Reading list

This article maps European Union laws addressing dark patterns, arguing that these laws protect biased consumers and regulate for autonomy. It offers a specific conception of autonomous decision-making and a novel normative classification for dark patterns, developing a taxonomy of six categories of autonomy violations. This framework aims to uncover existing EU law violations, delineate acceptable influences from autonomy violations, and provide guidance for policymakers.

This research proposes leveraging state private law to define and track evolving "dark patterns," which are user interface designs that trick or coerce users into making unintended choices. The article suggests that judge-crafted decisional law can quickly respond to new techniques, flexibly define the boundary between permissible and impermissible designs, and bolster regulatory enforcement by identifying designs that undermine user autonomy.

This research constructed a dataset for dark pattern detection and achieved high accuracy (0.975) using state-of-the-art machine learning methods like RoBERTa. The dataset and source codes are available on GitHub.

This research identifies dark patterns commonly found in popular and profitable casual mobile games through heuristic evaluation. Key dark patterns include "Pay to Skip" (selling elements to bypass challenges), "Grinding" (forcing repetitive mechanics for progress), and "Playing by Appointment" (requiring specific playtimes with rewards/punishments). The findings serve as a counter-guideline for game development and a basis for discussions on ethical game design.

This article identifies seventeen types of "dark patterns," manipulative design techniques used in apps and websites, and proposes a new taxonomy consistent with the Unfair Commercial Practices Directive (UCPD). Focusing on "Information Asymmetry" and "Free Choice Repression" categories, the paper offers policy recommendations to enhance the regulation of dark patterns for commercial purposes.

A study on social media account deletion found that platforms use dark patterns, offer inconsistent deletion options, and often make the process difficult, leading to many uncompleted deletion attempts. It is recommended that platforms clarify terminology and allow deletion from any device.

This paper examines whether individuals subjected to dark patterns can seek redress, using consent interactions and GDPR consent requirements as a case study through a comprehensive literature review and case law analysis by an interdisciplinary team of HCI and legal scholars.

"This report proposes a working definition of dark commercial patterns, sets out evidence of their prevalence, effectiveness and harms, and identifies possible policy and enforcement responses to assist consumer policy makers and authorities in addressing them. It also documents possible approaches that consumers and businesses may take to mitigate dark commercial patterns."

The Consumer Financial Protection Bureau detailed the findings of an inquiry into popular “buy now, pay later” programs Affirm, Afterpay, Klarna, PayPal and Zip. The CFPB identified “several areas of risk of consumer harm” and said the industry will be subject to the same oversight as credit card companies.

"In addition to a report on dark patterns, the commission made clear that gig companies shouldn't lie about how much money workers can earn."

“Our report shows how more and more companies are using digital dark patterns to trick people into buying products and giving away their personal information,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “This report—and our cases—send a clear message that these traps will not be tolerated.”

E-Commerce websites with most dark patterns found: @SHEIN_Official, @AliExpress_EN, @amazon.

"a top European court upheld a ruling that it broke competition rules and fined it a record 4.1 billion euros, in a move that may encourage other regulators to ratchet up pressure on the U.S. giant."

A study by Public Eye and FRC shows that online platforms use a wide variety of tricks to generate sales. (Deutsche)

Financial catastrophe is now only a few clicks away, a problem that is showing quiet signs of becoming a crisis. "I can't just get rid of my phone," one problem gambler says.

While many are looking forward to the DSA to bring order against the use of dark patterns in online interfaces, the impact of this Regulation might be limited. The proposed ban of dark patterns will indeed only apply to the restricted category of providers of online platforms and the use of dark patterns, which are already covered under the Unfair Commercial Practice Directive (UCPD) and the General Data Protection Regulation (GDPR), will fall outside the scope of the DSA. Consequently, the DSA might not be the salvatory Regulation that many were hoping for.

This research proposes a technique for detecting dark patterns in user interfaces of online trading sites by applying cluster analysis algorithms (hierarchical and k-means). The authors address the challenge of lacking formal datasets for dark patterns by identifying signs based on Nelsen's antisymmetric principles and using linguistic variables for assessment. The article also analyzes the application of these clustering algorithms in the RStudio environment.

