An Ontology of Dark Patterns: Foundations, Definitions, and a Structure for Transdisciplinary Action

The paper addresses the growing prevalence of deceptive design practices (“dark patterns”) across digital environments such as social media, e-commerce, mobile apps, cookie consent, and gaming. It highlights how dark patterns impair user autonomy and informed decision-making, and notes the rapid adoption of the term in both academic discourse and regulation (e.g., EU DSA, DMA, Data Act proposal; US CPRA). Despite momentum, the field lacks a shared, precise vocabulary and consistent definitions across scholarship, regulation, and practice, leading to fragmentation and challenges for enforcement. The authors propose building a common ontology to unify terminology and structure, supporting scholars, regulators, legal professionals, and designers in identifying, discussing, and sanctioning dark patterns across domains and technologies.

Prior work introduced and popularized dark patterns (e.g., Brignull’s practitioner taxonomy and subsequent academic work by Gray et al., Mathur et al., Luguri & Strahilevitz, Bösch et al.). Research has proliferated across domains (games, e-commerce, privacy/data protection, social media) and modalities (mobile, desktop, CUIs, AR/VR), generating numerous overlapping and sometimes siloed taxonomies. Regulatory bodies (FTC, CMA, EU Commission, EDPB, OECD) have issued guidance, often with inconsistent citations or novel terminology that complicates cross-domain alignment. The literature demonstrates ubiquity of dark patterns, but causal links, harms, impacted populations, and contextual manifestations remain underexplored. Systematic reviews show the breadth of research and the need for a consolidated, reusable conceptual framework. The authors position an ontology as a means to harmonize practitioner, scholarly, and regulatory definitions and types, enabling traceability, searchability, and transdisciplinary coordination.

The authors conducted a qualitative content analysis of existing dark pattern taxonomies. Team composition spanned HCI/design (Gray, Mildner), computer science and web measurement/regulation (Santos), and computer science/data protection law (Bielova). Data collection (Fall 2022) included 10 sources: Brignull’s deceptive.design catalog; highly cited academic taxonomies (Gray et al. 2018; Mathur et al. 2019; Luguri & Strahilevitz 2021; Bösch et al. 2016); and regulatory/public reports (FTC, CMA, EU Commission, EDPB, OECD). In Spring/Summer 2023, updates added the EDPB final guidelines and Brignull’s expanded 2023 catalog, yielding 11 total sources. Analysis steps: (1) Aggregation—listing high- and low-level patterns verbatim per source; (2) Provenance tracing—marking direct citations and inferential links to identify where types first appeared and how they evolved; (3) Clustering—grouping identical/similar types (is-a/equivalent-to) via detailed definition comparison and cross-disciplinary discussion; (4) Introducing meso-level abstractions to bridge high-level strategies and low-level UI executions, coining names where needed; (5) Finalization—grouping 233 of 245 elements initially, later mapping 262 elements (203 low-level, 59 high-level) after source updates; resulting ontology with 3 levels: 5 high-level, 25 meso-level, and 35 low-level types (total 65). Definition harmonization: the team developed standardized syntactic templates for each level (high, meso, low), drafted definitions, and performed member-checking with a transdisciplinary Slack community (~100 participants; over 10 provided feedback), refining clarity, scope, and emphasis on mechanisms limiting autonomy rather than intent. Low-level definitions were finalized by grounding in concrete UI means of execution and ensuring consistent alignment with parent meso- and high-level types.

• Consolidated ontology: Harmonizes 10+ prominent academic and regulatory taxonomies into a three-level structure with standardized definitions—5 high-level strategies, 25 meso-level approaches, and 35 low-level UI executions (total 65 types). The abstract states 64 types; the main body reports 65. • Provenance and evolution mapping: Traces emergence and naming across sources (2016–2023), showing stabilization of core high-level strategies (nagging, obstruction, sneaking, interface interference, forced action) and integration of social psychology/economics constructs under a sixth umbrella (“social engineering”). • New or refined types: Identifies and harmonizes several previously domain-specific or regulator-coined types into meso-/low-level ontology entries, including privacy maze, dead end, conflicting information, information without context, visual prominence, bundling, complex language, personalization. • Definition syntax: Establishes level-specific templates emphasizing user expectations, mechanism of manipulation, and resulting limitation of autonomy or informed choice. • Scale and source diversity: Analyzed 262 pattern elements (203 low-level, 59 high-level) across academic, practitioner, and regulatory sources; final ontology is domain- and application-agnostic yet extensible. • Transdisciplinary utility: Demonstrates mappings to legislation (e.g., DSA nagging), and case law (e.g., GDPR pre-selection mapped to Bad Defaults), and outlines detection potential for low-level types.

The ontology directly addresses the lack of shared language by providing consistent, reusable definitions and structure that bridge design practice, social science research, regulation, and legal enforcement. It clarifies relationships among fragmented taxonomies, enabling traceability and cross-domain comparison. High- and meso-level abstractions orient policy and legal strategies, while low-level types support empirical detection and measurement. The work outlines pathways for extending the ontology with domain- and modality-specific types, and for aligning scholarly insights with regulatory prohibitions and case law, thereby strengthening enforcement precision and reducing duplication of research effort. Challenges noted include evolving combinations/naming across sources, context-specific granularity needs, and determining useful abstraction levels. The authors argue the ontology will enable translational research (e.g., mapping harms and remedies), more robust detection (focusing on low-level UI executions), and coordinated action across stakeholders.

The paper synthesizes ten+ academic and regulatory taxonomies into a three-level dark patterns ontology with standardized definitions, provenance, and mappings across contexts. It provides a foundational, shareable, and extensible knowledge representation to unify discourse and support research, design practice, regulation, and legal action. The authors show how to extend the ontology using contemporary domain- and modality-specific studies, and how to map ontology elements to legislation and case law. Future work includes formal evaluation of definitions for differing stakeholder needs, systematic tagging of low-level types by domains/technologies, expanding mappings to harms and remedies, and maintaining a versioned, community-vetted ontology to support ongoing transdisciplinary engagement.

• Analytic subjectivity: Clustering and inferential provenance required interpretation across differing terminologies and contexts; some mappings are disputable or could be refined. • Scope and timing: Sources were collected primarily in Fall 2022, with updates in Spring/Summer 2023; subsequent taxonomies or domain-specific expansions may not be included. • Inconsistencies across sources: Regulators’ novel naming and domain-specific framings complicate direct alignment; determining the optimal level of abstraction for some types remains open. • Need for formal evaluation: Definitions and hierarchy require validation for legal/regulatory precision, research operationalization, and design auditing use cases. • Detection constraints: Higher-level strategies are difficult to detect at scale; emphasis on low-level types may miss non-UI manipulations or contextual nuances. • Exclusions: Certain generic elements (e.g., CMA’s Choice Structure/Information/Feedback/Messengers) and Bösch’s high-level categories were excluded due to lack of reiteration downstream.