It's not just the "privacy invasion business model" (which sounds a bit tinfoil-haty), it's the fact that protecting privacy is really hard. I work for Silent Circle, and the MO is to store the absolute minimum data possible, which makes it hard to use services most companies take for granted, such as analytics, error reporting, error logs, etc.
Doing your job is really hard when you can't use things like analytics services, or detailed logging, or proper feedback. Everything has to be open source, self-hosted and some things other businesses can easily use are just flat-out impossible to do. Any business that does something you want but that requires that data be sent to it will just not be used.
Few companies that don't explicitly have the word "private" in the description of their core product will be very inclined to jump through all these expensive hoops. Hopefully changing the legal situation so the NSA can't just jump in and grab whatever it wants will help this a lot.
Like everything else in security, there's a clear cost/benefit curve. It's actually dubious to make a distinction -- privacy is a form of security and its absence is a lack of security.
To get what I call hard privacy online, you must use full isolation and onion routing. There is no other way as far as I know. But we could go a long way toward making mass surveillance harder, less accurate, and more expensive by just deploying encryption, low or zero knowledge services, and by educating users to change their buying habits to favor more secure products. It would still be possible for a determined well-funded attacker to track you when using these tools, but it would raise the bar and that's a start.
Doing your job is really hard when you can't use things like analytics services, or detailed logging, or proper feedback. Everything has to be open source, self-hosted and some things other businesses can easily use are just flat-out impossible to do. Any business that does something you want but that requires that data be sent to it will just not be used.
Few companies that don't explicitly have the word "private" in the description of their core product will be very inclined to jump through all these expensive hoops. Hopefully changing the legal situation so the NSA can't just jump in and grab whatever it wants will help this a lot.