The neverending search for digital security.

Cybersecurity and the lost dream of digital privacy

The neverending search for digital security.

Here’s the game: A company gets hacked, or you get hacked and your account accessed. Company asks for more data to identify real users and keep you safe. You comply. The goal posts shift. More verification data becomes normalised for other companies to collect. Another company gets hacked. Repeat forever.

It’s privacy bankruptcy by design.

(And it’s great for the marketing department.)

Cybersecurity cycle diagram

The stakes

Most Australians have had data exposed since 2022, through the through Optus, Medibank, and Latitude Financial breaches alone. Names, addresses, health records, bank details—all the good stuff.

Meanwhile, every coffee shop and clothing store wants your phone number. Every online purchase demands personal data. Our identity fragments are drifting freely like pollen into companies that treat security as an afterthought.

Even our former PM accidentally posted his passport details on Instagram. If Tony Abbott doesn’t know the basics of identity fraud, what hope have Colleen and Kevin and the rest of us?

The consequences

At worst: fraud, theft, blackmail, emotional abuse. Your digital shadow becomes a weapon against you.

At best: death by a thousand spam calls. Texts from companies you’ve never heard of. Emails that multiply faster than you can delete them, with unsubscribe buttons that do nothing but confirm you’re real. Your phone becomes a harassment device you pay monthly to carry.

Two paths forward

Privacy maximalist: VPNs, burner accounts, encrypted everything, segmented digital identity. Accepting limited access to convenient services and significant friction in your digital life for the sake of safety and protection.

Privacy surrender: Give up. Share freely. When everything’s exposed, nothing is sacred. A mundane and open-source digital presence is worthless to steal. Trust financial institutions and the legal process to protect you in any serious fraud or theft cases.

The real solution

Make data breaches expensive for companies, not customers. Right now, the economics are backwards. Companies reap massive profits from collecting your data, whilst you bear all the risk when they inevitably get hacked. They apologise and carry on collecting more data than before. Until storing our data costs more than collecting it, the spiral continues.

The fix is simple: make companies liable for the true cost of exposure. Not token fines but meaningful penalties that make owners and executives think twice before hoarding unnecessary personal details. Introduce mandatory data deletion timelines. Require explicit justification for every piece of information stored. When your business model depends on protecting customer data rather than exploiting it, suddenly cybersecurity will become a priority.

Easy things to do now

  • Use a password manager. For the love of god. I use Bitwarden. It’s free, it’s easy, and it works well across all my devices.
  • Use burner email accounts. I have three: one for primary work, one for accounts that I care about but don’t want cluttering my main inbox (airline accounts, social media), and one for the rubbish (signing up to newsletters for discounts)
  • Use fake phone numbers that are certified for use in fictional works. Or find the equivalent in your country.

On this page

The stakes The consequences Two paths forward The real solution Easy things to do now