In this episode Mikhail and Colin talk about dark patterns, different types of dark patterns, how marketers can recognize them, why companies use dark patterns, how to engage less in this type of manipulation, what to do if your company requires you to implement something you consider to be unethical and more.

If you thought cookie pop-ups were an annoying nuisance, just wait until you have to scan your face for some third party to “verify your age” after California’s new design code becomes law.

"...the DMA may root out some dark patterns, but only for “gatekeeper” companies, and only in contexts where those dark patterns relate directly to the law’s other provisions [...] Ithe DSA might have had a decisive impact on the prevalence of dark patterns online. However, those hoping for a broad, aggressive approach to dark patterns may be underwhelmed..."

The Consumer Policy Research Centre (CPRC) found that more than eight in 10 Australians (83%) have lost money, lost control of their data or have been manipulated by a business to make a choice that isn't in their interest.

The Federal Trade Commission has reportedly deepened its investigation into Amazon’s employment of dark patterns in the Amazon Prime subscription cancellation process. As EPIC explained in a complaint to the D.C. Attorney General last year, Amazon employs dark patterns to deter customers from canceling their Prime subscriptions.

"So what do you want us to do, fight?"

This case study is part of a mediation effort by the LINC on the design of interfaces. It translates in the form of a fictitious service decisions made by the CNIL in order to make them clear and accessible.

This study examines Facebook's issues by analyzing leaked documents and published news articles. It outlines the dark patterns that the company has applied, and discusses how they promote toxic behavior, hate speech and disinformation.

"On the Internet, traps aim to make us click where we don't want to. The English-speaking world calls them “dark patterns” – or “rigged interfaces”. What is the difference with the nudge , which aims to guide our actions by acting on “the architecture of our choices ”? Where is the line between influence and manipulation?"

Following actions of the Netherlands Authority for Consumers and Markets (ACM), online platform Wish has banned its merchants from using fake discounts on its platform. In addition, Wish has blocked the use of personalized pricing in the EU since May 25, 2022. This has been the result of actions taken by ACM.

California Privacy Rights Act provisions that will go into effect in January will provide more control to consumers over how companies use their data.

Despite Electronic Arts’ (EA) insistence that loot boxes are not gambling, and are, in fact, “surprise mechanics,” several studies have shown there is a link between loot boxes and gambling addiction.

Heated seats, remote start key fobs, and other creature comforts are likely to be subject to monthly or annual fees

The CFPB says it’s hiring 25 technologists over the next year to help its staff of mainly economists and lawyers actually probe these new leads. The move is as sure a sign as any that the bureau’s ongoing efforts to investigate and hold tech companies accountable for financial wrongdoing are only accelerating.

This research systematically studies the installation and configuration of consent pop-ups, identifying unethical design choices employed by Consent Management Providers (CMPs). The findings raise concerns about the privileged position of CMPs and their strategies in influencing website publishers, demonstrating how default consent pop-ups often violate the law and configuration options may lead to non-compliance.

"Friction isn’t always a bad thing [...] The trick is learning to differentiate good friction from bad, and to understand when and where adding good friction to your customer journey can give customers the agency and autonomy to improve choice, "

All over the world, governments are using nudges as regulatory tools. Is this ethical? Much of the answer depends on whether nudges promote or instead undermine welfare, autonomy, and dignity.

As Companies Wrongly Invoke the Guide to Justify Deception, Agency Seeks Public Input on Possible Revisions Around Dark Patterns and Other Deceptive Tactics

"Recently, the European Data Protection Board (EDPB) adopted for public consultation its 'Guidelines [...] These guidelines, like the AEPD guide, take article 5.1.a of the RGPD as a starting point to assess when a design pattern in a user interface corresponds to a dark pattern."

Research shows dark patterns increase purchase impulsivity in online shopping. Interventions can significantly reduce this effect, suggesting any intervention is better than none in combating dark patterns.

This paper discusses the regulation of "dark patterns" using two European Union legal frameworks, highlighting that the General Data Protection Regulation (GDPR) offers potential through data-protection-by-design but struggles due to unclear fairness definitions. It suggests that a pluralistic approach combining the strengths of GDPR and the EU's consumer protection acquis would be more effective in addressing manipulative design techniques.

