I’ve had the opportunity to talk with a couple of people about privacy-related things in the last week. While it was cool to have that chance, I also felt like a fraud making recommendations about things I don’t fully understand that could potentially hurt them if they don’t implement it correctly.
For background, I have been interested in tech for most of my life, but I’ve never been actually technical. I don’t have an IT or CS degree. I don’t work in the field. I barely know how to use the command line. Installing Linux is my highest technical achievement.
So how can I make recommendations to folks who are less interested in cybersecurity or technology than I am? I know enough for me to feel comfortable with my decisions. I know how much I’m willing to put up with in order to try to make it all work. But will these other folks? What if I make a recommendation and then it turns out there was something bad in that option that I didn’t know about that ended up hurting them?
These aren’t unique to the privacy community, and I know that the best way to handle all of this is to preface it with the ideas of threat modeling and making sure to do research from multiple sources before migrating anything. However, I can still feel like I’m presenting privacy as something that’s easier to do than it actually is and there’s no way I can hold someone’s hand through all the caveats they should know beforehand.
Have you felt like this before? If so, how have you dealt with it? What has helped you?