Why Privacy Matters

“I have nothing to hide.”

You’ve probably said this, or heard someone say it. It’s the most common response when privacy comes up. And it’s completely wrong.

Privacy isn’t about hiding crimes. Privacy is about power—who has it, and who doesn’t.

The Real Cost of “Nothing to Hide”

When you say you have nothing to hide, you’re assuming:

  • The rules will never change
  • You’ll never be targeted unfairly
  • No one will ever misuse your data
  • Your information will never be stolen

History proves all of these assumptions wrong.

Data breaches expose millions yearly. In 2024 alone, major breaches at healthcare companies, financial institutions, and government agencies exposed social security numbers, medical records, and financial data. Once your information is out there, it’s out forever.

Dynamic pricing uses your data against you. Airlines, hotels, and retailers charge different prices based on your browsing history, location, and device. Delta was caught showing different prices to different users for the same flight. Your data becomes a tool to extract more money from you.

KYC attacks leverage identity data. When companies collect your ID, address, and selfie for “verification,” that data becomes a target. Criminals use stolen KYC data for identity theft, SIM swapping, and financial fraud. Every verification request is a potential future attack surface.

Surveillance enables control. In authoritarian countries, the same data collection that seems harmless in democracies becomes a tool for persecution. Uyghurs in China, activists in Iran, and journalists worldwide face consequences for data trails that seemed innocent when created.

Privacy Is a Human Right

This isn’t hyperbole. Article 12 of the Universal Declaration of Human Rights explicitly protects privacy:

“No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence.”

The cypherpunks—a movement of cryptographers, programmers, and privacy advocates from the 1990s—understood that digital technology could enable unprecedented surveillance. They wrote:

“Privacy is necessary for an open society in the electronic age. Privacy is not secrecy… Privacy is the power to selectively reveal oneself to the world.” — Eric Hughes, A Cypherpunk’s Manifesto (1993)

Privacy isn’t about having something to hide. It’s about having the right to choose what you share, with whom, and when.

What’s Actually Tracking You?

Before you can protect your privacy, you need to understand the threat landscape. Here’s what’s collecting data about you right now:

Your phone tracks your location 24/7, records which apps you use and when, and transmits this data to Apple, Google, and countless app developers.

Your browser leaks your browsing history to advertisers through cookies, fingerprinting, and tracking pixels. Every site you visit builds a profile.

Your credit cards create a complete record of your purchases—where you shop, what you buy, when you’re awake, and where you travel.

Your smart devices (TVs, speakers, thermostats) collect voice recordings, viewing habits, and presence data. Many sell this to data brokers.

Social media tracks not just what you post, but what you view, how long you look at each post, and who you interact with.

Your email provider (if using Gmail, Outlook, etc.) reads your emails to serve ads and build profiles.

This isn’t paranoia. This is the documented business model of the modern internet.

Threat Modeling: Your Personal Privacy Plan

Not everyone faces the same threats. A journalist protecting sources has different needs than someone avoiding targeted ads. That’s why you need a threat model.

A threat model answers four questions:

1. What do I want to protect?

List your sensitive data:

  • Financial information (bank accounts, credit cards)
  • Personal communications (messages, emails)
  • Location data (where you live, work, travel)
  • Identity documents (SSN, passport, ID)
  • Medical information
  • Browsing history and online activity
  • Photos and personal files
  • Contact lists and relationships

2. Who might want it?

Identify potential adversaries:

  • Data brokers — sell your information to anyone who pays
  • Advertisers — want to target you with ads
  • Hackers — want to steal money or identity
  • Corporations — want to price discriminate or deny services
  • Government — varies by country and your activities
  • Stalkers/abusers — personal threats
  • Employers — monitor workers, screen candidates

3. How likely is each threat?

Be realistic:

  • Data broker collection: Certain (happening now)
  • Ad tracking: Certain (happening now)
  • Random hacker: Moderate (depends on exposure)
  • Targeted government surveillance: Low (for most people)
  • Stalker: Varies (based on personal situation)

4. What are the consequences if I fail?

Rate the impact:

  • Annoying targeted ads: Low impact
  • Identity theft: High impact
  • Stalker finds your location: Critical impact
  • Job loss from exposed information: High impact

Your First Privacy Exercise

Take 15 minutes right now to create your initial threat model.

Step 1: List your top 5 most sensitive types of data.

Step 2: For each, identify who might want it and how they’d get it.

Step 3: Rate each threat: Low / Medium / High / Critical.

Step 4: Identify which threats you want to address first.

Write this down. We’ll refine it as the course progresses.

The Gray Man Principle

Advanced privacy practitioners follow what’s called the “Gray Man” principle: don’t stand out.

The goal isn’t to appear suspiciously private—that draws attention. The goal is to blend in while quietly protecting your data.

This means:

  • Use popular privacy tools that millions use (not obscure ones that flag you)
  • Don’t advertise your privacy practices
  • Maintain normal-seeming online presence while compartmentalizing sensitive activities
  • Reduce your data footprint without creating gaps that look suspicious

We’ll apply this principle throughout the course.

What’s Next

This week established why privacy matters. Starting next week, we’ll get practical.

Week 2 covers installing Linux—a privacy-respecting operating system where you control what data is collected.

By the end of this course, you’ll have:

  • A private browser setup that blocks tracking
  • A password manager protecting unique passwords for every account
  • Private email with aliases for compartmentalization
  • Encrypted messaging replacing SMS and WhatsApp
  • A VPN properly configured
  • Encrypted local storage for sensitive files
  • The knowledge to evaluate any new privacy tool

No prior technical experience required. Just follow along.

Resources

Continue to Week 2: Installing Linux →