Skip to main content

Dark Patterns | UX is a powerful tool in the online world

In many ways, it can be a good thing – empowering users to make the most out of their online experiences. In another vein, it can be abused for its potential, serving as a dangerous tool for cybercrime and data misuse. One of the greatest examples of this is what’s called dark patterns, which are becoming an increasingly prominent threat to internet users worldwide. In this article, we’ll review the concept of dark patterns, how they work, and what it has to do with your privacy interests.

What Are Dark Patterns?

The term ‘dark patterns’ was originally conceptualized by User Experience specialist Harry Brignull in 2010. Simply defined, they’re “the use of design and marketing techniques to deliberately manipulate people into doing things they might not otherwise do, such as buying something, signing up for a service, or clicking on an ad” – and that’s just the tip of the iceberg.

Dark patterns are a highly prevalent yet hardly talked about topic when it comes to our activities online.

They can be found everywhere we look online, from the way a website is designed to how ads are displayed, and everything in between.

Dark Patterns are design and marketing techniques to deliberately manipulate people into doing things they might not otherwise do - CookieFirst Cookie ConsentDark Patterns are design and marketing techniques to deliberately manipulate people into doing things they might not otherwise do.

Common examples of dark patterns include…

Misleading buttons or links: This is when a call-to-action (CTA) button is designed in a way that misleads users into clicking it. A prime example of this is when a CTA is designed to look like a close or back button, or is placed in a location where users are likely to mistakenly click it.

Confusing forms: This is when a form is designed in a way that is confusing or difficult to understand. This can include things like mandatory opt-ins, pre-checked boxes, and hidden fees.

Forced continuity: This is when a user is tricked into subscribing to a service or buying a product that they don’t actually want. This often happens when companies offer free trials that automatically convert into paid subscriptions after a certain period of time, or when they make it difficult to cancel an existing subscription.
Baiting: This is when a company uses false or misleading information to lure users into clicking on a link or downloading an app. A common example of this is when a user is promised a free gift or discount, but is actually taken to a landing page where they’re asked to enter their personal information or sign up for a subscription.

Ghost buttons: This is when a user clicks on something and expects an action to be performed, but instead sees a blank or nearly-invisible button. A typical example of this would be an ad with a brightly colored CTA that takes the user to a page where the only visible option is to exit the site.

Overall, dark patterns are designed to exploit human psychology in order to achieve a desired outcome – usually, this means making a sale or gaining a new customer. However, dark patterns can also be used for more nefarious purposes, such as tricking people into disclosing personal information or clicking on malicious links.

Cookie Consent Manager | Take a 2 week free trial

Take a 2 week free trial for our paid plans or create a free account …

Create an accountView our plans

What Types Of Dark Patterns Are There?


In the context of dark patterns, misdirection refers to designs in which user attention is purposefully directed away from certain elements in order to manipulate them into performing a certain action or completing a task. This can take many different forms, but some of the most common examples include flashy animations, captivating imagery, and misleading design elements.


Nudging is a type of dark pattern that uses psychological tricks to influence people’s behavior. This can be done in a number of ways, but some common examples include using fear tactics, social pressure, and false scarcity.


Confirmshaming is a type of dark pattern that uses shaming or guilt as a way to pressure users into completing an action. This can include things like pre-checked opt-ins, calls-to-action with negative language (e.g. “Lose weight now!”), and popups that tell users they’ve broken the law or made a mistake.

Privacy “Zuckering”

Imagine how problematic you’d have to be to have an entire type of data misuse named after you. Unfortunately for Mark Zuckerberg, that’s exactly what happened when it was revealed that Facebook had been engaged in a years-long pattern of mishandling user data. And while this type of dark pattern is most commonly associated with the social media giant, it can really be applied to any company that collects and sells user data without their knowledge or consent.

Privacy ‘Zuckering’ is essentially a catch-all term for any deceptive tactic that is used to lure users into sharing more of their personal information than they realize. This can include things like pre-checked opt-ins and hidden fees, as well as vague terms of service agreements and misleading statements about how user data will be used or shared.

