Language selection

OPC Logo Office of the Privacy Commissioner of Canada

Search

Beware of deceptive design: Tips for individuals when navigating websites and mobile apps

Deceptive design patterns are everywhere, and usually deliberate. They are tricks that many websites and mobile apps use to encourage you to give away more of your personal information online, often so that information can be further used for purposes such as marketing, or to ensure that you keep using their service or product.

This could include making a website’s privacy policy or the option to “delete account” hard to find. Deceptive design can also, for example, influence you to accept a certain pre-selected default setting, or a more prominent button, such as “accept all,” that will grant access to more of your personal information.

The following tips can help you to recognize deceptive design patterns so that you can take steps to better protect your fundamental right to privacy.

The most common types of deceptive design

Being able to identify the five most common types of deceptive design online is the first step towards protecting your privacy and your personal information.

  1. Complex and confusing language: Companies often explain their personal information collection practices with long privacy policies that are hard to understand. In other instances, they use pop-up privacy notices, which can sometimes be more confusing than helpful.
  2. Interface interference: This involves design elements on a website or app that either distract, influence, or confuse you. For example:
    • Creating a false hierarchy by making the “accept all cookies” choice more obvious than the “reject all cookies” button.
    • Pre-selecting an item that will give access to more of your data. For example, by forcing you to turn off the option to share or sell your personal data.
    • Using “confirm-shaming” to influence you to change your mind. For example, when on a website or app you are prompted to create an account but do not wish to, the button to choose the option of not creating an account would not only say “no”; it may say something like: “No thanks, I am not into savings.”
  3. Nagging: Nagging is a technique aimed at frustrating you into changing your mind and choosing the company’s preferred option. You may encounter repeated pop-ups with the intent of eventually making you give up more of your personal information, for example, by asking you to sign up for an account, provide your email address, or switch to the app.
  4. Obstruction: This occurs when it is so difficult to find privacy settings or delete an account that it discourages you from finishing the task, for example, when you have to search for and click on numerous links to get to the privacy information or option you seek.
  5. Forced action: This happens when the website or app forces you to disclose more personal information than necessary to take advantage of an option. This could be the case, for example, if you have to disclose more personal information to close an account than to open one, or if you are left with no option other than to “accept all” privacy settings, like those related to cookies. Forced action limits your ability to manage your personal information.

Tips to help you to outsmart deceptive design

  • Find and read the small print. A more privacy friendly option is often available, even if it is not obvious. Spend a few more seconds looking or scrolling to find it.
  • Be vigilant with the websites and apps that your children use. Deceptive design patterns can be especially difficult for children to spot, and even websites that are primarily aimed at children may collect personal information. It is important to research and understand the online spaces that your children frequent to ensure that their personal information and privacy is well protected.
  • Discuss deceptive design patterns with your children. By familiarizing your children with deceptive design patterns and discussing with them the importance of privacy, you can help them to better protect their personal information and ensure that their privacy is well protected now and for years to come.
  • Adjust sliders or select other options from drop-down menus. Privacy settings may be set by default to less privacy-friendly choices, but you can often control cookies, or whether you wish to allow the company to share your personal information with third parties, with just a few extra clicks.
  • Use the “incognito” mode of your browser, which can significantly reduce cookie tracking, and review your browser’s privacy settings to block third-party cookies. For more information, see: Tips for using privacy settings.
  • Use the search function. If you cannot find the privacy information or setting that you are looking for (such as how to delete an account), the website or app’s “help” section might have a search function that can help you to track down the information.
  • Opt for privacy-friendly services. If you are uncomfortable with an organization’s privacy practices or cannot understand them based on the information that is provided, delete the app, or leave the website. If you wish to continue using the service and have concerns, you can also contact the organization’s privacy office to let them know of your concerns and to obtain more information.
Date modified: