What do publishers need to know about Dark Patterns and CCPA compliance?

Updated on: December 16, 2023
“Dark patterns are design features used to deceive, steer, or manipulate users into behavior that is profitable for an online service, but often harmful to users or contrary to their intent.”

Dark patterns have a long history in the tech world. Websites use them to persuade users to make purchases, register for services, give up seeking information, and what not? In almost all such cases, the people taking the actions aren’t even aware of the manipulations. 

Dark patterns are so prevalent on the web that most users have become accustomed to them. When privacy laws like GDPR and CCPA made consent necessary, dark patterns made their way inside tracking requests as well. Recently, CCPA has banned such practices; and publishers should take note of it.

What are Dark Patterns?

Dark patterns belong to the field of UI. Any implementation in the user interface that tricks the users to perform an action is a dark pattern. The action that a dark pattern seeks may be harmful to the users but beneficial for the website or app owner. It’s an unethical practice because the UI designer implements them with ill intentions.

“Dark patterns are design features used to deceive, steer, or manipulate users into behavior that is profitable for an online service, but often harmful to users or contrary to their intent.”

Rohit Chopra, U.S. Federal Trade Commissioner

User experience designer Harry Brignull coined the term Dark Pattern in July 2010. He also started DarkPatterns.org to spread awareness about malpractice. His site categorizes dark patterns into 12 different kinds.

Types of Dark Patterns

  • Trick questions: The website will ask a question in such a way that users will make unintentional choices. The cookie prompt below can confuse the user whether he is opting in or out. Most users will allow tracking while thinking they’re opting out.

Confusing Cookie PromptSource: Reddit

  • Sneak into Basket: A website will add a product to the users’ cart without informing them. This practice is most prevalent on e-commerce sites. The below image shows additional items pre-ticked for the users to fill the cart unintentionally. Publishers involved in commerce should avoid this dark pattern.

Dark Pattern sneak in basketSource: Reddit

  • Roach Motel: Websites use this dark pattern after the user has made a purchase. It refers to creating obstructions for the user. For example, sites can make it difficult for the user to cancel a subscription for a refund. The user can give up due to the tedious process, saving the website owner from returning the money. The example site below requires the user to send a physical form via mail.

Roach Motel Dark PatternSource: DarkPatterns.Org

  • Privacy Zuckering: This dark pattern carries the name of Facebook founder because of the company’s many privacy-related controversies. It involves tricking people so that they share their private information with a website. For example, WhatsApp informed its users that the app would share their phone numbers and other data with Facebook, but it hid the opt-out link. Most people would agree to such a message because there’s no other visible option.

Privacy Zuckering Dark Pattern

Source: Venture Beat

  • Price Comparison Prevention: Sometimes websites don’t want you to compare the prices of the products so that you buy the items that they want. Every business wants to sell the items with the highest profit margins, and price comparisons can make it difficult.  Manipulating perceived prices helps them in controlling the sales of different products. Sometimes, websites also want to prevent comparisons so that the sale is evenly distributed among its offerings. For example, comparing prices is complicated on most of the marketplaces for freelance work. You’ve to check each listing individually.

Fiverr Dark Pattern

  • Misdirection: It’s similar to the patterns we discussed earlier. A publisher can add design elements to the site to guide your attention where he wants. If you revisit the  Privacy Zuckering section, you’ll see that the ‘Agree’ button in the message is so big that it takes away our attention from the link. You’ll find many publishers who use this tactic to gain cookie consent from their visitors.
  • Hidden Costs: Publishers don’t have much scope of using this practice. But, many eCommerce sites exploit it frequently. They’ll add hidden costs to your purchase only after you’re ready to checkout. This hidden cost can be a delivery charge, packing charge, tax, or anything you couldn’t expect.
  • Bait and Switch: It is a fraudulent technique where a false piece of information works as bait for the user. Bait can be an extremely low price of a product, a free service, a deceptive headline of an article, etc., But when the user clicks it, the information switches to a different state. For example, you find out that the service isn’t free, the article isn’t about the topic you expected, etc., But since you’ve already invested your time in the process, you decide to go along and spend more time or money on it.

