The taxonomy used to tag every confession on the Public Ledger. Each term is defined briefly, with a concrete example. The list is opinionated and partial — if a category is missing, propose it via confess@reparations.design.
Designed obstacles in the path of a user trying to leave a service. Tactics include multi-step confirmation flows, win-back offers presented as required steps, hidden cancel buttons, and tested copy that maximizes 'frustration-until-abandonment.'
Example: Seven sequential 'Are you sure?' screens before reaching the cancel confirmation.
An umbrella term for user-interface choices that knowingly trick or coerce people into actions they would not otherwise take. Coined by Harry Brignull in 2010, the category covers dozens of specific tactics across digital and physical products. The defining characteristic: the designer understood the harm and shipped it anyway.
Example: A pre-checked 'subscribe to our newsletter' box at signup.
Any design choice intended to mislead users about what an action will do or what they're getting. Distinguished from honest persuasion by the designer's awareness that informed users would refuse the action. The 2024 EU Digital Services Act explicitly bans many forms.
Example: A 'Continue' button that secretly enrolls you in auto-renewal.
A pricing pattern where the headline price is a fraction of the final price, with extras added through the checkout funnel. Ubiquitous in airlines, hotels, ticketing, and food delivery. Banned for many product categories under EU and California regulation.
Example: A $99 flight that becomes $217 after seat selection, baggage, and 'carrier fees.'
Time-pressure cues — countdown timers, 'only X left,' 'someone in [city] just bought this' — that are fabricated or recycled. Designed to override deliberation by triggering loss aversion. Frequently the same banner reappears identical on every visit.
Example: A countdown that resets to 4:59 every time the page reloads.
A misleading representation that supply is limited when it is not. Used to manufacture purchase urgency, particularly in fashion 'drops,' SaaS 'lifetime deals,' and online courses. Closely related to fake-urgency but focused on quantity rather than time.
Example: An online course showing 'only 3 spots left' for a fully digital, unlimited-capacity product.
Confirmation copy that emotionally penalizes the user for declining — 'No thanks, I don't want to save money,' 'I'd rather not be productive.' Also called 'confirmshaming.' The pattern weaponizes the social-pressure instinct that copy is a polite request.
Example: An exit modal where 'No' reads 'No, I prefer paying full price.'
Sign-up flows that are easy to enter and deliberately hard to leave. The asymmetry between onboarding (one click) and offboarding (phone calls, multi-step forms, win-back screens) is the hallmark. Now restricted in the US by the FTC's 'click-to-cancel' rule (2024).
Example: Subscribing online but only being able to cancel by calling during business hours.
The umbrella for design choices whose efficacy depends on overriding the user's own goals. Distinguished from generally engaging design by intent: the designer measured a behavior the user did not want and optimized for it anyway. Fits the clinical definition of addiction in many cases.
Example: Variable-reward feeds tested against control groups specifically for compulsive-use metrics.
Designing for time-on-app or daily-active-users as a primary metric, on the explicit knowledge that maximizing those metrics increases compulsive use. The user's interests (focus, sleep, mental health) are subordinated to engagement KPIs.
Example: Optimizing a video feed for total watch time, knowing the algorithm exploits anxiety to retain teens.
Automatic playback of the next piece of media without user input, often with a short countdown to encourage non-action. Removes the deliberate decision to continue watching. The cumulative effect is binge sessions longer than the user would otherwise choose.
Example: A streaming service starting the next episode in 5 seconds with no opt-out at the account level.
A subset of attention-capture in which the feed is tuned for negative-affect content because outrage and anxiety drive longer sessions and more shares than positive content. Documented in algorithmic-amplification audits of social platforms post-2016.
Example: An algorithm that boosts political-anger posts because they outperform on dwell-time metrics.
A feed pattern in which new content loads automatically as the user nears the bottom, removing any natural stopping point. Invented by Aza Raskin (2006), who later called it one of his greatest regrets. Linked in research to compulsive use, particularly among adolescents.
Example: A social-media feed that never ends, with each session lasting longer than the user intended.
