Dark Patterns: How Manipulative Design Triggers FTC Enforcement & Class Actions
By Steve Levine · Updated July 2, 2026 · 8 min read
Quick Answer
Dark patterns are interface designs that manipulate or trick users into doing things they didn't intend — subscribing, staying subscribed, buying extras, or giving up data. The FTC's 2022 staff report, Bringing Dark Patterns to Light, catalogs the main tactics: hard-to-cancel “roach motel” flows, confirmshaming, hidden fees, forced continuity, sneaking items into carts, disguised ads, and obstruction. The conduct is challenged under Section 5 of the FTC Act and ROSCA (the online negative-option law), and California's CCPA/CPRA provides that consent obtained through dark patterns is not valid consent. The FTC's settlement with Epic Games included $245 million in consumer redress over dark-pattern billing in Fortnite, and dark-pattern allegations are the backbone of most auto-renewal class actions.
What Dark Patterns Are
A dark pattern (regulators increasingly say deceptive design pattern) is a user
interface built to steer, trick, or wear down the user into a choice that benefits the business
— a purchase, a subscription, a data-sharing permission — that the user would not
have made if the interface were neutral. The term comes from UX research, but it entered
enforcement vocabulary in earnest with the
Federal Trade
Commission's September 2022 staff report, Bringing Dark Patterns to Light, which
collected the tactics the agency had been seeing across e-commerce, subscriptions, gaming, and
children's apps.
What separates a dark pattern from garden-variety false advertising is that the deception lives
in the design rather than in a statement: the button placement, the pre-checked box, the
maze of cancellation screens, the countdown clock that resets on refresh. Each individual screen
may be technically accurate, yet the flow as a whole predictably produces mistaken clicks and
unwanted charges — at scale.
The FTC's Dark-Patterns Taxonomy
The staff report and later enforcement actions describe a recognizable playbook. The most
commonly cited dark patterns are:
Roach motel / obstruction. Easy to sign up, hard to leave: cancellation only by phone, buried settings, or long retention gauntlets designed to wear the user down.
Forced continuity. A free trial that silently rolls into a paid subscription, with the renewal terms under-disclosed and no reminder before billing starts.
Hidden fees / drip pricing. Mandatory charges revealed only at the end of checkout — covered in depth in our guide to bait-and-switch & drip pricing.
Sneak into basket. Adding items, warranties, or donations to the cart without the shopper affirmatively choosing them.
Confirmshaming. Guilt-tripping decline language (“No thanks, I hate saving money”) engineered to shame users out of opting out.
Disguised ads. Advertisements formatted to look like editorial content, navigation, or system messages so users click without realizing it's an ad.
False urgency & social proof. Fake countdown timers, phantom low-stock warnings, and manufactured “X people are viewing this” claims.
Real-world flows usually stack several of these at once — a free trial (forced continuity)
with a pre-checked add-on (sneak into basket) that can only be cancelled by phone (roach motel)
after a confirmshaming exit survey.
ROSCA & Negative-Option Enforcement
The FTC's sharpest tool against subscription dark patterns is
ROSCA — the Restore Online
Shoppers' Confidence Act, 15 U.S.C. § 8401 et seq. ROSCA makes it unlawful to charge a
consumer through an online negative-option feature (a plan that keeps billing until the
customer affirmatively cancels) unless the seller clearly discloses the material terms
before obtaining billing information, gets the consumer's express informed
consent, and provides a simple mechanism to stop recurring charges. A cancellation
flow that takes one click to enter and five phone calls to exit sits squarely in ROSCA's
crosshairs, and ROSCA violations also count as violations of the FTC Act.
The FTC also finalized a broader Negative Option Rule — often called the
“click-to-cancel” rule — in late 2024, which would have required cancellation
to be as easy as sign-up across industries; a federal appeals court vacated that rule on
procedural grounds in 2025 before its main provisions took effect. ROSCA and state auto-renewal
statutes, however, remain fully in force, and they carry the same core demands: disclose
clearly, get real consent, make cancellation simple.
FTC v. Epic Games (Fortnite)
The marquee dark-patterns enforcement action is the FTC's December 2022 settlement with
Epic Games, the maker of Fortnite. In the dark-patterns portion of the case, the
FTC alleged that Fortnite's in-game store used counterintuitive, inconsistent button
configurations and confusing purchase flows that led players — including children —
to rack up unwanted charges with a single misplaced press, and that Epic made it hard to dispute
or reverse them. Epic agreed to pay $245 million in consumer redress to resolve those
billing allegations, alongside a separate civil penalty resolving children's-privacy
allegations under COPPA. The FTC has since mailed refunds to affected players in multiple
distribution rounds.
The case matters beyond its size: it established that interface design itself can be the
deceptive practice, even where no individual statement is false — the theory that now
underpins both agency enforcement and a growing share of private consumer litigation.
Dark Patterns & Privacy Consent (CCPA/CPRA)
Dark patterns also decide whether a privacy “consent” counts. California's CCPA, as
amended by the CPRA, defines valid consent to exclude agreement obtained through dark
patterns: under Cal. Civ. Code § 1798.140, “agreement obtained through use of dark
patterns does not constitute consent.” The California Privacy Protection Agency's
regulations spell this out for opt-out flows — a “Do Not Sell or Share”
process that takes more steps than the opt-in, uses confusing double negatives, or nags users
with repeated confirmation screens can render the resulting “consent” invalid.
