Why I Started this Blog

Unlike in Europe, where every single website asks for your permission to store cookies about you, websites in America store our every detail without blinking an eye. Our credit card information, our social security numbers, and our delivery preferences exist in databases all across the globe for very good reason: so that we can purchase things online with a single click.

Americans don't seem to care about cybersecurity

Do Americans care if our information is stored in an insecure database? Not really. Security has a high price, and, hey, it would make couch buying a lot harder. Every day brings a new data breach with blink-and-you-miss-it frequency.

When a company gets hacked, it just patches its website with a Terms & Conditions statement like this:


At least that's what VTech, an electronic toy maker, added to its website after paying a $650,000 settlement to the FTC for failing to adequately protect its customer data, which included the names, addresses, and photos of nearly 3 million children.

It's no wonder companies don't care about data protection when the fines for data negligence are so low. The problem of cybersecurity negligence in America reminds me of our issue with flood negligence: Americans build homes in unsafe areas, hurricanes happen, the National Flood Insurance Program bails them out, and they rebuild houses in the exact same places. Similarly, companies get hacked, their customers' private data is leaked, the FTC punishes them with slap-on-the-wrist fines, and they continue running their website in an insecure fashion.

Are people rational? No, of course not, and I'm not expecting them to be.

Is the situation worse because the government encourages bad behavior? Yes.

I didn't care about cybersecurity either

Back in 2012, I graduated from college and made an unconscious decision not to worry too much about my online data footprint. Of course, there were some consequences: hackers stole my credit card information from Target in 2013, and they stole my social security number from my alma mater in 2018. No big deal. In the first case, I simply got a new credit card. And in the second, I did what my grandma told me and froze my credit report at the major credit agencies. I’m no poorer or sadder because hackers stole my data.

Then, in 2013, my ability to 🙉 and 🙈 reached new heights when Edward Snowden revealed that all of my internet data was being tracked by the NSA.

So what? I thought: if anything, I expected all my information to be shared everywhere, and I trusted that the NSA was using my data in ways that wouldn’t immediately harm me (and was likely deleting it pretty quickly once they realized how much time I spent shopping for a couch).

In 2013, a Pew Research poll showed that, for the first time since 9/11, more Americans thought that the government had "gone too far", rather than "not far enough", in regards to civil liberties. I, however, still had my eyes and ears closed.

Then I woke up

Who can forget the Cambridge Analytica scandal? In 2018, news broke that Facebook shared 87 million users’ data – including News Feed, timeline, and personal message data – with the "This Is Your Digital Life" Facebook app for YEARS. And this data wasn’t just being shared with the app itself; it was shared with ad partners like the Trump presidential campaign and the UK’s Vote Leave campaign. Facebook knew that the data was being used incorrectly and didn't notify users. When I realized that political campaigns had access to a "psychological profile" about me based on my personal Facebook messages, without my knowledge or consent, I finally woke up and decided to start taking cybersecurity more seriously. (Subsequently, I became addicted to the Dark Net Diaries podcast which changed my life with its accessible, amazing stories about online hacks.)

Clearly a complicated game is being played.

As I’ve followed the cybersecurity news since 2018, I’ve realized that not only do companies exchange my data against my will, but that the U.S. government does as well. The FBI, for example, frequently asks Facebook for users’ data, and gets it. (See my first blog post for more info.) We no longer live in a world where you commit a crime and the FBI has to spend 15 months searching for evidence; now they can just send a search warrant to Facebook or Google to access your entire email history. Voila!

Who are the players in this game?

Well, first of all: us, the users of websites.

Secondly, tech companies: Facebook, Google, Apple, and others, who host applications that store our data. (And sell it to advertisers.)

Thirdly: the hackers who try to hack the tech companies on a seemingly hourly basis.

And fourthly: the government, who tries to punish the hackers, but in the process, reveals that the hackers are just like us in the first place, in that hackers too have all of their online data easily accessible to the government.

It’s a fascinating and weird cycle that I’m only now waking up to. Since the dawn of the internet 30 years ago, a whole new market has sprung up, one that no one fully understands.

So, in short, I started this blog to better understand the cybersecurity game. How does this game work? What motivates companies to take data security more seriously? One thing is for sure: storing data securely is not an easy thing to do, and it’s only going to get harder.

About Lydia

I spent the past decade as a software and DevOps engineer working on data-related technologies at places like MongoDB and Codecademy. Before that, I wrote for publications including Us Weekly and Shanghai Talk Magazine. I'm passionate about making security topics more accessible.


I'd like to thank Margaret Traylor for convincing me that my opinions would be interesting to people and for giving me the courage to start this blog. (And also for editing every post I've written.)

I'd also like to thank Mary Altonji, Claire Stepanek, Christoph Ding, and Sara Rose Gallagher for their constant advice and many, many edits.

Subscribe to Lydia’s Substack

My thoughts on cybersecurity, privacy, entrepreneurship, and technology.