> And even if you trust Google to do no evil, do you also trust your government? Because often enough Google will hand over your data to local authorities.

I'm agreeing with the rest of the post, but I can't imagine the FBI/NSA/whoever else stopping their snooping campaign because you've changed a switch in some settings dialog.

Note: I am the author of this article.

Yes, they will probably ask Facebook then. Or check your web search history. There is more than one source for them to draw from. But you can shut down this huge source of your private information easily. You can deal with the rest of them later (all possible).

I disagree with just one point of this article: no-passphrase sync encryption is a sensible default.

The average person cannot handle an encryption password that nukes their data if they ever forget it.

Note: I am the author of this article.

They have at least one device with an unencrypted copy of their data, likely two or more. They only need this passphrase to set up sync. If they ever forget it, they reset sync, set a new passphrase and re-upload the data. No nuking.

I do believe (but, though I work at Mozilla, I don't work particularly close to the relevant team) that our support team regularly gets help requests from people who have locked themselves out after e.g. wiping their device, and we can't help them recover their data. It's a hard balance to strike between usability and privacy, though Google obviously guides the user more to the never-lose-my-data end of the spectrum that also happens to give them more insight into what the user does.

Almost 20% of Americans only access the Internet on their phone.

If I only own a phone, all I have to do is break my phone and forget my encryption passcode when I set up my new phone and I would lose all my bookmarks.

Many users are effectively phone-only these days. Assuming that a user has at least two devices is dangerous.

As I said, one device is enough.

In principle true

- Having 1 password for Google account + one passphrase may be great - in a sense holy grail

But... as some one doing CS for many people

- People just dont focus or show importance to these things

- People will forget the passphrase and lose data

- The importance to the data that was lost is MORE painful than the 'loss' of privacy

- So many people incl. my spouse live totally in phones (and work laptop). With the advent of large screen phablets (a.k.a - all new phones) - one does not even need any tablet.

- Sure, your advice is logically correct but reality for most is that people still treat password or PIN as a PITA.

I sincerely wish some country will pass strong privacy laws + have a connection between google/apple account with national ID of some type so that people can validate and reset password of SV behemoths. But again - strong privacy laws so that neither govt not SV misuses it.