Glossary · Consumer Protection

Dark Patterns: How Manipulative Design Triggers FTC Enforcement & Class Actions

By Steve Levine · Updated July 2, 2026 · 8 min read

Quick Answer

Dark patterns are interface designs that manipulate or trick users into doing things they didn't intend — subscribing, staying subscribed, buying extras, or giving up data. The FTC's 2022 staff report, Bringing Dark Patterns to Light, catalogs the main tactics: hard-to-cancel “roach motel” flows, confirmshaming, hidden fees, forced continuity, sneaking items into carts, disguised ads, and obstruction. The conduct is challenged under Section 5 of the FTC Act and ROSCA (the online negative-option law), and California's CCPA/CPRA provides that consent obtained through dark patterns is not valid consent. The FTC's settlement with Epic Games included $245 million in consumer redress over dark-pattern billing in Fortnite, and dark-pattern allegations are the backbone of most auto-renewal class actions.

What Dark Patterns Are

A dark pattern (regulators increasingly say deceptive design pattern) is a user interface built to steer, trick, or wear down the user into a choice that benefits the business — a purchase, a subscription, a data-sharing permission — that the user would not have made if the interface were neutral. The term comes from UX research, but it entered enforcement vocabulary in earnest with the Federal Trade Commission's September 2022 staff report, Bringing Dark Patterns to Light, which collected the tactics the agency had been seeing across e-commerce, subscriptions, gaming, and children's apps.

What separates a dark pattern from garden-variety false advertising is that the deception lives in the design rather than in a statement: the button placement, the pre-checked box, the maze of cancellation screens, the countdown clock that resets on refresh. Each individual screen may be technically accurate, yet the flow as a whole predictably produces mistaken clicks and unwanted charges — at scale.

The FTC's Dark-Patterns Taxonomy

The staff report and later enforcement actions describe a recognizable playbook. The most commonly cited dark patterns are:

  1. Roach motel / obstruction. Easy to sign up, hard to leave: cancellation only by phone, buried settings, or long retention gauntlets designed to wear the user down.
  2. Forced continuity. A free trial that silently rolls into a paid subscription, with the renewal terms under-disclosed and no reminder before billing starts.
  3. Hidden fees / drip pricing. Mandatory charges revealed only at the end of checkout — covered in depth in our guide to bait-and-switch & drip pricing.
  4. Sneak into basket. Adding items, warranties, or donations to the cart without the shopper affirmatively choosing them.
  5. Confirmshaming. Guilt-tripping decline language (“No thanks, I hate saving money”) engineered to shame users out of opting out.
  6. Disguised ads. Advertisements formatted to look like editorial content, navigation, or system messages so users click without realizing it's an ad.
  7. False urgency & social proof. Fake countdown timers, phantom low-stock warnings, and manufactured “X people are viewing this” claims.
Real-world flows usually stack several of these at once — a free trial (forced continuity) with a pre-checked add-on (sneak into basket) that can only be cancelled by phone (roach motel) after a confirmshaming exit survey.

ROSCA & Negative-Option Enforcement

The FTC's sharpest tool against subscription dark patterns is ROSCA — the Restore Online Shoppers' Confidence Act, 15 U.S.C. § 8401 et seq. ROSCA makes it unlawful to charge a consumer through an online negative-option feature (a plan that keeps billing until the customer affirmatively cancels) unless the seller clearly discloses the material terms before obtaining billing information, gets the consumer's express informed consent, and provides a simple mechanism to stop recurring charges. A cancellation flow that takes one click to enter and five phone calls to exit sits squarely in ROSCA's crosshairs, and ROSCA violations also count as violations of the FTC Act.

The FTC also finalized a broader Negative Option Rule — often called the “click-to-cancel” rule — in late 2024, which would have required cancellation to be as easy as sign-up across industries; a federal appeals court vacated that rule on procedural grounds in 2025 before its main provisions took effect. ROSCA and state auto-renewal statutes, however, remain fully in force, and they carry the same core demands: disclose clearly, get real consent, make cancellation simple.

FTC v. Epic Games (Fortnite)

The marquee dark-patterns enforcement action is the FTC's December 2022 settlement with Epic Games, the maker of Fortnite. In the dark-patterns portion of the case, the FTC alleged that Fortnite's in-game store used counterintuitive, inconsistent button configurations and confusing purchase flows that led players — including children — to rack up unwanted charges with a single misplaced press, and that Epic made it hard to dispute or reverse them. Epic agreed to pay $245 million in consumer redress to resolve those billing allegations, alongside a separate civil penalty resolving children's-privacy allegations under COPPA. The FTC has since mailed refunds to affected players in multiple distribution rounds.

The case matters beyond its size: it established that interface design itself can be the deceptive practice, even where no individual statement is false — the theory that now underpins both agency enforcement and a growing share of private consumer litigation.

