You're Being Manipulated With Dark Patterns Every Time You Fill Out a Form Online

Table of contents

You signed up for a free trial last month.

Now your inbox has a newsletter you never asked for. You scroll back through the form, trying to figure out what happened. There was a checkbox and it was already ticked, but you just didn’t see it.

This is a design decision, not an oversight, and this is how you experience dark patterns online without knowing.

What Are Dark Patterns in Online Forms?

Pattern Type	What It Does	Form Example	Cognitive Bias Exploited
SNEAKING	Hides or delays disclosure of information that would affect the user’s decision	Newsletter opt-in checkbox buried at the bottom of a signup form, pre-ticked	Limited attention span
INTERFACE INTERFERENCE	Uses visual design (color, size, placement) to steer users toward the business-preferred option	“Accept all” button large and green; “Reject” option small, grey, and two clicks away	Default effect / status quo bias
URGENCY	Creates artificial time pressure to force a faster decision	Countdown timer on a signup form that resets to zero when the page is refreshed	FOMO / loss aversion
OBSTRUCTION	Makes an unwanted action (like cancelling) deliberately harder than it needs to be	One-click signup; 6-step cancellation buried inside account settings	Effort aversion / friction fatigue
TRICK QUESTIONS	Uses double negatives or confusing language so users misread what they are agreeing to	“Uncheck this box if you don’t want to not receive promotional emails”	Cognitive overload
FORCED ACTION	Requires users to take extra steps or share more data than needed to complete a task	Must create an account and accept marketing to access a free download	Sunk cost / goal completion
CONFIRMSHAMING	Uses guilt or shame in opt-out language to pressure the user into accepting	“No thanks, I don’t want to grow my business” as the decline option on a newsletter form	Social identity / shame
Sources: FTC “Bringing Dark Patterns to Light” (2022); FTC/ICPEN/GPEN Review (2024); Mathur et al., Princeton (2019); Gray et al. taxonomy (2018)

Deceptive design, or “dark patterns,” describes interface choices that push users toward actions they wouldn’t take if given a clear, honest option.

The term was introduced by UX researcher Harry Brignull in 2010. Since then, it’s been formally adopted by the FTC, GDPR regulators, and the EU’s Digital Fairness framework.

Forms are ground zero for this. The moment a user types in their name, email, or payment details is the moment of maximum trust – and that moment is being exploited, routinely.

Who Coined the Term and When?

Brignull defined it plainly: “A dark pattern is a manipulative or deceptive trick in software that gets users to complete an action that they would not otherwise have done, if they had understood it or had a choice at the time.”

He has since served as an expert witness in multiple landmark cases, including FTC v. Publishers Clearing House ($18.5M settlement) and Nichols v. Noom ($56M settlement).

Source: Brignull, H. “Bringing Dark Patterns to Light.” Medium, 2021. deceptive.design.

The concept has since moved from niche UX discourse into regulatory law. GDPR, CCPA, and the EU Digital Markets Act all now reference it directly.

Why Forms Specifically?

Forms collect the most sensitive user data: names, emails, phone numbers, payment details, health information. They’re where consent decisions happen.

That makes them the highest-value target for manipulation. A tweaked checkbox label or a pre-selected field can change outcomes at scale without a single user noticing.

How Common Are Dark Patterns in Online Forms?

Platform / Context	Prevalence	Key Finding	Source
Subscription Websites & Apps Global, 26 countries	75.7% used at least 1	66.8% used multiple dark patterns; most common were sneaking and interface interference	FTC / ICPEN / GPEN Review, 2024
Cookie Consent Interfaces (CMPs) 1,000 CMPs analyzed, EU	57.4% used nudging	95.8% gave users no real consent choice; pre-selecting options pushed acceptance from 0.16% to 83.55%	Utz et al. (2019), CCS
Mobile Games 1,496 games reviewed	89% contained 1+	“Dark” games showed 5-7x higher dark pattern occurrence vs. non-manipulative titles	Niknejad et al. (2024)
Japanese Mobile Apps Top 200 Google Play apps	90% contained 1+	Average of 3.9 dark patterns per app; researchers also uncovered a new tactic called “Linguistic Dead-Ends”	Hidaka et al. (2023), CHI
EU Cookie Consent (GDPR compliance) 10,000 websites, UK	88.2% non-compliant	Only 11.8% of cookie consent designs met the minimum legal requirements under GDPR	Nouwens et al. (2020), CHI
E-Commerce Websites 11,000+ shopping sites (Princeton)	1,818 sites with dark patterns	234 distinct dark pattern instances across 15 types; urgency and scarcity claims were the most common	Mathur et al. (2019), Princeton
EU Websites (Cookie Banners) 10,000 sites, Austrian study	72% hid reject button	56% used pre-ticked boxes for non-essential cookies; reject options buried behind multiple menu layers	Austrian Privacy Group Study, 2024
Sources: FTC/ICPEN/GPEN (2024); Utz et al., CCS (2019); Niknejad et al. (2024); Hidaka et al., CHI (2023); Nouwens et al., CHI (2020); Mathur et al., Princeton (2019); Austrian Privacy Group (2024)

