Dark pattern

A dark pattern (also known as a "deceptive design pattern") is "a user interface that has been carefully crafted to trick users into doing things, such as buying overpriced insurance with their purchase or signing up for recurring bills".[1][2][3] User experience designer Harry Brignull coined the neologism on 28 July 2010 with the registration of darkpatterns.org, a "pattern library with the specific goal of naming and shaming deceptive user interfaces".[4][5][6]

In 2021 the Electronic Frontier Foundation and Consumer Reports created a tip line to collect information about dark patterns from the public.[7]


Privacy ZuckeringEdit

"Privacy Zuckering" is a practice that tricks the user into sharing more information than they intended to.[8] Users may give up this information unknowingly or through practices that obscure or delay the option to opt out of sharing their private information. California has approved regulations that limit this practice by businesses in the California Consumer Privacy Act.[9]


Bait-and-switch patterns advertise a free (or at a greatly reduced price) product or service that is wholly unavailable or stocked in small quantities. After announcing the product's unavailability, the page presents similar products of higher prices or lesser quality.[10][11]


Confirmshaming uses shame to drive users to act. For example, when websites word an option to decline an email newsletter in a way that shames visitors into accepting.[11][12]


Common in software installers, misdirection presents the user with a button in the fashion of a typical continuation button. A dark pattern would show a prominent "I accept these terms" button asking the user to accept the terms of a program unrelated to the one they are trying to install.[13] Since the user typically will accept the terms by force of habit, the unrelated program can subsequently be installed. The installer's authors do this because the authors of the unrelated program pay for each installation that they procure. The alternative route in the installer, allowing the user to skip installing the unrelated program, is much less prominently displayed,[14] or seems counter-intuitive (such as declining the terms of service).

Some websites that ask for information that is not required also use misdirection. For example, one would fill out a username and password on one page, and after clicking the "next" button, the page asks the user for their email address with another "next" button as the only option.[15] This hides the option to press "next" without entering the information. In some cases, the page shows the method to skip the step as a small, greyed-out link instead of a button, so it does not stand out to the user.[16] Other examples include sites offering a way to invite friends by entering their email address, to upload a profile picture, or to identify interests.

Confusing wording may be also used to trick users into formally accepting an option which they believe has the opposite meaning, for example a personal data processing consent button with label "don't not sell my personal information".[17]

Roach motelEdit

A roach motel or a trammel net design provides an easy or straightforward path to get in but a difficult path to get out.[18] Examples include businesses that require subscribers to print and mail their opt-out or cancellation request.[10][11] Recently, in the United States, the Federal Trade Commission (FTC) has announced they will ramp up enforcement of dark patterns like roach motel that trick consumers into signing up for subscriptions or making it difficult to cancel. The FTC has stated key requirements to related to information transparency and clarity, express informed consent, and simple and easy cancellation.[19]

During the 2020 United States presidential election, Donald Trump's campaign employed a similar dark pattern, pushing users towards committing to a recurring monthly donation.[20]


In 2016 and 2017 research has documented social media anti-privacy practices using dark patterns.[21][22] In 2018 the Norwegian Consumer Council (Forbrukerrådet) published "Deceived by Design", a report on deceptive user interface designs of Facebook, Google and Microsoft.[23] A 2019 study investigated practices on 11,000 shopping web sites. It identified 1818 dark patterns total and grouped them into 15 categories.[24]

Recent research from April 2022 finds that dark patterns are still commonly used in the marketplace, highlighting a need for further scrutiny of such practices by the public, researchers and regulators.[25]

Under the European Union General Data Protection Regulation (GDPR), all companies must obtain unambiguous, freely-given consent from customers before they collect and use ("process") their personally identifiable information. A 2020 study found that "big tech" companies often used deceptive user interfaces in order to discourage their users from opting out.[26] In 2022 a report by the European Commission found that "97% of the most popular websites and apps used by EU consumers deployed at least one dark pattern".[27]


Bait-and-switch is a form of fraud that violates US law.[28] In the European Union, the GDPR requires that a user's informed consent to processing of their personal information be unambiguous, freely-given, and specific to each usage of personal information. This is intended to prevent attempts to have users unknowingly accept all data processing by default (which violates the regulation).[29][30][31][32][33]

In April 2019, the UK Information Commissioner's Office (ICO) issued a proposed design code for the operations of social networking services when used by minors, which prohibits using "nudges" to draw users into options that have low privacy settings. This code would be enforceable under the GDPR.[34]