Bait and Switch Dark Pattern

  • Confirmshaming: It involves phrasing the option to decline in a way that shames the user. The idea is to make the user feel guilty so that he doesn’t say no to your offer. Below is an example of a publisher shaming the user for not downloading a guide.

Confirmshaming Dark Pattern

  • Disguised Ads: Do not confuse them with native ads. These ads trick you to click by disguising themselves as a part of the content.

Disguised Ads Dark Pattern

  • Forced Continuity: It’s a widely disliked practice, but subscription providers still use it. When you take a free trial, it starts charging you money after the trial period is over. If you didn’t intend to continue the subscription, but you did because you forgot to cancel it, you’re in bad luck. It’d be either impossible or very difficult to get your money back. It’s irritating to the users and unfair to those who didn’t know that they’re supposed to stop the trial to roll over as a paid subscription.
  • Friend Spam: A website will first trick you to give up your email or social media contacts. For instance, it can ask for permission to access your friend list when you sign up with Facebook. Later, it’ll start spamming your friends with notifications. The notification would appear as if you’ve personally sent them, but you wouldn’t be aware of them. Facebook game invitations are common friend spam.

Friend Spam Dark Pattern

What does CCPA say about Dark Patterns?

In March 2021, CCPA was modified to deal with the problems of dark patterns. The new law bans dark patterns that delay or obscure the opt-out process. The final text has the following specific regulations against dark patterns:

  • Publishers, ad tech companies, or other businesses cannot use confusing language like double negatives in the opt-out process. For example, “Don’t Sell My Personal Information” isn’t a valid consent message.
  • Your opt-out process cannot have more steps than the process of opting in. The number of steps will be considered from the first click that the user makes on the “Do Not Sell My Personal Information” link to the completion of the request.
  • You cannot force users to click through or listen to reasons why they shouldn’t submit a request to opt-out before confirming their request.
  • The opt-out process shouldn’t require the user to submit more personal information that’s not necessary to execute the request.
  • The users shouldn’t have to search or scroll through a lot of text, docs, or pages to find out buttons or links, etc., to submit a request.

What should publishers do about CCPA rules against dark patterns?

Regardless of what CCPA says, you should never indulge in any kind of dark patterns. They aren’t helpful for your audience, and they affect your brand image. When it comes to CCPA compliance, make sure none of the stated patterns exist on your site. Here are a few tips:

  • Audit your consent-taking process,
  • Pay attention to your cookie pop-up message,
  • Remove any UX designs that misdirect the user, 
  • Avoid pre-selecting options, and
  • Remove every implementation that feels like a dark pattern.

Don’t limit yourself to what the CCPA document literally says. For example, the regulations mention only double negations as malpractice to cause confusion, but it doesn’t mean that you can use some other trick to confuse the user and acquire consent.

If you want to avoid dark patterns for the long run, you’ve to bring changes to your operating procedures. You’ve to commit to being ethical in your business so that you discard any dark patterns as soon as they come up as options. You’ll have to stop being purely result-oriented as well. Using a dark pattern may give you results in the short term, but it’ll hit your brand image in the long term. Finally, you’ve to be aware of what’s a dark pattern and what’s not. But, we’ve already taken care of it by discussing all their types earlier.

Wait! What about GDPR?

GDPR doesn’t appreciate dark patterns too. It accepts consent that is freely given but dark patterns are deceitful. So stay away from dark patterns if you want to avoid GDPR complications as well.

What’s Next?

You can fix dark patterns on your site’s native components, but what about third-party elements like ads? How would you make sure that the ads on your site are undeceptive and free from dark patterns? To do so, you’ve to make sure that you’re working with demand partners that have stringent quality controls. Even if you’re working with a header bidding service provider, choose the one that works with the best SSPs in the market

News and Tips for Publishers

Get the inside scoop on publishing and programmatic with our 5-minute newsletter.