Trusten

Trusten scans any website and exposes manipulative patterns instantly — with an A–F trust grade, screenshots, and the exact laws being violated. Free for consumers; paid audits for companies.

Comment

Trusten

Inspiration

We've all been there — trying to cancel a subscription and hitting screen after screen of guilt trips, hidden buttons, and "Are you sure?" prompts designed to wear you down. Amazon Prime takes 6 clicks to cancel. Adobe charges 50% of your remaining contract if you leave early. Booking.com shows "Only 1 room left!" messages that reset every time you refresh the page.

These aren't accidents. They're dark patterns — manipulation tricks deliberately built into websites to control your behavior. And they cost consumers over $50 billion a year in unwanted purchases, hidden fees, and subscriptions people never meant to keep.

What frustrated us most was that there's no way to see these tricks before you get burned. Trustpilot tells you people are unhappy. But it doesn't tell you why — it doesn't show you the 14 manipulation tactics on the checkout page or the cancellation flow that's deliberately designed to be impossible. We wanted to build the tool we wished existed: something that scans any website and shows you exactly how it's trying to manipulate you, with proof.

What it does

Trusten is a browser-based tool that scans any website and instantly grades it on how honestly it treats users — from A (trustworthy) to F (highly manipulative). Think of it as a health inspection grade for restaurants, but for websites.

  • Instant Scanning: Click the Trusten button, and within seconds you see a trust grade and a plain-English breakdown of every manipulation tactic detected — with annotated screenshots as evidence.
  • Deep Workflow Scanning: Trusten walks through entire processes like checkout flows, cancellation flows, and sign-up funnels just like a real user would, flagging dark patterns at every step. It can show that cancelling takes 6 steps while signing up took 2.
  • 24 Detection Categories: We cover fake urgency, fake scarcity, confirmshaming, basket sneaking, drip pricing, roach motel patterns, forced continuity, trick wording, disguised ads, privacy zuckering, dark consent flows, and more — 24 categories grouped into 10 analyzer modules.
  • Regulatory Mapping: Every detected pattern is mapped to the specific laws it may violate across 14 international regulations (FTC Act, EU Digital Services Act, GDPR, CCPA, and 10 others). This makes reports directly usable by compliance teams and regulators.
  • Trusten Certified™ Audits: Companies can hire Trusten for a comprehensive independent audit. Those who pass earn a "Trusten Certified" seal — proof that a third party has verified their honesty. This is the Moody's of consumer trust.

How we built it

The core detection engine uses a hybrid approach — deterministic rule-based checks first, AI analysis second:

  • Rule-based detection (~70% of patterns): Regex patterns, DOM structure analysis, CSS inspection, keyword matching, and behavioral checks (like detecting countdown timers that reset on page reload). These are fast, cheap, and reproducible.
  • Multi-model AI analysis (~30%, ambiguous cases): For patterns that require semantic understanding — like determining whether "No thanks, I prefer paying full price" is confirmshaming or legitimate copy — we route to frontier LLMs. The production architecture uses a provider-agnostic pipeline (Claude, GPT-4o, fine-tuned classifiers) with consensus voting: 2+ models must agree before flagging a high-severity pattern, keeping false positives below 3%.
  • Agentic browser automation: Built on a fork of BrowserOS, an open-source Chromium fork with an integrated AI agent platform. BrowserOS handles navigation, clicking, and screenshotting via Chrome DevTools Protocol (CDP). Our Trusten layer sits on top and handles detection, scoring, and evidence collection.
  • Tech stack: TypeScript/Bun (detection engine and MCP server), Svelte + TypeScript (browser extension), Next.js (results dashboard), Python/Django (backend API), PostgreSQL (data storage).

The 10 analyzer modules are fully modular — each one is independent, follows the same interface, and can be enabled or disabled. Adding new pattern categories means adding a new analyzer file.

