Sign in Subscribe

A few years ago, a client called me in a panic.

He was convinced someone had hacked his computer. Strange emails had gone out from his account. A couple of passwords weren’t working anymore. Something felt wrong.

His first instinct - “Is someone watching my computer?”

We checked.

There was no malware. No hidden remote access. No mysterious background process spying on him.

What had happened was far more ordinary.

He had reused the same password on multiple websites. One of those sites had been breached months earlier. That password was quietly circulating online. Eventually, someone tried it against his email account — and it worked.

From there, the rest was easy. Reset links. Account access. A few embarrassing messages sent out.

No sophisticated surveillance. No keystroke loggers, no operating system zero-day, no elaborate, sophisticated hack.

Just a reused password.

That pattern repeats itself more often than people realize.

After spending the last week talking about telemetry, cloud sync, and app permissions, it’s worth pausing to ask a more grounded question:

What actually causes harm?

In real life — not in headlines — most privacy damage starts with accounts.

Email is usually the center of it all. It’s the recovery point for banking, shopping, social media, cloud storage — almost everything. If someone gets into your email, they don’t need to break into your computer. They can simply reset their way through your digital life.

And the way they get in is rarely sophisticated.

It’s usually:

  • A password reused one too many times
  • A convincing phishing email clicked in a moment of distraction
  • An old device still signed into an account
  • Software that hasn’t been updated in years

None of it feels dramatic. But small weaknesses compound.

That’s why I don’t spend much time worrying about telemetry settings when I’m helping someone secure their digital life. Diagnostics data doesn’t empty bank accounts. Background syncing doesn’t send scam emails to your contacts.

Compromised accounts do.

That might sound uncomfortable at first. But it’s actually reassuring.

Because if the biggest risks come from everyday habits, then they’re manageable.

Strong, unique passwords.

Two-factor authentication.

Keeping devices updated.

Knowing which devices are signed into your accounts.

Those simple things eliminate most real-world exposure.

Not 100 percent. Nothing ever does.

But enough that you can sleep at night.

As we move into the second half of this series, we’re going to focus less on what’s being collected — and more on what truly matters.

Tomorrow, we’ll talk about email specifically — why it’s the quiet control center of your digital life, and why securing it changes everything.

And if there’s one thing I’d encourage you to think about today, it’s this:

If someone tried to access your email tomorrow, how hard would it be?

That’s where real privacy begins.

What Actually Causes Real-World Privacy Harm