Dark pattern

A dark pattern is "a user interface that has been carefully crafted to trick users into doing things, such as buying insurance with their purchase or signing up for recurring bills."[1][2][3] The neologism, dark pattern, was coined by user experience designer Harry Brignull on July 28, 2010 with the registration of darkpatterns.org, a "pattern library with the specific goal of naming and shaming deceptive user interfaces."[4][5][6] Another more broad definition of a dark pattern is an instance where "user value is supplanted in favor of shareholder value."[7]



Bait-and-switch patterns advertise a free (or at a greatly reduced price) product or service that is wholly unavailable or stocked in small quantities. After it is apparent that the product is no longer available, other products similar to the one advertised (but with higher prices or being of lesser quality) are presented to the viewer of the site.[8][9]


When a design attempts to shame you into doing something. For example, an option to decline an email newsletter is worded in a way that shames you into accepting.[9][10]


This is common in software installers, where the user is presented a button in the fashion of a typical continuation button. It is common to accept the program's terms of service, so a dark pattern would show a prominent "I accept these terms" button asking the user to accept the terms of a program unrelated to the one they are trying to install.[11] Since the user typically will accept the terms by force of habit, the unrelated program can subsequently be installed. The installer's authors do this because they are paid by the authors of the unrelated program for each installation that they procure. The alternative route in the installer, allowing the user to skip installing the unrelated program, is much less prominently displayed,[12] or seems counter-intuitive (such as declining the terms of service).

This pattern also is used by some websites, where the user is shown a page that asks for information that is not required. For example, one would fill out a username and password on one page, and after clicking the "next" button, the user is asked for their email address with another "next" button as the only option.[13] It is not apparent that the step may be skipped and simply pressing "next" without entering the personal information sought, the website just continues to the next page. In some cases, a method to skip the step is visible, but not shown as a button (instead, usually, presented as a small and greyed-out link) so that it does not stand out to the user.[14] Other examples of sites using this pattern are those offering a way of inviting friends by entering their email address, to upload a profile picture,[15] or to identify interests.

Roach motelEdit

A roach motel or a trammel net design,[16] provides an easy or straightforward path to get into something, but is difficult to get out of. Examples of the application of such a devices to Internet interfaces include businesses that require subscribers to print and mail their opt-out or cancellation request.[8][9]

Research on Dark PatternsEdit

  • A study in 2019 has investigated practices on 11.000 shopping web sites. A total number of 1818 dark patterns were identified and grouped into 15 categories.[17]
  • Social media anti-privacy practices are documented in privacy dark patterns in two publications from 2016[18] and 2017[19]
  • The Norwegian consumer council (Forbrukerrådet) has published the report Deceived by Design" in 2018 which describes deceptive user interface designs with popular social media platforms.[20]


The European Union General Data Protection Regulation requires that a user's informed consent to processing of their personal information be unambiguous, freely-given, and specific to each usage of personal information. This is intended to prevent attempts to have users unknowingly accept all data processing by default (which violates the regulation).[21][22][23][24][25]

In April 2019, the UK Information Commissioner's Office (ICO) issued a proposed design code for the operations of social networking services when used by minors, which prohibits using "nudges" to draw users into options that have low privacy settings. This code would be enforceable under the GDPR.[26]

On April 9, 2019, U.S. senators Deb Fischer and Mark Warner introduced the Deceptive Experiences To Online Users Reduction (DETOUR) Act, which would make it illegal for companies with more than 100 million monthly active users to use dark patterns when seeking consent to use their personal information.[27]