Challenges we ran into

  • The line between dark pattern and aggressive marketing is blurry. A countdown timer for a genuine flash sale is legitimate; one that resets every page load is manipulative. Building analyzers that distinguish intent from presentation — without drowning in false positives — was our hardest design problem. The hybrid approach (deterministic checks for clear-cut cases, AI consensus for ambiguous ones) was our solution.
  • Multi-step workflow detection is compute-intensive. A "deep scan" of a cancellation flow means actually navigating 6+ pages, clicking buttons, filling forms, and screenshotting at every step. At scale, this requires significant browser automation infrastructure. We addressed this with queue-based architecture, scan caching (same URL scanned recently? serve cached results), and tiered priority.
  • Regulatory mapping across 14 jurisdictions is genuinely complex. The same dark pattern can violate different articles in different regulations, and the legal interpretations aren't always settled. We consulted academic research (Mathur et al., Gray et al.) and regulatory guidance documents to build our mapping, but this remains an area where legal advisory input is critical.
  • Explaining the product without jargon. Early feedback made clear that terms like "enshittification," "confirmshaming," and "privacy zuckering" — while precise — lose most audiences instantly. We learned to lead with relatable experiences ("Ever tried to cancel a subscription...") and introduce technical vocabulary only after the concept clicks.

Accomplishments that we're proud of

  • The engine is real, not a pitch deck. Trusten's dark pattern detection engine is fully built and functional — 10 analyzer modules, 24 detection categories, regulatory mapping to 14 international frameworks, A–F scoring, annotated screenshot evidence, and 118 passing automated tests. This isn't a concept; it's a working product.
  • Evidence-grade detection. Every pattern Trusten flags comes with proof: a screenshot, a DOM fragment, or network evidence (like a countdown timer that resets on reload). No detection without evidence. This is what makes Trusten credible for auditors, regulators, and journalists — not just consumers.
  • The Trusten Certified audit model. We designed a business model where the companies we score can become paying clients — not adversaries. Companies pay $5K–$75K for an independent audit and earn a certified trust grade they can display publicly. This turns the typical antagonistic relationship (scored company vs. scoring platform) into a collaborative one, while creating the highest-margin revenue stream in the business.
  • Provider-agnostic AI architecture. We're not locked into any single LLM provider. The multi-model consensus approach means we can swap providers based on cost, quality, and speed — and new model releases are shadow-evaluated within 48 hours automatically.

What we learned

  • Consumers don't pay for transparency — but compliance teams do. Early validation showed that consumers expect protection tools to be free (like ad blockers). The real paying customers are compliance teams facing EU DSA audit requirements, legal teams seeking regulatory documentation, and companies that want a competitive trust certification. Our free tier drives data and awareness; revenue comes from B2B.
  • The content IS the product. Every scan Trusten runs produces shareable, newsworthy data. A report showing "Amazon uses 14 manipulation tricks during checkout" is a press story waiting to happen. We learned that our go-to-market strategy isn't advertising — it's publishing results that people can't ignore.
  • Simplicity wins. Our most effective communication tool is the A–F grade. People don't need to understand the 24 detection categories — they need to see a letter grade and trust that the methodology is rigorous. The complexity lives under the hood; the interface is dead simple.
  • Historical data is an irreplaceable moat. Every scan we store today is evidence that can never be recreated. A competitor launching in 2028 cannot go back and capture what Booking.com's checkout page looked like in 2026. The temporal data advantage compounds daily.

What's next for Trusten

  • Public beta launch of the browser extension — get it into users' hands and start generating real scan data at scale.
  • Publish the first "Dark Pattern Report Cards" — scan Amazon, Booking.com, Adobe, and 20+ major sites, publish the results with annotated evidence, and pitch the data to tech journalists. This is our primary awareness and credibility engine.
  • Build the quality degradation tracker — the module that monitors how platforms change over time (feature removals, price increases, ad density growth), producing longitudinal "enshittification timelines" for any digital product.
  • Launch Trusten Certified audit services — begin conducting paid audits for companies that want to earn a verified trust grade and display the Trusten Certified seal.
  • Enterprise compliance product — a subscription dashboard for compliance teams to continuously monitor their own products (and competitors') for dark patterns, with regulatory reporting built in.
  • International expansion — localize detection and regulatory mapping for EU, India, Brazil, and Japan, each with their own consumer protection frameworks.

Built With

Share this project:

Updates