Yep, exactly. That's where I got the idea. I feel like, if someone's going hold all of a user's data in one place, and be their online identity, in a sense, it should be the user.

Really? Users are clueless. Always have been, always will be. Give control to the user and it'll end up sitting on a Windows shared drive on open wifi because that's "easy".

People learned, over time, that they have to lock their doors and keep their wallet safe. How is this different? Just make the learning curve as shallow as possible.

It comes down to educating users in a way they understand. Part of the problem is that they simply do not grasp the risks or the issues involved. The problems are either too technical or confusing or they may simply not even know that the issue exists.

When wireless routers first came out almost none of them defaulted to having security. Unless you were fairly technical minded, you simply left the defaults in place. Not because you were clueless, but because you trusted that the manufacturer must know what they are doing...and you certainly don't.

Now they all come with security enabled, plus, users have been educated as to why they should use it. They don't need to know how it works-just why it is important and what it means to them.

Same thing goes for enabling HTTPS on websites, adding two-factor auth to your email, having unique passwords on different sites, etc. Part of the responsibility of users' cluelessness falls on us. We need to find better ways to communicate to the average user, who has a minimal understanding of technology, in a way that is meaningful to them.