followups from my purchase or even review requests, which would be bad enough.)

I never buy from those brands again.


Do these stores' checkout pages have a section to enter your billing/shipping details on the left, and then a pane displaying what's in your cart and any active coupon codes on the right?

If so, it's almost definitely Shopify.

I know what checkbox you're referring to, and another fun thing is that if you use PayPal (or, I assume, another non-credit card payment method), it bypasses the "Sign me up for promotional emails" checkbox entirely... but it still checks it for you.

So if I check out with PayPal I have to select the PayPal option, sign in to PayPal, confirm, then in the store's checkout page go back a page to manually uncheck the box. Drives me crazy. Unchecking it beforehand does nothing.


This...

My assumption was always that there are two separate systems at play, and once your email is entered, it gets put into some sort of cart rescue campaign..which sends...promotional emails.


cart rescue campaigns technically qualify as "transactional" campaigns, rather than promotional campaigns. that's why that happens


What about going back to paying for stuff instead then?


Ah, sites that make me reach for BugMeNot.


Apps and white papers on tech topics too.


Dogs, stop barking!




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: