Dark Patterns: How UX design tricks you into giving away your privacy

What are dark patterns and what do they have to do with your online privacy? Learn more about how UX design might trick you into doing something you didn’t quite agree to.

Dark Patterns

Tina KuoUX ResearchWorking Student

User experience designers mostly use their knowledge of cognitive psychology and usability to design the best experience for you as possible. However, they sometimes also apply their understanding of these psychological biases to create user experiences that herd and misdirect you to take a path or decision you didn’t mean to take. This is also known as a dark pattern. Instead of designing with your best interests at heart, they design for their business’ goals, whether that is more sales, more data, or more subscribed users.

These dark patterns are ethically problematic since they nudge you towards particular choices and actions that may be against your own interest. They take your agency away without you knowing. Although most commonly seen in the user experience of e-commerce sites, they have become more prevalent particularly in privacy consent notices and pop-ups since the General Data Protection Regulation (GDPR) has been in place since May of this year.

Using dark patterns to trick you into sharing more information about yourself than you intended to have been so common it even has a name: ‘Privacy Zuckering’ named after Facebook’s founder Mark Zuckerberg.

The next time you’re browsing the web, here are a few dark patterns you should look out for.

The importance of visual design and communication is paramount in any interface’s effectivity and functionality. Through formatting text fonts, buttons, and color blocks, designers can trigger the desirable action from the user, directly or through learned associations. For some businesses, more clicks means more money, so the right visual cues are key.

At Google, they famously tested 41 different gradations of blue for the colored links in ads. They found that a more purple shade of blue was more click-friendly than a greener shade of blue. This design decision resulted in an extra $200 million a year in ad revenue, which proves how powerful the impact of visual design can be.

As a dark pattern, color and design theories are used to condition and ultimately misdirect users. Let’s take a look at the example below from Inc.

In this cookie consent banner used by Inc., we see that they highlighted the text ‘Trust and transparency is important to us’ in bold letters and hyperlinked a few keywords with blue font. Users who do not read the block of text carefully will miss that ‘by continuing to use the site, including closing or clicking off the banner, you consent to the use of advertising and analytics technologies.’

This deceptively hidden and down-played default privacy setting, which is also set to the lowest privacy-friendly setting, is a dark pattern aided by the text formatting and layout of the consent form interface. Also notable is that the option to decline is hidden in the less noticeable ‘Learn More’ button, which is also much less prominently presented as a clickable option compared to the others.

Note as well the usage of color in the consent form, which is meant to trigger users to click the prominent blue block button in order to continue quickly onto the site compared to the sparse ‘Learn More’ option, which also is passively worded. The imbalance of visual representation between the options is a dark pattern meant to dissuade you from noticing the Learn More button. Once you click the Learn More button, you will find that your privacy settings are set to the least privacy-friendly settings.

Another example of using formatting as a dark pattern is the invisible unsubscribe option. Companies bury the option in a jumble of text at the bottom of the page or format it to make it look like it’s not a link.

By removing all unnecessary distractions that could possibly distract your attention from completing the process and exposing you to information and cues, user experience designers aim to make it as easy as possible for you to make decisions and get what you need to do done. This might also be known as tunneling, a persuasive design pattern used to guide users through a process or experience by closing off or discouraging detours. When this persuasive pattern is used to take away the user’s sense of control and purposefully misguide them for the interest of the company, it becomes a dark pattern.

You can see this dark pattern often in the choice architecture used in privacy consent forms. Facebook and Google’s privacy settings are by default the least-privacy-friendly settings, leaving users who quickly skim over consent forms and agree to the default settings at a risk.

In the study ‘Deceived by Design’ conducted by Forbrukerrådet, the Consumer Council of Norway, they created click-flowcharts that track the steps it takes to achieve the most privacy-friendly settings for multiple sites such as Facebook and Google. It takes considerably longer to opt out rather than in for almost all sites. In Facebook’s case, 13 clicks for the most privacy-friendly setting compared to 5 clicks for the least privacy-friendly setting. For Google, it takes 9 clicks to secure your privacy compared to 2 clicks.

Facebook consent form click-flowchart (Source: Forbrukerrådet)

By framing decisions, gains, and losses differently, you can be nudged to make certain choices. Companies can frame a decision differently by focusing on positive benefits while playing down or even completely leaving out negative consequences in the messaging.

They can also play on the effect of loss aversion, the psychological theory that the fear of losing something motivates us more than the prospect of gaining something of equal value. We will go to greater lengths to avoid losses rather than take risks to obtain equal gains. Through the phrasing and formulation of the language, companies are able to increase the likelihood of someone taking a risk or avoiding it.

An example can be seen in Facebook’s prompt to encourage users to enable their face recognition privacy settings. In the first prompt, they first frame the face technology as a gain by highlighting the positive aspects of face recognition, such as finding photos that you haven’t been tagged in. They then use a dark pattern as they inform the user ‘if you keep face recognition turned off, we won’t be able to use this technology if a stranger uses your photo to impersonate you. If someone uses a screen reader, they won’t be told when you’re in a photo unless you’re tagged.’ Here they frame the decision to turn off face recognition as a potential security risk and loss of control over personal data.

We see that Facebook intentionally only highlights the positive aspects of face recognition, such as finding photos that you haven’t been tagged in, without mentioning any possible negative aspects, such as tracking your current emotional state for advertising purposes.


The prevalence of dark patterns is so widespread throughout the web that there’s even a hall of shame dedicated to them. It was created by UX consultant Harry Brignull, who also coined the term ‘dark pattern.’

Next time you’re browsing the web, try to avoid intuitively clicking through sites based on the visual cues and remain vigilant when confronted with suspiciously large blocks of text or vaguely worded buttons. Take an extra second to process what you’re seeing before clicking away those pesky privacy consent forms. Keep your data safe!