This isn’t a fringe problem. The numbers are hard to argue with.

What Does the FTC Research Actually Show?

A 2024 FTC/ICPEN review covered 642 subscription websites and apps across 26 countries, with officials from 27 regulatory authorities.

Over 76% used at least one dark pattern. Nearly 67% used multiple. (Source: FTC/ICPEN, July 2024)

The two most common tactics: “sneaking” (hiding information that would affect user decisions) and interface interference (using design to steer users toward the business-preferred option).

What Did European Regulators Find?

A 2018 European Commission study found 97% of the most popular websites and apps used at least one deceptive design tactic. (Source: Usercentrics, citing EC 2018 study)

By 2024, that number had dropped to 75.7% – still three in four sites.

In the first half of 2025 alone, 80 e-commerce sites in Europe received digital blocking orders for deceptive practices. The EU’s Digital Fairness Act, currently in development, is expected to enforce stricter rules around 2028-2029.

A 2024 Austrian privacy study examining 10,000 EU websites found 56% used pre-ticked boxes for non-essential cookies, and 72% hid reject buttons behind multiple menus. (Source: Secure Privacy, citing Austrian privacy group study, 2024)

What About Mobile Apps and Games?

89% of 1,496 mobile games contained at least one dark pattern. (Source: Niknejad et al., 2024)

“Dark” games showed 5-7x higher occurrence rates compared to non-manipulative titles. Fake countdown timers and subscription traps are the most documented tactics across both games and apps.

What Specific Dark Patterns Are Used in Forms?

See the Pen
Dark Patterns vs Ethical Design – Same Form by Bogdan Sandu (@bogdansandu)
on CodePen.

Each tactic below has a name, a mechanism, and documented outcomes. None of this is accidental.

What Is a Pre-Checked Box and Why Is It Illegal Under GDPR?

A checkbox is ticked on page load. The user doesn’t check it – it’s already done.

This exploits the default effect: over 80% of users never change pre-selected settings, and 60% interpret them as a “recommended” choice, even without any label saying so. (Source: Nielsen Norman Group, via UX Magazine, 2026)

A Cambridge meta-analysis found that pre-selecting an option increases the likelihood it’s chosen by an average of 27.24%. (Source: Behavioural Public Policy, Cambridge Core, 2019)

GDPR Article 7 is explicit: silence, pre-ticked boxes, and inactivity cannot constitute consent. Yet only 4.2% of sites give users a genuine, active choice about data collection.

The GDPR issue here connects directly to how to create GDPR compliant forms – a baseline any site collecting consent should meet.

How Do Confusing Opt-Out Questions Manipulate Consent?

Double negatives. Passive voice. Deliberately tangled phrasing.

Example: “Uncheck this box if you don’t want to not receive promotional emails.”

Research published in 2025 found that even subtle label changes (“I Agree” vs. “I am OK with that”) measurably shifted how manipulative users perceived the consent interface to be. (Source: Journal of Marketing Research, via Tandfonline, Dec 2025)

This is a form UX design failure – intentional or not, the outcome is the same.

How Do Fake Countdown Timers Work on Signup and Checkout Forms?

A timer starts the moment you land on the form. “Offer expires in 09:47.” The pressure is real. The deadline is not.

Of 393 e-commerce sites with countdown timers, 140 were fake – nearly 40%. When the timer hit zero, the offer continued. Some timers simply reset. (Source: Princeton/Mathur et al. study, via deceptive.design)

One Shopify app (“Hurrify”) defaulted its configuration to “Run the campaign all over again (Evergreen)” once the timer ended. The countdown was purely cosmetic.

