Overcome the dark side of UX (part 3).

  • By
    Yonette de Ru
    June 24, 2020
    February 8, 2023

Welcome to the last part of the series where I've taken you on trips to galaxies far far away in the Star Wars universe. The fictional characters you’ve met along the way serve as a reference to resonate with as we unveiled the dark forces of UX that exist in our world.

So far on our journey throughout the galaxy we’ve covered 7 of these dark forces (check out part1 and part 2 of this series), and for our final discovery we’ll look at the remaining dark forces that disturb the force.

Jump on board and strap yourself in for our final journey into the universe!

1. Sneak into basket

Have you ever seen additional items or costs added to your basket that you did not put there? If yes, then you were a victim of this prevalent dark force in the e-commerce industry.

In a sense, we can link this dark force to when Obi-Wan Kenobi was trying to defend the Empire in the clone wars. He had a bombshell dropped on him during his fight against General Grievous where he revealed his large cyborg structure with four robotic arms and lightsabers in each hand. This was shocking for Obi-Wan, as it’s already intense to fight someone with one lightsaber let alone fighting and defending against four!

Like Obi-Wan, users feel a similar way when websites automatically add extra items or preselect features on your behalf. GoDaddy, for example, pre-selects optional features that hike up the price and it is only noticed as an additional item in your cart upon check-out.

At the start of the user journey, GoDaddy offers helpful tips as to the purpose of the additional features, and gives reasons as to why it’s great to purchase this particular domain name. This in turn, encourages their users to feel good about the purchase they are about to make. In the second step, they offer the option to add or remove additional services. This gives users an indication that they are in control of choosing add-ons, however by the time a user gets to the checkout page, GoDaddy has pre-selected additional elements such as the ‘Domain renewal years’ and the ‘Domain Name Privacy’ - all of which were not options to choose from previously.

Adding on features in this way spiked the price drastically, where initially the domain would have only cost AED13, it now costs 10 times as much because of the pre-selected elements! It sure feels like these e-commerce sites want to deliberately send their users into a cold sweat with these unjust methods and sneaking add-ons into a users basket. As a business, GoDaddy could do more damage to the customer relationship than build a lasting one.

Avoid the cloak and dagger style

As a business, you don’t want to be a General Grievous that sneakily hides his true form behind a cloak, only to shock users with the truth when they least expect it. In part 1 of the series, I spoke about the ‘power in defaults’, where users are likely to keep things the way they are and will not read the fine print. However, they would definitely investigate when something does not align with their expectations.

Instead of adding or pre-selecting default states for users, highlight what the value, benefit or savings of these options would be and display this amount inline with what they are saving. When choosing the suggested options from the business, ultimately the savings element would create a positive experience despite it costing more. This “savings” marketing strategy1 is an important principle to be used within e-commerce platforms and should be highlighted even if users get things for free.

Luckily, in this case, changes can be made so your users don’t have to face the bombshell that Obi-Wan had.  It’s still important to be upfront with your customer base and give your users the opportunity to decide what they want.

2. Privacy Zuckering

R2D2 is a famous droid character that plays a significant role throughout the Star Wars films and is known for saving humans, storing top-secret documents and carrying confidential messages.

On one of R2D2’s missions, he carried an important hologram message from Princess Leia for Obi-Wan Kenobi, however got captured by scavengers who make money by selling scrap metal and run-down droids. R2D2 was coincidentally sold to the famous Skywalker family and when the youngest, Luke was cleaning the droid he accidentally played a clip of the hologram message by Princess Leia. Realising the importance of the message, Luke frantically asked R2D2 to show him more of the message, but R2D2 refused as the message was not intended for him.

This is similar to what the dark pattern ‘privacy zuckering’ does, when it displays or shares private information to companies and people even though the user did not know they were giving permission for this. The dark pattern received its name from Facebook CEO, Mark Zuckerberg as when Facebook launched, it was known to share personal information to the public without a user's knowledge. Unfortunately for Facebook this has resulted in numerous lawsuits.

