Does Personal Digital Privacy Consulting sound like an insane thing? Is it already done for indivuduals?

So I offer consulting as The New Oil. I’ve seen people bring this idea up a few times now, so I thought I’d weigh in. In regards to some of the comments here, here’s been my approach & experience.

Most of the people who approach me are basically just overwhelmed with decision fatigue and want help sorting through it all. There’s 500 bajillion messengers, 500 password managers, 10 bajillion browsers, and 100,000 Linux distros, and every single person online is convinced that theirs is the ONLY right answer for everyone. It’s extremely overwhelming to a lot of people. Most of them just want someone they trust to help them cut through the noise. “Here’s my threat model and my priorities, what are the pros and cons of this?” A lot of the time it’s more about validating their concerns and being a second opinion who actually listens.

I always tell people that I’m charging for my time. If you contact me with a quick question or you don’t mind waiting a few days for me to get back to you whenever it’s convenient for me, I don’t charge for that. You can email or message me any time. Likewise, I have all the basics on my website and further resources linked on the last page (including Privacy Guides) where you can dig in and learn more. I do not paywall any information. What you’re paying for when you hire me is to set aside dedicated time out of my day - which often requires me to block off time on my schedule and plan around it - and to do research. A lot of the time people have specific questions about services I’ve not used or am not extensively familiar with, so I have to do research about what the product/service websites say, the privacy policy, other users’ experiences, maybe even try it out myself if I have the time and funds. I don’t know everything and as Jonah said earlier, that’s time I could be putting toward PG or TNO or family or literally anything else. You’re not paying me for the information itself, you’re paying me to do the work for you. You’re paying me to be a shortcut and a second opinion. If you’d rather save the money and do the work yourself, more power to you. Again, I’m even happy to offer additional resources or places to check out. But if you want me to do that work, I only have so many hours in a day.

Just my 0.0000003 BTC.

That is pretty similar to my public role, except that most questions addressed to me are about workflows and tools that fit an individual, along with the cost of adopting them long-term. The last enquiry I had was about someone who wanted to self-host their own LLM in an air-gapped device to work on their own codebase, so I had to explain Hermes/OpenClaw, open weights, VRAM, the current hardware market prices, unified memory, and so on. Threat modeling is often secondary, so I explained the tradeoffs of updating models via sneakernet, DMA, Coreboot from System76 compared to UEFI, unauditable proprietary firmware binary blobs, but not necessarily TEMPEST or other exotic attack vectors.

@nateb @FranklyFlawless

I get the context. Situations in certain places are basic, some are advanced, and others are major—it’s not always the same.

But it’s good to stay on top of what’s happening beyond just the tech side of things; you shouldn’t ignore it.

It’d be nice if the Privacy Guides team put together a pinned thread on the forum, organized (not just A-Z) that brings all these topics (oficial page) together into one. Sometimes what happens is people look up info on a certain topic, stumble onto the forum, and then a bit later they head back to the main page and see the pinned thread with a title related to exactly that.
You could call it: unified.

It’s really helpful for people looking for info on these kinds of things.

This is a great discussion. I have actually been thinking that there is a market for “digital privacy” consulting or a nonprofit focused on privacy education. Last year, I was teaching digital skills classes to people over 50 and I asked them why they even wanted to learn how to use a computer. I thought they might want to see photos of their grandkids or something. Instead, they told me they wanted to learn how to use computers because they were afraid of being scammed or that their identity would be stolen online. But they were following nonsensical advice from companies like Microsoft that exposed them to potential scams. I also have been increasingly concerned about the growing number of school administrators who agree to install digital tech in classrooms without regard for privacy. AI companies are aggressively courting schools but it’s unlikely that administrators know anything about the potential exposure they are creating for students. A digital privacy consultant could: offer one-on-one consulting; workshops for the general public; workshops for older people; for schools and other instutions; etc.

That is what the organization I am involved in does already, they basically educate about Linux and open-source workflows for the general public. I deal with more individualized requests, so I can formulate/synthesize end-to-end pipelines. My speciality is digital sovereignty because I already walk the path I forged for myself, but since the general public prefers drop-in replacements instead of committal, behavioural changes, I consciously leave the generic recommendations to others in the organization instead.

Oh! I love your blog - I had no idea you also were on staff with PG.

Decision fatigue is 100% what I’m thinking, and it’s been both people I’ve worked with and family, seeing them know things are bad but not know where to take a first step that is what I’m trying to help.

And for what it’s worth, I have done a few volunteer sessions with groups ranging from high school kids to older folks on some practical first steps for personal online security. Things like 2FA and strong passwords as an easy starting point.

Though, it was my MIL that proved the point that putting it out there for free isn’t the same as someone walking you through the steps. She and the FIL used a printed page of all their credentials, which they keep under the TV remote. :face_with_spiral_eyes: When spending a couple hours to get them set up on a pw manager and get string passwords, my MIL got excited and started changing all sorts of stuff. She fat-fingered her phone passcode twice. Had to reset her phone, so lesson learned for all of us, buuuuuut, even step by step guides aren’t the same as a human walking you through each step.