Research confirms urgency cues meaningfully increase purchases, particularly among older users. (Source: Koh & Seah, cited in SusBench paper, 2025)

What Makes Buried Unsubscribe Fields a Dark Pattern?

One-click signup. Six-step cancellation. Classic roach motel design – easy to get in, hard to get out.

The FTC flagged this in 2023 when it took action against Amazon for making Prime cancellation deliberately difficult. Meta’s 2024 EU opt-out process required login redirects, hidden forms, and mandatory reason fields just to say no.

From a web form best practices standpoint: if exit is harder than entry, the form is designed against the user.

What Is Interface Interference in Form Design?

Color, size, placement, and visual weight – all used to make one option obviously more attractive than another.

The “Accept” button is large and green. The “Decline” option is grey, small, and three clicks away. Removing the opt-out button from cookie banners alone raised consent rates by over 20 percentage points. (Source: Nouwens et al., 2019, cited in SusBench/arXiv 2025)

California’s CPRA is direct about this: dark patterns are assessed by effect, not intent. If users are being steered, that’s enough.

What Dark Patterns Actually Do to People

This bar chart pulls from survey data on the real consumer consequences of encountering dark patterns – not just awareness, but behavioral and financial outcomes.

Key takeaways

63% of consumers had to manually remove products or services that were pre-added to their cart or order without consent
62% reported being visually guided toward more expensive options through interface design choices
56% lost trust in a website after encountering manipulative design
43% stopped purchasing from a retailer entirely after the experience
40% faced direct, unplanned financial consequences they did not intend

Why this matters

These aren’t edge cases. The majority of regular online shoppers have experienced at least one of these outcomes.

The drop from 63% (encountered it) down to 40% (lost money) follows a predictable pattern – not everyone who spots a dark pattern falls for it, but enough do to make the tactics financially worthwhile for the businesses using them.

Sources: Dovetail Consumer Survey (2023); Acowebs Dark Patterns in eCommerce Report (2023); CX Today consumer research (2023), all based on samples of 1,000 e-commerce and social media users aged 18-54.

Which Dark Patterns Appear Most Often on Subscription Sites

$C:\Users\Bogdan\Desktop\batch\Which Dark Patterns Appear Most Often on Subscription Sites$

This radar chart maps the relative frequency of the six main dark pattern categories across the 642 subscription websites and apps reviewed in the 2024 FTC/ICPEN/GPEN global sweep.

What the shape tells you

Sneaking (76%) and Interface Interference (67%) dominate – these are the two tactics most commonly found together on the same site
Urgency and scarcity tactics (58%) are nearly as common, driven in large part by fake countdown timers
Obstruction (51%) – the roach motel pattern – appears on more than half of all reviewed sites
Forced Action (44%) and Trick Questions (38%) are less common but still appear on roughly four in ten sites

The pattern that stands out

The top three categories all involve either hiding information or controlling what the user sees. Only the bottom two involve confusing language or adding friction to exits. Most dark patterns aren’t about tricking you with words. They’re about controlling what you notice.

Sources: FTC/ICPEN/GPEN Review (2024) covering 26 countries and 27 enforcement authorities; OECD Dark Commercial Patterns taxonomy (2022); FTC “Bringing Dark Patterns to Light” staff report (September 2022).

Why Do These Tactics Work on Everyone, Not Just Distracted Users?

The usual response is: “just pay more attention.” That misses the point entirely.

These tactics don’t target careless users. They target human cognition – specifically the shortcuts everyone uses to process information quickly.

What Cognitive Biases Do Dark Pattern Forms Exploit?

Default effect / status quo bias: Pre-selected options feel endorsed. Changing them requires effort. Over 80% of users don’t. (Nielsen Norman Group)
FOMO: Fake urgency triggers an emotional response faster than rational thinking can catch up.
Decision fatigue: Long privacy policies and multi-step forms drain attention before users reach the actual terms. Canada officially classifies excessively long policies as a deceptive interface pattern.
Implied recommendation: Users assume pre-selected settings represent the “correct” choice – even when they don’t.

These aren’t weaknesses. They’re normal human responses to cognitive load. The form design choices that exploit them are deliberate.

