why i don't write the usual privacy stuff
When you search for privacy/data protection stuff, what you will usually come across are things like privacy guides, the privacy subreddit, interested tech-y privacy blogs and YouTube channels. They give you great advice and overviews over different kinds of alternative services or additional software you can use to protect yourself, and they rank them, rate them, give additional context and keep up with them in case anything changes. It's this stuff that initially got me interested in privacy, and I wouldn't know a lot of services if it wasn't for their work. I love that I can just refer people to those if they have any questions about specific alternatives, and they deserve their space in the privacy sphere.
Anyway, this type of privacy material tends to do well online: It's easy to read, it gives you actionable steps to take, and immediately presents a solution. It says: You're still using Google services? Switch to the Proton Suite. You hate ads? Here are ad-blockers that also block trackers and popups and more. You "just" need to switch, or install more, and you're good. Crisis averted, you're safe/r. Meanwhile, more dry, theoretical, law-based stuff is harder to engage with and harder to write.
The reason why I am not really interested in writing about privacy or data protection in the product-focused way isn't only because I am a law student and therefore more interested in law; it's because I prefer to talk more about why something is a problem (or a bad service), and I want to give people the tools to spot it, a legal justification for the bad gut feeling they have, and I don't want to end up just advertising products.
The usual type of privacy content isn't always great at educating people on what the problem even is. This service is bad, this service is good (or at least better) is easy to believe at face value, especially when one is a big company and the other is smaller - but why is this bad, and why is this good? Okay, so one does more tracking and one does less tracking, but why is tracking bad? What stops this other service from also becoming "bad"?
Nothing is really safe from enshittification, or bankruptcy, or losing their maintainer, or being steered by investors and existing under capitalism for profit. I'd feel bad having the majority of my posts in my area of interest to do the work of the sales department for these services, just for them to become another thing to move away from in a couple years.
That is the downside of this sort of approach: You can install and switch all you want, but in the end, it puts a lot of responsibility onto the consumer and involves them in the never-ending arms race of avoiding something; whether that is not supporting an unethical company, or avoiding AI implementation, avoiding ads, avoiding trackers, avoiding becoming training data, etc. as both sides seek new loopholes and ways to get you to either comply and be subject to it anyway, or continue to be able to avoid it via another service or software.
It's an unfair fight, where one side heavily depends on smaller companies or FOSS maintainers, and the other side are billion dollar companies that are having a monopoly on many things and have a huge influence on the most powerful government(s) of the world. Consumer choices are good and you should use yours to no longer support what doesn't align with your values, but they aren't everything, especially as the companies make it harder and harder for consumers to have this choice, or for that choice to even make a dent in their finances. That's where we need laws and consumer protections to hold them accountable and grant users who rely on these services better rights - even rights making migrating off of them easier, like the data portability aspect mandated by the GDPR.
Indulging in the above sort of privacy content a lot can make you feel like you're outsmarting the Big Guys and you got it all under control while just the "normies" struggle who are just "too lazy to switch!11!", but to me, that is a flimsy house of cards that can easily collapse.
I say that while I too use these things - I am a Linux user, I have several browser extensions to reduce tracking and ads, I use forks like LibreWolf, I am a Proton user, I use a VPN, Signal, Matrix etc. - but I just want to be realistic about it and recognize that it just takes a little here and there for my products and services to vanish or get significantly worse, and that I don't want to foster a false sense of security. If you're like me and a millennial or older, you probably still remember all the past mass migrations between services.
I also recognize how many people are left behind with this approach, or at least makes them rely on people around them who are knowledgeable in this stuff.
In private, you have a choice, but you might be limited by your knowledge/awareness of alternatives, your understanding of tech, the complexity of the task, the network effect, or how willing the people around you or online are to help. Switching can be hard; transitioning cloud contents, or mail providers, and remembering to change your email address everywhere or at least implement a forwarding rule on the old one(s) can be a task that spans days or weeks next to all the other responsibilities you have. Then every now and then, you might wanna check in to see if your solution is still "good" or whether something changed. That's a lot more labor than just staying where you're at and where the majority is.
Maybe you are the one to install a Linux distro for your grandparent, or an adblocker for your parents, and then you're on the hook when things break and have to take the time to sort it out, and they rely on your skills and time until their device is functional again. LibreWolf, for example, has broken many payment transactions for me in the past.
At work, or in school or university, you probably don't have a choice at all. They force you into Microsoft and Google products or at least don't present alternative solutions in their setup guides. My work, for example, provides an MFA setup guide that only mentions Google Authenticator, even when any type of authenticator app would work.
All of that is not ideal. Putting too much emphasis on switching one product out for another can sometimes produce this vibe of "If you're still using that proven-to-be-awful service, you consent to being exploited and tracked, and it's your fault for staying." among privacy-interested people, but we can't let that run unchecked to basically mean that you can't expect better from platforms and the users deserve whatever is coming their way.
Unless the laws make distinctions between company sizes, they apply to your sacred privacy-conscious competitor as well and might help to prevent them turning out "bad". I also think you'd want your friend, who cannot bring themselves to switch or delete a service, to still have at least some protections here and there, instead of pointing and laughing from your moral high ground. Your child deserves protections when they have to use Microsoft products on their school tablet or when they install TikTok to engage with their friends.
They deserve to migrate as easily as possible.
They deserve to have permanent deletions of their content.
They deserve to not have their likeness uploaded to the platform used for advertising and AI deepfakes without their consent.
They deserve to not be targeted by advertisers and political groups via the algorithm that attempts to radicalize them.
They deserve not to have all their private data and especially location data leaked or sold, their DMs and art used for training data without consent, and so on.
Even if they could switch/abstain and just don't do it.
Switching from one service to another when both have the same profit goal and exist under the same system feels, and often is, a temporary bandaid. I don't wanna be a bandaid seller. I don't care about product names, I care for mechanisms, cash flow, dark patterns and settings options.
I talk more about why things happen the way they do and make people aware that yes, this thing bothering you is very much illegal or should be handled differently. I write about what the root cause is (usually: attention economy, data brokerage business model etc.), and discuss (potential or actual) laws and other ways on how the root cause is contained, redirected or partially mitigated. We are also constantly hit with attempts by the US government to weaken and dissolve our EU consumer protections and that deserves more attention.
I find that more productive and fitting to me/my style than being another "50 privacy-focused services to consider" in a thousand, forced to make clickbait like "Is this service still safe in 2026???".
Reply via email
Published