I found myself in this privacy invasion scenario when I obtained my UAE number from Etisalat. The number they gave me was clearly someone else’s number before me, because when I registered on Telegram and WhatsApp, I received random messages from people I didn’t know and could see other messages on Telegram that were previously posted. To my horror, because the Telegram login is obtained through a OTP sent to the phone number, I basically logged in to an existing account. None of which was my information! Not secure at all!

Personally, I experienced the worst of both privacy-invading worlds as I currently pay for a contract with Etisalat and feel that I own this number - but there was a previous owner who created accounts on platforms that I’m not even aware of. Then on Telegram, I invaded someone else’s privacy unintentionally when I thought I registered for a new account but in fact, logged in to a pre-existing one that held none of my data or contacts!

Luckily I was able to contact Telegram to reset the account and delete all pre-existing data in order to create a new one, but this was a super AWKWARD experience for me.

I felt a lot like R2D2 - in that he didn't expect to share any confidential information nor invade anyone else’s privacy, but did so accidentally. Who do we blame for this dark force when it comes to privacy? Should it be up to the Telecom to do their proper due diligence when handing over existing numbers to new clients? Or should it be up to the app developers like Telegram to offer more secure ways of signing up for their platform other than OTP logins to the linked numbers.

Avoid being tangled in the privacy paradox

Today, we have an excessive amount of data, a surplus of data collection pathways, and too many discrepancies about these pathways. Users are often not aware of what they disclose to share with you as a business and what the business will share on their behalf.

You don’t have to be a rocket scientist to understand that users are increasing their awareness about their privacy as large-scale data breaches have been made public. Consumers are now aware that their data can fall into the wrong hands and this has fueled fear among many consumers.

People these days are fighting for their privacy while simultaneously trying to reduce their digital footprint across the web. However, at the moment it is estimated that it would take a user an average of 244 hours2 per year to read the privacy policies of every website they’ve signed up or have accounts with. Insane right? There is still a blurred line around where user data is going, who owns it and if users can have complete control over what to share and not share. Slowly but surely countries are implementing these privacy laws3 such as GDPR across Europe, POPI acts in African countries and the CCPA in some US states. If companies don't adhere to these laws there will be massive legal consequences for them.

Ultimately it is up to the company to provide transparency on what data they will use, share and inform their users what data they have full control over, and allow users to revoke anything they feel uncomfortable sharing. Only then can businesses start to build a lasting relationship with their customers - it is this trust building exercise that will provide users with a sense of loyalty towards your business.

3. Confirmshaming

Jar Jar Binx is a character that makes his first appearance in Star Wars: Episode I – The Phantom Menace. He is introduced after being cast out from his tribe for being clumsy and careless, as his personality traits cause havoc and bring shame upon his tribe.

Initially, this fictional character’s role was to provide comic relief to the Star Wars audience however, was met with overwhelming dislike from both critics and audiences, and is now recognized as one of the most hated characters in the Star Wars4 series and the history of the films in general.

How Jar Jar Binx feels on a daily basis is what our next dark force ‘confirmshamimg’ is like, users feel ashamed if they don’t opt-in to a mailing list, or they think twice before cancelling a subscription because of the impending guilt trip. Behind the concept, there is good intent to try and sway users to make a decision that aligns to the business goal, but making use of dark forces like the confirmshaming method is like being a Jar Jar of the world, you are just bringing shame upon yourself (and your business).

Want to know what’s worse? Even big name companies like Amazon and Gmail make use of this dark force and put their users on a guilt trip!

When Gmail launched their new ‘smart email” feature across its platforms, they asked their users if they wanted to try out the newest version. However, instead of explaining the benefits of the new version to their users in order to entice them to update, they took a confirmsharing approach, using language that made users feel bad about not switching. As you can see in the example above, if the user wanted to decline this update they needed to click on the button which read, “I don't want smarter email”. Really? Even if Gmail thought they were being cheeky, using this type of language puts users on a guilt trip. Yes updates are good, but some users might find it hard to adapt to change and new things and need time to research the changes.

