When I announced I would be closing my communities earlier this year, a curious thing happened: a surprising number of regulars replied with some variation of “I think this is my exit.” While some were specifically talking about Matrix, claiming that mine was the only room they were really active in and therefore they saw no point to having a Matrix account anymore, at least one specifically announced they would be quitting privacy entirely, save for a few basic techniques like using a password manager and being mindful of what to post online. While I didn’t expect the number of people responding that way, I was expecting that response from one or two people. If you check any given privacy forum – especially the ones with a heavy overlap of mainstream users such as Reddit – you’ll find no shortage of people asking “is all this work worth it?” and/or announcing that they’re giving up privacy because it’s too much work. So what gives? Is privacy worth the work?
The problem is that the so called privacy community is full of security LARPers that have no idea what their threat model is and in addition many snakeoil vendors trying to sell you (usually unnecessary or even counter-productive) VPNs etc.
So it’s understandable that people get tired of these grifters and stop bothering.
If you can’t enter a kill code and have your phone self destruct into a million pieces, can your life even be considered private?
Uhm, yes? Kill codes are dumb. Use a dead man’s switch instead. If you don’t enter the code it self destructs. Now that’s privacy!
aka destruction of evidence
Meh, potato poboom-
^ This.
I’m a software engineer, and I’ve worked for the big tech giants. I’m familiar with how they track you. VPNs are worthless. Unless you’re trying to hide your activity from your own ISP (like if you’re pirating stuff), the VPN does next to nothing to cover your tracks. And it’s not like they’re gonna advertise their VPN by saying, “you can pirate stuff without your ISP catching you!”
If you want actual privacy, you’ve gotta use something like Tor browser or Tails. Of course, I’ve gotta wonder what you’re up to if you need that kind of privacy. Usually a privacy window is good enough.
Privacy on the Internet is certainly necessary and often synonymous with security. But privacy depends 80% on the user himself, who too often publishes sensitive data on the Internet too easily.
I know that every page I visit knows my public IP, the OS and Browser I use, my screen resolution and other technical details. This can of course be avoided and falsified, but this can have negative consequences for myself, for example that the page does not present correctly, that it does not fit my language or does not work at all.
What we must avoid is that pages load identifiers in the browser or in the system to track our activities on the network in order to sell this data to third parties for commercial reasons (as Google does among others), since we do not know how these buyers process and protect this data, which becomes, apart from a privacy problem, also a security problem, as several leaks in the past of hundreds of thousands of user data, including banking and medical data, already show.
I sometimes use a VPN, or rather a proxy, but only for the sole purpose of being able to watch videos and channels with country restrictions, not for other reasons.
100% privacy does not exist on the network, not even using the TOR network and VPN, we can only avoid the worst abuses and invasive surveillance of large corporations, the rest depends on our common sense and discretion with our data as the best tool, not a tin foil hat.
I feel like “threat model” can distance people away from privacy communities, i.e. thinking you need a threat to get privacy. I certainly avoid using it because of that opinion. I wish there was a more approachable non-security term for it, like “data priority” or something like that.
Again, just my opinion and how I react to hearing “threat model” (as a privacy advocate myself).
Removed by mod
harmful network effect
that’s a funny way to say marketing.
I think most FOSS zealots simply despise capitalism in general, they want everyone else to be poor like them. Kinda like socialism.
Its impressive how drastically wrong you are
Removed by mod
I think most FOSS zealots simply despise capitalism in general
No, my ideal economic system is capitalist in nature, I just don’t trust western powers (the enemy) with my data. I say western powers, but that includes Russia and China and other things.
I think most FOSS zealots simply despise capitalism in general, they want everyone else to be poor like them. Kinda like socialism.
One well known exception to your comment is Linus Torvalds. He didn’t mind moving to the USA to make some good money after being a student who could afford a whopping 386! And unlike some people believe, the GPL does not restrict a programmer to make money.
Indeed, his views are not quite as extreme as RMS for example, Linus specifically did not want to require GPLv3 which is probably sacrilege to Stallman.
privacy is always worth the work
It is, but like so many things in our current landscape, it’s also exhausting.
And that’s why you need to figure out what’s the right balance of work and inconvenience vs. the amount of privacy you get in return. Setting up a degoogled android is possible and relatively easy too. Living with that phone and interacting with the real world around you in 2024 is a completely different matter, and it’s entirely understandable if that isn’t your cup of tea.
Someone doesn’t threat model
Says someone commenting to an unencrypted, publicly federated, social media platform.
I’m not sure “always” means what you think it means.
You can do that while sensitive information requires completely private. There’s really no discrepancy here.
As I said, that’s a very different definition of “always”. In fact it’s more like “sometimes”.
Always, would literally mean nobody knows you even exist.
Any knowledge of your existence would mean you’ve lost some privacy.
But if they didn’t post here, how will you make fun of them?
