Dark Patterns - Deceptive UI Design Tricks

About 2 min read

A dark pattern is a UI/UX design technique that cleverly nudges users into taking actions they did not intend. It refers to designs that deliberately distort users' judgment for the company's benefit, such as making subscription cancellation extremely complicated or enabling the sharing of personal information by default. In the security context, tactics that maximize the collection of personal data by making privacy settings hard to understand are seen as especially problematic.

Historical Background

The term "dark pattern" was coined in 2010 by the British UX designer Harry Brignull. Brignull launched darkpatterns.org (now deceptive.design) and systematically classified and called out the deceptive design patterns used by companies. This work drew the attention of academic research and regulators, and entering the 2020s, moves by the EU and the U.S. Federal Trade Commission (FTC) to explicitly make dark patterns a target of regulation accelerated. Initially, the discussion was limited to the purchase flow of e-commerce sites, but it has now expanded to digital services in general, including cookie consent banners, social media privacy settings, and subscription management.

Representative Types

Dark patterns have several typical types. "Confirmshaming" is a technique that uses wording designed to make the user feel guilty about the option to decline. For example, "No, I don't need the great deals" makes declining itself appear to be a loss. "Roach Motel" is a design that makes signing up easy but cancellation extremely difficult, frequently seen in subscription services. "Hidden Costs" is a tactic of adding fees or shipping charges at the final stage of checkout. "Forced Continuity" is a pattern that automatically switches the user to a paid plan after a free trial ends and deliberately makes the cancellation process hard to understand.

The Problem with Cookie Consent Banners

Since the enforcement of the GDPR, cookie consent banners have come to be displayed on nearly every website, but many of them contain dark patterns. Typically, the "Accept All" button is shown in a large, eye-catching color, while "Reject" and "Customize Settings" are hidden in small text links. A 2022 study by Princeton University reported that about 90% of major EU sites use some kind of dark pattern in their cookie consent banners. The current situation, in which user consent has become a mere formality, raises serious doubts about the effectiveness of privacy protection. We also examine the balance between privacy and convenience.

Regulatory Trends in the EU

With the Digital Services Act (DSA) that came into force in 2022, the EU explicitly prohibited the use of dark patterns on online platforms. Specifically, interface designs that distort, manipulate, or substantially impair users' decision-making are subject to regulation. Violations can result in fines of up to 6% of global revenue. In the U.S. as well, the FTC has strengthened its enforcement against dark patterns, and in 2023 it filed a lawsuit ordering a major e-commerce site to improve its subscription cancellation process. From a compliance perspective, service designers need to consciously eliminate dark patterns.

Dark Patterns in Security Settings

Dark patterns also lurk in security settings. Tactics such as embedding the two-factor authentication settings screen deep in the menu hierarchy to make it hard to find, or defaulting privacy settings to "public to everyone," are dark patterns that deliberately keep the user's security level low. When combined with social engineering, users may not even realize that they are choosing dangerous settings. We recommend regularly reviewing the settings of the services you use, referring to the privacy settings guide.UX design ethics books (Amazon) explain in detail how to put ethical design into practice.

How to Recognize Dark Patterns

To protect yourself from dark patterns, it is effective to cultivate the habit of pausing to think, "Why does only this option stand out?" and "Why is declining so cumbersome?" As with phishing, it is precisely in situations where you are rushed or made to feel guilty that calm judgment is required. Please also check the safe app installation guide.