It should be free. I’d love it to be, but I also gotta eat. So do you.

It’s something I’ve been thinking about getting into as well. I come from the activist side of tech users, so my market would very much focus on those who are doing advocacy, social change non-profit work, or are just generally concerned about the US surveillance state and its implications on open dissent. You don’t have to be an expert to be an educator, especially if you’re trying to reach the general public — I think it’s just important to not overrepresent credentials, experience or knowledge, and to commit to constant learning along the way.

I think @nateb 's suggestion about thinking about the service as selling our time/attention is the right move. This is how I have been thinking about why offerings like this are worth people’s attention. Like lots of other people have pointed out, the tech literacy gap is real in the general public, and there’s not enough dedicated tech educators out there bridging it.

I’ve been thinking of doing this myself on and off for about a year now, and i think you’d have to differentiate yourself from others by providing actual runbooks and setup help instead of selling access to a compiled Wiki.

Bazzell provides actual services while educating his clients. AFAIK, nobody tried doing this before in my country, so the competition is practically nonexistent.

One thing I’d make explicit in the offer is maintenance, not just the first setup. For normal households the risky moment is often a month later: an app changes, a phone asks for a passcode, a password manager prompt looks scary, and people quietly go back to the old habit. A small written runbook plus one follow-up session might be more useful than a big perfect threat model.

I really wish I could do more activism education. It’s awesome you’re doing that.

I laid out all the rules for safely attending protests for a family member before they went to college, and I’m genuinely upset they’re very much not the activism type because her boyfriend doesn’t like it, if you know what I mean.

I appreciate your comment, and think you’re right about thinking about how to make it worth someone’s time. And hey, maybe I’m thinking about my target audience the wrong way. I’ve done a talk with non-profits before, but where we’re at now, maybe it’s a training of trainers type of thing.

I paid closer attention to your messages,

@SwampTrainer
If you have any doubts, lay them out and I’ll help you.
Are you willing to face reality as it is? Based on what you said.

@sleepytejana
I checked out your website and the article about AI.
I understand your arguments, but how far are you willing to go?
In a way, we have something in common.

I’d recommend the following to both of you (the lesson speaks for itself):


It’s better to start from the core, then everything else comes after—tools, for example. You can share it with other people, for free.

I’m pretty late to the conversation here, and there’s so much excellent content already that maybe this isn’t worth your time.

I think the difficulty you’ll have, as @The_Centurion pointed out, is finding a good customer base. It’s a small market to begin with, and your target clientele are already mentally drowning in an ocean of unfamiliar tech and information. How do you cut through that chaos to highlight that you are able to guide them through it?

One great approach could be launching a low-cost or free online course aimed at absolute beginners. If you catch people just as they are waking up to digital privacy, you can offer them a general overview of why it matters and some basic, foundational first steps. Pricing it for free—or at a “low-gamble” price point like $25—lowers the barrier to entry. From there, you can use the course as a natural funnel to plug your high-touch, in-depth consulting services for those who need more help.

Charging for services, in my opinion, is less so gatekeeping tools, like others have mentioned (I share free tools to people alllll of the time). Rather, it’s actually giving your time and energy to walk people through those tools that they may not have had the initiative to use themselves.

It’s similar to the time and energy difference between a therapist providing a CBT worksheet to a client with absolutely zero guidance, and the same therapist actually holding the client accountable to doing CBT exercises, or utilizing CBT techniques in session. No one asks therapists to provide their sessions for free and teach clients tools for free — why? It’s because they are recognized for the value their time and energy brings to people’s lives. All of the tools people need for their mental health can technically be given for free and are as accessible as ever (mental health workbooks, guided meditations, etc) — so why are mental health levels in many wealthy, connected countries at an all time low?

Accountability helps. Having someone to guide you through your situation helps. Having someone who has actually walked in your shoes and can impart helpful advice helps. And people should be compensated for it if it proves valuable to their client. Free is great, and I’m all about democratizing resources. But my time isn’t democratized, and if it helps people improve their lives, I don’t mind being compensated for my work.

I’ll check out your post, thanks.

@GolCor and @sleepytejana Thanks - I think you’re really hitting some perfectly valid points here.

To the client base - yeah, I’m thinking of something like doing a highly specialized talk at places like Rotary clubs, which are usually looking for speakers for their meetings, and trend very much older in demographics. I’d like to start in person, but online with a few videos that are seriously slowed down and focused seems like the way to start. The part that I don’t like about that is, 1) clearly, I’d need to use YT for that…ugh. and 2) I have to weigh the legitimacy of being a human on a video vs. showing my face. I have an idea with that, but otherwise it gets weird, like the Luddits Club using a puppet named Gowanus as their spokesperson.

And Tejana, accountability and confidence I think are mixed together here. Accountability that someone will start to take a minimal step, knowing that a first step can lead to a second, third, etc. on their own. But also the confidence for them to see that one step wasn’t hard in the first place. Building momentum.