What is Dark Patterns?
Deceptive user interface designs that trick people into giving up privacy, making purchases, or agreeing to terms they didn't intend — such as hiding opt-out buttons, using confusing language, or making cancellation deliberately difficult.
Also known as: Deceptive Design, Deceptive Patterns, Manipulative Design
Dark patterns are the digital equivalent of a con artist's tricks — designed by teams of UX professionals to manipulate you into surrendering privacy, money, or consent.
Common Privacy Dark Patterns
Privacy Zuckering
Named after Mark Zuckerberg. Making privacy settings deliberately confusing so users share more data than intended. Facebook's privacy settings have changed dozens of times, each time defaulting to more sharing.
Confirmshaming
"No, I don't want to protect my account" — using guilt-inducing language on opt-out buttons to discourage users from making privacy-preserving choices.
Hidden Settings
Burying privacy controls deep in settings menus. Google's ad personalization settings require navigating through multiple screens. Cookie consent "manage preferences" requires clicking through layers of toggles.
Misdirection
Making the "Accept All" cookies button large and colorful while "Reject All" is gray, small, or requires additional clicks.
Forced Continuity
Free trials that auto-convert to paid subscriptions with no reminder. The signup is one click; cancellation requires calling a phone number during business hours.
Roach Motel
Easy to sign up, nearly impossible to delete your account. Some services require mailing a physical letter to delete an account.
Trick Questions
"Uncheck this box if you don't want to not receive marketing emails" — confusing double negatives that trick users into opting in.
Bait and Switch
Offering a privacy-respecting service, then changing the terms after you've committed your data. Google Photos offering unlimited free storage, then changing to paid and holding your data.
The Cookie Consent Problem
Cookie consent banners are the most visible dark pattern on the web:
- "Accept All" is one click, bright green, prominently placed
- "Manage Preferences" leads to 40+ toggles, each defaulting to "on"
- "Reject All" often doesn't exist, or requires 5+ clicks
- Websites use this friction deliberately — they know most people will click "Accept All"
Legal Pushback
- EU Digital Services Act: Explicitly bans dark patterns
- California CPRA: Prohibits "dark patterns" that subvert consumer choices
- FTC: Bringing enforcement actions against deceptive design (Fortnite $520M settlement)
- EDPB: European Data Protection Board guidelines against manipulative consent
How to Protect Yourself
- Use browser extensions that auto-reject cookies (Consent-O-Matic, uBlock Origin)
- Read the opt-out text — not just the opt-in button
- Search "[company] delete account" rather than navigating their settings
- Use virtual cards — Cancel payments to force subscription cancellation
- Screenshot everything — Dark patterns in consent flows may be legally challengeable
- Report deceptive patterns to your data protection authority (EU) or FTC (US)
Related Terms
Consent Fatigue
The exhaustion and desensitization that occurs from being bombarded with privacy consent requests — cookie banners, terms of service, app permissions — leading people to blindly accept everything just to make the prompts stop.
Consent Management
Systems and processes for collecting, recording, and managing user consent for data collection and processing, required by GDPR and similar laws.
Cookie Consent
The requirement under EU law for websites to obtain user permission before setting non-essential cookies, resulting in the ubiquitous consent banners.
Terms of Service
A legal agreement between a service provider and user that defines the rules, rights, and responsibilities of both parties, often containing privacy-relevant clauses.
Have more questions?
Use our guided flow to get the right next privacy step for Dark Patterns.
Open Guided Flow