UX by Example Buy me a coffee

design ethics

Privacy zuckering

By , UX designer & frontend developer Updated

What is privacy zuckering?

Privacy zuckering is tricking people into sharing more than they mean to - every setting defaulted to "share", the private options buried behind vague wording and extra clicks. Named, pointedly, after a certain founder; the trick is that consent is assumed, never asked.

Also known as: default-on sharing, privacy dark pattern

The demo

A privacy panel for a new account. Switch the defaults and look at the tally before you change a single switch - because almost nobody ever does.

    Look at what's shared by default before you touch anything.

    What this demo shows (text version)

    A privacy settings panel with five share toggles: public profile, share location, personalised ads, share activity with partners, and searchable by email. In "privacy zuckering" mode all five start switched on, so a new user is sharing everything before changing anything - and most people never change defaults.

    In "honest defaults" mode the same five toggles start switched off, so nothing is shared until the user actively opts in. A tally shows how many are on. The controls are identical; only the starting state differs, and that default is what most users will live with - which is why defaulting to maximum sharing is a dark pattern, not a neutral choice.

    With the zuckered defaults you were sharing all five things before you'd touched a thing - because nobody changes defaults, and these were all set to "on". Flip to honest defaults and you share nothing until you choose to. Same controls, opposite starting point - and the starting point is the whole game.

    The lever is defaults plus inertia. Most people never open settings, so whatever you pre-tick is what billions effectively "choose". Defaulting to maximum sharing and hiding the off switch isn't a neutral default - it's a decision made on the user's behalf, against their interest, and dressed up as their choice.

    The honest version defaults to private, asks before it shares, and makes the controls plain and findable. Privacy-by-default is now law in places for exactly this reason. My test: if your growth depends on people not finding the off switch, you don't have consent - you have a [dark pattern](/entries/dark-patterns/).