  1. ^ Campbell-Dollaghan, Kelsey (21 Dec 2016). "The Year Dark Patterns Won". CO.DESIGN. Retrieved 29 May 2017.
  2. ^ Singer, Natasha (14 May 2016). "When Websites Won't Take No For An Answer". The New York Times. Retrieved 29 May 2017.
  3. ^ Nield, David (4 April 2017). "Dark Patterns: The Ways Websites Trick Us Into Giving Up Our Privacy". Gizmodo. Retrieved 30 May 2017.
  4. ^ Brignull, Harry (1 Nov 2011). "Dark Patterns: Deception vs. Honesty in UI Design". A List Apart. Retrieved 29 May 2017.
  5. ^ Grauer, Yael (28 July 2016). "Dark Patterns Are Designed to Trick You, and They're All Over the Web". Ars Technica. Retrieved 29 May 2017.
  6. ^ Fussell, Sidney, The Endless, Invisible Persuasion Tactics of the Internet, The Atlantic, August 2, 2019
  7. ^ Gray, Colin M.; Kou, Yubo; Battles, Bryan; Hoggatt, Joseph; Toombs, Austin L. (2018). "The Dark (Patterns) Side of UX Design". Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems - CHI '18. New York, New York, USA: ACM Press: 1–14. doi:10.1145/3173574.3174108. ISBN 9781450356206.
  8. ^ a b Snyder, Jesse (10 Sep 2012). "Dark Patterns in UI and Website Design". evatotuts+. Retrieved 29 May 2017.
  9. ^ a b c Brignull, Harry. "Types of Dark Patterns". Dark Patterns. Retrieved 29 May 2017.
  10. ^ "UX Dark Patterns: Manipulinks and Confirmshaming | UX Booth". Retrieved 2019-11-02.
  11. ^ "Terms of service for McAffee in μTorrent installer". 2017. Retrieved 2018-10-13.
  12. ^ Brinkmann, Martin (2013-07-17). "SourceForge's new Installer bundles program downloads with adware". Retrieved 2018-10-13. ... The offer is displayed on the screen, and below that a gray decline button, a green accept button ...
  13. ^ "Why do we need email addresses to create Reddit accounts now?". 2017. Retrieved 2018-10-13. ... you can skip it by leaving it blank.
  14. ^ Schlosser, Dan (2016-06-05). "LinkedIn Dark Patterns". Retrieved 2018-10-13. ... you need to find the tiny "Skip this step" link at the bottom right to proceed. Moreover, the link is placed outside of the blue box which ostensibly contains all relevant info or controls. ...
  15. ^ "How to Create a LinkedIn Account (with Pictures)". wikiHow. Retrieved 2018-10-13.
  16. ^ Brignull, Harry (29 August 2013). "Dark patterns: Inside the interfaces designed to trick you". The Verge. Retrieved 29 May 2017.
  17. ^ Mathur, Arunesh; Acar, Gunes; Friedman, Michael J.; Lucherini, Elena; Mayer, Jonathan; Chetty, Marshini; Narayanan, Arvind (November 2019). "Dark Patterns at Scale: Findings from a Crawl of 11K Shopping Websites". Proc. ACM Hum.-Comput. Interact. 3 (CSCW): 81:1–81:32. arXiv:1907.07032. Bibcode:2019arXiv190707032M. doi:10.1145/3359183. ISSN 2573-0142.
  18. ^ Bösch, Christoph; Erb, Benjamin; Kargl, Frank; Kopp, Henning; Pfattheicher, Stefan (2016-10-01). "Tales from the Dark Side: Privacy Dark Strategies and Privacy Dark Patterns". Proceedings on Privacy Enhancing Technologies. 2016 (4): 237–254. doi:10.1515/popets-2016-0038. ISSN 2299-0984.
  19. ^ Fritsch, Lothar (2017). Privacy dark patterns in identity management. Gesellschaft für Informatik, Bonn. ISBN 978-3-88579-671-8.
  20. ^ Moen, Gro Mette, Ailo Krogh Ravna, and Finn Myrstad: Deceived by Design - How tech companies use dark patterns to discourage us from exercising our rights to privacy., 2018, Consumer concil of Norway / Forbrukerrådet. Report. https://www.forbrukerradet.no/undersokelse/no-undersokelsekategori/deceived-by-design
  21. ^ "Understanding 'trust' and 'consent' are the real keys to embracing GDPR". The Drum. Retrieved 2019-04-10.
  22. ^ "Facebook and Google hit with $8.8 billion in lawsuits on day one of GDPR". The Verge. Archived from the original on 25 May 2018. Retrieved 26 May 2018.
  23. ^ "Max Schrems files first cases under GDPR against Facebook and Google". The Irish Times. Archived from the original on 25 May 2018. Retrieved 26 May 2018.
  24. ^ "Facebook, Google face first GDPR complaints over 'forced consent'". TechCrunch. Archived from the original on 26 May 2018. Retrieved 26 May 2018.
  25. ^ Meyer, David. "Google, Facebook hit with serious GDPR complaints: Others will be soon". ZDNet. Archived from the original on 28 May 2018. Retrieved 26 May 2018.
  26. ^ "Under-18s face 'like' and 'streaks' limits". BBC News. 2019-04-15. Retrieved 2019-04-15.
  27. ^ Kelly, Makena (2019-04-09). "Big Tech's 'dark patterns' could be outlawed under new Senate bill". The Verge. Retrieved 2019-04-10.

External linksEdit