A second example is with the Amazon Prime service. I wanted to cancel my subscription when I started to use it in South Africa, as half of the advertised benefits weren’t regionally available and therefore it didn’t make sense to keep it. I decided to cancel the membership, which is a five step too many process. By the time I got to the last cancellation step I was guilted into NOT cancelling my membership! As you can see in the above example, the button to confirm my cancellation read, “Cancel My Benefits”. Yes, using language like this can make a user think twice about cancelling, however in my case I found it upsetting as for my region I was not offered any benefits.

Don’t bring shame upon yourself

A 2019 study5 which checked how many e-commerce sites use dark patterns, found that around 1500 e-commerce websites had more than 234 dark pattern instances on their websites, with confirmshaming listed as one of the top instances across the majority of websites.

It’s crucial for businesses to allow your users to have graceful entries and exits so that they can come back on a positive note. Instead of using confirmshaming methods, have content that encourages users to come back. Types of encouragement could be the use of behaviour priming nudges with a task to come back, or a positive reinforcement message on the progress you’ve made together (also known as relationship building) and last but not least, have a fallback option on what they can do next even if they want to leave the subscription service or not try out new and exciting features.

4. Disguised ads

Disguised ads are advertisements that are disguised as other kinds of content or navigation, to get a user to click on them.

Throughout the Star Wars films, Palpatine makes his appearance as a trustworthy leader - as Supreme Chancellor for the Galactic Republic and eventually Emperor to the Galaxy of Core Worlds. He comes forth as a reliable politician that the public can trust but as the films progress, we learn that Palpatine is actually one of THE most powerful Sith Lords of all time, who restored the Sith and destroyed the Jedi Order. He controls the dark side and has many Sith Lords, including the mighty Darth Vader as his apprentice. In the beginning, he has fooled the Jedi council, the Republic and all that followed him on his loyalties.

Simply put, this is what a disguised advertising does. It is built to fool users into clicking on a button that they think will align with their expectations but in fact, it’s a disguised advertisement or a link that takes you elsewhere.

This type of dark force is  usually prevalent on mobile games where in order for a user to continue to play the game for free, they need to watch an ad, but by the end the user is required to click and close and here is where more disguised links appear. In my own experience, sometimes I close the ad and somehow end up downloading an app that is not even related to the ad I was shown. How bizarre!

It is understandable that the free versions of games need to turn a profit and this usually happens from sponsored advertising, however sneaking in disguised buttons to force users to download other apps or continue to other sites is a downright dirty way of misleading users. In return, you’re destroying their perception of your brand and making users weary of using the platform or playing the game again.

Don’t be a devil in disguise

Instead of leading users on a disguised advertisement path, make use of the framing effect6 upfront. The framing effect is a way of presenting options in both a positive and negative way. When the same problem is framed in different ways, it produces predictable shifts in user preference. For example, an option can be framed positively with reasons as to why users should try out a product or service, while a negative framing can be based on what users are missing out on. The negative framing plays on the FOMO (fear of missing out) notion, in which studies have shown that people tend to find more risk in losing out on something than not trying it at all.

Organisations can also make use of usage-based personalisation which pushes ads to the user based on their interaction behaviour on your platform.

5. Friend spam

C3PO is another famous droid in the Star Wars universe that is usually accompanied by R2D2. C3PO was built to be a protocol droid and one of his main functions is to interpret the many languages found throughout the galaxy. He’s basically a butler that can speak thousands of languages.

However, C3PO is actually very opinionated and as you’ll see in the films, every task given to him is followed by scepticism on C3PO’s part, especially when it comes to anything adventurous! There are many characters in the Star Wars universe that just want him to keep quiet, as he is also known to overshare information.

This is what the dark pattern known as ‘friend spamming’ does, it asks for your email or social media permissions under the pretence that it will be used to suggest a desirable outcome, (such as friend suggestions) but then spams your contacts with a message on your behalf. Just like C3PO overshares information with strangers, this is what ‘friend spamming’ feels like when companies send messages on your behalf.

LinkedIn has used this dark pattern in regards to their new user signups, in which they sent a blast out to the new signups personal contact list. The end goal of course is to get more user signups, however as LinkedIn did not receive permission from the initial user, they found themself in a battle with many consumers, who cited a violation of their privacy rights, ultimately leading to a $13 million dollar settlement.

