California bans "dark pattern" designs intended to trick website users

Originally published at: California bans "dark pattern" designs intended to trick website users | Boing Boing


This is great, but I wonder if it will be difficult to enforce.


Yeah, I wonder how they worded it, since “dark pattern” doesn’t seem to be a well defined enough concept to base a law on.


I think this is great. But I worry that the bigger issue is not website’s but mobile games.

Check out Dark Patterns to see how mobile games manipuate users into spending more time and money.


The regulation is more specific than described here. It refers to attempts to thwart a user’s efforts to opt-out of the selling of personal data.

It lists the specific dark patterns that are banned:


unintended outcomes such as recurring subscriptions

Mom is 84 now, she falls for this often and it requires my Dear Wife and I several hours of wrangling over the phone with a CSR for each event. My go to on this is Elder Abuse [use it, it works], Cali. has very strong EB laws, and they enforce them.


Yeah, I know what you mean! And my Dad is always falling for scams that promise to cleanup your computer and remove viruses and make it run faster, but are really adding malware.


I work in this industry, and can confirm all of this. It’s ugly in here. Not to mention all the data being gathered for advertisers. :neutral_face:


Thanks for this. I’ve been looking for games to play lately, but I’m getting tired of all the dark patterns and terrible freemium games.

1 Like

I unsubscribed to a service a year ago, or so. A security checkup said my password for the service had been compromised, so I logged in to change my password and was shocked to find my current, twice changed, credit card number in my account. That you can change your credit card due to fraud, and then the credit card company updates a business you have no ongoing relationship with of that new number is mind boggling. That business deleted my credit card and account when asked, but thereafter I tried to clean up who had my card number and many places make it absolutely impossible to do so.


This is very likely an indication that the site is doing a good thing. What is likely happening is that the site took your card number, and sent it to a verification company that gave them back a unique token for that card number that will only ever work for their account. Then they should only have stored that token and discarded your card number. If the token is stolen then your card number is not exposed and it can’t be used to make charges since the thieves don’t have the account it is valid for. (Some older token systems were not tied to the account so this is not always true.) This reduces your risk in a data breach.
While this is more complicated for a merchant they have an incentive in that the verification/tokenization company works with card issuers to update the tokens so they remain valid as a card holder changes cards, either through expiration or through replacing the card number due to fraud.
The auto updates can be good for consumers too, if you have reoccurring bills paid by card you don’t need to find all the sites you need to update or wait for failed charges when you have a card replaced.

All that said the effect certainly is creepy.


I’ve pretty much stopped downloading any free games, and any games that allow you to purchase anything.

It’s very worth it, for a small sun of $3-5, especially since I download < 10 games a year.

Super useful information! Thank you so much.

1 Like

I think that’s the direction I’m heading with it. I’ve got a couple that I’m very likely going to buy soon.

I’ve been an aggressively casual gamer for so long that I have to actually force myself to play any games at all. It looks like there are some really great options for mobile games these days, so I’m excited to get back into playing them more.

This topic was automatically closed after 5 days. New replies are no longer allowed.