Ian O’Byrne
Overstory Writing

Privacy vs. Security in 2026: Why the Distinction Matters More Than Ever

Why the old privacy-versus-security distinction no longer goes far enough in a world of AI, surveillance, and predictive systems.

Posted
Nov 28, 2025
Last revised
May 1, 2026
Author
Ian O’Byrne
Read
4 min
Topics
privacy · security · power

In 2017, I wrote a post aimed at clarifying the distinction between “privacy” and “security.” At the time, we were primarily concerned about hackers stealing our passwords or governments intercepting our emails.

Eight years later, that conversation feels almost quaint.

The digital landscape has shifted beneath our feet. We are no longer just fighting to keep bad actors out. We are fighting to maintain ownership of who we are. In an era of reasoning AI models, ubiquitous surveillance, and predictive analytics, the old definitions are no longer sufficient.

Here is how the Privacy vs. Security debate has evolved, and why we need to add a third pillar to the conversation: Sovereignty.

The Old Definitions (Still True, But Incomplete)

In my original post, I used a simple analogy to separate these two concepts. It still holds up:

  • Security is the Lock on the Door. It is the technical wall that stops unauthorized people from breaking in. Encryption, firewalls, and 2-factor authentication are your deadbolts.
  • Privacy is the Curtain on the Window. It is your choice to decide what the people inside or passing by can see. It’s about boundaries, consent, and agency.

Think of a fortress made of glass: it is perfectly secure (no one can break in), but it has zero privacy (everyone can see in). Conversely, you can pull the curtains tight to hide, but if the front door is unlocked, you aren’t safe.

However, now we face a new challenge. What if the landlord owns the furniture, the cameras, and the locks?

The Third Pillar: Digital Sovereignty

If Security is the lock on the door, and Privacy is the curtain on the window, what is Sovereignty?

Sovereignty is the Deed to the House.

We have spent the last decade renting our digital lives from “Big Tech.” We stored our photos on their clouds, wrote our thoughts in their apps, and trained their algorithms with our behaviors. We had “security” (they didn’t lose our data) and some “privacy” (we could change settings), but we didn’t have sovereignty.

We often confuse “control” with “sovereignty.” You might have control over your Facebook privacy settings (you can toggle a switch), but you lack sovereignty because you are living on their land, following their rules, and subject to their terms of service, including the potential for eviction.

Digital Sovereignty goes beyond just hiding your data. It is the capacity to set your own terms of participation.

  • Data Sovereignty is the technical aspect: it means the files reside on a hard drive you control (such as Nextcloud), not on a server in a jurisdiction you don’t understand.
  • Civic Sovereignty is the ethical side: It means refusing to use tools that extract value from your students or peers. It’s about ensuring our digital environments serve us , not the other way around.

Geoff Eldridge recently noted that sovereignty is “the freedom to design, govern, and inhabit systems that reflect who we are.” When we simply use the “easy” tools provided by Big Tech, we are borrowing their future instead of building our own.

Sovereignty means you have the power to:

  • Move your data (Portability)
  • Delete your traces (The Right to be Forgotten)
  • Self-host your infrastructure (using tools like Nextcloud instead of Google Drive)

True protection isn’t just about keeping secrets (Privacy) or stopping hackers (Security). It is about autonomy. It’s about owning the infrastructure so that you can’t be evicted or exploited. It’s the difference between being a tenant in a surveillance capitalist hotel and owning your own digital home.

The Death of “I Have Nothing to Hide”

In 2017, the most common rebuttal to privacy advocacy was, ” I’m not doing anything wrong, so I have nothing to hide.”

That argument is now dangerously obsolete.

In the age of AI, data isn’t just evidence of guilt ; it is raw material for prediction and profit.

  • Your “innocent” health data is being used to predict your future insurance risk.
  • Your “public” writing style is being scraped to train AI models that can mimic you without compensating you.
  • Your “boring” location history is being aggregated to determine your creditworthiness.

You might not have secrets, but you have patterns. And in the AI economy, those patterns are valuable assets. When you say “I have nothing to hide,” you are actually saying, “I consent to having my life commodified.”

Architecting Trust: Privacy by Design

So, where do we go from here? We stop treating privacy as a “user setting” we have to toggle on. We start demanding Privacy by Design.

This is why we are training everyday folks to use tools like Signal and Nextcloud.

  • Signal doesn’t just “hide” your messages; it is architected so that Signal itself knows almost nothing about you. It minimizes data by default.
  • Nextcloud doesn’t just “store” your files; it gives you the keys to the server.

We are moving away from “trusting” companies to do the right thing, and toward using tools that mathematically guarantee they can’t do the wrong thing.

The Bottom Line for 202 6

  • Security keeps the thieves out.
  • Privacy keeps the creepers out.
  • Sovereignty keeps the landlord honest.

To navigate the future safely, we need all three. It’s no longer enough to just lock the door. We need to own the house.