You click “privacy settings” with the quiet hope of closing a door. Three screens later you realize the door was never unlocked — it was a revolving entrance. I tried to opt out and found a preselected toggle that reversed my choice the moment I felt safe.
I write about privacy because I want you to stop being led down digital alleyways that look like exits but aren’t. You’ll read names you already know — Meta, Google, OpenAI, Grindr, Bumble — and a nonprofit that pulled the curtain back: the Electronic Privacy Information Center (EPIC). Their new report calls the tricks “manipulative design patterns.” I call them traps.
I found a preselected checkbox on a dating app — manipulative defaults are everywhere
EPIC analyzed opt-out flows at 38 companies and found repeated patterns designed to nudge you to stay opted in. Preselected checkboxes, toggles that flip the wrong way, and language crafted to confuse — these aren’t glitches. They exploit the default effect, the mental shortcut where people stick with what’s already chosen.
Dating apps such as Grindr and Bumble were flagged for using preselected controls. That’s not an accident: it’s design that leans on your inertia. The report calls it manipulative design because it creates the illusion of choice while making the real choice harder.
How do I opt out of data sharing?
If you want to try: search for explicit opt-out pages, not buried links. EPIC found more than a dozen platforms — including Meta, Google, and OpenAI — didn’t clearly link to opt-out forms on their homepage or in obvious privacy pages. When opt-out links are hidden, you’re doing detective work instead of exercising a basic right.
EPIC recommends companies audit their opt-out flows, and suggests regulators such as the Federal Trade Commission could use Section 5 — its authority against unfair or deceptive practices — to challenge these tricks.
I couldn’t find the opt-out link on major platforms — exits are often hidden
On several sites the path to opt out is either obscured or absent. EPIC found that failing to provide a clear link may violate state privacy laws in 21 states that already require easy opt-outs for sales or sharing of personal data.
That legal backdrop matters because hidden links are not just inconvenient — they are a compliance risk. State attorneys general can investigate whether companies are meeting their legal obligations, and EPIC urges more states to adopt single-request deletion programs like California’s to take the pressure off individual consumers.
What are dark patterns and how do they work?
Dark patterns are deliberately deceptive user-interface choices. They range from confusing wording to pre-checked boxes and deceptive color cues that mask whether you’re opted in or out. As EPIC’s Caroline Kraczon put it, these designs “frustrate, confuse, and discourage consumers from trying to protect their personal data.”
I read EPIC’s account of a real crime — data isn’t just a privacy problem, it’s a safety problem
The report links manipulative opt-out designs to tangible harms: doxxing, stalking, targeted harassment, and worse. EPIC cites the killing of a Minnesota state legislator and her husband, where the alleged shooter reportedly used people-search data brokers to research his targets.
Those risks fall unevenly. EPIC notes women, women of color, and LGBTQ+ people face disproportionate danger when data is easy to buy and hard to remove. This is where abstract policy meets a human cost.
So what can change? EPIC offers concrete fixes: design audits to root out manipulative patterns, ongoing checks to confirm opt-outs are respected, stronger state privacy laws with data minimization rules to limit what companies can collect and share, and broader adoption of single-request deletion programs like California’s.
Regulators have tools too. The FTC’s Section 5 could be used to challenge deceptive opt-out interfaces, and state attorneys general can enforce existing opt-out rules. Companies can also act now: remove preselected toggles, make opt-out links obvious, and stop using color or wording that hides a person’s real choice.
Think of these pages as a house of mirrors — the exit is reflected a hundred times but is rarely the one you’re looking at. Think of companies’ privacy pages as gardens with locked gates: they look pretty, but most people can’t get out.
I want you to be able to assert control without feeling like you need to be a privacy engineer. If regulators won’t act quickly enough and companies keep designing for friction, who will actually make opting out a real option?