"By analysing CMP services on an empty experimental website, we identify manipulation of website publishers towards subscription to the CMPs paid plans and then determine that default consent pop-ups often violate the law"

This study examines how companies use "dark patterns" to make it difficult for customers to quit online services, such as by hiding cancelation procedures or requiring excessive steps. The authors call for further research into the organizational causes, customer reactions, and broader market impacts of these deceptive practices.

Introductory video about Dark Patterns by NNgroup

The use of unfair practices to distort consumers’ economic behaviour is not new, but it takes a new important dimension as a result of the massive collection of data and the use of technology to build consumer profiles and anticipate consumer behaviour. EU consumer law already has partial capacity to address these situations, but it is currently not sufficiently enforced. In addition, EU law must be updated to tackle these unfair practices and ensure consumers are not harmed by misleading user interfaces and data personalisation techniques.

EU data protection authorities find that the consent popups that plagued Europeans for years are illegal. All data collected through them must be deleted. This decision impacts Google’s, Amazon’s and Microsoft’s online advertising businesses.

State and federal regulators have definitely put a new emphasis on combatting so-called “dark patterns” – but other than a catchy name, is there really anything new about the types of conduct that state and federal officials are calling illegal? This two-part blogpost will take a closer look at that question.

In this post (Part Two), we examine the FTC’s approach to this issue, now and in the past. Here, we conclude that, despite the new terminology, the practices that comprise today’s dark patterns have been core elements of FTC law and policy for years.

In this article and associated twitter thread Cennydd Bowles opines that design is not manipulative by definition. In his words: "Design influences. It persuades. But if it manipulates, something’s wrong.".

"The bitter truth of addiction is obscured by the smarmy ads and compromising relationships, and yet federal oversight is downright nonexistent."

The CMA has secured improvements for Xbox online players, following concerns about Microsoft’s use of auto-renewing subscriptions for online gaming services.

This investigation provides extensive information about the scope of the data flows and the web of third-party companies that receive that data to build detailed and intimate profiles of individuals, often without their knowledge.

The complaints allege the company has deployed ‘dark patterns,’ design tricks that can subtly influence users’ decisions in ways that are advantageous for a business

Article 13a in the DSA "explicitly forbids the use of specific techniques to extort consent to collect personal data, for instance, via repeatedly showing pop-ups. It also prevents platforms from requesting such consent if users already choose via ‘automated means’, which might be a setting in the web browser or operating system."

"If [the sellers] can confuse the consumer enough then the consumers won't necessary know what choice they're making and they can be talked into just about anything." -  Richard Cordray (Former Director of CFPB, 2014)

The French data protection authority hit Facebook and Google with multimillion-dollar fines yesterday for their use of deceptive design in their cookie consent banners.

Today, the CNIL said it’s fined Google €150M (~$170M) and Facebook €60M (~$68M) for breaching French law, following investigations of how they present tracking choices to users of google.fr, youtube.com and facebook.com.

Following investigations, the CNIL noted that the websites facebook.com, google.fr and youtube.com do not make refusing cookies as easy as to accept them. It thus fines FACEBOOK 60 million euros and GOOGLE 150 million euros and orders them to comply within three months.

FTC has made clear that to comply with the law, businesses must ensure sign-ups are clear, consensual, and easy to cancel.

"Google for years has used misleading notifications to lure users into disabling its rival’s browser extensions [...] The changes include requiring users to answer whether they would rather “Change back to Google search” after adding the DuckDuckGo extension and showing users a larger, highlighted button when giving them the option to “Change it back”.

This research investigates user behavior and mental models concerning dark patterns in cookie notices. Findings confirm that notice design impacts consent decisions and recall. Users recognize dark patterns and are uncomfortable with data collection practices but often don't act due to decision fatigue. The study concludes that website maintainers should rethink consent requests and end-users need better privacy protection solutions.

This research identifies dark patterns used in online travel agencies, simulates vacation bookings with users, and analyzes their emotions and feelings through AI-based facial recognition to understand vulnerability and types of dark patterns that are most impactful.

