Don't Click On Pop-Ups

When visiting a new website on your phone or computer over the past 18 months or so, you’ve probably seen it: a notification informing you that the page is using cookies to track you and asking you to agree to let it happen. Most websites you visit now greet you with a pop-up to secure your consent, to retain information about you.

Cookies are small files that websites send to your device that the sites then use to monitor you and remember certain information about you, like what’s in your shopping cart on an e-commerce site, or your login information. 

Since the European Union started enforcing GDPR in mid-2018, nearly every website you visit now covers a part of the content you're trying to read with a notification about the use of cookies on the site. Full-screen pop-ups will block the entire view of the page but it’s also common to see 'lightbox' pop-ups that block a portion of the page. Now, web designers are using methods derived from the dark web to design fake pop ups which are an effective way of encouraging web users to lose their time, money and privacy. These are being referred to as Dark Pattens, sets of practices that website designers can use to manipulate website users.

Dark Patterns are tricks used in websites and apps that make you do things that you didn't mean to, like buying things or signing up for something that you did not intend.

Dark design is used to influence our decisions about our time, our money, our personal data and our consent. But a critical understanding of how dark patterns work, and what they’re hoping to achieve, can help us detect and overcome their deceptions.

Normally, you’ll set a pop-up to trigger after a short delay, when a user scrolls to a certain part of the page or use something called exit-intent popups that trigger when a user’s mouse hovers near the top of the browser window. The cookie banner purports to offer you a choice: consent to only the essential cookies that help maintain your browsing functionality, or accept them all. The “accept all” button is large and  highlighted, while the  less prominent “confirm choices” or “manage settings” buttons - the ones through which we can protect our privacy - can deter users with additional time-consuming clicks.

E-commerce websites often use dark patterns. Perhaps you have found a competitively priced product you’d like to buy. You create an account, select your product specifications, input delivery details, click through to the payment page, and discover the final cost, including delivery, is mysteriously higher than you’d originally thought. Online purchase of apparently discounted airline tickets are a common example. 

Britain's Information Commissioner is now in discussion with other countries to join forces against cookie pop-ups online and has urged G7 countries to address this problem, highlighting how fatigued web users are agreeing to share more personal data than they’d like. 

Manipulating users for commercial gain isn’t just used on E-commerce websites and is extending  in to Apps. The key problem with dark design is that it’s difficult to spot and web users have become anesthetised by purported free services such as Facebook and YouTube, which monetise their users' attention by placing advertisements in front of them as you scroll, browse and surf. 

NiemanLabs:       BBC:    Dark Patterns:      Arxiv:       Vox:       Vertical Leap:      Zapier:

You Might Also Read:

"Cookie Walls" Non-Compliant With GDPR:

 

« Britain's COVID - Driven Online Crime Wave
Google’s DeepMind Faces Legal Action Over Data Misuse »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

RSA Insurance Group

RSA Insurance Group

RSA is one of the world’s leading multinational quoted insurance groups. Commercial services include cyber risk insurance.

Hewlett Packard Enterprise (HPE)

Hewlett Packard Enterprise (HPE)

HPE is an information technology company focused on Enterprise networking, Services and Support.

CSIRT Malta

CSIRT Malta

CSIRT Malta supports critical infrastructure organisations in Malta on how to protect their information infrastructure assets and systems from cyber threats and incidents.

Silicom Denmark

Silicom Denmark

Silicom Denmark is a premier developer and supplier of FPGA-based interface cards for cyber-security, telecommss, financial trading and other sectors.

RCDevs

RCDevs

RCDevs is an award-winning Software company providing security solutions designed for modern enterprise technologies and suited for SMEs to large corporations.

GK8

GK8

GK8 is a cyber security company that offers a high security custodian technology for managing and safeguarding digital assets. Secure, Compliant and Practical.

Netsecurity AS

Netsecurity AS

Netsecurity is a Norwegian owned company focused and specialised within IT security and cybersecurity-as-a service.

IPification

IPification

IPification is a highly secure, credential-less, network-based authentication solution for frictionless user experience on mobile and IoT devices.

Terra Quantum

Terra Quantum

Terra Quantum is a deep tech pioneer, developing revolutionary quantum applications to shape the technology of the future.

Raiven Capital

Raiven Capital

Raiven Capital is a global early-stage technology venture capital fund. We focus on founder-led, driven companies on the leading edge of disruption.

Performance Technologies

Performance Technologies

As a leading IT Solutions Provider in Greece, Performance Technologies delivers reliable, long life solutions, ensuring continuous availability of business-critical services and information.

Stack Identity

Stack Identity

Stack Identity protects access to cloud data by prioritizing identity and access vulnerabilities via a live data attack map.

Cybersecurity Dubai

Cybersecurity Dubai

Protect your business from cyber-attacks with Cybersecurity Dubai, your partner in online security solutions.

SecureTeam

SecureTeam

SecureTeam are a UK-based information security practice, specialising in all areas of cybersecurity.

Index Engines

Index Engines

Index Engines is the world’s leading AI-powered analytics engine to detect data corruption due to ransomware.

FOSSA

FOSSA

FOSSA is a leading SBOM (software bill of materials) and software supply chain risk management platform.