by Heidi Waterhouse

Why do kids need information security?

No one is actually born digital, and it’s really hard to learn something you are never taught. Our kids aren’t digital natives, they’re learning from our examples and their own fearlessness.

Turning 13 or 18 doesn’t actually make anyone magically smarter or more mature, so we need to lay the groundwork before then to allow a joyous, healthy relationship with a world of people and information. We don’t let 16 year-olds hop in the car for the first time and zoom off—we have a graduated system for educating them about the theory and practice of driving.

But when it comes to some topics, we try to pretend that they won’t matter until the kid is an adult. These topics are usually cultural lightning rods: sexuality, gender, drugs and alcohol, healthy romantic relationships. A few seemingly-unrelated topics end up lumped into that general discomfort: privacy, secrecy, appropriate lying. I think that’s because many of us used secrecy and lying to get access to “adult” things when we were teens. Our choices weren’t always good.

Teaching our kids information security is one way to give them tools for their lives. Controlling their identity, their privacy, and their reputation is just as important and empowering as learning to control a car going 60 miles an hour.

If there’s one thing we’ve learned about education, it’s that laws and abstinence-only education don’t work out the way we hope. Kids who get told to just not have sex have higher rates of pregnancy and sexually transmitted diseases than kids who got more comprehensive programs that emphasize decision-making and autonomy. In that spirit, let’s actually talk to our kids about being safer online.

The following tips are real-life things I have taught my kids and others, and they seem to help.

Troll-proofing your kids (inbound and outbound)

There are some things we know about deflecting troll attacks. Grown adults cannot prevent them or stop them, so it’s unreasonable to assume we can do so for kids, but we can teach them the basics of harm reduction.

  1. Don’t use your real name
  2. Don’t tell people how to find you
  3. Don’t share anything that can be used against you

Kids aren’t great at generalizing, so you’re going to need to come up with age-appropriate examples for them. Don’t tell people your address, or your school mascot. Don’t use a username with your real name in it. And for the love of everything, don’t ever, ever send an explicit picture to someone. Anyone who asks has bad intentions.

We need to stop desensitizing kids to the people they interact with online. Online is real life, and every time we attempt to comfort a kid by saying “It’s just the internet”, we are implicitly arguing that people on the internet are not real. That leads to kids who behave like sociopaths online, because it’s not real to them. Watching Yoshi dissolve into a little yarn ball and watching an online acquaintance express hurt have the same emotional value, because that’s what we’ve taught them. Being online doesn’t excuse their behavior. If you find out they are terrible people online, use all the same resources you would if you found out they were giving kids at school black eyes.


The Pew Research Center recently published an article specifically about how teens and parents interact with technology. I thought it was great how much time parents spent doing education around technology and online life, but I was appalled at the number of parents who feel they have a right to the inmost thoughts and Snapchats of their children. Even though kids are very dependent on us, it is disrespectful of their humanity to invade their secrets. Separating from your parents and keeping secrets is a normal part of growing up. It’s how we differentiate ourselves and become adults capable of making decisions on our own.

Don’t intervene without a reason—unreasonable search and seizure provokes resentment in both American revolutionaries and teenagers. If we normalize surveillance, then we will raise an entire generation that has never had private thought or expression. How much of your favorite dystopian fiction starts with that premise?

Of course there are reasons to intervene, but I think that invasion of privacy should be reactive, not proactive. If your kid is showing signs of mental distress, altering their behavior drastically, or checking off more than a few boxes on a depression quiz, then yes, you need to step in. But if they are dyeing their hair funny colors, tabbing away from SOMETHING when you walk in the room, or claiming that you have never understood emotional pain the way they do, it’s probably not a good reason to break into their accounts.