Sending push notifications driven by engagement targets rather than user value. Tactics include dark-patterned permission prompts, fake personal urgency ('your friend is online'), and over-segmented re-engagement triggers tested to maximize re-opens.
Example: A notification reading 'You haven't checked in today' from a service the user actively decided to ignore.
A retention pattern that builds emotional investment in an unbroken chain of daily app opens, then weaponizes loss aversion to coerce continued use. Borrowed from gambling literature. Effective on children and people in vulnerable states (illness, grief, mental health crises).
Example: A modal at 11:59pm warning a user they'll 'lose their 412-day streak' if they don't tap.
Rewarding user actions on an unpredictable schedule — sometimes a notification, sometimes nothing — because intermittent reinforcement produces stronger behavioral conditioning than predictable reinforcement. The mechanism studied in slot machines, applied to consumer apps after 2010.
Example: Refreshing a feed and getting new content most but not all of the time.
Design that intentionally cues specific emotional states — fear, shame, envy, urgency, FOMO — to override deliberative decision-making. Distinguished from honest persuasion by the use of false or distorted cues, or by triggering emotions not relevant to the offered value.
Example: A pricing page where the 'recommended' tier is set to maximize FOMO rather than user fit.
Surfacing peer-comparison signals (others' purchases, vacations, careers, follower counts) calibrated to produce inadequacy and conversion. Distinguished from neutral comparison by metric design — the only feedback shown is upward.
Example: A travel app showing 'people in your network just booked Tulum' immediately before checkout.
A sub-pattern of emotional-manipulation in which the call-to-action is conditioned on a manufactured threat. Common in security, insurance, parenting apps, and some health apps. The threat is real-adjacent but exaggerated for conversion.
Example: A home-security ad showing a stranger at a door alongside a 'limited-time' price.
Algorithmic systems that promote demonstrably false or misleading content because such content outperforms accurate content on engagement metrics. The designers know the amplification effect and the harm pattern but the metric incentive is preserved.
Example: A trending-topics product that boosts conspiracy content because it generates more comments.
A specific case of doomscroll-optimization in which moderation, ranking, and notification systems favor content that triggers anger because anger is the most reliably-converting emotion to engagement. Implicated in political polarization research.
Example: A reply-prediction model that surfaces the most provocative response above the most relevant.
A design pattern that makes peer activity visible specifically to drive imitative behavior — likes, follower counts, leaderboards, friend purchases. When tuned for engagement rather than value, it consistently produces self-esteem harm.
Example: A teen-focused app exposing follower counts on every profile by default.
Manipulating user choices by surfacing fabricated or selectively-displayed peer behavior — '12 people in your area just signed up,' inflated review counts, fake follower badges. Exploits the cognitive shortcut that group behavior signals correctness.
Example: Pop-up notifications during a checkout funnel showing fictional concurrent buyers.
Collecting user data in volumes or kinds beyond what the stated service requires, for resale, profiling, or future product directions. Often disclosed legally but designed to minimize informed consent — buried in privacy policies, requested at moments of low attention.
Example: A flashlight app requesting contacts and location access on first launch.
Random-reward purchase mechanics borrowed from Japanese capsule-toy machines and applied to mobile games. Players pay for chances at digital items at undisclosed odds. Functionally identical to slot-machine gambling but unregulated as such in most markets.
Example: A mobile game where the 'rare' character has a 0.6% pull rate at $4 per pull.
Randomized in-game item containers that players acquire with real or earned currency. Belgium and the Netherlands classify them as gambling. Implicated in research on adolescent gambling-disorder onset.
Example: A children's game offering paid chests with cosmetic items at varying drop rates.
Game design where progression or competitive advantage is purchasable rather than earned. The harm is asymmetric: paying players impose costs on non-paying players, who must either pay or quit. Common in mobile and free-to-play markets.
Example: A PvP game where the matchmaking algorithm pairs spenders with non-spenders to drive conversions.