Are Less Educated or Older Users More Susceptible?

Research by Luguri and Strahilevitz found that both mild and aggressive dark patterns substantially increased sign-ups for unwanted services, and less educated individuals were statistically more susceptible.

Older consumers are more affected by urgency cues like countdown timers and “only 2 left” messages. (Source: Koh & Seah, cited in SusBench arXiv 2025)

This isn’t just a UX issue. It’s an equity issue. The populations least equipped to spot manipulation are the most targeted by it.

What Are the Real Costs of Dark Pattern Forms?

The short-term numbers look great. More sign-ups. Higher consent rates. Better conversion metrics.

Then the trust collapses.

How Do Dark Patterns Affect User Trust?

56% of consumers reported losing trust in a website after encountering manipulative design. (Source: Dovetail, 2023, cited by CBTW)

43% stopped purchasing from a retailer entirely after experiencing deceptive UX. (Source: Acowebs, 2025)

Users who spot manipulation are 90% less likely to return. (Source: Baymard Institute)

Do Dark Patterns Actually Help Businesses Long-Term?

Short-term: conversion spikes. Long-term: churn, negative reviews, and support teams flooded with complaints from users who never meant to subscribe.

Dark patterns also inflate acquisition costs – once trust is gone, you’re replacing customers faster than you’re keeping them. That math never works in anyone’s favor.

What Are the Legal Consequences Businesses Face?

Company	Regulator & Year	Penalty	Violation
Amazon US	FTC September 2025	$2.5B USD	Dark pattern enrollment for Amazon Prime; cancellation made deliberately difficult. Internally called “Iliad” – 7 steps to cancel vs. 1 click to subscribe. Two senior VPs named personally as defendants.
Amazon EU	CNPD, Luxembourg July 2021	€746M GDPR	Targeted advertising system ran without valid user consent. Complaint filed by 10,000+ individuals via French privacy group La Quadrature du Net. Fine upheld by Luxembourg Administrative Court in March 2025.
X (Twitter) EU	EU Commission (DSA) December 2025	€120M DSA	First-ever DSA fine. Deceptive verification badge design, inadequate ad transparency, and researcher access restrictions. X faces further periodic penalties if remediation deadlines are missed.
Google EU	CNIL, France 2022	€150M GDPR	Cookie rejection made harder than acceptance. Users had to navigate multiple steps to decline, while a single click accepted all. Established precedent for asymmetric interface design as a GDPR violation.
Google EU	CNIL, France September 2025	€325M GDPR	Flawed Gmail cookie consent mechanism violated users’ right to free and informed choice. Largest CNIL fine to date, surpassing the 2022 Google penalty. Repeat offender finding factored into the increased amount.
Publishers Clearing House US	FTC June 2023	$18.5M USD	Used dark patterns during sweepstakes sign-ups to mislead users into purchases. Confusing form language implied buying increased chances of winning. Consumers paid for products they did not intend to buy.
Honda US	CPPA, California 2024	$632.5K CCPA / CPRA	Two steps required to reject data collection vs. one step to accept. First major CPRA enforcement action for asymmetric interface design. Confirmed that “effect, not intent” is the legal standard in California.
Sources: FTC (Sept 2025); CNPD Luxembourg (2021, upheld March 2025); EU Commission / DSA (Dec 2025); CNIL France (2022, 2025); FTC / PCH (June 2023); California CPPA (2024)

In September 2025, Amazon settled an FTC lawsuit for $2.5 billion – $1 billion in civil penalties and $1.5 billion in consumer refunds – over its Prime sign-up and cancellation dark patterns. (Source: FTC, Sept 2025)

Internal Amazon documents used in the case showed employees describing their own enrollment practices as “a bit of a shady world” and calling unwanted subscriptions “an unspoken cancer.”

The FTC now names individual executives as defendants, not just companies. Two Amazon VPs faced personal liability in the Prime case.

Under the EU’s Digital Services Act, non-compliance with interface manipulation rules can result in fines of up to 6% of global annual revenue.

California’s CPRA and Honda’s 2025 CCPA scrutiny over overly burdensome data rights forms confirm this: the enforcement trend is moving faster than most legal teams expected.

