I’d consider myself moderately to advanced when it comes to technology, and recently I became really bothered with aspects of how our privacy and security is basically assumed and taken for granted.
Over the past few weeks I’ve begun to migrate to a much more secure and private setup such as
migrating to Fastmail with my own domain for masked emails
Mullvad for vpn
Pihole (and mullvad for the outgoing “leak” although I don’t know if it’s truly a leak but I digress things pass now)
I’ve used a password manager and passkeys or 2fa for many years so that continues
Hardened Firefox + multi containers
Started degoogling though this will take years and I’m not in a rush
Using mullvad DNS also
My overall threat model of myself is I want to be as private as possible without sacrificing certain conveniences
All that being said I’m interested in helping family members at a very basic level, think use quad9 not Google dns, password managers obviously this is bare minimum if that but I won’t get anyone to move the needle with big ticket items
And finally the question (I did some search here so I am sorry if this is repeated)
How do you answer the retort of “well Google already has 10,15,20 years of my data I don’t really mind I guess if they show me targeted ads”
Some people can’t be convinced or pushed even slightly, I will concede that. But I assume this has been something many people have heard, is there something you say back that’s helped move even the most stubborn user to slightly care about low hanging fruit, or is this a purely dead end and not worth much adventure?
Sorry again if I’ve repeated a topic.
Thanks! (Also feel free to tell Me things I can do better, things I didn’t do well or anything about steps I’ve taken) I’m still learning and open to feedback
To be honest, what I’d rely on here is that even if you trust Google, you can’t trust that they’d never be hacked. Maybe show/send them an article on the salt typhoon telecom hacks to see how bad it could get and explain that Google’s such a juicy target. The Snowden NSA leaks are also a good example.
But at a certain level, I just accept that my family and friends are adults and can make their own decisions. You can give people information, but they really do have to “want” to do something themselves to make the changes sustainable.
When it comes to convincing family and friends, I think it’s difficult to give you a very meaningful answer. How do you convince people of anything? (Meant as a prompt for reflection, not dismissively!)
That said, I think Privacy Guides have a number of articles addressing privacy specific arguments and considerations.
For instance, in relation to your specific example, try privacy isn’t dead; the sooner you start improving your privacy, the better, since recency and relevance plays a large role.
When helping people improve, celebrate each small victory; privacy is like broccoli, and a longtime unhealthy lifestyle doesn’t mean you can’t introduce vegetables to it, nor that your diet has to change all at once.
And if there are people in your life that don’t care much for neither ideology or pragmatism, you could consider talking with them about how privacy is also the protection of others’ data (and yours specifically).
As for feedback for you, have you considered elaborating your threat model a little? PG also has resources on threat modelling and common threats in the knowledge base. It might make it easier for you to pick which providers, services and products are right for you, as well as identify what values you hold that might be shared by those you want to appeal to.
The first and most important step towards privacy for anyone is to stop using social media. Things like “hardened Firefox” are relatively unimportant, and irrelevant if the first thing that you do is log into Facebook.
Then revisit your “tech stack.” PCs and laptops running Windows and phones running anything with Google and Apple in it are NOT private. “Smart” TVs, streaming sticks and other “smart” home devices are also privacy nightmares.
Also make sure your car does not have a cellular modem in it (or find a way to disable it for good).
Things like Pihole are useful, but I think the above are more important first steps in the grand scheme of things.
My counter is really that for my threat profile, i’m going to use some social media. But how i use it is at least containerized. I know that by default its inherently threatening my privacy to some extent. But like I mentioned my goal isn’t to hide fully or be fully anonymous. I just want to maximize it within my own personal UX.
Maybe to your point, this makes a lot of what I’m doing less valuable, i’ll explore it.
My tech stack is Arch & an iphone. Work laptop is a mac.
That’s pretty much it.
Obviously they aren’t perfect solutions but again, there is a convenience I want in my life that these provide. I’m starting the process of getting off some of these solutions in different ways. I expect this to be a long journey not a race.
The most important thing is that what you’re doing is making their life easier. You can explain how a password manager will remember their passwords for them so they don’t have to, how deleting old accounts will reduce the amount of spam they get. Always make sure they’re in control, if they don’t want to do something then don’t do it. But always keep the focus on how it will make things easier for them.
Best tip I have: focus on benefits. This isn’t about getting them to act on your ideology, but your suggestions will help solve problems.
Some framing:
Password Managers - “you’ll never forget a password again”
DNS changes - “you’ll get faster internet and fewer annoying ads”
Email aliases - “you’ll know who sold your email when spam shows up”
Degoogling - “you’ll be more in control over who gets access to your future information”
Data shelf life - your interests, health conditions, financial situation, and location from 10 years ago are far less valuable than current data. By taking action now, you prevent FUTURE privacy erosion.
It’s like saying “I’ve already eaten poorly for 20 years” but that doesn’t mean you shouldn’t start eating better today.
Frame it around control, not about Google being evil, but taking back control. “You’re choosing who gets access to your future data”
Most people care about security over privacy. Identity theft and account takeovers are tangible threats they can understand.
Some people genuinely don’t care, and that’s okay. Plant seeds, offer help when they’re ready, but don’t evangelize. The most effective advocates are those who help when asked, not push when unwanted.
