What is Privacy by Default?
The principle that systems, services, and technologies should ship with the most privacy-protective settings out of the box — requiring users to opt in to less private options rather than opt out of invasive ones. It means privacy is the starting point, not a hidden toggle.
Also known as: Default Privacy, Privacy as Default, Private by Default, Opt-In Privacy
Privacy by default is the idea that you shouldn't have to be an expert to be private. If a service respects your privacy only after you find the right settings menu, toggle 47 switches, and read a 4,000-word privacy policy — that's not privacy. That's a maze.
Real privacy by default means the moment you start using something, you're already protected.
Why Defaults Matter
Most People Never Change Settings
Research consistently shows that 95%+ of users keep default settings. Companies know this — which is why:
- Facebook defaults to public profiles and broad data sharing
- Google defaults to tracking location history, web activity, and ad personalization
- Windows defaults to telemetry, advertising IDs, and Cortana data collection
- Smart TVs default to content recognition and viewing data collection
When the default is surveillance, 95% of people are surveilled. When the default is privacy, 95% of people are protected.
Defaults Are Design Decisions
Every default represents a choice by the company about whose interests come first. A company that defaults to tracking has decided that its advertising revenue matters more than your privacy. A company that defaults to privacy has decided the opposite.
What Privacy by Default Looks Like
In Software
| Product | Default Privacy? | Why |
|---|---|---|
| Signal | Yes | E2EE on, no data collection, disappearing messages available |
| ProtonMail | Yes | E2EE on, no tracking, Swiss jurisdiction |
| Brave Browser | Yes | Ad/tracker blocking on, fingerprint protection on |
| DuckDuckGo | Yes | No search history, no tracking, no profiling |
| Firefox (Strict mode) | Mostly | Enhanced Tracking Protection on, but not maximal by default |
| Gmail | No | Scans emails, tracks activity, serves targeted ads |
| Chrome | No | Sends data to Google, allows third-party tracking |
| No | Public by default, broad data sharing, cross-app tracking |
In Hardware
- GrapheneOS — De-Googled Android with privacy as the default state
- Purism Librem — Hardware kill switches for camera, microphone, and WiFi
- Apple (partial) — Better than most, but still collects significant telemetry
In Cryptocurrency
- Monero — Every transaction is private. No transparent option. Privacy is the only mode.
- DERO — Homomorphic encryption on every transaction, plus confidential smart contracts. Privacy is mandatory.
- Bitcoin — Fully public ledger. Zero privacy by default. Every transaction visible to everyone forever.
In Law
- GDPR Article 25 — Requires privacy by default and privacy by design as legal obligations
- Opt-in consent (GDPR model) — You must actively agree to data collection
- Opt-out consent (US model) — You're tracked unless you find the settings and opt out
- The difference between these two models is the difference between privacy by default and surveillance by default
The Opposite: Surveillance by Default
Most of the internet operates on surveillance by default:
- You are tracked unless you take active steps to prevent it
- Your data is collected unless you find and navigate opt-out mechanisms
- Your information is shared unless you read the privacy policy and object
- Your privacy is violated unless you install extensions, use VPNs, and configure settings
This model exists because surveillance is profitable. The advertising industry generates $600+ billion annually by collecting and exploiting personal data. Privacy by default threatens that revenue — which is why it faces constant resistance.
Default Privacy's Philosophy
This concept is the namesake and core philosophy of Default Privacy. We believe:
- Privacy should be the starting point, not something you earn by being technically sophisticated
- Everyone deserves protection — not just people who know how to configure a browser
- Tools should protect you automatically — our exposure check, scanner, and privacy tools work without requiring expertise
- Data removal should be accessible — services like those at /remove handle the complexity for you
- Business structures should shield you — anonymous LLC formation at /protect makes privacy the default for your business identity
The internet was built on openness. It needs to be rebuilt on privacy by default.
How to Make Privacy Your Default
- Switch to privacy-default tools — Signal, ProtonMail, Brave, DuckDuckGo
- Remove existing exposure — Use data broker removal services (/remove)
- Protect your business identity — Anonymous LLC (/protect)
- Check your current exposure — Run our free browser exposure check
- Audit your passwords — Use our password strength analyzer
- Configure your devices — Review phone privacy settings, disable tracking, use a VPN
- Support privacy by default — Choose products and services that respect your privacy out of the box
Related Terms
Consent Management
Systems and processes for collecting, recording, and managing user consent for data collection and processing, required by GDPR and similar laws.
Dark Patterns
Deceptive user interface designs that trick people into giving up privacy, making purchases, or agreeing to terms they didn't intend — such as hiding opt-out buttons, using confusing language, or making cancellation deliberately difficult.
Data Minimization
A privacy principle that organizations should collect only the minimum amount of personal data necessary for a specific purpose, and retain it only as long as needed. This reduces privacy risks by limiting exposure in case of breaches or misuse.
GDPR
The General Data Protection Regulation is a comprehensive data protection law in the European Union that gives individuals control over their personal data. It establishes strict requirements for how organizations collect, process, store, and transfer personal information.
Global Privacy Control
A browser signal that tells websites you don't want your personal data sold or shared, legally enforceable under CCPA and recognized by some GDPR implementations.
Privacy by Design
An approach to systems engineering that takes privacy into account throughout the entire engineering process. Rather than bolting privacy protections onto existing systems, Privacy by Design builds privacy into the architecture from the ground up.
Privacy Washing
The practice of companies marketing themselves as privacy-friendly while continuing to collect, share, or exploit user data — similar to 'greenwashing' in environmentalism, where the appearance of privacy is used as a marketing tool without meaningful protection.
Have more questions?
Use our guided flow to get the right next privacy step for Privacy by Default.
Open Guided Flow