This study introduces the 'System Darkness Scale' (SDS), a questionnaire designed to evaluate and score the level of "dark mechanisms" within a system or service, similar to how SUS measures usability. The SDS aims to provide a validated tool for identifying dark patterns, which are intentionally designed interface elements that mislead or manipulate users.

This paper examines the history and evolution of the Twitter discourse surrounding #darkpatterns from June 2010 to April 2021. It uses quantitative and qualitative methods to describe how this discourse has changed over time, framing it as an emergent transdisciplinary conversation connecting multiple perspectives. The discourse is marked by socio-technical angst, aimed at identifying and fighting deceptive design practices. The paper also discusses potential future trajectories and opportunities for scholarship at the intersection of design, policy, and activism.

Many of health apps also have a dark side — selling your most personal data to third parties like advertisers, insurers and tech companies. [Podcast episode]

"Cancel anytime" actually means "you need to call a phone number, wait for someone to pick up and *maybe* you can cancel then. Or not."

On 14 December 2021, the Internal Market and Consumer Protection (IMCO) Committee of the European Parliament adopted its report on the Digital Services Act.

In a world with the EU Digital Services Act, online platforms must design web services in a way that does not trick users into giving away their personal data. If they fail, they’ll be held accountable.

Feature requires subscription even though it doesn’t use connected services.

Hidden away in #Google adtech antitrust complaint, in ref to internal docs: “We have been successful in slowing down and delaying the [ePrivacy Regulation] process and have been working behind the scenes hand in hand with the other companies.”

This paper investigates variations in dark patterns across different platforms (mobile app, mobile browser, web browser) for 105 popular services. Findings show that while some dark patterns are consistent across modalities, many differ, leading to inconsistent user experiences regarding autonomy, privacy, and control. The research concludes with implications for policymakers and practitioners, and suggestions for future dark patterns research.

This research explores user perceptions of manipulation in digital services, expanding on the concept of "dark patterns." Through a survey (n=169) and interviews, the study used a card sorting method to analyze responses from English and Mandarin Chinese speakers, identifying felt experiences of manipulative products and a continuum of manipulation. The findings offer insights for future research, public policy, and empowering user autonomy in digital interactions.

This paper explores dark patterns, defined as "tricks used in websites and apps that make you do things that you didn’t mean to," focusing on their prevalence in social media, gaming, and e-commerce. It discusses existing categorizations and suggests next steps for stakeholders like designers and engineers to better regulate dark patterns, minimize user concerns, and reduce unethical design practices.

A digital research platform linking together theory, methods, and practice for mapping media manipulation and disinformation campaigns.

This german language article on spiegel.de introduces the concept of dark patterns.

A review of recent (2020) work on dark patterns. The authors demonstrate that the literature does not reflect a singular concern or consistent definition, but rather a set of thematically related considerations.

Academic analysis of how Fortnite is using its platform to manipulate users.

The 'platformisation' of the games industry is posing some serious challenges for Europe and the internet at large.

The third-party cookie is dying, and Google is trying to create its replacement. No one should mourn the death of the cookie as we know it.

WASHINGTON – U.S. Sen. Mark R. Warner (D-VA) released the following statement after Governor Ralph Northam signed the Consumer Data Protection Act into state law:

Font size can be the difference between compliance and a class action lawsuit

News article summarising the findings from the research paper "Price Salience and Product Choice". "StubHub concluded that so-called “drip pricing” [...] resulted in people spending about 21% more."

Des fenêtres de navigation qui s’ouvrent inopinément, des couleurs criardes qui attirent l’œil, des caractères minuscules… Internet est rempli de désagréments en tout genre. Tout ceci est savamment conçu pour piéger l’internaute et porte un nom : les dark patterns. Explications.

"In today's video, we will go through dark patterns in UI and UX. These patterns are often misleading and almost blackmailing in nature. They make you feel bad about certain decisions you take and only benefit the business."

A not-for-profit project building a collaborative, online directory of ethical companies of all kinds.

