jordi been
back to thoughts
dec 11, 2025tech

Just Click Agree

//

A few weeks ago, my Fitbit informed me that I have until February 2nd to migrate my account to Google. If I don't, the device I bought and have used for years will simply... stop working.

This isn't a malfunction. It's a business decision.

Samsung TVs now require a Samsung Account to function. Google discontinued cloud support for older Nest devices, bricking them for Home Assistant users. These are physical objects, sitting in people's homes, that companies can reach into and disable if you won't step just a little further into their ecosystem.

And yet, when I bring any of this up at dinner, I can feel the room shift. Here we go. The privacy guy.

Somewhere along the way, noticing this stuff became the weird position. Not wanting a corporation to hold your devices hostage is now tin-foil hat territory. Meanwhile, "I signed away access to my entire photo library for a free storage tier" is just... normal. The default. What everyone does.

I'm not here to convince you to self-host everything and go full off-grid. I'm here to ask a smaller question: do you know what you've traded away for convenience? And did you actually decide to trade it, or did it just happen?

The "I've got nothing to hide" myth

The usual response to any of this is some version of "I've got nothing to hide anyway."

Which is fair enough. Most of us aren't doing anything scandalous. But this misses the point entirely. Privacy isn't about hiding anything, it's about control.

In Your Face Belongs to Us (2023), Kashmir Hill puts it better than I can: "With privacy, it's not about what others know about you, but about what kind of power that gives them over you."

In 2022, Madison Square Garden started using facial recognition to ban lawyers from attending concerts and basketball games. Not because they'd done anything wrong at the venue. Because their law firms had ongoing lawsuits against MSG or one of its subsidiaries.

Lawyers who had nothing to do with the cases were pulled aside by security, told that their face had been matched against photos scraped from their firm's website, and informed they weren't welcome. For the crime of working at a company that was exercising its legal rights.

That's the thing about "nothing to hide." It assumes you get to decide what's relevant. But once someone else holds the data, they decide what matters. And their definition might be: you work at a firm we don't like.

And this isn't an isolated case. The last few years have been a parade of quiet revelations. Google letting third-party developers read Gmail messages (even after saying they'd stopped). Amazon employees using Ring doorbell footage to spy on customers. Facebook's data ending up in Cambridge Analytica's political targeting machine. Apple trying to scan all your photos for child abuse violations (a plan they've since killed after backlash) None of it illegal, technically. All of it within the terms you clicked "agree" on.

One password to lose them all

But let's say you're not worried about data harvesting. You trust Google, or Apple, or Microsoft. They've been good to you. The products work. Fine.

Here's a different question: what happens if you lose access?

Single Sign-On (SSO) has become the default way we create accounts. "Sign in with Google." "Continue with Apple." It's frictionless. One password to rule them all. But that convenience has a shadow: you've created a single point of failure for your entire digital life.

A developer recently lost access to his GitHub account after automated mass-flagging locked his account. Years of professional work, suddenly inaccessible. Most developers use GitHub to sign into other applications. Dev tools, hosting platforms, professional communities. Lose GitHub, lose access to all of it. Not because you did anything wrong on those platforms. But because your account accidentally got flagged in an automated system.

The same is true for anyone who's built their life around a Google account. Your email, your photos, your calendar, your documents, but also every service you've ever "Signed in with Google" for. If Google decides to suspend your account, whether by mistake, by policy change, or by some moderation decision you can't appeal, you don't just lose Google. You lose everything you've connected to it.

Worst thing is, there won't be an actual person who makes that decision, and there'll be no phone number to call.

All eggs, one basket

There's another layer to this that goes beyond losing access. Once you're fully in an ecosystem, leaving becomes expensive. Not just in money, but in time, effort, and sheer friction.

Let's say you've been a Google household for a decade. Your photos are in Google Photos. Your files in Drive. Your calendar, your contacts, your email: all Google. You've signed into dozens of services with your Google account. Your family shares a storage plan.

Now imagine Google does something you disagree with. They raise prices significantly. They update their privacy policy in ways you're not comfortable with. They discontinue a product you relied on. This isn't hypothetical: Google has killed over 290 products since 2006.

You want to leave. But leaving means migrating tens of thousands of photos. Exporting years of emails. Rebuilding your calendar. Updating your sign-in method on every service you've ever connected. Telling everyone your new email address. Moving your family to a new shared system. That's weeks of work.

And so you don't leave. You accept the new terms. You pay the higher price. You stay, because the cost of staying just became lower than the cost of going. That's called leverage.

Would you sign an indefinite contract with any company where they can change the terms whenever they want, and your only exit is rebuilding everything from scratch? Probably not. But that's exactly what full ecosystem buy-in is.

Independence isn't about paranoia, but optionality. Spreading your eggs across a few baskets means you can actually make choices when conditions change. And conditions always change.

The price of convenience

The free tier isn't generosity... it's customer acquisition.

So if all of this is true, why does everyone do it anyway?

Because it's easy. And honestly? Because these companies are very, very good at what they do.

Google Photos is a genuinely great product. iCloud sync just works. The UX is polished, the onboarding is frictionless, and you never have to think about storage, backups, or file management. Billions of dollars went into making sure you'd never want to leave.

But those investments aren't charity. Data is the currency of the modern world, and your photos, documents, and location history are worth more than the storage costs. You don't get free tiers out of generosity; it's customer acquisition.

Now there are alternatives. More private, often cheaper in the long run, and fully within your control. But they're not rolling out a red carpet for you. The onboarding is rough, and the setup takes effort. You'll actually have to think about things like backups and sync configurations yourself.

That's the trade-off. It's convenience versus independence. And most people, most of the time, pick convenience without realizing they've made a choice at all.

What I do instead

You don't have to go full off-grid. You just have to stop sleepwalking.

This is why I self-host (almost) everything. My photos live on drives in my home, following a 3-2-1 backup rule. My home automation setup runs on my own server. My data doesn't leave my house unless I decide it does.

But I have an infrastructure engineering background, Linux proficiency, and a tolerance for late nights troubleshooting config files. I'm not going to pretend this path is for everyone.

And I'm not even fully off the grid myself. I still use GitHub and Google Maps because I haven't found anything that matches it. The goal isn't purity. It's awareness.

If you don't have a home server and no intention of building one, you're not doomed. You can still make choices. Use a password manager instead of "Sign in with Google." Pay for storage instead of trading your data for it. Back up your photos to a drive you own, even if it's just a physical one that you plug into your laptop sometimes. Think twice before uploading your kid's face to a cloud service you don't control. You don't have to go full off-grid. You just have to stop sleepwalking.

off the grid


It's funny how locking your front door is just common sense, but wanting to control your own data gives off conspiracy theorist vibes.

That email from Fitbit is still sitting in my inbox. Migrate to Google by February 2nd, or your device stops working. A few years ago, I might have just clicked through. Accepted the terms. Moved on.

Now I look at it and see the whole picture: another nudge deeper into an ecosystem I didn't choose. Another slice of leverage. Another small decision that isn't really a decision at all, because the alternative is a brick on my wrist.

And that's why I'm the privacy guy at dinner. Not because I enjoy making things awkward. Because I've seen where the "just click agree" road leads, and I'd rather not sleepwalk there.

You don't have to care about this stuff as much as I do. But maybe next time you're asked to sign in, you'll pause. Wonder what you're trading.

That's enough.

EOF