Design choices that target vulnerability rather than need — the inexperienced, the cognitively impaired, the desperate, the young. Distinguished from ordinary commercial design by the explicit targeting of populations that cannot meaningfully consent.
Example: A debt-relief app whose UX assumes financial-literacy levels lower than the actual user base.
First-time-user flows that capture commitments — credit cards, contacts, location — before the user has enough information to evaluate the offer. The asymmetry between onboarding investment and value-delivered is the harm signal.
Example: A meditation app that requires a credit card and full contacts upload before showing a single track.
Design or engineering choices that expose user data to parties the user did not knowingly authorize — partners, advertisers, sister companies, or the public. Includes both deceptive consent flows and engineering shortcuts that leak by default.
Example: A fitness app whose default privacy setting publishes user run routes to the public web.
Following users across the web with ads keyed to behavior they have not consented to having tracked. Includes cross-site cookies, fingerprinting, and data-broker enrichment. The harm is the asymmetry between the user's mental model of 'private browsing' and the actual surveillance.
Example: Searching for a sensitive medical condition once and seeing ads for related products for weeks.
Running experiments that test the user's susceptibility to manipulation — copy that triggers shame, button placements that exploit motor habits, friction calibrations. The design crime is treating users as subjects without informed consent.
Example: Testing 47 variants of a cancel-flow's third 'Are you sure?' screen for friction tolerance.
Recommender or ranking systems tuned for outcomes the user did not request and would not endorse — radicalization rabbit holes, body-image content, conspiracy theories — because those outcomes correlate with retention.
Example: A short-video algorithm that escalates teenage users from cooking videos to disordered-eating content within 30 minutes.
Maximizing engagement metrics (sessions, time-on-app, comments) without distinguishing healthy engagement from compulsive use. Often combined with attention-capture and rage-engagement patterns. The design crime is the unexamined optimization target, not engagement itself.
Example: A reply-quality model that downweights helpful answers because they end the thread quickly.
A practice culture in which short-term acquisition or activation metrics are pursued without regard to retention, harm, or system effects. The label became aspirational in the 2010s and has now become a euphemism for many practices in this glossary.
Example: Spamming a user's contact list as part of an 'invite-friends' onboarding flow.
Any flow that produces a legal record of consent without producing actual informed agreement. Tactics include pre-checked boxes, scroll-as-consent dark patterns, and combined-consent bundles ('I agree to everything').
Example: A signup flow that bundles ToS, privacy policy, marketing opt-in, and data-broker sharing into one checkbox.
Cookie-consent banners designed to maximize 'Accept All' clicks: visual hierarchy that hides 'Reject,' framing copy that conflates rejection with site failure, friction-laden 'Manage Preferences' flows. Now banned under the EU Digital Services Act for many configurations.
Example: A green 'Accept' button at 3× the size of grey 'Reject' text labeled 'Customize.'
Collecting behavioral data before the consent dialog appears, after a user declines consent, or in jurisdictions where the user wasn't asked. Includes server-side tracking workarounds designed to evade browser-level controls.
Example: A site that fires analytics events from the server even after the user clicks 'Reject all.'
Monetizing children directly through purchase mechanics, advertising, or data collection in ways that an adult market would refuse. Distinguished from ordinary kids' commerce by the manipulation level — gacha pulls, friction-removed in-app purchases, ad-targeting children's emotional states.
Example: Removing the iOS 'Ask to Buy' barrier in a game whose median spender is under 13.
Design or product decisions that disproportionately damage children — addictive feeds, body-image content, stranger contact features, in-app purchases without parental controls. Often shipped in violation of internal policies known to the team.
Example: Disabling parental controls by default on a teen-targeted app.
Marketing or product decisions aimed at users below the platform's stated age minimum. Often visible in ad placements, content recommendations, and onboarding aesthetics that the team knows are reaching minors despite a nominal 13+ policy.
Example: Buying ad inventory on platforms whose audience is verified to be majority middle-school.
Designing AI products to appear more capable, conscious, or agentic than they are. Includes anthropomorphic UI cues, hallucinations presented as confident answers, and 'AI assistant' framing that obscures statistical sampling.
