How to Spot and Avoid Dark Patterns on the Web

In today’s digital world, where we rely heavily on online platforms for shopping, social interaction, and accessing information, a fair and transparent user experience should be a standard expectation. Yet, a recent ICPEN report showed that 76% of sites and apps analyzed contain dark patterns, and the European Commission had identified that they’re present in 97% of European preferred EU sites.

Dark patterns, or deceptive designs, are manipulative design tactics that trick users into making choices they wouldn’t otherwise make. They’re manipulating users, exploiting their cognitive biases and using distractions to alter their autonomy. They show up in cookies, subscription traps, purchasing journeys, privacy settings…almost every aspect we come across on the internet. Not only is this harmful to the users’s welfare, privacy and even health, but it’s also totally illegal, around the world.

Here at FairPatterns, we firmly believe that users should not bear the responsibility of constantly policing these designs. Online users are entitled to a fair digital environment, free from manipulation, where they can navigate and make choices with clarity and autonomy.

Unfortunately, the reality is that dark patterns on the web are still prevalent. While the onus of fair design lies on businesses, users can empower themselves by learning to identify these tactics, understanding their own cognitive biases, and taking steps to avoid or counteract dark patterns on the web. Let’s explore what dark patterns are, how they work, and what steps users can take to navigate the web more confidently and safely.

‍

What Is a Dark Pattern on the Web?

A "dark pattern" on the web is a user interface design that manipulates users into taking actions they would not otherwise choose. Coined by UX specialist Dr. Harry Brignull, author of Deceptive Patterns and Senior Advisor to FairPatterns, dark patterns exploit human psychology and cognitive biases to trick users into spending more money, signing up for subscriptions, sharing more personal data, or performing actions that benefit the business rather than the user.

Some common types of dark patterns include:

• Hidden Costs: Adding extra charges at the final stages of checkout.
• Forced Continuity: Making it difficult to cancel a subscription.
• Trick Questions: Phrasing questions in a misleading way so users inadvertently opt in to something.
• Sneak into Basket: Adding products to the cart without clear consent.
• Privacy Zuckering: pushing users to share more personal data than they intended to.

These dark patterns erode trust in digital interactions and foster an environment of deceit rather than transparency. Ideally, businesses should avoid dark patterns on the web altogether and focus on creating honest, user-centered experiences. Indeed, the regulatory framework is tightening up and enforcement is ramping up, with potential fines up to 6% of the global turnover of the businesses at stake, and settlements up to $520M in the US to date.

However, until fair practices become the norm, understanding how to recognize dark patterns can help users protect themselves.

‍

1. Understand Cognitive Biases and How Dark Patterns Exploit Them

Many dark patterns succeed because they exploit common cognitive biases—psychological tendencies that shape the way we perceive and react to information. Here are a few that commonly come into play with dark patterns on the web:

• Confirmation Bias: We tend to favor information that confirms our existing beliefs. Dark patterns can capitalize on this, by framing options in a way that aligns with users’ preconceived ideas or expectations.
• Loss Aversion: This bias refers to our tendency to prefer avoiding losses over acquiring equivalent gains. For example, “Only 2 left in stock!” messages are crafted to make users fear missing out.
• Default Bias: Many of us stick with default settings because they seem like the path of least resistance. Dark patterns may use preselected checkboxes for options that benefit the business, like subscribing to newsletters or sharing personal data.
• Framing effect: we tend to believe a selective disclosure of information if it positively frames the consequences of an action, while omitting the entailed risks. For example, pushing a user to use a face identification service by emphasizing the benefits and omitting privacy implications.

All together, there are 180 cognitive biases identified in scientific literature.

‍

By becoming aware of these biases, users can better recognize when they are being subtly manipulated. For example, when presented with a “limited time offer” or a “last chance” prompt, take a moment to question the urgency and consider whether it’s truly in your best interest to act quickly.

‍

2. Take a Moment to Pause Before Clicking "I Agree" or "Free delivery"

One of the most effective defenses against dark patterns is simply taking a second to pause and think before clicking on any button, especially those labeled “I agree,” “Accept All,” or “Free Delivery.” While these buttons may seem straightforward, they often come with strings attached.

For instance, many websites include an “Accept All” button on cookie consent banners, which allows them to track user behavior for targeted advertising and data collection. Taking a moment to look for more detailed cookie settings can give users greater control over their privacy and online footprint. By the way, in the EU, it should be as easy to “decline all” than to “accept all” cookies. If there’s no “decline all” button, or if it’s a hidden, tiny gray link to “adjust your preferences”, you might to look to other sites that are more respectful of the agency of their users!

Practical Steps:

• Check for Alternatives: Look for a “Manage Settings” or “Customize” option to see if you can opt out of non-essential tracking.
• Read the Fine Print: Before clicking on “I agree,” scan the terms, especially regarding data collection and sharing.
• Question the “Free” Offers: In online shopping, offers like “free delivery” can sometimes involve hidden conditions or require committing to a subscription or minimum spending.

