Skip to main content

Nudging, Defaults & Assumption Abuse

You never agreed. You just did not disagree fast enough.

The Six "Continue" Buttons

Sam downloaded a free photo editing app. The install flow had six screens.

He tapped "Continue" on each one. They all looked the same - a headline, some small text, a blue button.

A person tapping through a series of identical-looking app setup screens, each with a pre-selected toggle they do not notice.

He did not read screens 2, 3, or 4. Screen 2 was marketing emails - opted in by default. Screen 3 was location sharing with advertising partners - opted in by default. Screen 4 was contact list upload - opted in by default.

Screen 5 was the app's actual setup. Screen 6 was "You're ready."

He had shared his location, contacts, and email without deciding to. The app had assumed his consent by making every privacy-costly option the default - and by making all six screens look identical.

What Is Actually Happening

95%

of users accept default settings without changing them during app onboarding.

Whoever controls the default controls the outcome for 19 out of 20 users.

Source: Nielsen Norman Group, Defaults and Decision-Making, 2022
Opt-Out vs Opt-In

Opt-Out Drives 10x More Enrolment

Research on organ donation programmes found opt-out countries achieved participation rates of 85-98%, versus 4-28% for opt-in countries. The default, not the decision, determines the outcome for the overwhelming majority of people.

Source: Johnson & Goldstein, Science, 2003 - applied to digital contexts
Pre-Selected Options

Insurance Add-Ons Pre-Ticked at 70%

A 2023 EU consumer survey found 70% of travel booking sites pre-selected optional insurance add-ons. Pre-ticked checkboxes add revenue automatically from users who do not notice them - and many jurisdictions have banned the practice.

Source: EU Consumer Affairs, Online Booking Dark Patterns Survey, 2023
Third-Party Sharing

Default = Shared with Hundreds

Default settings for most major social and shopping apps share data with between 100 and 600 advertising and data partners. The user never selects these partners individually. They are all included in one default "personalisation" toggle that ships switched on.

Source: Norwegian Consumer Council, Out of Control, 2020 (updated findings 2023)
Hidden Default Power

Windows Telemetry Case

When Windows 10 launched with enhanced telemetry on by default, fewer than 3% of users changed the setting even after media coverage. The default setting continued determining data collection for the other 97%.

Source: Microsoft Privacy Dashboard; Electronic Frontier Foundation Analysis, 2016

The Default as a Decision

Defaults are choices. The company made them before you arrived.

Opt-out instead of opt-in

When a setting ships switched on, the company assumed your consent. You are enrolled until you actively un-enrol. Most people never do, because they do not know the setting exists.

Pre-selected options

A pre-ticked checkbox is a false default. You did not select it - but the interface looks as if you did. Travel insurance, marketing emails, and newsletter subscriptions frequently ship this way. In many countries, pre-ticked consent for data processing is now illegal.

Default settings that expose your data

Background location, contact list access, microphone access, and advertising data sharing all ship enabled in many apps. The user accepts them by not changing them - without knowing they were ever set.

Defaulting to third-party sharing

A single "personalisation" toggle can represent data-sharing agreements with hundreds of advertising partners. There is no individual list visible. You share with all of them by default.

Try It: The Default Audit

Walk through a fictional app installation and see exactly what you agree to by just tapping Continue.

What That Just Showed You

1. All six screens looked the same. There was no visual distinction between a screen asking for app permissions and one sharing your data with advertising partners. Uniformity is intentional - it produces uniform tapping behaviour.

2. Every default was set to maximum sharing. Background location, partner marketing, advertising data, contact upload, ambient microphone. Every single one was enabled. No individual sharing decision was minimal or off.

3. Opting out required knowing the settings existed. You had to read every screen to find the toggles. Most users do not. Most installs produce the same outcome: full data sharing, zero user awareness.

4. 95% of users accept this. Not because they want to share their data - but because they are completing a task (installing an app) and the defaults get accepted as part of the flow.

Three Things Worth Doing

1. Slow down on install screens that have toggles. Any screen during app setup that shows a toggle or checkbox deserves a full read. These are the screens where defaults are most consequential and most likely to be set against your interests.

2. Review app permissions after installation. Go to your device's Settings > Privacy or Permissions. Review what each recently installed app can access. Most access requests that were defaulted on can be revoked without affecting core app function.

3. Treat pre-ticked checkboxes as a warning sign. On any checkout or sign-up flow, scroll to the bottom before clicking the final button. Look for pre-ticked boxes below the visible fold. Unchecking them is legal in most jurisdictions - the company knows this, which is why they pre-tick them.

One Question Before You Continue

Knowledge Check

Sam tapped 'Continue' six times and ended up sharing his location, contacts, and email with advertising partners. He did not intend to share any of it. Who made the decision to share?