Beware of deceptive design: Tips for individuals when navigating websites and mobile apps

Video: Commissioner Dufresne discusses the 2024 deceptive design privacy sweep

Deceptive design patterns are everywhere. They are tricks that many websites and mobile apps use to encourage you to give away more of your personal information online, often so that it can be used for secondary purposes such as marketing. These techniques may also be used to keep you using a service or product or to influence you to accept a pre-selected default setting.

Recognize deceptive design patterns

Being able to identify the most common types of deceptive design online is the first step towards protecting your privacy and your personal information.

Complex and confusing language

Companies often explain how they collect, use or disclose personal information with long privacy policies that are hard to understand. Or they may use pop-up privacy notices that can be more confusing than helpful.

An illustration showing two hands holding an electronic tablet that displays a long privacy policy in increasingly smaller characters.

Interface interference

These are design elements that either distract, influence, or confuse you. For example:

Creating a false hierarchy by making the “accept all cookies” choice more obvious than the “reject all cookies” button.
Pre-selecting a setting that gives access to more of your data. For example, you may have to turn off the default setting that allows the company to share or sell your personal data.
Using “confirm-shaming” to influence you to change your mind. For example, when you are prompted to create an account but do not wish to, the No button may say something like: “No thanks, I am not into savings.”

An illustration of a computer screen showing a web page where two action buttons are visible. The button on the left reads "Cookie settings" and the much larger button on the right reads "Accept all." An almost invisible line of text offers a third option: "Continue without accepting."

Nagging

This technique is aimed at getting you to change your mind and choose the company’s preferred option. For example, a company might present pop-ups repeatedly with the intent of getting you to sign up for an account, provide your email address, or switch to an app.

An illustration with two hands holding a smartphone that displays a pop-up window that reads "Get full access to our content. Use the app and everything will work better!" Several other pop-up windows appear on top of each other with the text "Download now."

Obstruction

Companies will sometimes design websites that make it so difficult to find privacy settings or delete an account that you give up trying.

An illustration with two hands holding a smartphone that displays a person at the entrance to a maze with multiple arrows going off in all directions. The arrows say: "Closing your account this way."

Forced action

This happens when the website or app forces you to disclose more personal information than necessary to use an option. For example, when you have to disclose more personal information to close an account than to open one, or when you are left with no option other than to “accept all cookies.”

An illustration with two hands holding a smartphone that displays a web page with the following text: "To delete your account, please enter and confirm your email address." Under this text there are two fields to enter the email.

Better protect your privacy online

Find and read the small print. A more privacy friendly option is often available, even if it is not obvious.
Be vigilant with the websites and apps that your children use. Deceptive design patterns can be especially difficult for children to spot. Even websites that are aimed at children may collect personal information. Research and understand the online spaces that your children visit to ensure that their privacy is well protected.
Discuss deceptive design patterns with your children. Teach your children about deceptive design and discuss the importance of privacy with them. This will help them learn how to protect their personal information.
Adjust sliders or select other options from drop-down menus. Privacy settings may be set by default to less privacy-friendly choices. You can often change these settings and restrict cookies with just a few extra clicks. This will give you control over what the company can collect and share with third parties.
Use the “private browsing mode” of your browser to reduce cookie tracking and review your browser’s privacy settings to block third-party cookies. For more information, see Tips for using privacy settings.
Use the search function. If you cannot find the privacy information or setting that you are looking for (such as how to delete an account), the website or app’s “help” section might have a search function that can help you track down the information.
Opt for privacy-friendly services. If you do not like a company’s privacy practices or cannot understand them based on the information that is provided, delete the app or leave the website.

Language selection

Search and menus

Search