On 9 April 2019, US senators Deb Fischer and Mark Warner introduced the Deceptive Experiences To Online Users Reduction (DETOUR) Act, which would make it illegal for companies with more than 100 million monthly active users to use dark patterns when seeking consent to use their personal information.[35]

In March 2021, California adopted amendments to the California Consumer Privacy Act, which prohibits the use of deceptive user interfaces that have "the substantial effect of subverting or impairing a consumer's choice to opt-out".[17]

In October 2021, the Federal Trade Commission issued an enforcement policy statement, announcing a crackdown on businesses using dark patterns that "trick or trap consumers into subscription services." As a result of rising numbers of complaints, the agency is responding by enforcing these consumer protection laws.[19]

According to the European Data Protection Board, the "principle of fair processing laid down in Article 5 (1) (a) GDPR serves as a starting point to assess whether a design pattern actually constitutes a 'dark pattern'."[36]

In 2022, New York Attorney General Letitia James fined Fareportal $2.6 million for using deceptive marketing tactics to sell airline tickets and hotel rooms[37] and the Federal Court of Australia fined Expedia Group's Trivago A$44.7 million for misleading consumers into paying higher prices for hotel room bookings.[38]

See alsoEdit


  1. ^ Campbell-Dollaghan, Kelsey (21 December 2016). "The Year Dark Patterns Won". CO.DESIGN. Retrieved 29 May 2017.
  2. ^ Singer, Natasha (14 May 2016). "When Websites Won't Take No For An Answer". The New York Times. Retrieved 29 May 2017.
  3. ^ Nield, David (4 April 2017). "Dark Patterns: The Ways Websites Trick Us Into Giving Up Our Privacy". Gizmodo. Retrieved 30 May 2017.
  4. ^ Brignull, Harry (1 November 2011). "Dark Patterns: Deception vs. Honesty in UI Design". A List Apart. Retrieved 29 May 2017.
  5. ^ Grauer, Yael (28 July 2016). "Dark Patterns Are Designed to Trick You, and They're All Over the Web". Ars Technica. Retrieved 29 May 2017.
  6. ^ Fussell, Sidney, The Endless, Invisible Persuasion Tactics of the Internet, The Atlantic, 2 August 2019
  7. ^ Release, Press (19 May 2021). "Coalition Launches 'Dark Patterns' Tip Line to Expose Deceptive Technology Design". Electronic Frontier Foundation. Archived from the original on 19 May 2021. Retrieved 27 May 2021.
  8. ^ "Dark Patterns - Types of Dark Pattern". www.darkpatterns.org. Retrieved 13 December 2021.
  9. ^ "Attorney General Becerra Announces Approval of Additional Regulations That Empower Data Privacy Under the California Consumer Privacy Act". State of California - Department of Justice - Office of the Attorney General. 15 March 2021. Retrieved 13 December 2021.
  10. ^ a b Snyder, Jesse (10 September 2012). "Dark Patterns in UI and Website Design". evatotuts+. Retrieved 29 May 2017.
  11. ^ a b c Brignull, Harry. "Types of Dark Patterns". Dark Patterns. Retrieved 29 May 2017.
  12. ^ "UX Dark Patterns: Manipulinks and Confirmshaming". UX Booth. Retrieved 2 November 2019.
  13. ^ "Terms of service for McAffee in μTorrent installer". 2017. Retrieved 13 October 2018.
  14. ^ Brinkmann, Martin (17 July 2013). "SourceForge's new Installer bundles program downloads with adware". Retrieved 13 October 2018. ... The offer is displayed on the screen, and below that a gray decline button, a green accept button ...
  15. ^ "Why do we need email addresses to create Reddit accounts now?". 2017. Retrieved 13 October 2018. ... you can skip it by leaving it blank.
  16. ^ Schlosser, Dan (5 June 2016). "LinkedIn Dark Patterns". Retrieved 13 October 2018. ... you need to find the tiny "Skip this step" link at the bottom right to proceed. Moreover, the link is placed outside of the blue box which ostensibly contains all relevant info or controls. ...
  17. ^ a b Vincent, James (16 March 2021). "California bans 'dark patterns' that trick users into giving away their personal data". The Verge. Retrieved 21 March 2021.
