Your data isn't yours
At some point in the last fifteen years, a deal got made on behalf of everyone who uses the internet.
The terms were roughly: convenience in exchange for data. You get the service for free, or cheap, or bundled into something else you were already paying for. In return, the company gets to know things about you — what you do, when you do it, who you talk to, what you’re interested in, what you might buy. The data funds the service. The service keeps you using it. Everyone wins, sort of.
Most people didn’t consciously agree to this. They signed up for email, or cloud storage, or a productivity suite, and the data arrangement was somewhere in the terms and conditions that nobody read. Which is not really consent in any meaningful sense, but it is what happened, and it’s what most people’s digital lives are built on now.
Data ownership sounds abstract until you think about what it actually means.
It means: where does your email live, and who can read it? Where do your photos go when you take them, and who has a copy? When you search for something, who knows you searched for it, and what do they do with that? When you use a productivity tool at work, who owns the documents you create in it?
For most people, the answer to all of those questions is: a company, somewhere, whose interests are not necessarily aligned with yours. That’s not a conspiracy — it’s just the business model. The service is valuable to you, your data is valuable to them, and the exchange mostly works well enough that people don’t think about it.
Until the service changes. Until the price goes up. Until the company gets acquired. Until something you stored there disappears, or becomes inaccessible, or turns out to have been used in a way you didn’t expect.
That’s when the terms of the deal become visible.
Working in IT gives you a specific relationship with this.
You understand, at least in outline, how these systems work. You know what it means for data to live on someone else’s server. You’ve thought about access controls and backup strategies and what happens when a service goes down. You’ve probably had professional conversations about vendor lock-in and data portability and the risks of depending on infrastructure you don’t control.
And then you go home and your personal digital life is often built on exactly the things you’d flag as risks in a professional context. Your email is with a major provider. Your photos are in a cloud you don’t run. Your documents are in a suite owned by a company with a strong commercial incentive to keep you dependent on it.
The gap between what you know and how you live isn’t hypocrisy — it’s convenience, and inertia, and the fact that the alternatives require effort. But it’s hard to unsee once you’ve seen it.
The practical reality of owning your data is that it costs something.
Not always money, though sometimes that too. Mostly it costs time and attention. Running your own email server is genuinely difficult and not worth it for most people. Self-hosting a photo library requires hardware and maintenance and occasional debugging at inconvenient moments. Managing your own infrastructure means you’re on the hook when something goes wrong, with no support ticket to raise and no one else to blame.
None of that is nothing. The convenience of managed services exists for real reasons, and the people who choose them aren’t making an irrational decision.
But there’s a spectrum between “everything with a major cloud provider” and “fully self-hosted everything”, and most people never explore it because the default is so thoroughly established. A privacy-respecting email provider. Local-first software that syncs on your terms. A backup strategy that you control. Small steps that don’t require a home lab or a weekend of configuration, but that start to shift the relationship between you and your data in a direction that actually reflects your interests.
The deeper issue is that most people have never thought about this as a choice.
The defaults were set before they arrived. The services were already there, already convenient, already where everyone else was. Opting out requires effort and the defaults require none, which is exactly how defaults work and exactly why they’re so effective.
But a default is still a choice, just one someone else made for you. And the question of where your data lives, who can access it, and what happens to it when the terms change — that’s not a technical question, really. It’s a question about who you trust with things that matter to you, and whether you’ve actually thought about the answer.
Most people haven’t. Most people don’t need to.
But if you work in IT, you probably should. Not because you’re obligated to self-host everything or opt out of every convenient service, but because you have enough context to make the decision consciously rather than by default.
There’s a difference between choosing convenience knowing what you’re trading, and just never having thought about it.
The first one is fine. The second one is worth revisiting.