Did you know that in 2010, Game Station, an e-commerce platform, legally won the rights to its users’ immortal souls?
As a prank, the platform hid a clause in its terms and conditions policy to own the souls of every user who agreed to it, UNLESS they opt out. It was not surprising, to note that 88% of the users obliviously agreed to the conditions. This proved the power of a typical consumer’s instinctive, or pavlovian, response. Of course, the platform later returned the souls to their original owners through email.
Behind this prank lies the sinister reality of dark patterns that might steal more than your soul. In the same year, Harry Brignull, the independent UX Design Consultant, identified certain patterns used by online platforms that capitalized on such instinctive behavior of its users. He saw that these ‘Dark Patterns’ in their most basic form annoy the users and at their best deceive them into paying unnecessary bills.
Unlike Game Station, most platforms exploit gullible users by adding malignant conditions in their policies, hidden behind fine print or confusing text. This ensures that the users either miss or lack understanding of these terms and fall prey to such ruses, inadvertently adding to the website’s revenue.
Have you ever created an account, shared credit card details, and pushed through dozens of terms and conditions pages just to enjoy a free trial option? If you have, you better check your transaction history for money leaks.
Once the free trial period is over, these websites conveniently forget to inform you of the same and begin to discreetly reap subscription charges out of your account. It might not be surprising to learn by now that this condition was already in their terms of policy, which we hurriedly accepted. But unlike the ‘Sign In’ process, unsubscription requires dozens of emails, hours of call waiting, and a dragged-out task of manual work which you might eventually give up on. The technique at play here is what Harry Brignull called Forced Continuity.
What Are Dark Patterns?
Dark patterns are design practices used to deceive, steer, or manipulate users into behavior that benefits an online service, often at the user’s expense. The term was coined by Harry Brignull in 2010, though the practices themselves stretch back to the earliest days of the internet.
India’s Department of Consumer Affairs formally defines dark patterns as: any practices or deceptive design patterns using UI/UX interactions on any platform, designed to mislead or trick users to do something they originally did not intend or want to do, by subverting or impairing consumer autonomy, decision making or choice, amounting to misleading advertisement, unfair trade practice, or a violation of consumer rights.
Dark patterns appear on any digital surface, websites, mobile apps, subscription flows, gaming interfaces, and are found across e-commerce, financial services, social media, and more. Their effectiveness comes from exploiting cognitive biases and the behavioral shortcuts that all of us rely on.
How Widespread Are Dark Patterns?
Two major international reviews published in July 2024 put the scale into perspective. The ICPEN annual review, conducted by 27 authorities across 26 countries, examined 642 websites and mobile apps offering subscription services. Nearly 76% of the sites used at least one dark pattern, and nearly 67% used multiple.
Separately, the GPEN Privacy Sweep, involving 26 privacy enforcement authorities who examined more than 1,000 websites and apps, found that 97% used at least one deceptive design pattern.
In nearly 40% of cases, users face obstacles when attempting to make privacy choices or access their account settings. The two sweeps were coordinated for the first time, recognizing the growing intersection between consumer protection and privacy regulation.
Types of Dark Patterns in UX
Researchers and regulators have catalogued a growing list of dark pattern categories.
Here are the most widely recognized ones:
1. Forced Continuity (Subscription Traps)
Have you ever shared your credit card details to enjoy a free trial, only to discover you were silently billed once it ended?
These platforms conveniently forget to notify you when the trial lapses — and when you try to cancel, you find yourself navigating a gauntlet of emails, holding music, and deliberately confusing menus. Harry Brignull named this Forced Continuity. India’s regulators call it a Subscription Trap: the process of making cancellation of a paid subscription impossible or a complex and lengthy process.
2. False Urgency
Countdown timers, “Only 2 left!” banners, and flashing alerts that push users to act immediately — often without reading the terms. The urgency is frequently fabricated. India’s 2023 Dark Patterns Guidelines specifically name this as an unfair trade practice: falsely stating or implying a sense of scarcity so as to mislead a user into making an immediate purchase.
3. Basket Sneaking
Additional items, insurance, donations, premium add-ons — are quietly added to a user’s cart at checkout without explicit consent. The total cost is higher than the user intended to pay, and the extras are easy to miss unless the user reads every line of the order summary.
4. Confirm Shaming
Guilt-laden or shame-inducing language on opt-out buttons. The classic example: a newsletter pop-up where the decline option reads “No, I don’t want to save money.” This nudges users toward compliance through emotional manipulation rather than genuine persuasion.
5. Misdirection and Interface Interference
Visual design is used to draw user attention toward a preferred option while obscuring the alternative. The opt-out is greyed out, tiny, or buried. Contrasting colors and asymmetric button sizes steer users toward what the platform wants, not what the user intends, a pattern India’s regulators define as interface interference.