  18. ^ Brignull, Harry (29 August 2013). "Dark patterns: Inside the interfaces designed to trick you". The Verge. Retrieved 29 May 2017.
  19. ^ a b "FTC to Ramp up Enforcement against Illegal Dark Patterns that Trick or Trap Consumers into Subscriptions". Federal Trade Commission. 28 October 2021. Retrieved 13 December 2021.
  20. ^ Bensinger, Greg (30 April 2021). "Opinion | Stopping the Manipulation Machines". The New York Times. ISSN 0362-4331. Retrieved 13 December 2021.
  21. ^ Bösch, Christoph; Erb, Benjamin; Kargl, Frank; Kopp, Henning; Pfattheicher, Stefan (1 October 2016). "Tales from the Dark Side: Privacy Dark Strategies and Privacy Dark Patterns". Proceedings on Privacy Enhancing Technologies. 2016 (4): 237–254. doi:10.1515/popets-2016-0038. ISSN 2299-0984.
  22. ^ Fritsch, Lothar (2017). Privacy dark patterns in identity management. Gesellschaft für Informatik, Bonn. ISBN 978-3-88579-671-8.
  23. ^ Moen, Gro Mette, Ailo Krogh Ravna, and Finn Myrstad: Deceived by Design - How tech companies use dark patterns to discourage us from exercising our rights to privacy., 2018, Consumer council of Norway / Forbrukerrådet. Report.
  24. ^ Mathur, Arunesh; Acar, Gunes; Friedman, Michael J.; Lucherini, Elena; Mayer, Jonathan; Chetty, Marshini; Narayanan, Arvind (November 2019). "Dark Patterns at Scale: Findings from a Crawl of 11K Shopping Websites". Proceedings of the ACM on Human-Computer Interaction. 3 (CSCW): 81:1–81:32. arXiv:1907.07032. Bibcode:2019arXiv190707032M. doi:10.1145/3359183. ISSN 2573-0142. S2CID 196831872.
  25. ^ Runge, Julian; Wentzel, Daniel; Huh, Ji Young; Chaney, Allison (14 April 2022). ""Dark patterns" in online services: a motivating study and agenda for future research". Marketing Letters. doi:10.1007/s11002-022-09629-4. ISSN 1573-059X. S2CID 248198573.
  26. ^ Human, Soheil; Cech, Florian (2021). Zimmermann, Alfred; Howlett, Robert J.; Jain, Lakhmi C. (eds.). "A Human-Centric Perspective on Digital Consenting: The Case of GAFAM". Human Centred Intelligent Systems. Smart Innovation, Systems and Technologies. Singapore: Springer. 189: 139–159. doi:10.1007/978-981-15-5784-2_12. ISBN 978-981-15-5784-2. S2CID 214699040.
  27. ^ European Commission. Directorate General for Justice and Consumers (2022). Behavioural study on unfair commercial practices in the digital environment: dark patterns and manipulative personalisation : final report. LU: Publications Office. doi:10.2838/859030. ISBN 9789276523161.
  28. ^ Title 16 of the Code of Federal Regulations § 238
  29. ^ "Understanding 'trust' and 'consent' are the real keys to embracing GDPR". The Drum. Retrieved 10 April 2019.
  30. ^ "Facebook and Google hit with $8.8 billion in lawsuits on day one of GDPR". The Verge. Archived from the original on 25 May 2018. Retrieved 26 May 2018.
  31. ^ "Max Schrems files first cases under GDPR against Facebook and Google". The Irish Times. Archived from the original on 25 May 2018. Retrieved 26 May 2018.
  32. ^ "Facebook, Google face first GDPR complaints over 'forced consent'". TechCrunch. 25 May 2018. Archived from the original on 26 May 2018. Retrieved 26 May 2018.
  33. ^ Meyer, David. "Google, Facebook hit with serious GDPR complaints: Others will be soon". ZDNet. Archived from the original on 28 May 2018. Retrieved 26 May 2018.
  34. ^ "Under-18s face 'like' and 'streaks' limits". BBC News. 15 April 2019. Retrieved 15 April 2019.
  35. ^ Kelly, Makena (9 April 2019). "Big Tech's 'dark patterns' could be outlawed under new Senate bill". The Verge. Retrieved 10 April 2019.
  36. ^ "Guidelines 3/2022 on Dark patterns in social media platform interfaces: How to recognise and avoid them" (PDF). European Data Protection Board.
  37. ^ "Assurance of discontinuance" (PDF). March 2022.{{cite web}}: CS1 maint: url-status (link)
  38. ^ "Australia fines Expedia Group's Trivago $33 million on misleading hotel room rates". au.finance.yahoo.com. Retrieved 14 June 2022.

External linksEdit