I have realized that most people don’t care about privacy. Well, that would be too broad a generalization. What I mean to say is that most people don’t know enough about privacy to care about privacy(knowledge problem), and that’s fine.
A big name that is often discouraged in privacy circles is Google. If privacy is on one end, then Google is considered to be on the other, very far end. And that’s the reason why, for most people, privacy equals deGoogling.
Well, if you don’t understand the term deGoogle, it simply means removing all and every existence of Google from your digital life. And some people exactly do that. But not everybody can do that—even I can’t do that.
Despite trying my best, I wasn’t able to replace Google Maps. And YouTube isn’t something that I consider essential, but I keep coming back to YouTube because where else do I go?
And over the course of time, I have come to this realization that if I can’t deGoogle myself (and I would consider myself well above average when it comes to understanding digital technologies, and also someone who has an innate sense of privacy), then I can’t really expect half of this from an average person.
Now, deGoogling is one aspect of becoming more private, but the larger sentiment is generally about big tech, so deMeta and deMicrosoft are also very prevalent in privacy communities.
Living and breathing in this space for the better part of my life, I have a sense that it’s also like an echo chamber. Well, echo chamber might have a negative connotation—I mean to use it in a neutral sense. We(in online privacy forums) are the same people who are aware of the problems with privacy, we are the ones who know the solutions, and we are already implementing them.
When I talk to normal people outside, who have little to no understanding of this, they fucking don’t care.
Once in a while, you hear news on mainstream media about privacy concerns around WhatsApp, Facebook, or Google. They remain in the news for a few days and you might also see a few headlines like, "Exodus of people from WhatsApp to Signal." Well, there’s no exodus.
If something really big happens, it remains a talking point for a few days, but it fades into irrelevance very soon for the average person.
People are just so used to using these apps.
For years, I have called this the problem of defaults.
What I mean by this is that most people use whatever is given to them by default. Android is the default operating system for most people, which is controlled by Google, so obviously it comes with Google's apps and services. People buy the phone, start using those apps, and before long, that's just how they use technology.
Now you might say, well, iPhones aren't controlled or made by Google, then why is Google the default search engine there? Because Google pays Apple billions of dollars every year[1] to be the default search engine. It also pays other browser makers for the same privilege.
On top of that, Google used to provide the best software experience there was. At least that was true 10 years ago. Now it's all enshittified[2]. Almost all of their products have become worse to use over time. But because they're the default, people have become accustomed to them.
For example, I see so many people watching YouTube with ads. I genuinely can't bear it for five minutes. It's a terrible experience. But people are absolutely fine with it. It's annoying, sure, but what else are they supposed to do?
That's why I frame it as a knowledge problem.
If people knew that a better experience was possible, they'd be more than willing to at least try it.
A few days ago, I installed a patched YouTube app on one of my friend's phone. Ever since then, every time we talk, they thank me for doing it. They even asked me to install it on three of their friends' phones.
Because it wasn't just an ad-free experience. It was all the little quality-of-life improvements: removing Shorts completely, automatically skipping sponsors (even the ones read by the YouTuber themselves), hiding unnecessary clutter, and customizing almost everything.
And experiences like these have made me realize that it's foolish to try to completely get rid of Google from people's lives. Even I can't do that myself.
I can only really say this about Google, though. Not Meta.
Meta's three biggest products are Facebook, Instagram, and WhatsApp. Facebook is practically irrelevant to most young people today. Instagram is nice to have(I don’t understand this but people uses it anyway, so okay), but certainly not essential. WhatsApp is probably the only one that can be considered somewhat essential because, for many people, it's the easiest way to stay connected with friends, family, or work. Not everybody can simply move to Signal, and I understand that.
But my god has WhatsApp become enshittified.
I recently had to install it (after a very long time, I don’t use WhatsApp in general) because of work, and what a horrible experience it was. What's the need for putting AI inside a messaging app? The interface is cluttered, everything is trying to grab your attention, and it just feels bloated.
Yet people continue using it because everyone else uses it.
I understand it.
But I also don't understand it.
Over time, my focus has shifted towards helping my friends and family in two ways: improving their digital quality of life and improving their digital security. Those two overlap with digital privacy, but they aren't necessarily the same thing.
Let me elaborate.
I don't think Google is really the biggest problem for an average person. I know it's bad for privacy, and for some people it practically holds their entire digital life hostage. But I guess it's fine. Or at least, it's fine enough. What people need isn't to completely get rid of Google. I think minimizing how much they rely on Google is a much more realistic goal.
If someone asked me whether they should stop using Google tomorrow, I'd probably say no. Even I can't do that. But if someone asked me how to stop keeping the only copy of all their photos on Google Photos, or how to stop reusing the same password on every website, or how to keep proper backups of important files, then that's a conversation worth having.
Those are problems people actually understand because they have real consequences. People know what it's like to lose photos (I surely know this). They know what it's like to get locked out of an account. They know someone whose Instagram or WhatsApp got hacked.
