Gen Z’s So-Called Privacy Paradox (and Why They Deserve a Cyber Super App)
Not a Paradox, Just the Price of Wi-Fi
The Privacy Paradox is a studied phenomenon where people say they care deeply about their privacy but do very little to protect it. Lately, the term has been lobbed at Gen Z, as if they’re hypocrites for trading personal data to stay on TikTok (where the news is), sharing their location on Find My Friends (way to know if your buddy got home safe), or opening random QR codes (default way to get on the WiFi or see a menu).
To me, this isn’t really a paradox, it’s the outcome of living in a dense digital ecosystem with a bigger, more advanced attack surface than before. Our parents never dealt with AI voice scams, and I didn’t touch a peer-to-peer app until my mid-twenties. Gen Z is actually doing more to protect themselves than earlier generations ever did, but they’re also more exposed...which inevitably means more scams.
Being online isn’t optional and logging off is social suicide and carries professional penalties—either embrace connectivity and accept the privacy risks, or risk exclusion. Before choosing, what would it really mean to more seriously “manage your own privacy”? It would be kind of like chasing an impossible inbox zero without a spam filter, and every time you clear it, more emails flood in. A few are urgent, most are junk, and you won’t know which is which until you open them…on repeat. So it makes sense that Zoomers step back a little bit, not from indifference, but because the system is exhausting.
They Aren’t Two-Faced, They’re Pragmatic
It’s no surprise that nearly nine in ten Gen Zers are willing to share personal data for a better experience if they trust who’s asking (Oliver Wyman, 2022 Global Consumer Report). They’ve grown up expecting privacy to be built-in, not something they defend in every single interaction.
Critics point to location-sharing habits, 75% of Gen Z use apps like Snapchat, Find My Friends (Life360, 2023) which is 70% more than their older counterparts, or that 40% will give up personal information for a more personalized experience (Forbes, 2024). But I don’t think that sharing personal details for a 20% discount means they’ve priced or discounted their privacy; it means they’ve judged the risk of harm in that context to be low; it’s a rational cost-benefit calculation that comes with living an always-online life.
Little Cyber-Savvy, Scam-Magnets
On paper, Gen Z outperforms older generations on many security behaviors; they’re more likely to use MFA, VPNs, and SSO tools (CyberArk, 2023) but usage is inconsistent as they’ll default to free or low-quality tools.
And yet, they’re still the most targeted and successfully attacked group online. Only 20% say they’ve never been hacked, compared to 41% of Boomers (CyberArk, 2023). Deloitte found Gen Zers are more than 2x as likely to fall for online scams as Boomers (17% vs. 7%) (Deloitte, 2022). Nearly 40% of fraud attempts against young adults now originate on socials (FTC, 2022), whereas older people are most targeted by phone.
From phishing DMs to fake shopping sites to realistic voice scams, Gen Z isn’t more gullible, they’re more exposed. And this tension of high literacy, high vulnerability, is the core of this so-called paradox.
Opt-Outs Won’t Save You: Where Regulation Falls Short
Daniel Solove, professor at George Washington University Law School, makes this case in his paper The Myth of the Privacy Paradox (GW Press, 2020), arguing that the paradox narrative rests on faulty logic and unrealistic expectations for how people “should” act online.
But how do we fix this mess and shouldn’t the public sector be doing something? According to Solove, regulatory responses have defaulted to band-aids—cookie opt-outs, toggle switches, lengthy privacy policies—giving the illusion of control rather than real protection. The better solution would be to re-architect the system: control how data is collected and shared, embed safeguards by default, restrict downstream use even after consent, and remove “dark patterns” or the product features, like confusing af cookie banners, that manipulate us into choices against our best interests.
In this piece, I look at how Gen Z’s always-online lives create unique tradeoffs, the emerging product categories, and why I think there’s a big opportunity for a Gen Z security super-app, a single, trusted layer that sits over their digital life and blocks scams before they cause harm.
*Before reading this entire piece yourself, try having Gwyneth Paltrow read it to you using text-to-speech reader, Speechify (No, I’m not sponsored…yet).
Gen Z Security: Key Sectors to Watch
It’s unsurprising that so few entrepreneurs are building tools for this digitally exposed generation because pleb consumer cyber has been poo-pooed by investors and the B2B security patricians. Mapping this market was super hard, there are few businesses that feel fresh, so I had to think out of the box a bit.
(1) Scam Protection & AI Fraud Tools → 📈 BULLISH
AI-driven scams, deepfake voice calls, AI phishing, fake accounts hit Gen Z hard, and the market is open for tools that act like a personal shield: flagging a fake “friend in distress” DM or a cloned parent’s voice before you fall for it.
