Security and privacy aren't the same thing

I hear these two words used as if they mean the same thing: security and privacy.

They’re not.

I get why people lump them together, there is overlap. But treating them like synonyms leads you to make wrong conclusions, the wrong trade-offs, use the wrong tools.

I don’t use Google, Microsoft, or Facebook: that’s a privacy choice, not a security one. Their security is excellent. They spend billions on it. I trust them to keep my data safe from hackers.

I don’t trust them to keep it safe from themselves.

That’s the difference.

Security is about locks

Security is keeping bad things out. It’s:

• Strong passwords and two-factor authentication
• Encrypted connections
• Regular backups
• Patch management
• Firewalls
• Device encryption
• Least privilege (only the access people actually need)
• Lock screens and auto-lock

Security answers the question: Can someone unauthorised get in?

If the answer is no, you have good security. It’s measurable. It’s testable. There are clear wins and clear failures.

Privacy is about who gets to look

Privacy is controlling who sees what. It’s:

• Choosing not to share data in the first place
• Knowing what a service does with your information
• Opting out of tracking and profiling
• Deciding what’s public and what’s private
• Browser extensions that block trackers and ads
• Email aliases so each service gets a different address
• Stripping metadata from photos and documents before sharing

Privacy answers a different question: Who has access, what do they have access to and what are they allowed to do with it?

That’s harder to measure. It’s about trust, consent, and the boundaries you set.

Where they overlap

Good security protects privacy. If your data gets stolen in a breach, your privacy is violated too.

And good privacy practices can improve security. The less data you share, the less there is to lose in a breach.

Where they diverge

You can have excellent security and terrible privacy. That’s exactly what Big Tech offers. Your Google, Apple or Facebook account is incredibly hard to break into. Their security teams are excellent.

But they’re also building profiles on you. Selling access to your attention. Using your data to train models you didn’t consent to.

Your data is safe from hackers. It’s not safe from them.

And you can have privacy without great security: a local business that doesn’t collect any data you care about, but uses the same password for everything. Your privacy isn’t violated because they never had much to begin with. But their security is a mess.

They’re different problems. They need different approaches.

Why this matters

When people think they’re the same thing, they make the wrong choice.

You buy a security tool expecting privacy. You sign up for a “private” service that has worse security than the mainstream alternative. You assume that because a company is good at one, they’re good at the other.

When I choose to avoid Google services, for example, I’m not saying their security is bad. I’m saying I don’t want their business model anywhere near my data. That’s a privacy decision. And I make it with open eyes. I know I’m giving up some convenience, some integration, some ease.

That’s a trade-off I’m willing to make.

But it’s not the same trade-off as choosing a more secure option over a less secure one. Conflating the two means you don’t really know what you’re choosing.

Where does Lumen IT fit in?

Most of what I do day-to-day sits on the security side. Pentests, backups, updates, access controls, getting people off shared passwords, helping you recover when something goes wrong. The boring stuff that hopefully stops bad things happening.

But the privacy side is often what gets people in the door. They’ve heard the breach stories. They’re uneasy about what Google knows about them. Their Facebook ads feel a bit too targeted. They want someone who takes it seriously without selling them a dashboard with blinking lights.

I don’t sell privacy as a product. Privacy isn’t something you install. It’s the choices you make about what you use, what you share, and who you trust. What I can do is help you make those choices with clear information. I can help you trial some alternatives.

I can help with either. But it helps if we both know which one we’re talking about.

The takeaway

Security and privacy aren’t in competition. They overlap, they support each other, and you need both. But they’re not the same thing, and pretending they are is how you end up with good locks on a glass house.

Know which one you’re actually worried about. Then pick the right tool for the job.