As my friends and family have come to respect my lifestyle, they make a point of sending me videos, pictures, and other content that they also posted online so that I don’t miss out.
You have good friends and family.
I really appreciate privacy articles that talk about threat modeling as it seems like its the biggest part of privacy people miss.
The problem with a threat model is that higher threat models are plainly dismissed by the community. For example, if your threat model is to escape the NSA, it doesn’t matter if you’re using a burner over TAILS to post this message, you will be dismissed.
The problem is not the tech, it’s the community that doesn’t want to engage
Let be honest, If your threat model is truly to escape the NSA you probably shouldn’t be risking being on social media.
I think part of the reason people dismiss the idea that someone could have that big of a threat model is in most cases it would be unbelievably bad opsec to risk talking about your threat model on social media or something like the privacy guides forum.
Except that forums are exactly the best place to talk about (at least in theory) better OPSEC practices. Crowd-sourced knowledge is fairly good in technical spheres, even if they try to influence it
Not only that but I think there’s not enough middle road. The very tech-savvy people either seem to not care about privacy at all, or they think glowies are out to get them. Of course, it’s not paranoia if they’re really out to get you. But most people are not as interesting as they think they are, and their threat models do not match their reality.
Threat modeling is hard.
Just like anything, that beginning step to assess where you are, and where you want to go, is critical.
Frankly my threat model is way too ambiguous…and I’m trying. I can’t imagine trying to convince non-tech folks they need a threat model assessment and then walk them through it, design a plan to improve their security/privacy.
Hmm, well, sounds like I just described a consultancy.
Yeah I’m not really trying to hide from the govt, but I would vote on limiting their power if given the chance. Anyway, what I don’t want is every corporation I deal with (car, bank, phone, apps, isp, etc) to track me so excessively.
If the govt did get curious it would take zero leg work, just ask those companies that are very willing to hand over my data to damn near anyone, or hold onto it long enough to have it stolen.
So with that in mind limiting corporate surveillance and limiting ease of govt surveillance is essentially the same thing, but the govt has the ability to put in the work and get you if they really wanted to.
I love my private lifestyle. I feel like I actually control my own life, that I’m not being held at gunpoint or dependent or actively surveiled 24/7 by 100 different soulless corps. it feels so peaceful. The parts I cannot control, like cellular, I always treat like an open public square.
So yes, when you just get into a routine, instead of making everything into a fucking war, it’s quite nice. people who say it’s exhausting try to do too much at once or just let fear rule them. Privacy, especially technologically, has honestly never been easier than it is now.
I think the article was bad because it underestimates the risk in certain situations. Facebook logs everything. If you are a teenage girl who is 17 and use Facebook all the time, then turn 18 and get an unwanted pregnancy and live in Texas and then stop using Facebook while going to the abortion clinic out of state, or log in once while out of state with an out of state IP or using a VPN but with a much longer ping time or different data center that Facebook then logs (and to think they don’t log ping times is naive), that information could be requested by Texas authorities to try to prosecute the 18 year old female for getting an abortion. Although that’s not likely to happen just yet in 2024, we don’t know what political environment will exist in the future. The idea that this is all meaningless for many people ignores the fact that terrible situations don’t often warn you in advance that they are coming and sometimes happen fast.
Privacy isn’t a cutesy. It’s absolutely necessary. Unfortunately, just like not doing stupid shit when you’re a teenager, you get to find out how important privacy is years later when the stupid shit you did years before comes back to haunt you and it’s too late.
The problem of course is that Big Data has made it exceedingly difficult and painful to maintain your privacy. Because of course the last thing they want is for you to have any. It hurts their bottom line.
Because of the corporate surveillance collective, in 2024, if you truly want to maintain your privacy, your life becomes significantly crappier than if you didn’t bother. But that doesn’t mean privacy isn’t as important today as it’s ever been.
Well, that was extremely long winded way to say “depends on your threat model”. Which it does.
So nothing new under the sun.
Removed by mod
Do you have a link to that guide of yours?
Removed by mod
Yes, please link your guide.
This is a major barrier to helping others.
I’ve run rooted since 2010 because it’s my device, there’s things I want to do, and now run Lineage/DivestOS or Graphene. But I can’t recommend that to friends/family, of course.
I’ve tried to improve a non-rooted phone, but damn if it isn’t a real PITA.
Removed by mod
Excellent - thanks!
a
That was an excellent read. I have often wondered myself how other people are going when I see them so adamant that they’ll never use a mainstream social media/messaging service ever again and now refuse to be friends with anyone who does. I’ve heard “if my friends won’t value my privacy, they’re not real friends”, or variations of it, so many times in privacy communities.
That is like asking, “Is breathing worth it?” – well of course. Then again, folks don’t (usually) care due to how most privacy-ruining methods/features are … mostly (in)offensive and easy to tackle.
Removed by mod