Several other state privacy laws have copied the same rule.
The practical consequence: a company can lose the legal benefit of every consent box it
collected if the flow that produced those consents was manipulative. In privacy litigation,
plaintiffs use this to argue that tracking, sharing, or selling continued without valid
consent notwithstanding a clicked checkbox.
Dark Patterns in Auto-Renewal Class Actions
In private litigation, dark-pattern allegations appear most often in
auto-renewal class
actions. The template complaint alleges that a subscription service failed to clearly and
conspicuously disclose renewal terms, charged without affirmative consent, and made cancellation
unreasonably difficult — pleaded under state auto-renewal laws, consumer-protection
statutes, and ROSCA-derived theories. Because everything happened inside a uniform sign-up flow,
the classwide-commonality story is strong: every subscriber saw the same screens.
Settlements in this space typically refund part of the renewal charges. The
Peacock
auto-renewal settlement ($3.74 million, now closed) resolved California auto-renewal claims
over the streaming service's renewal disclosures, and the FTC's
$14 million
Match Group settlement resolved agency allegations about Match.com's guarantee offers,
cancellation flow, and treatment of users who disputed charges — in each case without an
admission of wrongdoing. One caution for readers of these cases: many subscription agreements
contain arbitration clauses and
class-action waivers,
which can determine whether a dark-pattern claim proceeds as a class action at all.
Frequently Asked Questions
What are dark patterns?
Dark patterns are user-interface designs that trick or manipulate people into doing things they did not intend — signing up, staying subscribed, buying extras, or handing over data. The FTC's 2022 staff report, Bringing Dark Patterns to Light, catalogs the most common tactics, including hard-to-cancel subscription flows, confirmshaming, hidden fees, pre-checked boxes, countdown timers, and ads disguised as content. The design element is what distinguishes a dark pattern from a simple false statement: the deception is built into how the interface works.
What is a roach motel in web design?
A roach motel is a dark pattern where getting in is easy but getting out is hard — most often a subscription you can start with one click online but can only cancel by phone, by chat with a retention agent, or through a long, buried cancellation flow. Regulators treat roach-motel cancellation as a hallmark of unfair subscription design, and hard-to-cancel allegations appear in many auto-renewal class actions and FTC enforcement actions.
Are dark patterns illegal?
There is no single federal statute named after dark patterns, but the conduct they describe is frequently unlawful. The FTC challenges dark patterns as deceptive or unfair practices under Section 5 of the FTC Act and under ROSCA when they involve online subscriptions. State auto-renewal laws and consumer-protection statutes reach the same conduct, and California's CCPA/CPRA expressly provides that consent obtained through dark patterns is not valid consent. Whether a specific design crosses the line depends on the facts.
What happened in FTC v. Epic Games?
In December 2022 the FTC announced a settlement with Epic Games, the maker of Fortnite, that included $245 million in consumer redress to resolve allegations that the game's interface used dark patterns — such as confusing button configurations and store designs — that led players, including children, to make unwanted in-game purchases. It was part of a larger package that also included a separate civil penalty resolving children's-privacy allegations. The FTC has distributed refunds to affected players in multiple rounds.
How do dark patterns show up in auto-renewal class actions?
Auto-renewal class actions commonly allege that a subscription service failed to clearly disclose renewal terms, failed to get affirmative consent before charging, and made cancellation unreasonably difficult — all classic dark-pattern allegations. Plaintiffs typically sue under state auto-renewal statutes, consumer-protection laws, and ROSCA-based theories, seeking refunds of renewal charges. Settlements in these cases often refund part of the charges to subscribers who did not use the service after renewal.
Related Terms
ROSCA — the federal law behind online negative-option and free-trial enforcement
Get notified when new class actions open to claims
Join thousands of readers who get the latest class action settlements you may qualify for — delivered straight to your inbox.
About This Page
General legal-information about dark patterns and deceptive design, not legal advice.
OpenClassActions.com is a consumer news site and is not a law firm or a settlement
administrator. Statutes, rules, and enforcement positions change — this area is developing
quickly — and how they apply depends on the facts of a particular situation. For
controlling sources, see Section 5 of the FTC Act, ROSCA (15 U.S.C. § 8401 et seq.), the
FTC's Bringing Dark Patterns to Light staff report, and the CCPA/CPRA and its regulations. If
you think your rights were affected, consult a qualified attorney in your jurisdiction.
More on Consumer Protection & Subscription Traps
ROSCA — Negative-Option Billing: The federal law behind auto-renewal and free-trial subscription enforcement. Read the guide →
Bait-and-Switch & Drip Pricing: Junk fees, hidden charges, and the FTC and California honest-pricing rules. Learn more →
Federal Trade Commission (FTC): What the FTC does — and how its enforcement settlements turn into consumer refunds. What it covers →
Class Action Waiver: The subscription-contract term that decides whether claims proceed as a class. Read more →
CLRA — Consumers Legal Remedies Act: California's consumer statute, frequently pleaded in dark-pattern and fee cases. Read the guide →