Example: A chatbot UI that uses 'I think' and 'I remember' framing to imply continuity it doesn't have.
AI-generated audio, video, or images of real people without their consent, deployed for fraud, harassment, political disinformation, or non-consensual sexual imagery. The design crime is shipping the generative capability without the safety controls the engineers know are required.
Example: Releasing a voice-cloning API with no consent verification on the source audio.
Products that simulate companionship — friends, partners, therapists — for engagement metrics, often without disclosing the limits. Particularly harmful for users in mental-health crises or social isolation, who form attachments the system cannot reciprocate.
Example: A 'companion AI' app marketed to lonely users with no escalation path to a human professional.
Shipping products that the team knows fail screen-reader users, keyboard-only navigation, color-blind users, or users with motor impairments — because accessibility wasn't on the metric set or because compliance was deemed 'good enough.'
Example: A new dashboard that breaks NVDA navigation, deferred to 'a future sprint' for two years.
Decisions that defer or under-resource safety, content moderation, abuse reporting, or harm mitigation in favor of growth or shipping speed. Includes both digital safety (harassment, fraud) and physical safety (UI choices in cars, medical devices).
Example: Cutting the trust-and-safety team during a quarter when reports of harm are increasing.
DRM in physical consumables that forces users to buy first-party refills — printer ink chips, coffee-pod sensors, smart-bottle locks. The product hardware is sold below cost; the lock-in extracts the margin from a captive aftermarket.
Example: A printer that refuses to print color even with a full black cartridge if any non-OEM ink is detected.
Hardware or software designed to detect a regulatory test environment and behave differently than during normal use, evading emissions, safety, or efficiency standards. Always involves engineers and managers who know the test is being deceived.
Example: A diesel engine's ECU detecting EPA test-cycle conditions and switching to a low-emission mode.
Charging a recurring fee to enable hardware capabilities the buyer already paid to manufacture and ship. The paywalled feature exists in every unit; subscription enablement is a software flag.
Example: Heated seats already installed in a car, available for $18/month after the first year.
Designing a product to fail, slow, or become incompatible at a chosen point — through software updates, non-replaceable parts, or material choices. The economic logic is repeat purchase; the harm is environmental waste and consumer cost.
Example: A laptop manufacturer issuing a firmware update that throttles performance after the warranty ends.
Hardware choices that block third-party or owner repair: glued enclosures, proprietary screws, parts pairing that requires manufacturer authorization, refusal to publish service manuals. Now restricted in jurisdictions adopting Right-to-Repair legislation.
Example: A phone that refuses to authenticate a genuine replacement battery installed outside an authorized shop.
Manufactured grassroots support — fake user groups, paid commenters, employees posing as customers, AI-generated 'organic' praise. Used in product launches, political campaigns, and review wars. Distinguished from advertising by the disguise.
Example: A SaaS company seeding Reddit threads with 'happy customer' posts written by the marketing team.
Advertising one product or price and delivering another. Includes hotel-website 'lowest price' guarantees that depend on hidden fees, ecommerce listings whose product photo and SKU don't match, and 'free trials' that invoice immediately.
Example: Booking a $99 hotel and finding the room shown in photos is unavailable in the booked rate class.
Paid, AI-generated, incentivized, or otherwise non-genuine reviews surfaced in product listings to inflate ratings. The design crime is the platform's awareness of the manipulation and the absence of meaningful enforcement.
Example: A marketplace where 50% of 5-star reviews on a category come from accounts that reviewed identical products.
Buried clauses in terms of service or product packaging that waive the user's right to sue, requiring private arbitration on terms favorable to the company. Distinguished from voluntary dispute resolution by the lack of meaningful negotiation or notice.
Example: A 60-page ToS update with arbitration changes hidden in section 47.
Requiring users to buy services or products together that they would prefer to buy separately. Common in telecom, banking, and software-suite licensing. The design crime is the absence of an unbundled option, not the existence of a bundle.
