Let me tell you a story. Many years ago I worked for big banks and insurance companies. One day I was tasked with a project. It was an amazing, from the tech point of view, project. It was something like this: a user navigates to a bank website looking for information about some product. The website presents the user a simple contact form - first name, last name, phone number and/or email. Based on provided data bank would use it to update user data (if there was no official account it would update the “ghost” account, aka “I know about you, but you don’t know about me”). Next the bank would scrape all publicly available social media accounts and build the “hidden” profile (I’ll get to this later). Based on all that data, user would be assigned a score based on which all future interaction with a bank would be determined. For a regular person this would mean that “I’m sorry but according to our system we cannot give you a loan”.

Now, about the “hidden” profile. It’s a thing that all big companies (including banks and insurance companies) hold. It’s all the data collected from all publicly available profiles (and sometimes from the shady sites), used to create a profile that’s not visible to a frontline workers and it’s referenced as a “system decided based on your data”.

Now, to make this more scary. This happened 10-15 years ago. Way before the so called AI. Imagine how much more data those companies have about you in today’s world and how good they are in processing it.

Just because you feel you may have nothing to hide now, doesnt mean that information could be very worth hiding in the future.

Governments change.

Laws change.

Dictators, autocrats, police states, abhors dissent. Free thought and peace of mind is what you’re protecting.

I am/was in the same boat as you: For a long time, I just didn’t care that I was giving away a bunch of information in return for convenience, and didn’t get why people cared so much.

I don’t really know what triggered it, but at some point I became painfully aware that the only goal these companies have is to squeeze every possible penny out of selling me. I started noticing that the stuff they ask you to confirm is 95% stuff they want because they can sell it, or use it to get you hooked to their service, and 5% (at best) stuff they need to make the service good for you.

This triggered a change in my perspective: Now it pretty much makes me sick to my stomach to think about all the companies that are drooling over me, trying to make a buck by getting me to click something I’m not actually interested in, or don’t actually need.

These people have a vested interest in manipulating me, and by giving them my data, I’m giving them the tools to do it. I don’t want to be manipulated or sold as a product: That’s what made me start caring about protecting my data.

You have asked the most important question in this topic. Privacy and security only have meaning when you develop a threat model or encounter a threat. With digital security it is usually pretty straightforward in that you don’t want anyone else controlling your computer or phone and using it for their own ends. And a lapse in digital security can ruin attempts to secure privacy.

Privacy is where threat models should be developed so that you (1) don’t waste time worrying about and working around nonexistent threats and (2) can think holistically about a given threat and not believe in a false means of privacy.

For example, if you are of a marginalized community, closeted, and in a very unsafe living situation, your main threat model might be getting doxxed and outed. To prevent this you should ensure that there is zero to no information that would link your real identity to an online identity and you should roll accounts to ensure small slipups can’t be correlated. VPNs probably don’t help in this threat model but they don’t hurt either. A private browser does nothing in this situation. Securing your phone and not leaving it unlocked anywhere is good for this situation (sometimes privacy isn’t really about tech but behavior). Using strong passwords that can’t be guessed helps with this situation. Making a plan to move to a safe living situation so you can be out will resolve the threat entirely, though it may mean needing to think about new ones.

Notice that the government was not in this threat model and that it was more about violence towards the marginalized. Cis white guy techbros generally have nothing to worry about re: infosec and are just being enthusiasts or LARPers. Nobody is showing up at their house with a gun and the feds are not going to arrest you for having the most “centrist” political takes and actions available. The people that need to project themselves are those facing overt targeted marginslization or who take political action that the government wants to, or would eventually want to, suppress. For example, the US government labelled anti-apartheid groups as terrorist organizations and intimidated or jailed those they could identify. It has a habit of doing this to any advocacy groups that gain steam and actually pose a political threat to their opponents.

Even if you don’t have a threat model, though, having good digital hygiene is useful in case one develops in the future. You may currently do political work that seems safe, and it is because it is not perceived as a threat. Let’s say you help organize unions. But there have been times where organizing unions would mean you’re targeted by the government and hired thugs and those times can easily return. If they have compiled a database of likely union sympathizers, will your name be in there? Maybe that’s a risk that you just take. But maybe you should use good privacy practices so that you can go underground when needed.

The latter applies to the threatless cis white techbro “centrists”. Such an individually may someday change politically or in their gender identity and having good practices would then pay off.

(I am not an expert, just a hobby self-hoster)

Think of how police obtain information about people. They usually do an investigation involving questioning and warrants to receive records and put together a case. They must obtain consent from someone or get a warrant from a judge to search records.

Or, they could just buy info from a data broker and obtain a massive amount of information about someone.

Imagine if every company has this info and can tie it in to your daily life. Google probably has your data location history and can see exactly what routes you’ve taken lately. They can use that information, with timestamps, to estimate your speed. What if they sold it to your car insurance company, who then uses it to raise your rates because you are labeled as a speeder?

What if your purchase history is sold to your health insurance provider and they raise your deductible because most of your food purchases are at unhealthy fast food joints?

Now, with AI being shoved into every nook and cranny in the tech we use, AI can quickly get a profile on you if it is fed your chat history. Even your own voice is not safe if it can be accessed by AI. This can be used to emulate you - Interests, chats, knowledge, sound. People could use this to steal your identity or access accounts.

In addition to everythong everyone has said, one major thing that people often don’t think about privacy is how it relates to enshittification.

Modern software services try to optimize everything to make as much money as possible. Everything is a/b tested, and whatever increases some arbitrary metric is what gets released.

They do this by tracking a ton of metrics about how you interact with everything. I know where I work we collect data about every time you click on anything, how long you hover over buttons, etc.

Name, address, GPS localisation data, habits (like apps you often use, moments you use one device or another), gender, search terms in search engines, open web pages on a web browser, connection (other person you know), the work you do and where you work.

