Identifying deception patterns on the web

Note: Newly adopted terminology is Deception Pattern. Do not use ‘dark pattern’ anymore.

This topic is to make you aware and collect Deception Patterns that exist on the web and in mobile apps…

What is a Deception Pattern?

Deception Patterns are tricks used in websites and apps that make you buy or sign up for things that you didn’t mean

Watch this short movie, and you know exactly what the meaning is:

Deception Patterns in Games


What I consider Dark Patterns as well are the degraded experiences being offered when you don’t use the App but the browser instead, or - in the case of Google - if you don’t use Chrome, but Firefox instead (think there have been improvements of late, on PC’s, not sure about Android).

For example LinkedIn in the browser lacks the ability to Edit a comment once posted, and a Bookmark icon on posts in your feed.

More searches (go to the Video tab): Dark Patterns search on DuckDuckGo

1 Like

A dark pattern about LinkedIn (I just sent some feedback to them about this): Due to some problem in their application (probably) I received multiple notifications about the same Like or the same Comment. The notification message says it was given ‘5 mins ago’, while in fact the Likes + Comments were already days old.

If you notice similar issues, always take the time to send feedback to the app provider, if you have the time. Even if you don’t hear back (which is usually the case with LI) :slight_smile:

LinkedIn uses more dark patterns, like hiding their Support pages where you can create Cases, even when you are a paying customer (I am one). Also they close the case after each answer they give you, in hopes you stop nagging them. This is rude behaviour, as the answer may not be satisfactory…

Another dark pattern on LinkedIn: They keep sending you promoted posts in your feed, and there is no option to get rid of the particular advertiser (only to hide that one advertisement post). So I keep getting ads for Tele2 and Raytheon (a freaking weapons manufacturer, for crying out loud!).


Maybe not a dark pattern pur sang, but certainly a dark practice: shadow banning

Banning someone on social media in a way the person will not become aware of it easily.

Read this experience about the matter:

There are cases where shadow banning is acceptable, e.g. to get rid of nasty trolls or spammers, who - for a regular ban - would just create a new account and continue their pestering. All other cases: unethical, shady practice!

Hi @aschrijver

I’m a PhD student at Princeton. You can find an overview of my work here:

Recently, I’ve become interested in mining dark patterns. Our first work in this area (detecting disguised ads on social media) was recently published.

We’re extending this to detect other patterns (e.g., subtle nudge permissions on Android) - happy to chat more if you’re interested!


Tristan Harris’s article on Medium.


From Tristan’s article on Medium:

LinkedIn is the most obvious offender. LinkedIn wants as many people creating social obligations for each other as possible, because each time they reciprocate (by accepting a connection, responding to a message, or endorsing someone back for a skill) they have to come back to where they can get people to spend more time.

Like Facebook, LinkedIn exploits an asymmetry in perception. When you receive an invitation from someone to connect, you imagine that person making a conscious choice to invite you, when in reality, they likely unconsciously responded to LinkedIn’s list of suggested contacts. In other words, LinkedIn turns your unconscious impulses (to “add” a person) into new social obligations that millions of people feel obligated to repay. All while they profit from the time people spend doing it.


Very interesting studies, @amathur! We are collecting info on dark patterns here, and intent to follow up on useful information on the forum at a later stage (using other tools; in preparation). Thank you!

1 Like

Dark pattern found on new GDPR cookie policy on The Guardian website.

Upon entering the website you are shown this dialog:

You must at least check the first checkbox to accept cookies, before saving settings is enabled. Note that it says that you can change your mind at any time.

The second option is confusing. It seems like checking it leads to less advertising being shown, but I read it as the opt-in option to allow 3rd-party trackers and targeted advertising, so I did not choose it.
I think this is a misleading choice, where the UI entices you to click the option The Guardian prefers you to click, but does not lead to the best privacy protection.

Now, I wanted to check how I could ‘change my mind’ as advertised. Then you have to go to the cookies policy where it gets all murky:

Note that each cookie comes with its own Privacy Policy, and the ‘Opt-out’ links lead to a different 3rd-party cookie manager page.

To just go to the first one: Here you are bombarded with legal mumbo-jumbo information (and must accept the cookies of that site too).

In this site they don’t mention the EU, but call it EEA (presumably European Economic Area), and they say that if you want to manage your cookies, you will need to accept their special cookie, and thus they say:

  • The opt out cookie may not work if your browser is configured to block third-party cookies.
  • If you delete your cookies, you will need to opt out again.
  • The opt out only applies to the browser profile in which you set it.
  • If you opt out, data may still be collected about your web browsing activities and you will still see advertising.

And this is just one tracker site, on one device. You’ll need to take some weeks off to do your cookies if you want to be ‘protected’!!

Conclusion: Install ad-blockers and tracker-blockers like Privacy Badger!


I was pointed to this beauty of a Dark Pattern - a real typical example - by @patm, who was adjusting her Facebook privacy settings:

Or freely translated:

“We would like to do some scare-mongering to have you choose the option that enables us - with your full consent - to tag and track you in any image and video material we can lay our hands on, now and forever, and to make the choice easier we’ll also let you feel guilty about excluding impaired people, if you choose to ignore our facial recognition ‘protection’ feature! See how ethical and caring we have become?”

