Most people feel confused and out of control. That's by design.

In 2023, Pew Research found that 81% of Americans are concerned about how companies use their data. 67% say they understand little or nothing about what actually happens to it. 73% feel they have little or no control over what gets collected.

This is not apathy. This is people responding rationally to systems that are deliberately hard to understand. Privacy harm usually starts before any breach — it starts the moment someone clicks through terms they couldn't parse, under time pressure, on a screen designed to make "agree" faster than "read."

When 70% of people who have heard of AI have little to no trust in companies to make responsible AI decisions with their data, and 80% expect their AI-analyzed personal details to be used in ways they would not be comfortable with, that's not paranoia either. That's pattern recognition.

A button can be honest or it can be a trap

Dark patterns aren't just the passive-aggressive "no thanks, I don't want to save money" link. The FTC's 2022 report frames interface design as a consumer autonomy issue: design practices that can trick or trap users into unwanted purchases, subscriptions, or data sharing.

The Norwegian Consumer Council spent 2018 analyzing privacy settings on Facebook, Google, and Windows 10. They found privacy-intrusive options were the default. Privacy-protective options required extra steps. No one was surprised. But they documented it, and that's what makes it useful.

The California Privacy Protection Agency issued a dark patterns advisory in 2024 that makes the same point differently: privacy should not be hidden behind a stamina test. If opting out of tracking requires three more clicks than opting in, that's not a neutral design choice.

When the app knows more about you than you know about the price

In January 2025, the FTC released findings from its surveillance pricing study. Intermediaries can use location, demographics, browsing patterns, shopping history, mouse movements, and abandoned-cart behavior to set individualized prices and product visibility. The same item becomes a different offer once the system has decided who you are.

This is not a fringe practice. Mouse movements, specifically, ended up in the FTC's findings. If you've ever wondered whether anyone is watching how you hover and hesitate — someone probably is, and they may have already adjusted the price.

A trail of ordinary coordinates can become something else entirely

Location data feels abstract. A latitude and longitude at 2pm on a Tuesday seems harmless. The FTC's action against Mobilewalla in December 2024 alleged the company sold audience segments built from location signals that revealed visits to health clinics, places of worship, and political gatherings. These are not edge cases. These are the places people go when they're most vulnerable, most private, or most carefully deciding who gets to know about it.

FTC v. Kochava, still ongoing, concerns location data from hundreds of millions of mobile devices — the kind of dataset where even without names, individual movement patterns become individually identifiable pretty quickly.

The data problem isn't any single point. It's what happens when a data broker connects coordinates, timestamps, and behavioral signals across apps they've never used and people they've never met.

Inference is cheaper now, which changes what "harmless data" means

AI doesn't just store data. It generates predictions from it. Clicks become propensities. Locations become beliefs. Pause durations become financial stress. This isn't science fiction — it's the architecture of recommendation, scoring, and targeted pricing systems already in production.

NIST's AI Risk Management Framework treats trustworthy AI as requiring safety, security, accountability, privacy, and transparency simultaneously, not sequentially. OECD's AI incidents work argues we still lack consistent reporting frameworks for when these systems cause harm — so we're mostly learning from the cases dramatic enough to make the news.

The Rite Aid case is a useful example. The FTC found the company deployed AI-based facial recognition without adequate safeguards. It produced false accusations, harassment, and disproportionate impact on people of color. When an automated system is wrong, it's the person in front of it who pays first, and the system that issues a correction eventually, if at all.

A privacy claim has to match the business model

In February 2024, the FTC banned Avast from selling its users' browsing data to advertisers. Avast is antivirus software. The product's entire pitch is that it protects your computer. The company was selling your browsing history through a subsidiary. This is roughly equivalent to your therapist publishing a newsletter.

The Avast case isn't an isolated failure of one company's ethics. It's a demonstration of the structural incentive: if you have the data, there's a market for it. The privacy policy says one thing. The subsidiary says another. The user is somewhere in the middle, reading neither.

Every SDK, analytics package, and third-party vendor in an app is a trust decision the user never got to make. That's not abstract risk. Verizon's 2025 breach report found third-party involvement in breaches doubled to 30% of cases. Each connection is another exposure.

Data that is never collected cannot leak, be resold, or be repurposed

The Identity Theft Resource Center's 2024 report tracks nearly 12 billion victim notices across its history. IBM's 2025 report found that 13% of studied organizations reported breaches of AI models or applications, and 97% of those lacked proper AI access controls. 60% of AI-related security incidents led to compromised data.

Data minimization is a security strategy, not just a privacy philosophy. If an app never collected the data in the first place, the breach surface is smaller. There's no vault to crack because there's no vault. That's the logic behind a local-first design constraint being treated as a product requirement rather than a marketing claim.