Fortunately, many companies have learned from LinkedIn’s expensive mistake, and make sure to ensure users that they will not post or send anything on the user's behalf unless specifically given consent to do so.

On a good note, we can safely say that this dark pattern is pretty much doomed. It's just unfortunate that it came at such a high price to businesses.

Don’t make acquaintances — build lasting relationships

Like social media companies, it’s important to build a reputable network and have the social proof that comes with it. It’s also true that more people will try out a new product or service if they trust the information given and see others using this product or service.

There is a cognitive bias known as the bandwagon effect7 that occurs when people do, believe or say something because they see other people doing it - even if it doesn't align with their expectations (read more about the different cognitive biases here).

The bandwagon effect is becoming more prominent in today’s world with social media influencers, review websites like TripAdvisor and even eCommerce sites like Amazon with their customer reviews section. All of these influence a potential customer's purchase decision.

Instead of spamming your user’s contact list on their behalf, rather use the bandwagon effect to your advantage where people can give factual data such as reviews and their own personal experiences to share among their network. In a flash, you’ll see people jumping on the bandwagon to try it as they see fit!

In conclusion

Wow! We’ve made it to the end of this series, where we’ve explored many galaxies together and uncovered the 12 dark forces that exist.

The main reason why I wanted to highlight these dark forces, is to remind organisations that offer products and services to be mindful of their users.  In order to be successful in the long run businesses need to put their users first and provide real and ethical value for their users.

Today more and more users are conscious of these exploiting techniques and know when they have become a victim. I hope that I’ve raised awareness of the dark forces that lurk on the web and encourage consumers and UX’ers to take action and display these forces publicly in the hall of shame (this is where everyone can expose these sites on social platforms etc). This way, it will be easier to see how experienced designers can make improvements and ultimately get to interact with digital products and services in peace.


  1. https://www.quicksprout.com/psychological-pricing/
  2. https://www.sciencedirect.com/science/article/pii/S2352250X19301484?via%3Dihub
  3. https://insights.comforte.com/6-countries-with-gdpr-like-data-privacy-laws
  4. https://abcnews.go.com/Entertainment/Movies/top-10-worst-tv-film-characters-time/story?id=10809609
  5. https://arxiv.org/pdf/1907.07032.pdf
  6. https://www.semanticscholar.org/paper/The-framing-of-decisions-and-the-psychology-of-Tversky-Kahneman/e552054dbd030b8414058639389b4a63e727aedb
  7. https://www.interaction-design.org/literature/topics/bandwagon-bias
  8. https://www.darkpatterns.org/hall-of-shame
No items found.

Other articles you may like.

We conducted a UX audit for three major airlines. The results? Well, even the most renowned airlines have room for improvement! Discover more.

Using the DOT Score: Airline Booking

  • By
    Digital of Things
    September 8, 2023
    September 11, 2023

We conducted a UX audit for three major airlines. The results? Well, even the most renowned airlines have room for improvement! Discover more.

No items found.
An in-depth diary study is an effective way to get up close and personal with your participants. Our go-to guide helps you reap real results. Ready?

Guide to Running an Impactful Diary Study

  • By
    Digital Of Things
    October 10, 2023
    October 10, 2023

An in-depth diary study is an effective way to get up close and personal with your participants. Our go-to guide helps you reap real results. Ready?

No items found.
We took time out to chat with Sudipt Shah, our CEO and co-founder, as well as Doaa Badran, one of our talented UX researchers ahead of Digital of Things launch in the Kingdom of Saudi Arabia. Hereʼs everything they had to say about what the future holds as the business branches out…

Launching in the KSA

  • By
    Digital of Things
    May 2, 2023
    July 10, 2023

We took time out to chat with Sudipt Shah, our CEO and co-founder, as well as Doaa Badran, one of our talented UX researchers ahead of Digital of Things launch in the Kingdom of Saudi Arabia. Hereʼs everything they had to say about what the future holds as the business branches out…

No items found.