Autonomy and Reputation

Parent bloggers eventually lose a moral right to report everything about their kid to the internet. I miss the days when I could give you an amusing picture of my toddler who just dumped 5 pounds of flour on himself and the kitchen. But once a kid is old enough to read, or certainly to go online, you need to stop doing that. Now you’re not talking about your experiences parenting, you are non-consensually sharing stories about your kid with an audience they haven’t chosen. Children are people, and they have a right to their own stories.

Some parents discuss this with their kids and come to an accommodation, but there is a window where the kid is too young to give informed consent, and yet old enough that it’s an invasion of their autonomy and privacy to tell stories about them. Don’t post pictures or specific stories about your kid. Many of our funniest parenting stories are exactly the kind of thing that no one wants to have to live down in 7th grade.

Identity and naming

Teach kids about psuedonyms early, and model context-sensitive identities with different audiences. I let my kids swear around me, but not at school or around their grandparents. They’ve been able to understand this distinction since they were about 4. When my eldest got his first email address, we helped him pick a pseudonym, and now his pseudonym is everywhere, but his legal name is not.

Code-switching is a vital life skill and we might as well teach it early. There are places we share legal information, and places we don’t. There are places we talk about our medical or mental problems and places we don’t. If we tell kids not to say anything, anywhere, ever, they never get a context for what is ok to say in some circumstances and what is never ok.

Authenticity and honesty don’t actually require full disclosure. We are all curating our presentation every day. We dress in professional clothes, or we put on uniforms, or we decide whether we can post something on Medium without losing our job. That’s not lying, that’s common sense.

Tell all the truth but tell it slant —
Success in Circuit lies

– Emily Dickinson


It’s important that we not scare the fun out of kids. If we constantly present the world as a danger, we raise scared kids. American culture has been moving more and more this direction. Do you know that elementary schoolers in Japan take the public train to school, while our kids often can’t walk home without special permissions? Did you ride your bike to school? Most elementary schools have removed bike racks because cycling is too dangerous for kids that young.

We can either teach our kids to look up questions and find friends on the internet, the same way we do, or we can paint it as a dark alley filled with pedophiles and bullies. Only one of these has a great chance of creating a healthy relationship later in life.

Information Jubilee

In the Hebrew Scripture, there is a description of Jubilee, a year when slaves are freed and debts are forgiven and everyone starts with a clean slate. I think this concept should be brought forward to apply to our internet histories.

Do you remember being sixteen? I wrote some really terrible poetry, and a bunch of essays about the Donner Party. I am literally the last cohort of people to have grown up without omnipresent searchability. My freshman year in college, the first graphical web browser was released, and everything changed. Because of the timing, none of my juvenalia was online, none of my embarrassing relationship drama from being a teenager was captured in the amber of the Wayback Machine.

What if we could seal a kid’s juvenile internet record the same way we do a criminal record? You were foolish then, we hope you’re better now, here is your adult life, free of blemishes. Do a better job.

Since there’s no way to erase the memory of the internet, the next best thing is to have our kids shed their childhood identity and take on a new one at adulthood. When I went to college, I was determined to lose my high school nickname, because these were all new people, and I could be ANYONE. I want to offer my kid that same ability. What if we made it a ritual, a sign that you’re an adult, the ceremonial nuking of all your kid-named stuff?

Let’s throw some data away.

That’s a hard, uncomfortable thought. But who benefits from old information? Are we sending our kids out into the world like a hermit crab with a too-small shell?

What now?

There are a lot of different variables that play into how we parent, and how we think of security, and what we are afraid of. Race, culture, class, parenting style, access of all sorts affects our attitudes about security and safety. There isn’t a universal answer for every parent and child. I think that if you focus on your child as a person with rights and moral obligations, you may give them a better foundation for online safety and security than if you choose protectionism and fear.

Also, teach them about password managers, because everyone should know about those.

With heartfelt thanks to Amar Shah for editorial assistance and keeping me from writing a novel.

Heidi is a technical writer, speaker, and parent. Her favorite writing topics are security, new technology, and feminist analysis of romance novels. She only gets paid for two of these.