Samuel Levine, Director of the FTC’s Bureau of Consumer Protection, made the agency’s position clear in 2021 – and it has not softened since: “Tricking consumers into signing up for subscription programs or trapping them when they try to cancel is against the law. Firms that deploy dark patterns and other dirty tricks should take notice.”

In 2022, on releasing the FTC’s full dark patterns staff report, he added: “These traps will not be tolerated.”

Source: FTC Press Release, October 2021. “FTC to Ramp Up Enforcement Against Illegal Dark Patterns.” ftc.gov.

What Does Ethical Form Design Actually Look Like?

Form Element	Dark Pattern Version	Ethical Version
Consent Checkbox	✗ Pre-checked by default. User must notice it and actively uncheck it to opt out. Most never do.	✓ Unchecked by default. Requires a deliberate, active tick. Consent is real. GDPR Article 7 mandates this.
Opt-Out Language	✗ “Uncheck this box if you don’t want to not receive promotional emails.” Double negative. Designed to confuse.	✓ “Yes, send me marketing emails.” Plain, direct. User knows exactly what they are agreeing to.
Accept / Decline Buttons	✗ “Accept” is large, colored, and prominent. “Decline” is grey, small, and buried. Removing the opt-out raised consent rates by 20+ points (Nouwens et al., 2020).	✓ Both buttons are identical in size, color, and placement. Neither option is visually dominant. The user chooses freely.
Countdown Timer	✗ Timer resets to zero on page refresh. Offer never expires. 40% of e-commerce countdown timers were found to be fake (Princeton / Mathur et al., 2019).	✓ Only shown when a deadline is genuine. States the actual end date and time. If there is no deadline, there is no timer.
Cancellation / Unsubscribe	✗ One-click signup. Six-step cancellation buried inside account settings, requiring login redirects and a reason field. Amazon’s Prime cancellation had 7 steps internally called “Iliad.”	✓ Cancellation requires the same number of steps as sign-up. Unsubscribe link is visible and works immediately. No reason field required.
Privacy Policy	✗ Thousands of words, no summary, buried at the bottom. Canada now classifies excessively long policies as a formal deceptive interface pattern.	✓ Plain language summary at the top. Key points are highlighted. Full version available for those who want it. GDPR requires clear and plain language.
Data Sharing Defaults	✗ All third-party sharing pre-enabled. User must find and disable each toggle manually. 95.8% of CMPs studied gave users no real consent choice (Utz et al., 2019).	✓ All sharing off by default. Each category requires a separate opt-in. Data minimisation by design, as required under GDPR Article 5.
Sources: GDPR Articles 5 and 7; Nouwens et al., CHI (2020); Mathur et al., Princeton (2019); Utz et al., CCS (2019); FTC v. Amazon (2025); Canadian OPC dark pattern guidance (2023)

Ethical forms aren’t less effective. They’re just honest.

The gap between a form that extracts and a form that serves comes down to a handful of deliberate decisions – most of which cost nothing to implement.

Brignull, writing on the state of the industry in 2024, put it plainly: “The companies that have made the structural fix have shown that it is possible to ship products that are commercially successful and ethically defensible at once.”

Ethical form design is not a conversion killer. It is a choice – and the evidence from companies that have made it suggests the tradeoff is smaller than most teams assume.

Source: Brignull, H. Referenced in analysis of post-2024 writing. Full taxonomy and principles: deceptive.design and “Deceptive Patterns,” Testimonium Ltd., 2023.

What Are the Non-Negotiable Rules for Ethical Forms?

No pre-checked boxes. Every consent requires an active, deliberate tick from the user.
Plain language only. “Yes, send me emails” is not the same as “Uncheck to not receive communications.”
Symmetric options: accept and decline must be identical in size, color, and placement.
Exit paths as easy as entry paths. One-click sign-up means one-click unsubscribe.
No fake timers. Real deadlines get real dates.

Good sign up form best practices and solid form accessibility best practices aren’t separate concerns – they’re the same conversation about designing for humans rather than against them.

How Should Designers Audit Their Own Forms?

The fairness test: would the user make the same choice if both options looked identical and all terms were fully visible?

Check every default field setting before launch – is it set to benefit the user, or the business?

Run the form past someone who didn’t build it. Fresh eyes catch what familiarity misses. And review your form validation best practices at the same time – validation errors are another place where friction can tip from helpful into obstructive.