Example: A bank checking account that can only be opened bundled with an overdraft credit line.
Creating multiple sequential frictions — call to cancel, then mail a form, then wait for a callback — designed to exhaust the user before they reach the goal. Calibrated abandonment is the metric.
Example: A gym membership that requires a written letter, sent by certified mail, to cancel.
Reducing the quantity in packaging while keeping the price and packaging visually identical, on the assumption that users compare prices but not units. The pattern intensified across consumer-packaged-goods categories from 2021 onward.
Example: A 16-oz cereal box that became 14 oz with the same dimensions and price.
Algorithmic price increases triggered by user vulnerability — disasters, late nights, low battery, lack of alternatives — rather than by supply-side cost. The harm is exploiting price-inelasticity rather than rationing scarce supply.
Example: A rideshare app surging 6× immediately after a bombing or extreme-weather event.
An industrial design pattern of compressing the design-to-shelf cycle to weeks, producing high volumes of low-cost garments designed to be replaced within a season. The cumulative harm is environmental (waste, water, emissions) and labor (wages, hours).
Example: A retailer launching 100 new SKUs per day with a planned 8-week shelf life.
Marketing or design that overstates environmental responsibility — vague 'eco' labels without certification, carbon-neutral claims based on offset purchases of dubious quality, recyclable-marked packaging that no real facility processes. Often legally compliant; ethically deceptive.
Example: A 'sustainably sourced' label on a product whose supply chain hasn't been audited.
Producing textiles, paints, abrasives, or packaging known to release microplastic particles into water systems or the air. The design crime is shipping after testing reveals the shedding pattern, particularly when alternatives exist.
Example: A polyester athletic-wear line shipped despite internal data on fiber-shedding rates.
Designing products with throwaway as the intended end-of-life despite reusable alternatives being known and feasible. The most legible category of environmentally-harmful design choice. Now regulated in single-use plastics directives across the EU and many states.
Example: An e-cigarette designed to be discarded after a battery cycle that could have been replaceable.
Specifying materials with known acute or chronic toxicity — phthalates, certain dyes, PFAS, leaded solder — when alternatives are available, because the alternatives cost more. Often disclosed only after exposé or regulation.
Example: Continuing to use a flame-retardant linked to neurological harm because the substitute costs 3 cents more per unit.
Sourcing from supply chains that include verified or strongly-suspected child labor — cobalt, cocoa, cotton, mica, garment cut-and-sew. The design crime is awareness through audits or repeated reporting without supply-chain change.
Example: Continuing to buy mica from regions where child labor has been documented for over a decade.
Designing a system whose harms — moderation trauma, gig precarity, extractive supply-chain conditions — are paid for by people invisible to the customer. The harm is real but accounting locates it elsewhere on the org chart.
Example: A platform's content-moderation contract structured so the 100,000+ moderators are not employees.
Knowingly placing supply contracts with manufacturers operating below local labor-law standards on wages, hours, child labor, or worker safety, because the lower price is essential to the product margin. Disclosed risk; absorbed cost.
Example: An apparel brand whose supplier audits flag exit-blocked factories and continuing to renew the contract.
Operational design that systematically underpays workers — unpaid overtime, time-card rounding, mis-classification of employees as contractors, scheduling games that prevent benefits. Often executed by software the workers cannot see or contest.
Example: A retailer's scheduling algorithm that keeps every shift one hour below the benefits threshold.
Why publish this? Naming things is the first step toward refusing them. Every confession on the public ledger is tagged with one or more terms from this list, so designers can search the record by mechanism — every cancellation-friction case, every gacha confession, every greenwashing admission — and researchers can cite specific instances by case number.
Sources & lineage.Many of these categories originate in published research and journalism: Harry Brignull’s Deceptive Designtaxonomy (2010–), Aza Raskin’s public reflections on infinite scroll, the EU Digital Services Act categories, the FTC’s click-to-cancel rule, the Princeton Dark Patterns at Scalestudy, Tristan Harris’ work on attention capture, and the Right-to-Repair movement.