At the end of the day, your digital protection is your responsibility and yours alone. It is unwise on my end and unfair on The Tor Project’s end for me to sign into my bank account over Tor and then get mad at them if I get caught dealing drugs or laundering money. An issue I’m not sure we’ve ever addressed before here (but definitely should) is the idea of using the right tool for the right job. You’ve likely heard the phrase “bringing a knife to a gunfight.” It’s not just about being underequipped, it’s about being equipped wrong. Suppose I did bring a gun to a gunfight. The type of gun matters. Bringing a six-shot revolver to a fight against an AR-15 is still wrong, but so is bringing a rocket launcher in close-quarters combat. “The right tool for the right job” is a spectrum: you can use a tool that doesn’t do enough but you can also use a tool that does too much. In the digital realm, the “too little” tools are generally easy to spot as they’re so common. For example, a recent article talked about how Taiwanese officials suspected their LINE accounts got hacked; LINE was never meant to be secure, it’s not even end-to-end encrypted. The “too much” tools are typically harder to spot because they don’t really become “too much” until they start negatively impacting us: losing a job because you don’t have a LinkedIn, being lonely because you won’t do online dating, or getting paranoid by the overwhelming amount of tracking out there.
Having said all that, I think the problem starts when start expecting others to meet our threat model. There’s certainly something to be said for hypocrisy. It would be pretty hypocritical of me, who has on-record said many times that Facebook is one of the worst things ever invented, to then make a Facebook page for The New Oil. And while I think all of us privacy-promoting websites, myself included, should do our best I think sometimes it’s on the reader to remember that their data defense is ultimately in their own hands. Sometimes we make mistakes. I mentioned at the top that until recently I used Google Fonts. That’s because I didn’t realize until recently that the theme I was using was built on Google Fonts. Upon realizing, I immediately reverted back to the default theme to remove that piece of tracking. I wasn’t trying to let Google track my readers, I made a human mistake. In some cases, it may be an issue of funding. It’s a lot of money and time to ask someone to self-host a service; privacy is unfortunately a financial luxury in today’s world that’s just not always feasible for everyone. Additionally, there’s the threat model argument above. I strive to protect my readers from tracking as much as possible out of principle, but at the end of the day I make it very clear that my site is aimed at normal people, the same people who may not be willing to give up Facebook or self-host an email server. As such, one shouldn’t be terribly surprised that a Privacy 101 site isn’t catering to the Edward Snowden threat models of the world.