Honestly, it is a good feature if screen readers are able to tell the visual impaired people who are in a picture, but you should be aware what data you are giving away for that. The implications are large. The invasion of your privacy by facial recognition is huge! And make no mistake: FB collects it to monetize it in any way they see fit, without your control over how it is used.

(Note also that with deep fakes, someone who creates a bot account, no longer has to use a profile picture of a real person. These can be generated really well by AI now.)

1 Like

Thank you for posting this. I decided to reject the option of enabling face recognition for a couple of reasons, the primary one being, of course, that Facebook’s attempt to manipulate was so offensive. In my opinion, grouping the visually impaired with potential criminals is heinous.

After weighing the few benefits of the technology, I decided to reject it. I felt that it would be better for everyone, not just myself, to do so.

The following cookie dialog appeared on a Dutch site, but it is of a kind that you often encounter, so I decided to add it anyway:


It has 2 buttons:

  • No, do not optimize
  • Yes, optimize for me

Note that the ‘Yes’ option is green, and has a thumbs-up icon. Who doesn’t want an optimized experience, right? But of course, this is the option that places all cookies on your computer and will track you the most.

In the text there is a reference to the cookie policy and mention that optimization occurs by means of analysis. The cookie policy doesn’t really explains what this optimization means, and offfers the same choice as the dialog.

Where are dark patterns gathered, other than on this site (which seems to update infrequently) and in the proposed Ledger of Harms (which atm seems to focus on effect more than method)?

They are gathered at the site in my first post, but not in any structural way by the CHT community. Which seems like a good idea to be doing in future.


Yes! As this conversation continues, I think we should create a summary wiki of all the pattens identified. @metasj ideas for how / where to best do this?


A Dark Pattern on LinkedIn. I recently found out that, when looking at my post activity, I can no longer go back further than 2 months in time, and even before that the metrics (number of reads) also become unavailable. So I decided to download my personal data set to see if older posts are still in their data centers.

This brings you to the following page:

Here you have 2 options for your data:

  • The Works
  • Pick and choose

The 2nd option is sort of clear in its meaning, but the first one is not. What does ‘The Works’ mean? Is this all of your data? The Help Center doesn’t help you here. It does not explain the meaning of your choice.

Furthermore - and what leads me to think that the first option yields the most interesting results - selecting The Works leads to a download requests that can be handled within 24 hrs, while the second choice can be done in just 10 mins.
This is another dark pattern, as LI probably expect most people to be impatient and opting for the 2nd choice, rather than waiting this long. IMHO there is no reason the 1st option should take that long (maybe if it constitutes significantly more data, and they want to schedule the data collection to a time when the data center is quiet --> but I received this download already after 5 mins.)

I have received an email notification stating that ‘the first installment of my download’ is available. Let’s see if a second installment is coming later :slight_smile:

Edit: After 10 hrs the 2nd email hasn’t arrived yet. The first download does not contain post history anyway.

1 Like

Another LinkedIn dark pattern I noticed for some time. It is a subtle one, but it has to do with the text shown in notifications (note: I edited the screenshot for privacy reasons):

Notice what the text says: “<connection> and 1 other replied to and liked your comment
So how many people liked my comment, and how many people replied to it? This could well be 2 likes and 2 comments… wow, I should check it out!

It appears that only one person (<connection>) both liked and replied to it. So one like, one reply.
By formulating this way the notification looks more interesting, making it more likely that you check the article, and stay longer than you’d liked onto the LI app.

Another thing I notice, if I have been quiet for a while on LI (not much to notify me about), that the previous notification suddenly appears again. Whoops, I am in the LI app again… :slight_smile:

1 Like

As we know, Twitter is a platform for spewing bad language to many. In this case it may be warranted given the especially Dark Pattern that Adobe Acrobat Reader posed to this user:

1 Like

Wonderful discussion and very enlightening examples of dark patterns. I will propose to add a possible video project in the awareness campaign, which would depict a bunch of fictitious tech company executives brainstorming such dark patterns to increase addiction.

1 Like

On that note, I deleted my Linkedin account a few days ago. When 10 years ago, I received an invitation to join Linkedin from a colleague, my thinking was “We are already colleagues, why the hell do you want me to join this bloody thing and “connect with you”?”

Years later, when I started my own business, I thought “Well, this may be a very easy way to find prospects and partners.” It actually worked to some extent, but compared to the massive effort involved in getting your new and artificial connections excited, the results are not worth it, compared to good old networking methods.

Now the bloody thing is downright manipulative and appeals to our fears not to miss out and our vanity. “Look, your connection is in the news!” Damn, I also want more followers. Let me write some article on Linkedin and see how many likes I get. Wow, this guy has over 500 connections. I only have 120. Let us try to invite some strangers so I look like a real connected guy. “You are now connected to John Doe. Start a conversation!” Yeah, let us waste some time chatting some unknown guy who doesn’t give a damn about me.

Another example. You want to reach out to someone you are really keen to connect with. “Your connection’s connection is connected to John Doe. Ask for an introduction.” Yeah, let us try to bother a guy I don’t know and ask him to introduce me to a guy he doesn’t really know.

Massive waste of time and energy, no real purpose.

Important note: Until I became more aware of humane tech principles, I also fell for this shit. Once I was looking for staff and I asked each candidate for a link to their Linkedin profile. I wanted to have a glimpse on how they presented themselves and what kind of connections they had (Ok, it was for a sales job). Shame on me.