There is a recurring failure mode in privacy technology: the people who build it care deeply, the people who need it don't use it.
This is usually explained as a behaviour problem. People are lazy. They trade convenience for safety. They don't understand the risks. All of this is true and none of it is useful, because it frames privacy as a problem of user education when it is actually a problem of product design.
The activation energy is too high
Most privacy tools ask for something before they give anything. Install the extension, configure the settings, understand the threat model, accept that some sites will break. The cost is upfront and concrete. The benefit is abstract and deferred.
Compare this to how the tools that win actually work. WhatsApp didn't ask users to understand end-to-end encryption. It asked them to send a message. The privacy came along for free.
This is the design problem: privacy tools are built for people who already care, which is a small and shrinking market. Building for people who don't yet care - but would if the experience were right - is harder and more important.
The word "privacy" is doing too much work
When we say we want privacy, we mean several different things at once:
- I don't want strangers to know where I am
- I don't want my employer to see what I do at home
- I don't want advertisers to build a profile of my psychology
- I don't want my data sold to someone I've never heard of
- I don't want to be tracked across sites
These are related but distinct concerns. A tool that solves one probably doesn't solve the others. But because we use the same word for all of them, products over-promise and users get confused about what they're actually getting.
Good design starts with a specific person with a specific problem. "Privacy" is not a specific problem. "I don't want my employer's MDM software to see which job sites I'm visiting from my work laptop" is a specific problem.
Defaults are the product
The single most important design decision in any privacy tool is what the default is. Not the setting the user can choose, but the setting they get without choosing.
The privacy-conscious choice should be the path of least resistance. Every time we make users opt in to being protected - click here, toggle that, read this - we are accepting that most of them won't bother. Because they won't, and that's not their fault.
This applies to interfaces beyond privacy tools. A social platform that defaults to public posts is making a design choice with privacy implications. A healthcare app that defaults to sharing data with "research partners" is making a design choice. The privacy implications of defaults are so significant that hiding them in settings is an act of design, not an absence of it.
Trust is the real product
People don't use privacy tools because they don't trust them.
This sounds circular but it isn't. Trust is earned through transparency, through consistent behaviour, through not asking for more than you need, and through being honest about what you don't know. Most privacy tools are opaque about what they actually do. Their marketing is full of claims their code doesn't necessarily back up.
The products that solve this aren't necessarily the ones with the best technology. They're the ones where the relationship between the user and the product is honest. Signal. uBlock Origin. Bitwarden. None of them are the easiest option. All of them have earned enough trust that people seek them out.
Building that kind of trust is a design problem. It requires decisions about language, about what information to surface, about what permissions to request and when, about what the product looks like when something goes wrong. Technology is a prerequisite, not a differentiator.
Privacy will be solved by products that respect users enough to meet them where they are. That means building for the person who doesn't have a threat model - because that person is everyone, and they deserve protection too.