The carabiner clicked against the steel ladder with a hollow, rhythmic snap that echoed inside the 212-foot shaft of the Vestas V92 turbine. It was a sound I usually found comforting-the sound of safety being verified, step by 32nd step. But today, the vibration in my right thigh pocket was ruining the rhythm. My phone had buzzed 12 times since I started the ascent at 6:02 in the morning. Each vibration was a tiny, sharp reminder that my digital self was being picked apart while my physical self was hanging by a lanyard in a crosswind of 22 miles per hour.

I reached the service platform, unclipped, and pulled out the device. The screen was a wall of notifications. The most recent one, from a credit monitoring service I had been ‘gifted’ after a major healthcare breach in 2022, was the one that made me pause. It didn’t say I was safe. It didn’t say my score had moved. It just said: ‘Action Required: Your Identity Health is at 42 Percent.’

I reread that sentence five times. Identity health. 42 percent. What does that even mean? Is my name half-stolen? Is my social security number currently being used by a person who is 52 percent me? The absurdity of the metric was only matched by the urgency of the font. When I clicked the notification, I wasn’t taken to a security dashboard or a list of suspicious inquiries. I was taken to a landing page that offered me a ‘Premium Protection Suite’ for $22 a month. The ‘free’ service I was supposedly receiving as a form of restitution for a corporation’s negligence was nothing more than a neon sign pointing toward a paywall. It was a digital toll booth installed on a road I was forced to walk.

This is the great bait-and-switch of the modern era. We have reached a point where consumer protection regulations are being gamed by the very entities they were meant to constrain. When a company loses the personal data of 112 million people, the regulatory hammer usually comes down in the form of a settlement that mandates two years of ‘free’ credit monitoring for the victims. To the public, this sounds like a penalty. To the credit bureaus and monitoring firms, it is the single most effective lead-generation event in history. They aren’t being punished; they are being handed a captive audience of millions of terrified, vulnerable individuals who have just been told their digital gates are wide open. The companies then spend the next 12 months using high-frequency alerts to convert those ‘free’ users into high-margin subscribers.

I’ve spent the last 12 years working with mechanical systems that have clear fail-safes. If a sensor on this turbine detects a vibration outside of a 2-millimeter tolerance, the whole system shuts down. It’s binary. It’s honest. But credit monitoring operates in a gray fog of ‘potential’ threats and ‘suggested’ actions. The goal isn’t to fix the leak; it’s to keep you staring at the water.

I remember a specific mistake I made early in my career, involving a 12-volt battery array. I was so focused on the primary output that I ignored a small corrosion leak on the secondary terminals. By the time I noticed, the whole rack was shot. These credit services count on that same kind of distracted panic. They flood your inbox with 62 different types of ‘alerts’-your score changed by 2 points, a new address was detected (it was your neighbor’s), your email was found on the dark web (along with 2 billion others)-until you are so fatigued that the $32 monthly fee for ‘Total Peace of Mind’ starts to look like a bargain.

It is a funnel disguised as a filter. They harvest the mandatory disclosures that the law requires them to send, and they wrap them in the language of a hostage negotiation. You aren’t being monitored; you are being marketed to. The irony is that the more data breaches there are, the more the monitoring industry thrives. It’s a parasitic relationship where the failure of security becomes the primary driver of revenue. In 2022, the industry saw a 12 percent spike in ‘restitution-based’ signups. That is millions of people entering the ecosystem not because they want a new financial tool, but because they are afraid. And these companies have become masters at maintaining that level of cortisol.

I wanted to see if there was a way out of the loop, so I started looking for independent voices that weren’t just front-ends for the big three bureaus. I spent 12 nights digging through forums and sites like

CreditCompareHQ

just to see if any of these ‘complimentary’ services actually blocked a single unauthorized inquiry without asking for a credit card first. What I found was a recurring pattern: the services that are the most aggressive with their ‘threat’ notifications are often the ones that provide the least amount of actual utility when it comes to freezing your credit or disputing errors. They want you to stay in the ‘monitoring’ phase forever because ‘freezing’ your credit-the one thing that actually works-is free and doesn’t require their monthly subscription.

There is a fundamental contradiction in a system where the company responsible for storing your data is also the one selling you the service to watch it. It’s like a locksmith who leaves your back door open and then charges you $82 a year to stand in your driveway and whistle if they see someone walk in. I’ve seen this in the energy sector too, where companies talk about ‘efficiency’ while lobbying against the very technologies that would make their old, leaking grids obsolete. It’s a form of regulatory capture that is almost invisible because it’s wrapped in the language of ‘consumer empowerment.’ But Ethan R.-M., wind turbine technician, knows that empowerment doesn’t come from a push notification. It comes from having a system that works the way it’s supposed to without you having to watch it every 2 seconds.

I remember sitting in a safety seminar 12 years ago where the instructor talked about ‘normalized deviance.’ It’s the idea that you can get so used to a warning light being on that you eventually just assume the light is part of the machine’s normal operation. That’s what has happened to our digital security. We have normalized the idea that our data will be stolen, and we have normalized the idea that we should pay a monthly fee to be told about it. We’ve been conditioned to accept a 52 percent ‘Identity Health’ score as a call to action rather than an insult to our intelligence. The companies know that if they can keep you in a state of perpetual 12-percent anxiety, you’ll never realize that you have the power to just shut the door yourself.

Actually, I did make a mistake last month. I tried to dispute a 2-year-old error on my report through one of these free ‘portals.’ The interface was designed to lead me in circles. Every time I clicked ‘Dispute,’ it redirected me to a page explaining why I needed the ‘Pro’ version to see the full details of the inquiry. It took me 22 minutes to find the tiny, grayed-out link that actually allowed me to file a standard dispute as guaranteed by the Fair Credit Reporting Act of 1972. They make the legal path as narrow as possible while the commercial path is a 12-lane highway with free snacks and a DJ. It’s a deliberate architectural choice to favor profit over personhood.

As I sat there on that turbine platform, 212 feet in the air, I realized that the wind was the only thing being honest with me. It pushed against the blades with a force that could be measured and predicted. It didn’t try to sell me a ‘Wind Protection Package’ while it was blowing. I deleted the app. I went home and I did the one thing the ‘free’ services never suggest: I placed a security freeze on all 3 bureaus manually. It cost me 0 dollars and took about 12 minutes per site. No more ‘Identity Health’ scores. No more 42 percent warnings. Just a locked door.

The next morning, I didn’t get a single vibration in my pocket. My phone was silent for 102 minutes straight. It was the most secure I had felt in years. We have to stop letting the people who lose our keys sell us the locks. The ‘complimentary’ monitoring after a breach is not a gift; it is an invitation to a life sentence of upselling. We don’t need more alerts. We need more accountability. We need a system where the 82 percent of Americans who feel ‘constantly monitored’ can finally feel ‘actually protected.’

I climbed back down the ladder, my boots hitting each of the 212 rungs with a solid, certain thud. The machine was working. The data was frozen. The air was clear.