This paper introduces the concept of "Asshole Design" and described the properties of asshole designers. The most related part of this paper is the authors differentiating dark patterns to asshole design properties, emphasizing the definition of dark patterns in relation to bad designs, value-centered, and asshole designs.

This paper provides the end-user perspective of the felt manipulation without directly using the language of dark patterns, but the examples illustrating some strategies that align with dark patterns defined in the literature.

This paper emphasizes the potential of consumer protection legislation as a powerful enforcer against dark patterns, offering more protection and enforcement opportunities than the GDPR. The modernization of consumer protection rules and enhanced harmonization, along with stronger remedies and enforcement capabilities, are expected to contribute to a more effective response to manipulative design features in digital environments.

A new California law (the California Privacy Rights Act) prohibits efforts to trick consumers into handing over data or money. A bill in Washington state (SB 5062 - 2021-22) used similar language.

"UX doesn't live up to its original meaning of 'user experience.' Instead, much of the discipline today, as it's practiced in Big Tech firms, is better described by a new name. UX is now 'user exploitation.'"

The Federation of German Consumer Organisations (vzbv) filed a complaint against “advocado”, an online service that helps people find a lawyer. With its lawsuit, the consumer protection group challenged the use of dark patterns in cookie banners used.

The CPRA defines a “dark pattern” as “a user interface designed or manipulated with the substantial effect of subverting or impairing user autonomy, decision-making, or choice” and clarifies that it should be “further defined by regulation.

This paper discusses how deceptive design patterns, or "dark patterns," are used on websites, specifically concerning cookie consent. The researchers analyzed 50 home cooking recipe websites and found that even among those compliant with GDPR, a majority still employed misdirection and sneak into basket dark patterns to influence user choices.

This research investigates the impact of dark patterns on user experience, specifically focusing on perceived annoyance and brand trust. An experiment involving 204 participants using two versions of a fictitious online shop (one with dark patterns, one without) revealed that dark patterns lead to higher perceived annoyance. A significant connection was found between perceived annoyance and expressed brand trust. However, the study did not find a connection between participants' affinity for technology and their ability to recognize and counter dark patterns.

"First, the CPRA adds a new definition of "consent" to the CCPA. The new definition explicitly states that "[A]greement obtained through the use of dark patterns does not constitute consent." Then, paralleling the definitions from Deceived by Design and the DETOUR Act, the CPRA defines a "dark pattern" as "a user interface designed or manipulated with the substantial effect of subverting or impairing user autonomy, decision-making, or choice, as further defined by regulation." Finally, the law directs that regulations regarding the sale or sharing of personal information ensure that a business obtaining consumer consent to such sale or sharing "does not make use of any dark patterns.""

On 21 January 2019, the CNIL’s restricted committee imposed a financial penalty of 50 Million euros against the company GOOGLE LLC, in accordance with the General Data Protection Regulation (GDPR), for lack of transparency, inadequate information and lack of valid consent regarding the ads personalization.

"Video about the difference between dark patterns & things badly designed by accident. With some hilarious examples of bad design"

Like millions of others, Netflix r̶e̶c̶o̶m̶m̶e̶n̶d̶e̶d̶ autoplayed The Social Dilemma documentary to my iPhone, and it made an impression.

This research argues that privacy's strength lies in its role in protecting individual autonomy, freedom, dignity, fairness, and the collective value of privacy. While current conditions have diminished privacy as a lived practice, these same conditions are fostering a resurgence of interest in privacy as a means to address harms. The authors call for regulatory approaches that shape the corporate, social, and political landscape to protect the collective and public value of privacy.

An interaction criticism analysis of dark patterns in consent banners.

In this video Professor Lior J. Strahilevitz presents new experimental research on Dark Patterns. He examines their effectiveness, and assesses the role of market forces and legal regulation in constraining their use.

"Last year, researchers from Princeton University and the University of Chicago published a study looking at roughly 11,000 shopping sites, and found dark patterns on more than 11 percent of them, including major retailers like Fashion Nova and J.C. Penney. The researchers discovered that the more popular the website, the more likely it was to feature dark patterns."

Some say designers are uniquely positioned to stop the madness. What will it take to make the changes we desperately need?