Right now, most anti-fraud products skew enterprise or boomer-focused, leaving young adults exposed. What Gen Z needs is a mobile-first shield that sits on top of their apps, scanning threats in real time without slowing them down.
But how could that hypothetically work?
OS-Level Integration: Apple or Google should build fraud detection into iOS/Android, scanning calls, texts, and links. It sounds obvious, but a truly interoperable, cross-app solution is unlikely from them as it’s too messy, too slow, too much platform politics.
Browser/Overlay Extension: A security app that monitors notifications and app traffic system-wide, flagging sketchy DMs or calls across platforms. Parental control apps already do this, so why not try it for Gen Z?
In-App Forwarding Bot: Forward suspicious texts or emails into a trusted contact that instantly verifies them. Low lift, but powerful.
VPN/Proxy Shield: Route all traffic through a secure layer that blocks malicious domains, fake shopping sites, or even voice deepfakes at the network level.
Where it gets tricky:
Platforms like Snap, TikTok, and Meta don’t let third parties intercept messages directly, so shields have to run in parallel (notifications, VPN, overlays)
For maximum protection, the app needs deep access to traffic, which raises its own trust questions
Speed is everything…A fraud alert that arrives after you’ve clicked is useless
Who’s trying it?
Push Security uses browser extensions to flag risky SaaS connections, Island built a “secure browser” that isolates sessions, but both are for enterprises, not consumers.
Perplexity just launched Comet Browser, an AI-powered browser focused on better answers, and Brave blocks ads, trackers, and some phishing, but neither are scam detectors.
Arc is maybe the best consumer-forward entrants, beautifully designed and privacy-minded, but it’s just a browser, not a cross-app shield.
Brave and Arc are the best examples, but they only protect you inside their own browsers which is pointless because Gen Z lives on Snap, Insta, TikTok, Venmo, places these browsers don’t touch
The opportunity will need to be a mobile-first overlay for consumers: something that runs quietly across apps, flags sketchy behavior in real time, and feels as seamless as AirDrop.
(2) Consumer Security Tools (VPNs, MFA, SSO) → 📈 BULLISH
Traditional consumer cyber like VPNs, password managers, and antivirus, have been around, but the category is sleepy, overpriced, and jargony. They want plug-and-play protection that works in the background.
Sure, they use VPNs and password managers more than older generations, but usually whatever’s free, mandatory (school-issued), or bundled (Google Password Manager). MFA adoption is rising, mostly because apps and games now force it, but Gen Z still relies heavily on weak SMS codes or reuses passwords.
The opportunity is to repackage these boring-but-essential tools in a Gen Z mindset: mobile-first, freemium, seamless. Think of one app that combines MFA, VPN, and password management. Incumbents like Dashlane and 1Password have the tech, but the branding screams old person.
This generation needs a platform approach, meaning instead of five apps for VPN, MFA, passwords, Gen Z needs one security layer that quietly runs in the background. Whoever makes security as easy as Spotify (great tagline!) could own this category.
(3) Privacy-First Messaging & Social Platforms → 📉BEARISH/DEPENDS
Privacy-first socials are buzzy, but these protections should be built in from the start anyways. If they aren’t, Gen Z will churn unless the product is gorgeous and tasteful. We’ve already seen it: Instagram Maps turned into a ghost town overnight once TikTok tutorials showed us how to disable it, and apps like Tea and TeaOnHer collapsed after very public hacks.
Gen Z wants encryption, ephemerality, and control on Day 1. New socials will keep exploding, but many will fizzle (cough, BeReal, Clubhouse) if they’re just hype cycles built on thin apps, flimsy communities, with security as an afterthought.
(4) User Data Monetization & Self-Sovereign Identity → 📉BEARISH
The “get paid for your data” companies promised to flip Big Tech’s model by letting users sell their shopping histories, browsing data, or IDs. Some were Web3 self-sovereign identity (SSI) tools to verify you are who you say you are without oversharing. Examples include Reklaim, which let consumers monetize data directly, Oasis Labs, now pivoted to enterprise lol, and Web3 SSI like SpruceID and CivicAuth.
While they sounded empowering, are kind of scammy (and boring). Managing your own data rights isn’t fun and there are safer and easier ways to make (or save) money than flipping browsing history into $50/month.
(5) Dark Security → 📈 BULLISH
WormGPT, PoisonGPT, FreedomGPT, and FraudGPT are the “big four” rogue models today. I expect a surge of dark AI apps that make scams faster, phishing slicker, and deepfakes indistinguishable. Like it or not, this sits inside consumer cyber.
