SEBASTIAN FISHER.COM

Home Links Projects NetSec Library Blog
← Blog

"I Have Nothing to Hide": Why That's the Wrong Question

2026.05.15 privacy

You have probably heard it before, maybe said it yourself. Someone brings up a VPN or browser tracking and the response comes back: "I don't really care, I have nothing to hide."

It sounds like common sense. It is not.

Privacy Is Not About Guilt

The argument assumes privacy is only something criminals need. Think about what you actually do online: search medical symptoms, read about ideas you are still forming opinions on, check your finances, message people. None of that is illegal. All of it is private.

You close the bathroom door. You do not hand your diary to strangers. You lower your voice in a restaurant. None of that means you are hiding something criminal. It means you understand that not everything is for everyone.

"Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say." — Edward Snowden

Surveillance Creep

Even if you trust your current government, your current ISP, your current platform, the infrastructure you accept today does not go away when circumstances change. Systems built to catch criminals get used to monitor protesters. Tools built for national security get turned on journalists and lawyers. Data collected for advertising gets subpoenaed in court.

The argument asks you to bet that everyone who will ever have access to your data, in every context, forever, will use it fairly. That is not a reasonable bet.

Your Data Is a Product

In the most ordinary case, no government, no court, no controversy, your ISP is selling a profile of your browsing habits. Advertisers buy it. Data brokers package and resell it. "I have nothing to hide" only holds up if you are comfortable with companies you have never heard of knowing your habits in more detail than your friends do.

It is not about doing something wrong. It is about who profits from your patterns.

VPNs Are Not Suspicious

There is a persistent idea that using a VPN means you are doing something shady. VPNs are legal in most countries and are used daily by remote workers, journalists, and people who just want their traffic to stay private. The association between privacy tools and wrongdoing is pushed by the people who profit from your data being open.

In some countries ISPs are pressured to flag or throttle VPN traffic. If you are in one of those places, a VPN with obfuscation, which makes VPN traffic look like ordinary HTTPS, is worth looking into. I cover how I do this with WireGuard and Cloak in the NetSec guide.

The Right Question

The question was never whether you have something to hide. The real questions are: who has access to your data, what can they do with it, and did you ever agree to that? Most people, if honest, would say: not sure, quite a lot, and not really.

That is worth thinking about.

← Back to Blog    NetSec Guide →