The Invisible Game on the Internet: A Case Study of Decoding Deceptive Patterns
Zewei Shi, Ruoxi Sun, Jieshan Chen, Jiamou Sun, Minhui Xue
TL;DR
The paper addresses the pervasive issue of deceptive patterns (dark patterns) on the Internet by proposing a game-based threat model that involves an Adversary, Watchdog, and Challenger to formalize deceptive pattern threats. It introduces a quantitative Deceptive Pattern Risk Scoring System, with the risk score $R = (\text{Adv}-\text{Det}+\alpha) \times (1+\text{Imp}) \times \beta$, where Det derives from UIGuard's $F$-scores and Adv is decomposed into human-centric factors, enabling normalization to [0,10] and clear risk categorization. Four case studies demonstrate the system's practical applicability and highlight the critical role of human factors when detectors are imperfect or absent. The work offers a concrete framework for researchers and practitioners to quantify deception risks, guiding design, policy, and detection improvements in real-world UI contexts.
Abstract
Deceptive patterns are design practices embedded in digital platforms to manipulate users, representing a widespread and long-standing issue in the web and mobile software development industry. Legislative actions highlight the urgency of globally regulating deceptive patterns. However, despite advancements in detection tools, a significant gap exists in assessing deceptive pattern risks. In this study, we introduce a comprehensive approach involving the interactions between the Adversary, Watchdog (e.g., detection tools), and Challengers (e.g., users) to formalize and decode deceptive pattern threats. Based on this, we propose a quantitative risk assessment system. Representative cases are analyzed to showcase the practicability of the proposed risk scoring system, emphasizing the importance of involving human factors in deceptive pattern risk assessment.