Dark Patterns & Privacy Consent (CCPA/CPRA)

Dark patterns also decide whether a privacy “consent” counts. California's CCPA, as amended by the CPRA, defines valid consent to exclude agreement obtained through dark patterns: under Cal. Civ. Code § 1798.140, “agreement obtained through use of dark patterns does not constitute consent.” The California Privacy Protection Agency's regulations spell this out for opt-out flows — a “Do Not Sell or Share” process that takes more steps than the opt-in, uses confusing double negatives, or nags users with repeated confirmation screens can render the resulting “consent” invalid. Several other state privacy laws have copied the same rule.

The practical consequence: a company can lose the legal benefit of every consent box it collected if the flow that produced those consents was manipulative. In privacy litigation, plaintiffs use this to argue that tracking, sharing, or selling continued without valid consent notwithstanding a clicked checkbox.

Dark Patterns in Auto-Renewal Class Actions

In private litigation, dark-pattern allegations appear most often in auto-renewal class actions. The template complaint alleges that a subscription service failed to clearly and conspicuously disclose renewal terms, charged without affirmative consent, and made cancellation unreasonably difficult — pleaded under state auto-renewal laws, consumer-protection statutes, and ROSCA-derived theories. Because everything happened inside a uniform sign-up flow, the classwide-commonality story is strong: every subscriber saw the same screens.

Settlements in this space typically refund part of the renewal charges. The Peacock auto-renewal settlement ($3.74 million, now closed) resolved California auto-renewal claims over the streaming service's renewal disclosures, and the FTC's $14 million Match Group settlement resolved agency allegations about Match.com's guarantee offers, cancellation flow, and treatment of users who disputed charges — in each case without an admission of wrongdoing. One caution for readers of these cases: many subscription agreements contain arbitration clauses and class-action waivers, which can determine whether a dark-pattern claim proceeds as a class action at all.

Frequently Asked Questions

What are dark patterns?

Dark patterns are user-interface designs that trick or manipulate people into doing things they did not intend — signing up, staying subscribed, buying extras, or handing over data. The FTC's 2022 staff report, Bringing Dark Patterns to Light, catalogs the most common tactics, including hard-to-cancel subscription flows, confirmshaming, hidden fees, pre-checked boxes, countdown timers, and ads disguised as content. The design element is what distinguishes a dark pattern from a simple false statement: the deception is built into how the interface works.

What is a roach motel in web design?

A roach motel is a dark pattern where getting in is easy but getting out is hard — most often a subscription you can start with one click online but can only cancel by phone, by chat with a retention agent, or through a long, buried cancellation flow. Regulators treat roach-motel cancellation as a hallmark of unfair subscription design, and hard-to-cancel allegations appear in many auto-renewal class actions and FTC enforcement actions.

Are dark patterns illegal?

There is no single federal statute named after dark patterns, but the conduct they describe is frequently unlawful. The FTC challenges dark patterns as deceptive or unfair practices under Section 5 of the FTC Act and under ROSCA when they involve online subscriptions. State auto-renewal laws and consumer-protection statutes reach the same conduct, and California's CCPA/CPRA expressly provides that consent obtained through dark patterns is not valid consent. Whether a specific design crosses the line depends on the facts.

What happened in FTC v. Epic Games?

In December 2022 the FTC announced a settlement with Epic Games, the maker of Fortnite, that included $245 million in consumer redress to resolve allegations that the game's interface used dark patterns — such as confusing button configurations and store designs — that led players, including children, to make unwanted in-game purchases. It was part of a larger package that also included a separate civil penalty resolving children's-privacy allegations. The FTC has distributed refunds to affected players in multiple rounds.

How do dark patterns show up in auto-renewal class actions?

Auto-renewal class actions commonly allege that a subscription service failed to clearly disclose renewal terms, failed to get affirmative consent before charging, and made cancellation unreasonably difficult — all classic dark-pattern allegations. Plaintiffs typically sue under state auto-renewal statutes, consumer-protection laws, and ROSCA-based theories, seeking refunds of renewal charges. Settlements in these cases often refund part of the charges to subscribers who did not use the service after renewal.


About This Page

General legal-information about dark patterns and deceptive design, not legal advice. OpenClassActions.com is a consumer news site and is not a law firm or a settlement administrator. Statutes, rules, and enforcement positions change — this area is developing quickly — and how they apply depends on the facts of a particular situation. For controlling sources, see Section 5 of the FTC Act, ROSCA (15 U.S.C. § 8401 et seq.), the FTC's Bringing Dark Patterns to Light staff report, and the CCPA/CPRA and its regulations. If you think your rights were affected, consult a qualified attorney in your jurisdiction.


More on Consumer Protection & Subscription Traps