The Mirror Card is designed to be used regularly — not read once and filed away. Each bias below includes a self-reflection prompt (the mirror) and a counter-statement (the correction). When you notice yourself resisting privacy practice, check which bias is operating.
Confirmation Bias
Bias 01
The tendency to search for, interpret, and remember information in a way that confirms what you already believe. You notice the evidence that says you're safe and discount the evidence that suggests you're not.
Mirror Prompt
When was the last time I changed my mind about a privacy practice because of new information — rather than finding reasons to keep doing what I was already doing?
Counter-Statement
The absence of visible harm is not evidence of safety. The fact that nothing bad has happened to me yet does not mean my current practices are adequate — it may mean I haven't discovered the consequences yet.
Normalcy Bias
Bias 02
The tendency to underestimate the likelihood and impact of a threat because it hasn't occurred in your personal experience. The familiar feels safe because it is familiar — not because it is actually safe.
Mirror Prompt
Am I continuing this practice because it still makes sense — or because I've always done it this way and changing feels uncomfortable?
Counter-Statement
The world I grew up in is not the world I live in now. Surveillance infrastructure has changed fundamentally in the last decade. Practices that were adequate five years ago may be dangerously insufficient today.
Optimism Bias
Bias 03
The tendency to believe that negative outcomes are less likely to happen to you than to other people, even when there is no statistical basis for that belief. "I don't have anything worth protecting" is optimism bias speaking.
Mirror Prompt
If I learned that someone had built a complete profile of my location history, purchases, communications, and relationships for the last five years — would I truly feel comfortable with that?
Counter-Statement
Data harm is not distributed equally, but data collection is. Everyone's data is being collected at the same scale. The difference is not who is targeted — it is who has already been harmed and who hasn't yet.
Anchoring
Bias 04
The tendency to rely too heavily on the first piece of information encountered when making decisions. If the first thing you learned about privacy was "only criminals worry about this," that anchor may still be shaping your thinking.
Mirror Prompt
Where did my current beliefs about privacy come from? Who told me that first story — and did they have my interests in mind, or their own?
Counter-Statement
The framing "privacy is for people with something to hide" was manufactured by the industry that profits from your exposure. Consider the source of your first impression before trusting it as your final position.
Sunk Cost Fallacy
Bias 05
The tendency to continue a behavior because of previously invested resources rather than because it still makes sense. "I've already given Google all my data, so there's no point in changing now" is the sunk cost fallacy in action.
Mirror Prompt
Am I staying with this platform or practice because it's still the best option — or because leaving feels like admitting the years I spent on it were wasted?
Counter-Statement
Past exposure does not obligate future exposure. The data already collected cannot be recalled — but every day forward is a choice. Starting now is always better than not starting because you didn't start sooner.
Availability Heuristic
Bias 06
The tendency to estimate the probability of an event based on how easily examples come to mind. You overreact after a high-profile breach in the news. You underreact to chronic, invisible risks because they don't make headlines.
Mirror Prompt
Am I assessing this risk based on evidence — or based on whether I can easily recall a dramatic example? What about the quiet, chronic risks that never make the news?
Counter-Statement
The most dangerous threats are often the least dramatic. Daily data collection by legitimate platforms poses a greater cumulative risk than any single spectacular breach. Assess by evidence, not by memorability.
The Mirror Card works when you use it honestly and regularly. The goal is not to eliminate bias — it is to recognize it in real time so it does not make your privacy decisions for you.