Trick Questions as part of Dark Patterns

Trick questions are another type of dark pattern that uses confusing or misleading language in order to manipulate users into providing more personal information than they intended. This can include things like CAPTCHA-like security checks that ask for sensitive information, mini-surveys with leading questions, and other deceptive prompts that make it difficult to understand what is being asked.

Roach Motels

A roach motel is a type of dark pattern that is designed to trap users into a situation from which they cannot escape. This can be done in a number of ways, but some common examples include subscription traps, auto-renewals, and free trials that are difficult to cancel.

How Are Dark Patterns Effective?

While there are many different ways to design a dark pattern, they all share one common goal: to exploit human psychology in order to achieve a desired outcome. This can be anything from making a sale to gaining a new customer, but regardless of the ultimate goal, dark patterns are designed to manipulate people into taking an action that they wouldn’t otherwise take.

There are a number of different psychological concepts that dark patterns exploit, but some of the most common include confirmation bias, sunk cost fallacy, and loss aversion. By addressing these cognitive biases and using well-crafted messaging, designers can create interfaces that trick users into making decisions that they may not fully understand or feel good about later.

Ultimately, the effectiveness of dark patterns comes down to two main factors: their ability to manipulate user behavior, and the lack of transparency about how this manipulation occurs. When done correctly, dark patterns can be very effective at achieving certain outcomes, while also making users feel like they have no choice but to comply. This combination makes them a particularly insidious and troubling type of design practice.

Dark patterns’ prevalence and impact have long gone largely unnoticed, however that is slowly changing as the public becomes more aware of these deceptive design tactics. In response to this growing awareness, a number of initiatives have been launched in an effort to combat the use of dark patterns. These include things like the Dark Patterns Hall of Shame, as well as Mozilla’s Tracker Radar project.

Are your an agency, webdesigner or another reseller?

Earn 30% commission, take a look at our reseller model or contact us for numbers larger than 500 clients

Calculate your revenue

Dark Patterns And Consent

Dark patterns can not only frustrate users and erode their trust, but they’re also considered illegal under both the GDPR and CCPA. Both of these regulations place a strong emphasis on the concept of “consent”, which requires that companies obtain users’ permission before collecting their data, and clearly communicate how it will be used. Violating this principle is considered a breach of trust, and can result in penalties or even lawsuits if users decide to take legal action.

Given the potential consequences, it’s important for companies to be aware of how dark patterns might violate these regulations. For example, a pre-checked opt-in box that automatically enrolls users in a subscription service could be considered illegal under the GDPR, as it fails to obtain explicit consent from the user. Similarly, a free trial that is automatically renewed after the trial period ends could also be considered illegal, as it does not give users a clear way to opt out or cancel the service.

While the GDPR and CCPA are the two most well-known regulations that address consent, they are not the only ones. A number of other countries have also enacted similar laws, and it’s likely that more will follow suit in the future. As a result, companies should keep abreast of any new developments in this area, and ensure that their practices are in compliance with the latest regulations.

Overall, dark patterns are a powerful but often unethical tool that can be used to manipulate user behavior and gain strategic advantage. While they have been widespread for many years, there is growing awareness about their negative effects, as well as efforts to combat them through legislation and public education. Whether you are an individual user or a company designing digital products, it is important to be aware of how these tactics work, so that you can avoid them and protect yourself from being deceived.

A Consent Management Platform (CMP) like CookieFirst can be used for obtaining consent from website users when you are using third-party tools on your website, like Google Analytics or tracking technology and advertising technology.

Take a look at our consent features here.


Get consent before loading third party tracking scripts

CookieFirst aims to make ePrivacy and GDPR compliance easy and quick to implement. The CookieFirst platform offers third-party script and consent management, statistics, periodic cookie scans, automated cookie declaration, banner customization, multiple language options, and more. Avoid large fines and get consent before loading third-party tracking scripts — try CookieFirst!