We’ve been sold a simple story about staying safe online. Use a password manager. Turn on two-factor authentication. Download a VPN. Switch to encrypted messaging. If you’re not doing those things, the implication is clear: you’re the problem.
That story starts to fall apart the minute you step outside ideal conditions. The issue isn’t whether people know about these tools. It’s whether they can actually use them in the context of their daily lives.
Talk to anyone who manages more than one device, or shares one with family. Talk to people dealing with unreliable internet or moving between apps that don’t quite work together. The tools don’t sit side by side neatly. They stack. A password manager here, two-factor authentication somewhere else, a messaging app that won’t sync, a VPN that slows everything down or blocks access when you need it most. None of it breaks dramatically, but it just weighs on you with each click.
What gets dubbed“non-adoption” is usually something more mundane. People forget logins. They get locked out. The onboarding doesn’t quite work. Something breaks and there’s no obvious way back in. Or they simply decide it’s not worth the hassle.
So they make it work as best they can. They reuse passwords, drop tools halfway through, or they find their own shortcuts. This is not done out of apathy, but because the system isn’t really set up for them.
And still, much of the response treats this as a behavioral problem. It’s something to fix with better training, clearer nudges, or more awareness. Unequivocally, that misses the point, given the friction is built in.
We think that’s the wrong starting point.
What we’re trying to understand
At Superbloom, we want to understand what actually happens when people use security and privacy tools in the real world. We’re interested in everyday tools: password managers, encrypted messaging, VPNs, and two-factor authentication, along with the moments where they break down.
That might be during onboarding, over time as habits slip, or when tools collide with real-life conditions like shared devices, unstable connectivity, or organizational constraints.
Just as importantly, we want to discover what people do next. From the workarounds they develop, to the trade-offs they make, and what’s missing from the current ecosystem. If we want better tools, we need a clearer account of where things fall apart. This research is our attempt to do that.
How we’re approaching it
We’re starting this work with a Polis conversation. To be clear, Polis is not a survey, and it’s not designed to produce representative findings. Instead, we’re using Polis as an exploratory form of sentiment mapping to understand how people are thinking and talking about these tools. We are looking to surface themes, identify points of agreement and disagreement, and pay attention to the language people use to describe their experiences. Polis will also allow us to help pinpoint where engagement occurs, which is an important signal in itself at this early stage of our research process.
It’s worth being clear about what this approach can and can’t do: Polis can surface patterns and tensions, but it doesn’t tell us how widespread a view is or represent entire populations. It’s not a substitute for more structured research, but a way to listen first before narrowing the scope too quickly.
We’ll keep this conversation open over the next two weeks as we test different ways to reach people and invite participation. We’ll then step back to look at what emerges, what themes stand out, what surprises us, where engagement came from, and what remains unclear. Those insights will inform the next phase of the work: designing a more in-depth, repeatable research survey to better understand the patterns we’re seeing and the people behind them.
Who do we want to hear from?
We want to hear from people who’ve actually tried to make these tools work. Maybe you use them every day. Maybe you gave up halfway through. Maybe you never really got started. Either way, we want to learn from you.
Research shows that when security tools don’t work, people take matters into their own hands by working around them, replacing them or dropping them entirely! That has consequences for individuals, organisations, and entire ecosystems, as well as for anyone trying to build or support better alternatives to the systems we already have.
Keep an eye on Superbloom’s social media channels over the next two weeks for our Polis campaign, including posts on LinkedIn, Mastodon, and BlueSky Social.