All kinds of things, really.

The usage is mostly advertising or identity theft.

There was a jogging app known as Strava that posted an image on their Twitter that was a heatmap of all the jogging activities of all of their users. Their idea was just to show how popular their app was by showing the entire world lit up. Twitter users were able to locate secret US military bases on that data alone. Turns out nobody jogs in circles in the middle of the desert except GIs.

Recently a group of Harvard students did a demo where they used Meta’s camera glasses and a chain of commercial programs and products to find out people’s names, address, workplaces, and family based only on their facial data.

These are just two examples off the top of my head. Essentially, the more data someone can accumulate, the more info can be analyzed from it. With things like AI tools, that analysis is incredibly fast even with huge datasets.

I feel like being spied on on the Internet is kind of like having a camera in your bathroom.

Sure they promise they’re only going to point it at the sink and just make sure that you’re engaging in proper toothbrushing habits.

Sure.

But they’ll set it at the point where the mirror shows the shower and the toilet and they’ve got smell detectors in there to determine how much food you’ve eaten and how well your digesting it and there’s a sensor in the toilet to check the content of your urine and then if you drink too much they’re going to tell your boss that you’ve been drinking because they detected the alcohol that your body flushed out in your urine when you peed.

And you have no control over who gets to see what’s going on in your bathroom.

It is morally wrong and psychologically oppressing to be spied upon.

And the powers that be are so focused on the benefits it gives them that they do not care about the negatives that affect us.

They get as much information from you as they possibly can. Age, sex, gender, weight, phone numbers, addresses, work history, purchase history, income, tax records, net worth, family and friends, hobbies, kinks, criminal records, food preferences, medical history, etc.

All of it is worth money, because the more data they have about you, the better they can predict what you will be interested in buying. They want to target ads towards you that have the highest chance of getting you to watch/click them.

Even if you think you aren’t influenced by advertisements and marketing, you are. And remember, it isn’t just you, they will use your data to target your friends and family. So even if you don’t care about all your personal data being mined for targeted ads, you should care about your friends and family.

Also, they more data these government agencies and corporations have on you, then worse it is when (not if) they get hacked. So even if you have no issue with these companies and government agencies storing your data, you wouldn’t want hackers and scammers to get that info and use it to hack your accounts and the accounts potentially of your family and friends too.

It’s about having control over your information and keeping yourself safe and protected. If you truly had nothing to hide, you would walk around naked, leave your door unlocked with your valuables inside, hand random strangers your credit card number, and leave the bathroom stall open while pooping. But most likely, you don’t do any of those things when you’re out and about, and the same should be true for your digital life.

Why do you need curtains on your windows?

To make sure the whole world isn’t just a window for the HR department. I can have “dissident” views, or just talk trash with my friends, and not get fired since it wasn’t at the office.

To make sure real dissidents (from totalitarian countries) can express their political views.

So a lady can send her husband feet pics without some secret agent spy gawking at them too.

So I can share my family’s secret BBQ sauce recipe with my cousin without Arby’s stealing it (they have eyes everywhere).

But these are all specific things. The truth is that we simply cannot trust institutions with all our data. I don’t need a reason for privacy. They need a reason to have my info. Security is a legit reason to seek citizens’ info, generally, but you should need a specific security-related reason to access a specific person’s data.

10 years ago by having your full name and face your whole data would be in risk of exposure like all social media apps your online footprint etc, etc and in the wrong hands hackers for example can do god knows what with it like sell your data to your enemies track it against you to steal your bank informations whatever they can put their hands on…

Nowadays they only need your face, almost everyone in the world has had uploaded a picture of them online somewhere and that’s enough to dox you and again your online digital footprint and again for whatever reason they want to possibly hurt you,

However having digital privacy forbids this data from leaking to the wrong hands and makes you a little more secure, just knowing little bit about your private life is sometimes enough to track you and open a weakness to take advantage of. this age isn’t for nuclear wars it’s about digital wars and data is power.

The way we socialise has changed to the point where it’s normal to talk to people over text chat. This leaves a footprint that talking face to face with someone does not.

In addition to other privacy concerns, I don’t want things I say that I would’ve gotten away with had I spoken it to my friends in real life, to come back and haunt me, either by a platform having a massive data breach, or it being used as evidence in a legal case against me.

On that last point, I’m not using chat services to organise crime, but taken out of context, any message I send can paint a picture that I’m an awful person and change some jury’s opinion of me. This isn’t something I want to think about before sharing a dank meme to a friend on discord.

Something else we should also be worried about is data leaks. Investments in consumer data security don’t raise stock prices so it’ll be underfunded by corps. Suddenly there will be huge breaches of consumer data accessible by everyone.

You can imagine all sorts of black mail attempts,not just by hackers, but ordinary people who know how to sparse the raw data.

You can have private “viewing habits” or edgy jokes you made sent to your company’s HR and shit. Also of course now the government has access to all of this information. Can you imagine the government passing some draconian “stop terrorists, and also protect the kids” bill. They could start spying on or even prosecuting those reading material related to stuff like the anarchist’s cookbook and similar.

At the end of the day, data that doesn’t exist can’t be leaked.

Depending on the website, a pretty wide array of personal information such as employer, age, location, address, relationship status, information relating to your device, and more. This data can be sold or shared to other companies or to individuals. If you’ve posted photos or videos of yourself publicly, this can all be used to train an AI to emulate you.

I cannot stress this enough, but this is a good reason to never put overly personal information online. At most I’ll only share my name because there are quite a few other people who have it, but never my age, photos, location or anything that could narrow me down to one person. Even without corporations selling your info, there can be malicious individuals who can exploit it through various means such as identity theft, doxing, etcetera.