How Defaults Make You Share, Share and Share
Did you know that there are a few cognitive biases that make you more susceptible to privacy harm? This is a fascinating topic. Today I will explain the "default effect" and how it can work against your privacy.
Research shows that defaults are sticky, meaning that whatever the developer or designer chose to set as the default option, it will probably remain there and only a few people will take the necessary steps to change it.
In the privacy context, if the default is an option that makes you share more data (i.e. with peers or third parties), it will stay like that, and the organization will benefit from your inaction.
An interesting case involving the default effect was Facebook's audience selection mechanism. From 2009-2014, all posts were shared publicly by default, despite evidence that this was not the best alternative for their users. In 2014 they changed the default to "friends" and were praised for this change as a shift towards more privacy.
Nowadays, it is slightly different: whatever you choose as the default audience when setting up your account will be the default audience for all your future posts. I have argued that this is not the best solution, as people are contextual, and they also forget what they set in the past. The best solution would be to request users to actively choose what audience they want for each post. No audience selection, no post. This is the option most aligned with Privacy-Enhancing Design, which is one of the frameworks I proposed in my research work - and which you can learn in my next course.
Facebook is well aware of the incredible power of default settings, also in the privacy realm. They have been actively experimenting with it since their inception, aiming at making you share as much as possible. (They also do not want to tease regulators and lose $, so sometimes they try to balance, at least for a certain period, and to have good PR).
As a user, what you can do is always take a look at the settings of the products and services that you use. Privacy settings, security settings, account settings. Any defaults that might be beneficial for the organization (and not forbidden by laws that might make them lose relevant $) will be implemented, regardless of the practical effects on you. Do not be fooled: even organizations that publicly announce their commitment to privacy will try to benefit from default settings to collect more data from you.
See you next week. All the best, Luiza Jarovsky