DARK patterns—deliberate design choices in websites and apps—include cookie banners with a no-reject option, free trial subscriptions that are hard to cancel, hidden refund options, and misleading email access requests, and they are growing in scope every year. Organisations deploy these tactics as marketing or usability enhancements, but they can erode security awareness and raise serious privacy concerns.
The Federal Trade Commission warned in 2024 that dark pattern techniques can “steer customers to take actions they would not have otherwise taken.” Recent analyses by FTC and the International Consumer Protection and Enforcement Network found that nearly 76% of sites and apps employed at least one dark pattern, with about 67% using more.
The piece also notes incidents such as the 2023 Retool breach, where a vishing attack led to a one-time-password code being exposed, and discusses how default settings, like MFA and cloud syncing, can create security risks, underscoring the need for greater transparency and user consent.