Every day, millions of online shoppers face substantial risk of unwittingly giving too much away – money, information, privacy. To some retailers, this might be gold, but when the gold comes from dark patterns, we need to start applying new rules.
“Dark patterns” is the term for the online use of deceptive practices that are “carefully crafted to trick users into doing things that are not in their interest and usually at their expense,” according to Harry Brignull, the London-based user-experience designer who first coined the term.
This deception is not new. A 2019 report by Princeton University found that 11% of nearly 11,000 shopping websites used tactics that were misleading, aggressive, deceitful and potentially unlawful. Yet despite the repeated detection, there is a “marked rise” in dark patterning, the National Law review reported in late 2023, citing the Federal Trade Commission (FTC). More than 40% of consumers have experienced unplanned financial consequences due to dark patterns, a 2023 survey by Dovetail found.
It’s time for good-acting retailers and brands to step in.
In February, the online hosting services company KnownHost analyzed 48 retail websites to detect commonly used dark patterns identified by the FTC. Based on its report, and analysis by the FTC and other organizations, here’s a glossary of the common tactics, and who uses them:
Bait-and-switch – This generations-old scheme has been adapted for digital use by luring consumers with attractive terms or pricing and then changing the conditions after the user engages. An example might be a website ad promoting 60% off an item, but when the user clicks the ad, she finds the item is “sold out” and receives an offer for a similar, pricier items. But some sites can be infiltrated: The site MalwareTips in February reported that scammers pretending to be the fast-fashion brand Fashion Nova used viral ads to bait unknowing consumers into what they thought were deep discounts on branded goods.
Confirm shaming – These messages aim to shame users into opting in to subscriber lists and services. If you’ve ever seen a pop-up button that states, “I don’t want to save money” or “I don’t like good deals,” then you’ve been shame-targeted. KnownHost identifies Land’s End among retailers that have used this common tactic.
False hierarchy – With this tactic, a company uses color and design to nudge users into selecting its preferred option. For example, it might use color, size and placement to give more visual prominence to the “create an account” option, vs. “check out as a guest.” Forty-six percent of websites, including Etsy and Land’s End, use nagging (see below) and false hierarchy, KnownHost reports.
Forced enrollment – Here we’ve got the act of requiring website visitors to create accounts and share their personal information just to look at the goods. Princeton’s report identifies The RealReal for using this practice. JustFab allows shoppers to browse but requires them to create an account in order to place a product in the shopping cart, which could subject them to ongoing marketing pitches.
Hidden costs – These are fees that are typically added at the end of the purchase and made less obvious. This could include subtle add-ons or extra services that you may not wish to purchase. KnownHost includes Poshmark and Shein in its list of retailers that use this tactic. KnownHost found that Shein, for example, added a “handling” fee at checkout that was not visible in the cart before then. This fee may not necessarily be added to every order as it is dependent on the order price and number of items purchased. In 2023, the food-delivery app GrubHub agreed to pay $3.5 million to settle a lawsuit regarding hidden fees.
Misdirection – This is another way of using style or visuals to manipulate users into certain selections. Misdirection can underplay hidden costs – highlighting one price in a bright color or box, for example, while listing additional fees in a non-highlighted section. The KnownHost analysis includes Home Depot and Clinique in its list of retailers that use this common practice.
Nagging – Typically, this scheme takes place in the form of multiple pop-ups requesting that you join a company’s mailing list or turn on notifications. KnownHost includes Estée Lauder, Fashion Nova and Poshmark in its list of retailers that do this (Poshmark’s landing page asks visitors to register via Facebook, Google or Apple – but if users scroll down, they can shop).
The Roach Motel – When a retailer makes it super easy to sign up for a service or subscription, but considerably harder to cancel it, it is known as a roach motel. One strategy requires members to call a customer service number, for example. In June 2023, the FTC sued Amazon for enrolling consumers in its paid Prime program without consent, and for installing a “labyrinth-like process” for Prime members trying to cancel their subscriptions.
Pretend urgency (AKA: FOMO triggering) – The 2019 report by Princeton revealed hundreds of instances where retail sites used count-down timers that would give shoppers a sense that the deal would soon expire, even when the offer would continue to be valid. Someone who has used Ticketmaster might be familiar with the tactic.
Sneaking – This practice comes in a few forms. The company might add items to a customer’s shopping cart without alerting them, by automatically ticking pre-select boxes (such as gift wrapping). Some e-commerce sites add hidden “convenience” or “care and packaging” fees in addition to shipping, a practice the FTC calls “drip pricing.” Personally, I’ve experienced the addition of a $4.71 “shipping protection” fee on an order with Cozy Earth. When I retraced my steps, I found the option to “click out” of the fee presented in the sidebar image of my shopping cart before checkout, but I had to scroll down the order to see it.
How Good Retailers Can Combat Dark Practices
Not all consumers might be familiar with the term “dark patterns,” but many of them are likely familiar with the tactics. In time, repeated exposure will cause more users to be wary and defensive online. Retailers can separate themselves from bad actors by using the following practices inspired by Bloomberg Law, the Better Business Bureau and the privacy and data protection firm VeraSafe.
- Use straightforward language. Clever wording is attractive, but when it comes to explaining options, such as signing up for an email list, it’s more clever to be clear and neutral. Consumers should look for retailers and brands that ask for explicit confirmation for actions that involve data or money, and explain the purpose and implications of each user action, including how data is used and stored.
- Put privacy messaging out in the open. Default privacy options that maximize data collection are the most common dark tactics used by the sites KnownHost reviewed – 76% do it, including Etsy, KnownHost reports. Red flags for shoppers include confusing language, such as double negatives. Retailers can avoid this by screening their sign-up processes for inconsistencies or language that could cause users to provide more information than they would otherwise choose.
- Use consumer-friendly designs. Creativity is a gift, and it should be used for good. Smaller fonts, low-contrast colors and practices that conceal disclosure statements are bad. Retailers should not turn their web designers into villains.
- Explain the consequences. Websites could use “opt-in” buttons rather than “opt-out” – including for data-collecting cookies. Any default options should be clearly presented. Consumers who choose to give or withdraw consent should expect the outcomes to be simply explained.
- Make the experience familiar on all channels. If an e-commerce platform operates across devices, such as a desktop computer and mobile app, users should find the privacy settings and information equally recognizable. For example, the information should be located in similar locations on both devices so the experience is familiar regardless of device being used.
- Make cancellation easy. Shoppers might want to read the fine print before joining a membership. A customer should not have to wait on the phone or navigate a multi-step odyssey to cancel a subscription. A password or other confirmation request is plenty.
- Seek remediation. Retailers can enlist in-house or third-party privacy professionals to inspect their digital channels, alongside their marketing and merchandising department, for dark pattern potential. Once the company screens for and removes risks, it can include a symbol or wording on its website showing it’s a good actor.
Really, shedding light on dark patterns simply comes down to the golden rule: Be honest, for everyone’s sake.
Bad actors can tarnish the e-commerce experience for many. But companies that treat their website users as people deserve their use.