Regulatory timelines matter here too. What’s currently optional under US law may be legally required by 2028 under the EU Digital Fairness Act.

Which Tools Are Built Around Ethical Form Design?

Not every form builder is built the same way. Most treat manipulation as a feature. Some treat it as a problem to solve.

What Makes IvyForms Different From Standard Form Builders?

IvyForms is a WordPress form builder built around a user-first design philosophy.

No dark pattern tooling in the templates. No pre-checked consent boxes by default. Field types are matched to their actual purpose – email, phone, number – reducing friction and the chance of user error. Inline guidance helps users complete forms correctly the first time rather than hitting walls of form error message examples after submission.

The drag-and-drop builder gives real-time form previews, spam protection is built in (reCAPTCHA and honeypot), and entry management is included without requiring an upgrade. The team’s stated design principle: “design with the user in mind, ensuring the product is intuitive and meets the needs of diverse users.”

For a more complete look at what ethical, user-first forms should actually include across different use cases, the website form examples and contact form examples pages offer a useful reference point.

What Can You Do Right Now to Protect Yourself?

This is the part most articles skip. They explain the problem. They don’t help you do anything about it.

How Do You Spot Dark Patterns Before You Submit a Form?

Scroll the full form before filling in anything. Pre-checked boxes are almost always at the bottom.
Read every checkbox label carefully. Look for double negatives.
If there’s a countdown timer, refresh the page and watch whether it resets.
Search for the cancellation or unsubscribe process before you sign up. If it’s buried or unclear, that tells you something.
Look for pre-filled consent toggles, especially those related to marketing, data sharing, or third-party access.

More than 40% of consumers have faced unexpected financial consequences from deceptive form design. (Source: Acowebs, 2025)

That’s not a UX problem. It’s a consumer protection problem. And spotting it starts with knowing what to look for.

What Should Developers and Designers Do Differently?

Treat consent as something earned through clarity, not assumed through inaction.

Review every default setting in your forms. Check your form layout best practices and your opt-out flows with the same rigor you’d apply to your checkout. If you’re using subscription forms, look at your subscription form examples and ask honestly: is every option here genuinely neutral?

The Amazon case made one thing clear – internal communications acknowledging “shady” practices become evidence of intent. Building ethical forms isn’t just the right thing to do. It’s now a legal risk management decision.

GDPR consent form examples offer a practical baseline for what compliant, non-manipulative consent interfaces should look like in practice.

Frequently Asked Questions

Are dark patterns in online forms actually illegal?

It depends on where you are and which tactic is used.

In the EU, pre-ticked boxes and asymmetric consent interfaces are explicitly illegal under GDPR Article 7. The Digital Services Act (DSA), which came into full enforcement in 2024-2025, bans dark patterns across any digital service operating in the EU – not just for cookies, but across the entire interface.

In the US, there is no single federal law that bans dark patterns outright.

But the FTC treats them as deceptive practices under Section 5 of the FTC Act, which makes them actionable. California’s CPRA explicitly prohibits using dark patterns to interfere with privacy rights. Colorado, Virginia, and several other states have followed with similar language in their own privacy laws.

The short answer: in the EU, many are illegal by name. In the US, they are illegal in effect when they cause consumer harm – and enforcement is increasing fast.

What happened to the FTC’s Click-to-Cancel rule?

The FTC finalized its Click-to-Cancel rule in October 2024, requiring that cancelling a subscription be as easy as signing up.

In July 2025, the US Court of Appeals for the Eighth Circuit struck it down – not because it was wrong in principle, but because the FTC skipped a required procedural step during drafting.

The FTC can still pursue subscription dark pattern cases under existing law (Section 5 of the FTC Act and ROSCA). The Amazon $2.5 billion settlement was reached under those existing powers, not the Click-to-Cancel rule.

The rule may be refiled. In the meantime, enforcement continues through existing frameworks.

When the FTC filed the original Amazon complaint in June 2023, then-Chair Lina M. Khan was direct: “Amazon tricked and trapped people into recurring subscriptions without their consent, not only frustrating users but also costing them significant money. These manipulative tactics harm consumers and law-abiding businesses alike.”

That last point is worth sitting with. Dark patterns don’t just hurt users. They hurt every competitor playing it straight.

Source: FTC Press Release, June 21, 2023. “FTC Takes Action Against Amazon for Enrolling Consumers in Amazon Prime Without Consent.” ftc.gov.

