[XaYdEk]

But when you tell someone "That's not secure, you can easily get hacked. You need to [insert good security practices here]", what response do you get ?

In my experience, most answer along the lines of "So what ? What could they get ? I have nothing important." or "Why would anyone ever hack me ?" or "But I have an antivirus, doesn't that make me safe ?".

And then spend the next 15 minutes explaining to them how things actually work and why they need to take it seriously and offer to help. 9 out of 10, they never reach out. And it's not their fault, but the way security in general is perceived.

[6DM]

I think it's just a general misunderstanding of what privacy means. I've explained several times and even convinced a few people that just because they think they have nothing to hide, they generally do have something they don't want someone to know about or see. At best they will just revert back to the "I have nothing to hide" mentality after a week. I think people outside of tech just don't see how damaging it can be when you loose privacy.

[XaYdEk]

You implement security in order to have privacy and I agree it's poorly understood in the digital realm, mostly because it's "out of sight and out of mind". I like to use an analogy I can't remember where I picked up and reductio ad absurdum to get them past this automatic response, because that's what it is and it's based in the horrid and dangerous "Nothing to hide, nothing to fear" saying.

- The usual conversation - I ask them: "Do you have curtains ?" and they say: "Yes, of course" and I ask "Why ? I mean you have nothing to hide right ? What does it matter if someone can see what you are doing inside your house ?", usually they freeze for a second, "Because it's creepy". I continue "Well if it's creepy that someone would watch you in your house, isn't it just as creepy if they watched you online, what you read, what porn you watch, what you talk to your friends about ? Which do you think tells more about who you are ?". At this point silence and an increasingly worried look is the norm. I keep going: "It's not about hiding anything, it's about what is private. Otherwise why not tell everyone your darkest secret, your greatest fears, the thing you are most ashamed of doing in your life ? And that's why you should do [this or that]"

But even so, it's true most default back quickly. Still a few call, ask, improve their practices. People only seem to take it seriously after they have been directly impacted in a powerfully damaging way.

Edit: I have obviously had this conversation enough times to make this script in dealing with it. If you have to do it more than twice, automate it. :)