6. Roach Motel
Easy to get in, nearly impossible to get out. Account deletion flows buried under multiple menus, subscription cancellations that require a phone call, and repeated confirmation screens are all examples. The European Union demanded Amazon deploy simpler account-deletion navigation specifically because of this pattern.
7. Bait and Switch
A platform advertises one outcome but delivers another. In digital lending, this often takes the form of an advertised rate that looks attractive upfront, only for fees, insurance mandates, and additional charges to appear at the final step, when the borrower is least likely to walk away.
8. Drip Pricing
Costs are not revealed upfront. Fees and charges are added progressively as the user moves through a checkout flow, making the actual total visible only when it is inconvenient to abandon the transaction.
9. Privacy Zuckering
Named after Facebook’s Mark Zuckerberg, this pattern tricks users into sharing more personal data than they intend. The data, ranging from name and location to financial behavior and health-related purchases, is then used or sold to third parties, often without users realizing the extent of their exposure. Imagine being denied insurance or a loan based on profiling you never consented to.
10. Disguised Advertisements and Nagging
Ads dressed up as editorial content or user reviews, and repeated disruptive interruptions that derail a user’s intended journey. Both are formally recognized dark patterns under India’s 2023 draft guidelines.
Losing Designers To The Dark Side
The brilliance behind camouflaging dark patterns can be credited to those UI/UX designers who turned to the dark side.
Techniques like Misdirection, where the ‘Opt Out’ option during a purchase is kept invisible, and Roach Motel, where complex pathways are created for account deletion, are the product of these designers’ creativity. Today, with a myriad of UI designers selling their expertise, dark patterns have become weaponized. Hence, it is no wonder that its new target now is the fast-growing banking sector.
Dark Patterns in Financial Services and Fintech Apps
Although the regulatory authorities have kept such UX dark patterns at bay from the banking sector, instances of Privacy Zuckering are now getting attention. Privacy Zuckering, when simply put, is a website’s access to your private and personal information which is later sold to other enterprises.
The data such companies hold can range from your name and location to sexual preferences and mental health. Imagine, once such data is sold, you could even get denied services like insurance and loans.
One of the most recent examples of this case is with a top Australian Bank. The bank forced users to accept certain terms and conditions in order to allow them access to their banking information in the app. By carelessly accepting, the user got incorporated into the bank’s rewards program through which the bank shared transaction data with third parties. Although the identity of the user was kept hidden, the user became the target of spam emails and pop-ups on the internet.
How Regulators Around the World Are Responding
United States: FTC Enforcement
The FTC uses Section 5 of the FTC Act to take enforcement action against dark patterns. Two landmark cases stand out.
In December 2022, the FTC announced a settlement with Epic Games, requiring the company to pay $245 million, the largest FTC administrative settlement at the time, after Fortnite’s counterintuitive button configurations led players to incur unwanted in-game charges.
More recently, in September 2025, the FTC secured a $2.5 billion settlement against Amazon, one of the largest in the agency’s history, over allegations that Amazon enrolled millions of consumers in Prime subscriptions without their informed consent and made cancellation intentionally difficult. The settlement requires Amazon to pay $1 billion in civil penalties and $1.5 billion in refunds to approximately 35 million affected consumers, and to overhaul its enrollment and cancellation flows entirely.
European Union:GDPR and Platform Accountability
The EU has been among the most aggressive regulators. Google and YouTube have been penalized for making Cookie opt-outs unnecessarily difficult. Amazon was directed to simplify account-deletion navigation. Both the GDPR and the EU’s Digital Services Act contain provisions directly applicable to manipulative design.
India: 2023 Draft Guidelines
India’s Department of Consumer Affairs released Draft Guidelines for Prevention and Regulation of Dark Patterns in 2023, formally identifying ten specific dark patterns as unfair trade practices under the Consumer Protection Act — including false urgency, basket sneaking, confirm shaming, subscription traps, bait and switch, drip pricing, and nagging. This makes India one of the few countries with a named taxonomy of prohibited patterns in law.
Building Trust, Not Tricks
With more and more tricks of the trade being introduced, authorities need to keep close vigilance on the dark patterns hidden on the internet, especially in the banking sector. Interacting with apps built through platforms like Appzillon Digital can save even the most targeted groups like teenagers and senior citizens from unwanted money leaks. Therefore, as Brignull says, our best defense against such patterns is to update our awareness of them.
Dark Patterns will continue to annoy and distract us until businesses realize that loyal customer is earned by readership and trust, not trickery and deceit.