3. Spot, Name, and Shame Dark Patterns

While businesses are responsible for the ethical design of their digital platforms, users can still raise awareness by calling out manipulative practices. If you spot a dark pattern, naming and shaming the company on social media platforms can be a powerful way to hold businesses accountable. Hashtags like #darkpatterns or #deceptivedesign can amplify the message and raise awareness among other users.

Additionally, there are specific platforms dedicated to tracking and exposing dark patterns:

• Hall of Shame: Dr. Harry Brignull’s Hall of Shame is a well-known online repository of dark patterns, highlighting companies and websites that use manipulative tactics.
• Stanford Tipline: Stanford University has created a Dark Patterns Tipline where users can report their experiences and contribute to research on deceptive design practices.

These platforms serve as valuable resources for both consumers and designers interested in promoting ethical UX practices. Reporting dark patterns can create a ripple effect, encouraging businesses to take corrective action and prioritize transparency.

4. Report Dark Patterns to Consumer and Data Protection Authorities

In many regions, dark patterns that manipulate or deceive users could potentially violate consumer protection, data privacy laws and sector specific laws. For instance, the European Union’s General Data Protection Regulation (GDPR) prohibits deceptive consent mechanisms and unfair processing of personal data. Dark patterns also violate the Unfair Commercial Practices Directive, the Digital Services Act and the AI Act, when applicable. In the US, the FTC Act, ROSCA, DETOUR, the Negative Option Rule to name just a few also prohibit most dark patterns.

Here’s a world map of legislation around the world that prohibit dark patterns:

‍

By reporting dark patterns to your national data protection or consumer protection authority, you contribute to the regulatory scrutiny of manipulative practices, potentially leading to enforcement action against companies that violate fair practice standards.

Examples of National Data Protection Authorities:

• European Union: Each EU country has its own data protection authority, which enforces GDPR regulations. You can find your own here: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en#member-at
• United States: The Federal Trade Commission (FTC) addresses unfair or deceptive practices online, and they’re currently suing Amazon for dark patterns enshrined in Prime. You can make a report here: https://reportfraud.ftc.gov/. The Consumer Financial Protection Bureau is also very active against businesses that employ dark patterns. You can submit a complaint here: https://www.consumerfinance.gov/complaint/
• Canada: The Office of the Privacy Commissioner of Canada oversees privacy compliance. They just released a report on dark patterns and you can report a privacy issue here: https://www.priv.gc.ca/en/privacy-topics/information-and-advice-for-individuals/reporting-concerns-and-filing-complaints/
• Australia: The Competition and Consumer Commission also keeps an eye on dark patterns, as the government announced it supports the introduction of an economy-wide prohibition on “unfair trading practices”. You can report an issue here https://www.priv.gc.ca/en/privacy-topics/information-and-advice-for-individuals/reporting-concerns-and-filing-complaints/

Most of these agencies have an online form for submitting complaints, and many allow anonymous reporting. When reporting, be as specific as possible about the manipulative tactics and provide any supporting evidence, such as screenshots or URLs.

‍

Common Types of Dark Patterns and How to Recognize Them

To avoid dark patterns on the web effectively, it helps to familiarize yourself with the most common types:

1. Bait-and-Switch

• Description: Bait-and-switch occurs when a user attempts to complete one action, but the website switches to a different outcome.
• Example: Clicking a button labeled “No, thanks” on a pop-up ad only to be redirected to the advertiser’s site instead of closing the ad.

2. Roach Motel

• Description: A design that makes it easy to get into a certain situation, like a subscription, but hard to get out.
• Example: Signing up for a free trial with an easy, one-click process, only to find that canceling requires calling customer support or navigating through multiple web pages.

3. Privacy Zuckering

• Description: Named after Facebook CEO Mark Zuckerberg, this dark pattern tricks users into sharing more information than they intended.
• Example: Facebook’s frequent prompts asking users to “connect” with friends or share updates publicly are a form of Privacy Zuckering.

4. Confirmshaming

• Description: Guilt-tripping users into opting into something by phrasing the alternative in a shaming or derogatory manner.
• Example: When a website prompts users to sign up for a newsletter with an option like, “No, I don’t want to learn valuable tips for my success.”

5. Disguised Ads

• Description: Ads that are disguised as other content, such as article links or download buttons.
• Example: On news sites, it’s common to see sponsored articles presented as genuine news, making it difficult for users to distinguish between editorial and promotional content.

‍

Final Thoughts on Avoiding Dark Patterns on the Web

Navigating the internet shouldn't feel like tiptoeing through a minefield of manipulative tactics. While users can take steps to protect themselves, the ultimate responsibility for avoiding dark patterns on the web lies with businesses. Ethical web design is achievable, and it’s in a company’s best interest to foster trust and transparency with its audience. Until this becomes the norm, user awareness and community accountability are powerful tools for pushing back against these deceptive practices.

Remember to pause before clicking, think critically about the choices you’re presented with, and don’t hesitate to call out companies that try to manipulate you. By working together, users can push for a digital environment that respects autonomy and promotes fair interactions. FairPatterns is here to support businesses committed to integrity and help users navigate online spaces safely and confidently.

‍