We stand with Ukraine to help keep people safe. Join us

Tags Digital Wellness

What Are Dark Patterns and How They Trick You

Table of contents

Have you ever tried to make an online purchase only to be badgered by pleas for you to buy an expensive add-on?


Perhaps you've been about to click the order button when you notice something in your cart that you didn't add.


Or maybe you’ve hit “Accept all cookies” thinking it’s the only way to get rid of the pop-up blocking your screen?


These all are examples of dark patterns — a manipulative strategy used by some of the biggest online retailers, services and sites around, often with their great success. Read more to learn how to avoid being tricked by them.


Pro tip: Unfortunately, antivirus will not safeguard you from dark patterns. The only way to avoid them is to educate yourself and stay alert. However, an all-encompassing cybersecurity solution like Clario can protect you from malware threats and free up your attention, so you don't fall prey to shady schemes. To give Clario a go, download and try it now (no credit card required).

What are dark patterns?

Dark pattern design is part of a deceptive technique employed by websites and apps to trick you into handing over something valuable. This usually means your time, money, attention or data. Other examples include making it hard for people to cancel an app subscription (so called fleeceware apps) or unsubscribe from an email newsletter.


Dark patterns are everywhere. They have been of particular concern in user experience design for over a decade. Opting not to use them is a commitment to fairness and treating users with the respect they deserve.


Although there have been some legislative efforts to thwart dark patterns, one of the best things you can do to combat them is to understand what they look like and make sure you don't fall into the trap.

How do dark patterns work?

Dark patterns work because designers understand most people don't absorb all of a webpage’s information. We tend to skim pages, especially if they don't seem very interesting. Malicious designers take advantage of this with visual cues (which could be things like fake notification bubbles) or subverting expectations. For instance, they might make an "I agree" button red and a "Cancel" one green.

manipulative cookies

The above screenshot shows the cookie policy pop-up from The Guardian. The button that reads “Yes, I’m happy” (i.e. to accept cookies) is blue text on a white background, laid over a dark blue panel. That makes it stand out more from the Manage my cookies option, which is white text on a lighter blue background. The color selection alone could entice users to click on the former.


The timing of introducing dark patterns is critical to making them successful. Interrupting you with a popup when you're in the middle of something could distract you and cause you to click without thinking clearly about your decision.


Sometimes, designers who create products people interact with (user experience, or UX design) aren't even aware they're tricking users. Many of them inherently understand the fundamentals of what works and how to push users to carry out an intended action. It's easy for users to abandon an app or website if a tap or click causes something frustrating to happen. It's often up to designers to make sure this doesn't occur.


So, it's typically in designers' best interests to guide users through processes and make their experience smooth. Manipulating the user's actions in such a way could be deemed an instance of a dark pattern, even if it's not intentionally malicious.

Dark patterns examples

There's every chance you'll encounter a dark pattern UX when you visit a website for the first time. Most websites display a message to new visitors asking them to review the site's cookie policy. It often urges them to enable all cookies for the optimum experience.


Cookie policy pop-ups can be annoying. You might be tempted to click the Accept cookies button (or something similar) instead of clicking through and disabling all non-essential cookies. That can take just a few seconds, but it's a layer of friction many users don't bother dealing with.


According to Max Schrems, chair of privacy advocacy group noyb, "Companies openly admit that only 3% of all users actually want to accept cookies, but more than 90% can be nudged into clicking the ‘agree’ button."

cookie consent
In this example from The North Face website, the first thing you see is the “Allow all” button, while the option to set up your cookie preferences is not that obvious
wired cookies
In this example from Wired, to change the default cookies settings, you have to click the “Show Purposes” button — not too obvious, is it?

You might run into dark UX when you try to unsubscribe from a service. Signing up for a subscription can take seconds. You plug in your personal information and payment details — after reading the terms of service, of course.


But canceling a membership can take a lot more work. Take the New York Times (NYT), for example. You can’t simply end your subscription by clicking a button on your account settings. Instead, you need to either call a customer care line or chat with an agent. That’s unethical design that benefits the NYT, as it places unnecessary hurdles between you and canceling a subscription.

ny times cancel subscription
The New York Times requires subscribers to call or chat with an agent to cancel their plan. But signing up for a subscription is easy to do online.

Dark patterns can occur in something as commonplace as a website’s terms of service. Many of us have agreed to them without reading. They're often long, and we'd much rather just scroll to the end and hit Agree.


Designers might make the option to skip part of a signup process less prominent than prompts to provide a phone number or profile photo. Facebook's plea to iOS 14.5 users to enable cross-app tracking is another example of a dark pattern. Facebook says that turning on that device setting will “help keep Facebook free of charge.” That’s technically true, but it’s also subtly manipulative, as Facebook won’t suddenly start changing users to use the social network if they don’t enable cross-app tracking.

facebook manipulative tracking request
A screenshot of Facebook and Instagram using manipulative language to urge iOS users to turn on cross-app tracking  

Signing up for a subscription is often very easy, but you may encounter a dark pattern UX when you attempt to cancel it. A service may ask if you're sure you want to cancel, and then repeat the question and highlight the benefits of the plan after you say "yes." From one page to the next, the app or website may move the position of the cancel and maintain-subscription buttons to confuse you.


Whenever you make an online purchase, you’ll run into some manipulative design. Buy a product that’s part of Amazon’s subscribe and save program, and the website will automatically select the option for you to subscribe to the item, rather than just buying it once.

amazon dark patterns
Amazon often employs dark UX, including in this example where the “Subscribe & Save” option is selected by default, and not “One-time purchase”
nordvpn dark patterns
When you go to its pricing page, Nord VPN has already automatically selected the option for NordPass Premium, a password manager. This would saddle the user with an extra monthly fee if they don’t remove it.

Are dark patterns illegal?

Some jurisdictions are tackling the problem of dark UX head on. Europe's General Data Protection Regulation gives consumers more control over their data. It bans apps and websites from certain forms of data collection without user consent. That means they need to explicitly ask for permission or face tough penalties.


In March 2021, California banned certain types of dark patterns. Specifically, the state will no longer allow instances that have “the substantial effect of subverting or impairing a consumer’s choice to opt-out” of programs that involve their personal data being sold.


Examples include requiring users to “click through or listen to reasons why they should not submit a request to opt-out before confirming their request” or adopting confusing or misleading language, such as double negatives.

How to avoid becoming a victim of dark patterns

The simplest thing you can do to avoid the trap of dark pattern design is to pay attention. Yes, terms of service are usually very boring and it's much easier to accept all cookies on a website by clicking once. But you might be agreeing to something that might come back to haunt you or giving up part of your privacy.


It takes a little more time and effort to stay on the lookout for signs of dark UX and to do things we might not necessarily want to. The iOS 14 terms of service, for instance, clock in at around 7,000 words.


This might sound daunting, but it'd take most people under 25 minutes to read the whole thing. It’s only a modicum of time, given how much many of us rely on our phones. You'll have a better understanding of what you're actually agreeing to after you read it.


You can also inform your family, friends and co-workers about what to look for and how to steer clear of dark pattern manipulations.


Perhaps most importantly, you can flag dark patterns UX examples to digital advocacy groups. The Electronic Frontier Foundation, Consumer Reports, Access Now, PEN America, and DarkPatterns.org have opened a Dark Patterns Tip Line, where you can report those tactics and help put pressure on companies to stop using them. Perhaps that way, companies will adopt fairer and more ethical design practices.

Read more:

Keep reading

Are you fully secured online? Get Clario for all-round protection.

Get started