The twist is that Gen Z isn’t just the target anymore, they’re becoming the scammers. In July 2025, a hacking gang of four teens were arrested for a £440M cyber heist against UK retailers. Half of wealthy GenZers and millennials admit to “digital shoplifting” (Fortune, Jan 2025), while 42% of Gen Zers say they’re willing to commit first-party fraud, nearly double millennials (Fortune, July 2024).
While Gen Z is still more likely to be victim than perpetrator, but that is changing. Economic stress, Anna Delvy aspirations, English fluency, and access to Gen AI are creating scam architects.
The Case for a Gen Z Security Super-App
So where’s the big opportunity? Hear me out…Gen Z needs an AI companion security super-app: one low-cost, always-on solution that bundles the protections young digital natives already know how to use, with a UX that doesn’t bore or intimidate them. Think Dashlane meets Life360 reimagined for Zoomers or a Cleo for cyber.
What would it look like?
🛡Real-Time Scam Shield: Instant flags on sketchy DMs, phishing links, or deepfake calls pretending to be mom. Calls you out when you’re dumb.
🔐 Passwordless Logins: Death to passwords! Face ID, fingerprints, or magic links make signing in simple and safe
🪪 Easy MFA & Identity Management: No SMS codes. Just a unified push notification, tap “Yep, it me” across accounts. It’s a password manager but one tap.
🔗 VPN & Privacy in the Background: A VPN that turns on automatically in risky environments (public Wi-Fi, unknown sites). No scammy pop-ups, fees, or lag.
📚 Clean UX + Education: A sassy and fun approach. No jargon, just alerts like “Safe to browse” or “Scam denied!” with snackable tips woven in, Duo-style.
We have the ingredients: VPN and 2FA apps, password managers, scam detectors. But they’re scattered, fragmented, and fugly. Gen Z (and probably all of us) doesn’t want five apps. They want one trustworthy AI security companion.
So who could build it?
The next Gen Z security super-app probably won’t come from a traditional security company. It won’t be built by people obsessing over zero trust frameworks or compliance checklists. It will come from founders who understand modern digital flows, the way young people share, transact, and collaborate.
A few companies show how this might play out:
Dashlane or 1Password: They have the right features (passwords, MFA, VPN, identity), but they’re enterprise and close-minded. To win Gen Z, they’d need to launch new, young, freemium brand.
Linq (UK): The most exciting contender imo. Lynq lets users control private photo sharing with screenshot blocking, end-to-end encryption, watermarking, and age verification. They understand Gen Z’s most intimate sharing behaviors. Adding VPN, scam protection, and identity would be a natural extension, this is how a true security super-app could be born.
Ask Silver (UK): Comes at the problem through finance. Silver lets users forward suspicious texts or emails into a chatbot that checks against a fraud database and advises next steps. Their B2B model (selling to banks) gives them credibility, but the consumer-facing flow is an easy to follow personal fraud safety net. Falkin (UK) is another one to watch.
Peony (UK/US): Dropbox for Gen Z: beautifully designed, affordable, and built around control, who sees your files, for how long, under what conditions. IDs, resumes, creative projects define their personal IP and earning power. Peony merges privacy and productivity which could be a bridge into broader security.
My hot take: this Gen Z Security AI Companion won’t start with antivirus or VPNs or even look like security at first but could emerge from a productivity tool, a photo app, or a file-sharing platform. The common thread is trust: products that get how they actually live online and bake privacy into the design.
Conclusion
Gen Z’s messy relationship with privacy isn’t a paradox, it’s a playbook for the future: more online, more targeted, but also more open to new solutions. If you’re building for this generation, your product today might not look like a traditional security product, and that’s fine as long as you’re building with a platform mindset and an authentic understanding of how Gen Z lives online. Who knows, maybe your file tool, photo app, or productivity layer, could evolve into the security companion this generation is waiting for.
If you’re building in this space, please ping me!
Brilliant perspective, Laura — this goes straight to the core of how digital-native generations experience security today. You’re absolutely right: Gen Z isn’t indifferent to privacy, they’re simply operating in an ecosystem where safety must be embedded by design, not managed manually.
The future lies in adaptive, AI-driven protection layers that sit silently across a user’s digital life — detecting scams, verifying identities, and safeguarding interactions in real time. What we’re seeing emerge now are infrastructures capable of hyper-personalized learning, behavioral prediction, and immutable skill or identity proofs—systems that evolve with the user, rather than react to threats.
Your “Cyber Super-App” vision captures the next logical step: merging privacy, authentication, and digital literacy into one trusted layer that’s always on, always contextual, and friction-free. That’s where the real transformation begins.