DarkPatrol

A browser extension that flags dark patterns the moment they appear on the page — pre-checked add-ons, confirmshaming buttons, hidden cancel links, drip pricing — and tells you in plain English what you're actually about to agree to.

Problem

Sign-up and checkout flows are getting harder to read on purpose. Pre-checked subscription boxes, optional "protection plans" auto-added at checkout, "No thanks, I hate saving money" decline buttons, and cancel paths buried five screens deep are now standard practice across SaaS, e-commerce, and streaming. Most people don't notice the patterns until they see the recurring charge two months later, and there is no in-the-moment tool that calls them out before a click commits.

Target user

Subscription-fatigued consumers in their 20s–50s who already use an ad blocker and trust a browser extension to act as a guardian. Job-to-be-done: "when I'm signing up or checking out, tell me what I'd miss if I trusted the default."

MVP scope

• Chrome/Edge extension. On page load, scans the DOM for a fixed taxonomy of dark patterns (pre-checked optional inputs, hidden inputs that imply consent, confirmshaming button copy, contrast-suppressed decline links, sneak-into-basket add-ons, countdown timers with fake urgency).
• Inline overlay badges next to detected elements, plus a single toolbar popup summarizing every flagged item and the dollar/data cost of accepting each default.
• A "fix it" button that auto-unchecks pre-selected optional boxes (where DOM-safe) before the user submits the form.
• Local-only detection — no DOM contents ever leave the browser; just an aggregate counter of "patterns blocked" for the popup.
• Crowdsourced cancel-link registry (read-only in MVP): when the user is on a service's account page, the popup surfaces the direct, verified cancel URL plus a one-paragraph cancel template if a cancel URL is missing.
• Whitelist + report buttons so users can submit false positives and missing cancel links back to the registry.

Monetization

Freemium browser extension.

• Free: real-time detection, auto-uncheck, basic cancel-link lookup.
• Pro ($3/mo or $24/yr): scan history with screenshots, family/team plan, priority cancel-link coverage requests, an "I want to cancel" wizard that drafts and sends the cancel email for you, and an opt-in monthly "what you almost agreed to" digest.
• Stretch B2B: licensed compliance scanner sold to consumer-app legal teams as a "pre-ship dark-pattern audit" CLI built on the same detector.

Why now

The FTC restarted negative-option rulemaking on March 11, 2026 with an ANPRM, signalling a renewed federal push at subscription dark patterns after the Eighth Circuit vacated the original Click-to-Cancel rule in July 2025; meanwhile the FTC has opened five new cases and approved six settlements involving negative-option misconduct since January 2025, including a $2.5B retailer settlement. Existing dark patterns research and "deceptive design" galleries make the taxonomy mature and well-documented — the detector logic can be built from public examples rather than from scratch. And the broader subscription-audit category (Rocket Money, Bobby, Trim) has proven that consumers will install something that watches their money in the background, but none of them work upstream at the moment of signup.

Risks & open questions

• DOM heuristics will produce false positives. The fix-it button has to be reversible and clearly opt-in or the extension is worse than nothing.
• Some pages will detect and break the extension (anti-extension scripts, shadow DOMs, A/B tested variants). Need a degraded "advisory only" mode.
• The crowdsourced cancel registry is the moat but also the biggest moderation burden — without verification it becomes spam bait.
• Monetization needs to clear ~$2/yr CAC; Chrome Web Store discovery is weak, so growth probably depends on a viral "patterns blocked this week" share card.
• Legal: does flagging a competitor's UI as a "dark pattern" expose us to defamation claims? Worth a one-page review before launch.

Next step

Validate by recording 20 signup/checkout flows from the public Hall of Shame plus 10 random top-100 SaaS sites, manually tagging dark patterns in each, and seeing how many of the resulting rules can be expressed as pure DOM/CSS selectors with <5% false-positive rate on a clean control set. If yes, promote to a weekly prototype: a static HTML demo that "plays back" a fixture sign-up flow with the detector overlay live.

Sources

• https://www.sidley.com/en/insights/newsupdates/2026/02/us-ftc-signals-renewed-interest-in-click-to-cancel-rulemaking — FTC signalling renewed click-to-cancel rulemaking interest in 2026.
• https://www.kirkland.com/publications/kirkland-alert/2026/03/ftc-restarts-subscription-rulemaking — FTC restarted subscription rulemaking with a March 2026 ANPRM.
• https://www.crowell.com/en/insights/client-alerts/clicking-all-the-right-boxes-ftc-moves-to-revive-click-to-cancel-rule-following-eighth-circuit-vacatur — Procedural history after the Eighth Circuit vacatur and the FTC's revival path.
• https://secureprivacy.ai/blog/dark-pattern-avoidance-2026-checklist — 2026 dark-pattern compliance taxonomy useful as a detector spec.
• https://www.deceptive.design/hall-of-shame — Working corpus of real-world dark-pattern examples to train detection rules on.
• https://subbuddy.io/blog/posts/subscription-trap-dark-patterns-ftc-click-to-cancel — Consumer-facing framing of the subscription-trap problem and the regulatory backdrop.