Deception by Design

Author’s note – This post uses “deceptive design” and “deceptive design patterns” instead of “dark patterns.” Read more about this choice in the “dark UX” entry of Intuit’s content design manual.

Take a moment to study the following toggle button for the following privacy setting for “Don’t Not Sell My Personal Information”:

The California Consumer Privacy Act (CCPA) Opt-Out Icon. A long rounded horizontal oval containing a blue checkmark on white on one side, and a white X on blue on the other side.
The official California Consumer Privacy Act (CCPA) opt-out icon. You might have guessed that I have Opinions on this design. You guessed correctly.

Now answer this – are we telling the business not to sell our data or telling them that it’s okay? Which symbol is selected? Is it the blue checkmark with the white background? Or is it the white X with the blue background?

Confusing, isn’t it?

That is just one example of deceptive design patterns. Deceptive design creates confusion, obfuscating options or creating barriers to trick and frustrate users into making decisions that are not in their best interests. These patterns serve many purposes, ranging from making users pay more for services and products to extract personal information from users. It’s hard for users to protect their privacy when they are not aware that the company or designer uses deceptive patterns to prioritize their benefit over the user’s privacy.

There are many types of deceptive design patterns that users encounter daily. While commercial businesses tend to get the most attention in deceptive design discussions, library products and services also engage in deceptive design patterns. These design choices put patron privacy at risk in several ways, including creating confusion with patrons around their data privacy choices and rights and the additional collection of patron data by both libraries and library vendors.

Let’s take a short tour of deceptive design patterns in practice in libraries:

Did you really turn it off? – Some electronic resource products have a setting that lets patrons “turn off” borrowing history. What patrons might not know, though, is that their borrowing history hasn’t turned off.  It’s just that they can no longer visibly track their history on the app or site. Here’s an example from the OverDrive app:

A privacy setting option in the Overdrive App: "History - Display your borrowing history, with the option to add and remove individual titles. Learn more. [hyperlinked]"
Image screenshot from the OverDrive app.

At first read, patrons might think that not checking this box will tell OverDrive not to track their borrowing history. If patrons don’t click on the “Learn More” link, they most likely won’t know that this option only hides their borrowing history and that their digital reading/listening is still being tracked by the company.

Public by default – Being a library service or product means that the default settings for any new user account would be private, right? Not exactly. Patrons creating user accounts on library websites and services might not be aware that their account is sharing information with the public. For example, despite many libraries’ requests, user accounts in BiblioCore default to publicly sharing patron activity, such as what items are on a patron’s shelves. Some libraries have tried to work around this default through log-in page messages, FAQs, and blog posts informing patrons to change their privacy settings.

Fill in the blank – Find a fill-in box, fill in the box? Library patrons filling out forms for library cards or user accounts might not realize that they do not have to provide all their data to use the library. Library card registrations are a very good example of where libraries collect more patron data than absolutely needed. (Libraries who still collect gender identity data, I’m looking at you.) What data does the application ask from patrons? How many of those data fields are absolutely necessary for creating a library account? Does the application process mark those fields as required, or are there no clear indicators as to which fields are required and which fields are optional?

“Pay” to play – Similar to “fill in the blank”, patrons might not realize that there are ways they can use the library without having to give up more of their data, such as using the classic version of the library catalog over the discovery layer that requires a separate user account. Nonetheless, many vendors, along with some libraries, actively encourage patrons to “pay” with their data if patrons want to make full use of their services or products. How many of your library’s electronic resources or services direct patrons to create user accounts even though an account isn’t required to use the service? Does the website contain clear and accessible messaging to patrons that they can use the resource or service without creating an account or submitting to web tracking?

These are only a selected sample of the deceptive design patterns you can find at your library. Do you have any examples of these deceptive patterns you’ve come across as either a patron or a library worker? Share them with us at and we’ll do a follow-up post! These examples can help libraries in identifying and resolving deceptive patterns that put patron privacy at risk.