Don't Click On Pop-Ups

When visiting a new website on your phone or computer over the past 18 months or so, you’ve probably seen it: a notification informing you that the page is using cookies to track you and asking you to agree to let it happen. Most websites you visit now greet you with a pop-up to secure your consent, to retain information about you.

Cookies are small files that websites send to your device that the sites then use to monitor you and remember certain information about you, like what’s in your shopping cart on an e-commerce site, or your login information. 

Since the European Union started enforcing GDPR in mid-2018, nearly every website you visit now covers a part of the content you're trying to read with a notification about the use of cookies on the site. Full-screen pop-ups will block the entire view of the page but it’s also common to see 'lightbox' pop-ups that block a portion of the page. Now, web designers are using methods derived from the dark web to design fake pop ups which are an effective way of encouraging web users to lose their time, money and privacy. These are being referred to as Dark Pattens, sets of practices that website designers can use to manipulate website users.

Dark Patterns are tricks used in websites and apps that make you do things that you didn't mean to, like buying things or signing up for something that you did not intend.

Dark design is used to influence our decisions about our time, our money, our personal data and our consent. But a critical understanding of how dark patterns work, and what they’re hoping to achieve, can help us detect and overcome their deceptions.

Normally, you’ll set a pop-up to trigger after a short delay, when a user scrolls to a certain part of the page or use something called exit-intent popups that trigger when a user’s mouse hovers near the top of the browser window. The cookie banner purports to offer you a choice: consent to only the essential cookies that help maintain your browsing functionality, or accept them all. The “accept all” button is large and  highlighted, while the  less prominent “confirm choices” or “manage settings” buttons - the ones through which we can protect our privacy - can deter users with additional time-consuming clicks.

E-commerce websites often use dark patterns. Perhaps you have found a competitively priced product you’d like to buy. You create an account, select your product specifications, input delivery details, click through to the payment page, and discover the final cost, including delivery, is mysteriously higher than you’d originally thought. Online purchase of apparently discounted airline tickets are a common example. 

Britain's Information Commissioner is now in discussion with other countries to join forces against cookie pop-ups online and has urged G7 countries to address this problem, highlighting how fatigued web users are agreeing to share more personal data than they’d like. 

Manipulating users for commercial gain isn’t just used on E-commerce websites and is extending  in to Apps. The key problem with dark design is that it’s difficult to spot and web users have become anesthetised by purported free services such as Facebook and YouTube, which monetise their users' attention by placing advertisements in front of them as you scroll, browse and surf. 

NiemanLabs:       BBC:    Dark Patterns:      Arxiv:       Vox:       Vertical Leap:      Zapier:

You Might Also Read:

"Cookie Walls" Non-Compliant With GDPR:

 

« Britain's COVID - Driven Online Crime Wave
Google’s DeepMind Faces Legal Action Over Data Misuse »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

SecPoint

SecPoint

SecPoint provides products to secure & protect your network from remote and local attacks.

TrustedSec

TrustedSec

TrustedSec is the leader in information security consulting services, providing tailored solutions and services for small, mid, and large businesses.

Techmeme

Techmeme

Techmeme is an online news curation service focused on leading edge technology, including cyber security.

Computer Laboratory - University of Cambridge

Computer Laboratory - University of Cambridge

Computer security has been among the Laboratory’s research interests for many years, along with related topics such as cryptology

CYBERPOL

CYBERPOL

CYBERPOL's mission is to facilitate the widest possible mutual assistance between all cyber crime law enforcement authorities to help mitigate global cyber threats.

Blue Ridge Networks

Blue Ridge Networks

Blue Ridge offers a suite of solutions that enable secure remote access to the enterprise network with protection and control of endpoints.

Stealthcare

Stealthcare

Stealthcare is a full service, global cyber security firm offering solutions that educate, empower and protect.

Simility

Simility

Simility's multi-layered fraud detection solution uses superior machine learning & device intelligence technology to safeguard your online businesses.

Beazley

Beazley

Beazley are a specialist insurer with three decades of experience in providing clients with the highest standards of underwriting and claims service worldwide.

Securis

Securis

Securis provides organizations and agencies with the highest level of professional, ultra-secure data destruction and IT recycling.

Altipeak Security

Altipeak Security

Altipeak Security provide Safewalk - a flexible and robust authentication platform through which we offer improved security to SMBs, corporates, banks, insurance companies, healthcare and more.

Cyber Risk Aware

Cyber Risk Aware

Cyber Risk Aware provide a security awareness and phishing simulation platform that focuses on real threats and educates and empowers employees to be the first line of defence.

archTIS

archTIS

archTIS specialises in the design and development of products, solutions and services for secure information sharing and collaboration.

TechBase

TechBase

TechBase is an innovation and start-up center offering technology-oriented start-ups optimal conditions for successful business development.

Canonic Security

Canonic Security

Canonic streamlines app review, continuously monitors apps, and reduces the risks involved in third-party access to your data.

Encova Insurance

Encova Insurance

Encova’s cyber liability coverage protects you and your customers in case of a security breach in your company's data.