Another common objection is the fear that practicing privacy more seriously will make you stand out and draw more attention from various spook agencies. Perhaps some Data Broker will note anomalous records.
The reason this isn’t much of a worry is that the data gathering machinery is geared toward the common case of little privacy protection and seeming working assumption that all will be well – that one should just go along to get along as it were. Most of the tooling to scoop up tremendous amounts of data on everyone depends on use of common “convenient” apps and services with very little done to protect yourself. This is true of government, private and criminal data gatherers and exploiters.
Unless you are a really especially juicy target a more individualized targeted data gathering is just not generally worth the extra trouble. Thus by practicing better privacy and security the worst of the vulnerabilities can be largely bypassed.
The default profile is that the person has one (maybe two with one for business) email addresses and one phone number used on most forms that ask for one. This average person uses OAuth authentication on as many sites as possible using Google, Facebook, Apple, etc. as provider. Thus effectively their one provider credential is attached to everything and the provider get more information from each site they use such credentials on. Hackers have a good guess what credential were used. If they can hack the provider for the user by social engineering and other means ALL resources secured by that so “convenient” OAUTH usage are at risk. For major providers like Google and Apple this includes user financial instruments in the respective provider wallets.
Since the credentials, whether OAUTH or using the same email everywhere, are the same on so many sites all of these are tied together as part of the user profile. Nearly 85% of sites use Google Analytics. So the sites report a lot of activity information and if the credentials are Google provided it is much easier to associate all that with growing google profile on the user.
Google is not alone in this. Apple has an ad business as well and an even more captive app store that extends even to Apple desktops. All Apple platforms by default know the Apple ID of the user and store substantial user data in iCloud. While Apple has made some moves to have better privacy and security on this it still is not end to end encrypted or with zero knowledge by Apple of the keys.
Using smart phones the average user has whatever comes with the stock Apple or Google or 3rd party Android with Google extensive information gathering still in place. Apps on mobile devices are even more able by default to send a lot of information upstream and to have the provider gather extensive information as to what the user runs, how they interact with the app, what devices are nearby, location information and worse.
The bottom line is that you can either choose to have better privacy and security practices or you can be one of the herd destined to be spied upon deeply and continuously. Stepping out the normal or average pattern simply avoids the default information fleecing and lack of privacy and security.