Data privacy & cybesecurity for normal people

Finding Balance

Did you know that drinking too much water can kill you? (You'd have to really chug a lot of it do so, so don't really worry about it, but technically it's a thing.) Same thing with too much oxygen. You probably already knew that, but did you know too much Tuna (or any seafood, really) can give you mercury poisoning? Or that too much of certain teas can cause kidney failure? That swallowing too much toothpaste can cause flouride poisoning? (Source for all these claims.) Most of us are familiar with the idiom “too much of a good thing can be bad,” and most – if not all – of us have probably experienced this at least one time when we ate or drank to the point of feeling sick (even if you don't touch alcohol) or slept in way too much and felt groggy the rest of the day. Our bodies and minds are primed for balance. Introverts, for example may need the balance of staying at home with Netflix or a good book the night after going out to a friend's birthday party.

This is true of our privacy and security lives, too. If you’re like me – and you probably are to some extent if you’re reading this – you may be really into privacy. Like, really into privacy. I greatly enjoy asking myself what I can do next to improve my privacy posture and take just that one tiny next step. (In my case, I really need to reset my phone to start over and to use more cash. I don’t know why that last one is so hard for me lately.) But also if you’re like me, you probably tend to really go overboard on your hobbies. I’m a workaholic, and my wife thinks I may also have mild, undiagnosed ADHD. I have clocked over 1,000 hours between Jurassic World Evolution 1 & 2. I’ve binged every single episode of Last Podcast On The Left, Serial Killers, Conspiracy Theories, and Stuff They Don’t Want You To Know. I’m on my second read-through of the Remembrance of Earth’s Past trilogy. This hyperfixation trait of mine pushes me to really immerse myself in my privacy work, spending hours per day – sometimes late into the night – updating the site, finding articles, editing the podcast, spinning up new servers, etc. It’s extremely common that I come home from work, shower, eat, and then spend the rest of the night at my laptop queuing up articles, taking notes, and planning or editing the next piece of content.

But this obsession comes back to bite me. As an introvert, it’s incredibly easy for me to slip into my natural state of wanting to stay at home. I have no real desire to venture out of the house except maybe for food – and only then if I’m unwilling to pay the delivery fee. Were it not for my day job, I could probably go at least a week at a time without ever leaving the apartment. This is actually a legitimate concern for me if I ever get to do The New Oil full time, as it could mean letting my friendships slide if I'm not careful. And because of my one-track mindedness, it’s also easy for me to forget anything else exists. I have – on multiple occasions – stood up from my desk and suddenly realized “I really need to pee badly” or “I skipped lunch and haven’t eaten in ten hours” or “when the hell did my cat get on my lap and fall asleep?” (I’m not kidding, all three of those have happened to me more times than I can remember.) My wife has – on multiple occasions – stated that she misses me as I sit six feet from her in the same room. She’s stated that sometimes she feels like The New Oil is more important to me than she is. And I get why. Sometimes it’s work that just has to get done but it can also often be me simply not managing my time well, being time-blind and getting sucked into the work. It can be hard for me to remember – without setting timers and alarms – that I need to literally drag myself off the computer and go do other things (or sometimes, just close the browser and play a video game).


I know I’m not the only person with these problems. As I write this, I’ve seen a rash of posts on Reddit where people declare they’re quitting privacy. “It’s too much work. I haven’t seen my friends in forever. I miss movies/video games/YouTube. I feel exhausted by always being on alert.” This is a topic I plan to address directly soon (and have already touched on in a previous post about Burnout), but for now I want to highlight a specific section of this topic: balance. “Work/life balance” is a common phrase, and it’s one I’m a huge fan of. Especially since work-from-home became common, many people are starting to push more for jobs that respect work/life balance and don’t expect us to answer emails after hours or stay late regularly to finish projects. We need to learn to take this approach with privacy, too. We need to learn to start finding a balance between our desire for and interest in privacy with our other desires in life, whatever those may be.

About a year ago I started seeing a big push toward threat modeling. Someone would ask the community “what messenger/email provider/operating system/phone/etc should I use?” and a common response became “it depends on your threat model.” I loved this trend and would love to see it come back because it’s so true. An investigative journalist needs to be more careful than I do, while I need to be more careful than my mom. Everyone has a different threat model that requires different solutions, strategies, and tools to defend against. Threat modeling is a big part of finding balance. There’s nothing wrong with going above and beyond, but once you start hitting a point of friction, burnout, and stress it’s important to be able to pick your battles and that starts with threat modeling. Once something becomes difficult and stressful, you need to be able to know “can I walk away from this? Is this overkill? Or do I actually need this?” The second part of balance is simply making that choice. For example, I don’t self-host my own email server. Could I? Probably. I’m sure I’m smart enough to figure it out. But I’ve heard too many horror stories and my threat model simply doesn’t call for it. Rather than add that stress to my life for minimal gain (if any, I’d probably lose more than I’d gain, to be honest), I’m making that choice to walk away and say “Proton/Tutanota is enough.” (This is also a topic I’ve written on here.)

Life is about balance. Too much of any good thing is bad. Too much privacy will hurt you. Period. Maybe you’ll miss a job opportunity because you refuse to use a job-hunting website. Maybe you’ll miss love because you refuse to use unencrypted messaging (like SMS) for literally anything, even low-risk interactions. Maybe you’ll miss out on some potential happiness because you refuse to allow DRM-enabled devices into your house, so you miss a great TV show or movie. I’m not saying you’re wrong if you do any of these things, but I am saying that if you’re starting to feel like you’re missing out, burning out, or giving up hope, you may have taken things too far. There’s nothing wrong with going just far enough to satisfy your threat model and saying “this is good for me, I can stop here and enjoy my life.” Life should be enjoyed. It’s relatively short and you only get one go around. As far as we know.

You can find more recommended services and programs at, and you can find our other content across the web here or support our work in a variety of ways here.