Can I get a refund if a dark pattern tricked me into a subscription?

Yes, in many cases.

Dispute the charge with your bank or card provider. If you did not authorize the subscription – or if the sign-up flow was genuinely deceptive – most banks will process a chargeback, especially for the first one or two charges.
Contact the company directly first. Document the deceptive form design (screenshots help). Many companies will refund quietly to avoid a complaint.
Check your state’s consumer protection laws. California, New York, and several other states have specific protections for automatic renewal and subscription trap cases.
Consider a class action. If the deceptive design affected thousands of users, class action suits are common and you do not need to have lost large amounts of money to join.

Epic Games paid $245 million in refunds after the FTC took action over its in-game purchase dark patterns. Refunds through regulatory action are possible, but slower.

How do I report a dark pattern?

Reporting routes depend on your location.

United States:

File a complaint at reportfraud.ftc.gov
Your state attorney general’s office may have a consumer protection complaint portal

United Kingdom:

Report to the Information Commissioner’s Office (ICO) at ico.org.uk for data-related dark patterns
The Competition and Markets Authority (CMA) handles subscription traps and misleading commercial practices

European Union:

File with your national data protection authority (DPA) for GDPR violations
The European Consumer Centre (ECC) handles cross-border complaints

Globally:

Submit examples to deceptive.design, Harry Brignull’s public database of documented dark patterns

Reports rarely result in immediate personal remedies. But regulators use complaint volumes to prioritize investigations, so reporting does contribute to enforcement over time.

Do dark patterns only affect non-technical users?

No. This is probably the most common misconception about how they work.

Research from Cambridge Behavioural Public Policy (2025) found strong evidence that individuals across all demographic groups are susceptible to dark patterns, with only weak evidence that income, education, or age materially changes that susceptibility.

Dark patterns work by targeting cognitive shortcuts that everyone uses – the default effect, FOMO, decision fatigue, and the assumption that a well-designed form is trustworthy. These are not signs of low intelligence. They are normal features of how human brains handle information under time pressure.

Older users and less digitally experienced users show higher susceptibility to specific tactics like fake urgency, but technical users are not immune. The design is built to work on everyone.

What is “confirmshaming” and is it a dark pattern?

Yes. Confirmshaming is a specific dark pattern that uses guilt or shame to push users away from opting out.

The classic example is the newsletter opt-out button that reads: “No thanks, I don’t want to grow my business.”

The language is designed to make declining feel like a personal failing. It does not hide information or create fake urgency – it manipulates through emotion instead.

The EU’s Digital Services Act and GDPR guidelines both identify emotionally coercive language in consent interfaces as a form of manipulative design. It is less regulated than pre-checked boxes in most jurisdictions, but regulators are increasingly treating it as part of the broader dark patterns framework.

If I’m building forms, how do I know if mine cross the line?

Ask these three questions about every form you publish.

1. Would a user make the same choice if both options looked identical? If “accept” is visually dominant over “decline,” the design is nudging, not offering.

2. Are any defaults set to benefit the business rather than the user? Pre-checked marketing boxes, pre-enabled data sharing, pre-selected premium tiers – all of these are warning signs.

3. Is leaving as easy as joining? If your cancellation or unsubscribe flow has more steps than your sign-up, that is obstruction by design.

California’s CPRA enforcement standard is worth internalizing here: dark patterns are assessed by their effect on the user, not by whether you intended to manipulate. If the outcome is that users are steered against their own interests, that is enough.

For a practical starting point, reviewing how to create GDPR compliant forms covers the consent baseline that most ethical form design builds from.

Conclusion

Dark pattern forms are not a fringe issue. They’re the default on three out of four websites, by the FTC’s own count.

The manipulation is deliberate, the cognitive targets are well-documented, and the legal consequences are finally catching up.

But the fix isn’t complicated.

Forms built around honest defaults, plain language, and symmetric choices don’t just avoid regulatory risk. They build the kind of trust that keeps users coming back.

For anyone building on WordPress, tools like IvyForms make ethical form design the path of least resistance, not an extra effort.

Users are paying attention. Regulators are paying attention. The only question left is whether your forms are worth defending.

You’re Being Manipulated With Dark Patterns Every Time You Fill Out a Form Online