Anatomy of the Goodreads.com Friend Spam Dark Pattern

Goodreads Homepage

Goodreads.com is social cataloging service for books. In this post you will see how they’ve used the friend spam dark pattern, but how they’ve also failed to make it go viral. This makes it interesting to carry out a post mortem and work out what they should have done. Let’s take a look:

Above you can see where it starts. One of my twitter friends has tweeted about goodreads.com. I wonder what that is, maybe I’ll just click on the link…

OK now I’ve been taken straight to the Twitter oAuth page. There’s no warm up, no foreplay, they go straight for penetration. Twitter users are increasingly savvy, and it turns out this approach has been quite ineffective. If you run a Google Updates search, you’ll see this “viral” adoption campaign is only generating a few tweets a day.

As such, it’s evident the Twitter oAuth page is a crap landing page for their campaign. People are seeing it, thinking “Woah, that’s weird”, and then leaving. This is a GOOD thing for the Twitter ecosystem. The whole point of this page is that it should make people stop and think twice.

OK so let’s see what happens to those users who proceed:

Now I’ve clicked “Allow”, you can see I’ve been automatically registered and logged-in to Goodreads.com: a very slick implementation of lazy registration. Now let’s take take a close look at the page. All of the checkboxes are preselected, and the very bottom checkbox reads “Share goodreads with my 644 twitter friends who are not on goodreads yet.”

If you click “add friends”, the system sends out a bunch of emails on your behalf, and then uses your Twitter account to post a tweet. This is the friend spam dark pattern in action:

Goodreads simply don’t make it clear what will happen when a user leaves the “Share goodreads with my twitter friends…” checkbox ticked. The fact that it’s preselected and buried at the bottom of the page makes even more of a dark pattern. The only way a user can find out what’s happened is by looking at their own Twitter feed. This is naughty.

There’s nothing wrong with posting tweets for users *if* they know you’re going to do it. Twitter’s Application Developer Terms of Service expressly states “Don’t surprise users” and “Get users’ permission before: sending Tweets or other messages on their behalf. A user authenticating through your application does not constitute consent to send a message.”

So Goodreads are breaking Twitter’s rules, and it’s all down to the wording of that checkbox label. Let’s compare the goodreads “dark hat” pattern to the firstfivefollowers.com “white hat” pattern:



With firstfivefollowers.com, the user can clearly see what is happening. No room for misinterpretation.

So what are Goodreads up to? I think you’ll agree it looks more like clumsy design than malicious intent. It’s a double loss situation for them: they get their brand name associated with sleazy friend-spam practices, yet it doesn’t deliver for them. All they need to do is add a nice landing page, then use the firstfivefollowers.com white-hat design pattern and they’ll be home and dry.

10 comments