I think sometimes people in privacy communities—including myself—forget that the average person's threat model is completely different.
I don't think the average person has ever lost sleep because Google knew they searched for "best pizza near me."
What they do lose sleep over is getting hacked.
Or getting phished. Or somebody taking over their Instagram. Or some creepy stalker making new accounts after being blocked. Or a disgruntled ex. Or someone buying(sometimes this is just available online for free, no need to even buy it) their email and password from some random data breach and trying it on every website they can think of.
Those are real problems. They happen every single day.
And people using passwords like firstname@123, their date of birth, or their boyfriend's/girlfriend's name and then saying they got "hacked"—that's not even hacking. That's just being dumb.
And honestly, I've found myself caring much more about helping people avoid those than convincing them to become privacy enthusiasts.
The funny thing is that if you help someone become more digitally secure, and at the same time make their phone and apps less miserable to use, privacy kind of tags along anyway. It's a side effect.
I also think people often use privacy and security interchangeably, even though they're different things.
The way I've started thinking about it is with a really simple analogy (I’m still developing it, I know it’s not perfect, but it works).
Let's say you have a house on a street, but it doesn't have a door.
Well, you are neither private nor secure. People can look inside your house, and they can walk right in if they want.
Now let's replace that door with curtains.
You're private now. People walking by can't really see what's inside your house anymore. But they can still walk through the curtains whenever they want. So you're private, but you're not secure.
Now let's put an actual door there.
You're both private and secure. Well... to some extent. If the door isn't locked, somebody can still just open it and walk in.
So now you put a lock on it.
Now you're reasonably private and reasonably secure.
You can always buy a better lock, reinforce the door, install cameras, get an alarm system... but you get the point.
Privacy and security are related, but they aren't the same thing.
I think the same idea applies to technology.
Google is actually a good example of something that's very secure but not very private. They spend billions securing their infrastructure because they have to. I trust Google far more than some random company when it comes to keeping my data safe. But I don't particularly trust them with collecting less of it.
On the other hand, there are things that can be quite private but not necessarily secure. A custom ROM with an unlocked bootloader is a good example. It might send very little data to anyone, but if somebody gets physical access to your phone, you've made their job a lot easier.
And then there are projects like GrapheneOS that try to maximize both.
That's probably the ideal.
But for most people, I think simply understanding that privacy and security are different problems is already a huge step forward.
That's why I'd rather help someone keep local backups than tell them to delete Google. Or help them set up a password manager instead of spending an hour arguing about browsers. Or help them enable two-factor authentication. Those things just seem... more useful. At least to me.
Maybe that's why I don't really talk about privacy with my friends and family anymore. I don't go around telling them to install Linux or GrapheneOS or stop using Google overnight. I know they're not going to do that. Hell, even I haven't managed to completely get rid of Google.
Instead I end up installing a better YouTube app for them. Or setting up a password manager. Or enabling 2FA. Or telling them to keep backups. Or removing some random piece of bloatware that's been annoying them for months.
And they actually appreciate those things.
Nobody has ever thanked me because I made them 3% more private.
They have thanked me because YouTube doesn't have ads anymore. Or because they stopped getting spam calls. Or because they recovered their account. Or because their phone just feels... nicer to use.
I don't know. Maybe privacy communities have been trying to solve the right problem, but in the wrong order.
Maybe people first need to feel that technology is working for them instead of against them. And once they're there, talking about privacy becomes much easier.
So I guess I have two goals now.
- Quality of life improvements → getting rid of ads, de-bloating apps, blocking trackers, using better alternatives, and generally making technology less annoying to use.
- Digital security → protecting yourself from actual threat actors like disgruntled exes, stalkers, random weirdos on the internet, phishing, data breaches, while also making sure your data doesn't disappear one day because you never kept a backup.
The problem is that once I start talking about this stuff, I have way too many things to say.
I start thinking about password managers, and then I remember backups. Then I remember passkeys. Then browser hardening. Then encrypted DNS. Then better YouTube clients. Then I remember that none of this matters if somebody clicks on a phishing link.
It just keeps going.
And that's the problem. There are so many little things you can do that almost every single one deserves its own post.
So I'm going to start small.
The next two posts are basically going to be a crash course. Think of them as a starting point rather than a complete guide. And then, over time, maybe I'll start writing individual posts about each of those things.
Or maybe I won't.
We'll see.
So yeah.
Two posts.
One about making your digital life better.
One about making it harder for people to fuck it up.
When?
I don't know.
Whenever I feel like it.
https://www.theverge.com/2023/10/26/23933206/google-apple-search-deal-safari-18-billion ↩︎
Decline in quality of software over time. Initially, companies create high-quality offerings to attract users, then they degrade those offerings to better serve business customers, and finally degrade their services to both users and business customers to maximize short-term profits for shareholders. Read more here ↩︎