Dark patterns, also known as deceptive patterns, are user interface (UI) designs crafted to trick users into doing things they did not mean to do. These tricks manipulate people into making decisions against their best interests, such as signing up for unwanted subscriptions or buying overpriced insurance. Marketers and developers must recognize these tactics to avoid legal penalties and maintain brand trust.
What are Dark Patterns?
User experience designer Harry Brignull coined the term in July 2010 to define a library of deceptive interfaces. These designs go beyond poor usability; they are intentional choices that lead users toward specific commercial outcomes. While they might provide short-term gains in conversions or sign-ups, they often rely on misleading users rather than providing value.
The prevalence of these tactics is widespread. [A study of 11,000 shopping websites found 1,818 individual dark patterns across 15 categories] (Wikipedia). In Europe, regulatory scrutiny is high because [97% of the most popular websites and apps used by EU consumers have deployed at least one dark pattern] (Wikipedia).
Why Dark Patterns matter
Using deceptive patterns introduces significant legal and financial risks to an organization. Regulators in the US and EU have increasingly targeted companies that "trick or trap" consumers.
- Legal penalties: Major federal and state laws, including the FTC Act and the California Consumer Privacy Act (CCPA), forbid deceptive designs.
- Financial settlements: Non-compliance leads to massive payouts. [Epic Games paid $245 million to settle FTC charges regarding deceptive payment systems in Fortnite] (Deceptive Design).
- Customer experience (CX) ROI: Long-term success favors transparency. [Businesses identified as customer experience leaders generate 3.4 times the return on stock value compared to laggards] (Osano).
- Brand trust: Deceptive tactics cause customer frustration, which leads to long-term brand erosion and loss of revenue.
How Dark Patterns work
Dark patterns exploit the way the human brain processes information. Humans use heuristics, or mental shortcuts, to make decisions quickly and avoid "analysis paralysis." Deceptive designs use these shortcuts against us through cognitive biases.
- Exploiting habit: Users often click through common pop-ups or installers by force of habit.
- Visual weight: Designers use high-contrast colors for "Accept" buttons and low-contrast colors for "Reject" options to nudge users toward the preferred business outcome.
- Wording: Confusing or double-negative language tricks users into agreeing to options they think they are declining.
- Forced action: Users are required to give up data or complete a task (like a survey) before they can access a desired feature or opt out of a service.
Types of Dark Patterns
| Name | Definition | Trade-off |
|---|---|---|
| Roach Motel | Easy to sign up, but extremely difficult to cancel. | High churn friction but creates massive customer resentment. |
| Bait-and-Switch | Advertising a free or cheap product that is unavailable to force a higher-priced purchase. | Creates immediate traffic but risks immediate legal action for fraud. |
| Privacy Zuckering | Tricking users into sharing more personal data than they intended. | High data harvest but violates GDPR/CCPA consent rules. |
| Drip Pricing | Hiding fees or taxes until the very end of the purchase process. | Lowers initial cart abandonment but increases checkout abandonment and distrust. |
| Confirm-shaming | Wording opt-out buttons to make the user feel guilty (e.g., "No thanks, I prefer to pay full price"). | Minor boost in opt-ins but creates a negative brand image. |
Best practices
Avoid deceptive designs to stay compliant with global privacy laws like GDPR and CCPA.
- Make opt-outs easy: Ensure canceling a service is as simple as signing up for it. If it took one click to join, it should take one click to leave.
- Use neutral language: Avoid "confirm-shaming" or "trick wording." Use clear labels like "Accept All" and "Reject All" with equal visual weight.
- Default to privacy: Do not pre-select checkboxes for marketing emails or data sharing. Consent must be "unambiguous and freely-given."
- Disclose full pricing early: Prevent "drip pricing" by showing all mandatory fees, taxes, and shipping costs as early as possible in the user journey.
- Provide clear opt-out reasons: If an opt-out form is necessary, do not force users to write a long justification. Meta was criticized when [opt-out forms for AI training required reasons for opting out despite policy saying any reason was acceptable] (Wikipedia).
Common mistakes
Mistake: Using a gray "decline" button and a bright green "accept" button for cookies. Fix: Use buttons of equal size and contrast to allow a fair choice.
Mistake: Pre-ticking the box for a recurring monthly donation or subscription. Fix: Keep boxes unchecked and require a proactive action from the user to commit to recurring payments.
Mistake: Hiding the "Unsubscribe" link in an email using a font color that matches the background. Fix: Ensure the link is visible, legible, and functional to comply with CAN-SPAM and other email regulations.
Mistake: Alternating the meaning of "On" and "Off" on settings pages to confuse the user. Fix: Maintain consistent UI elements across all preference pages. [AT&T was called out for using this specific trick on their email preferences page] (Deceptive Design).
Examples
Intuit (TurboTax): Intuit faced significant legal trouble for using bait-and-switch patterns to market "free" tax filing. [The company agreed to a $141 million settlement after misleading millions of customers into paying for services they could have received for free] (Wikipedia).
Noom: The diet app [Noom paid $62 million to settle charges involving deceptive subscription and auto-renewal practices] (Deceptive Design). The case focused on how difficult it was for users to cancel their services.
Trivago: The Federal Court of Australia [fined Expedia Group's Trivago A$44.7 million for misleading consumers into believing they were seeing the best hotel prices] (Wikipedia). The platform actually ranked hotels based on which ones paid the highest referral fees.
FAQ
Are dark patterns illegal? Yes, many are. In the EU, the GDPR, Digital Services Act (DSA), and Digital Markets Act (DMA) regulate these interfaces. In the US, the FTC Act and state-level laws like the CCPA provide authorities with the power to fine companies. [The FTC recently ordered Intuit to cease deceptive advertising for its "free" products] (Wikipedia).
What is the "Roach Motel" pattern? This describes a situation where it is very easy to get into a situation (like a subscription) but very difficult to get out. Examples include requiring users to print and mail a physical letter to cancel an online account.
How do dark patterns affect SEO and traffic? While dark patterns might temporarily boost conversion metrics, they often lead to high "bounce" rates at checkout and poor long-term retention. Search engines and platforms may also penalize sites that use deceptive marketing tactics to manipulate traffic.
Who coined the term? Harry Brignull, a user experience designer, coined the term in 2010. He also created the "Deceptive Design Hall of Shame" to document examples of companies using these tactics.
Can "nagging" be considered a dark pattern? Yes. Nagging occurs when a site or app repeatedly asks for consent to data processing after the user has already declined, interrupting their experience until they give in.
Entity Tracking
- Dark Patterns / Deceptive Patterns: User interfaces crafted to trick users into unintended actions.
- Harry Brignull: The UX designer who coined the term "dark patterns" in 2010.
- Heuristics: Mental shortcuts people use to make quick decisions.
- Cognitive Biases: Logical gaps in heuristic thinking exploited by dark patterns.
- GDPR: European regulation requiring unambiguous, freely-given consent.
- FTC Act: US federal law used to penalize deceptive commercial practices.
- CCPA: California law regulating data privacy and deceptive design.
- Roach Motel: A design that makes it easy to get in but hard to get out.
- Privacy Zuckering: Tricking users into sharing more data than intended.
- Drip Pricing: Adding hidden fees at the end of a transaction to misleadingly lower the initial price.
