I’ve had people tell me that this is (their words, not mine): “mental illness”
Yes and no.
A lot of privacy threads focus on fantastical what-if scenarios that just never really come up. For the majority of Internet users, the biggest threat they would face comes from the adtech sector. Now most people aren’t going to understand what is collected in realtime as that’s usually company specific and usually encoded on the site/app, but standards are all open for anyone to read. Mostly this is going to come in the form of OpenRTB 2.6 (https://iabtechlab.com/wp-content/uploads/2022/04/OpenRTB-2-6_FINAL.pdf) or the Prebid library and its User ID Module (https://docs.prebid.org/dev-docs/modules/userId.html) with maybe some custom fields and VERY granular audience mapping.
Specific to that standard,
3.2.20 Object: Userand3.2.27 Object: EIDand3.2.28 Object: UIDare the important ones, but honestly all of the information can be used in conjunction with other pieces. Now if you look through that info, you’ll notice you don’t really see that much. You’re real name isn’t present. Your email isn’t present. Your physical address isn’t present (although its likely your geo location info is accurate from the device object). The thing is that so many little bread crumbs exists and so many actors are mapping those bread crumbs that once human psychology is overlaid on top of it crazy amounts of information that was not collected can be inferred. People think info like “His name is John Smith” is important when really “This is device ID EA7583CD-A667-48BC-B806-42ECB2B48606” and the numerous IDs built from that or a dozen other things is what matters.Just from that standard with enough data/time, its possible to determine your demographic/sociographic information. One could determine who you will vote for and political leanings, how much money you make, what your job is, your sexual orientation, etc. This is great if someone is trying to sell you Tide detergent, but its also really useful if you’re wanting to start a “grassroots” campaign to add/remove rights for specific citizens. It allows you to know where you can get a foothold for your legislation (Cambridge Analytica comes to mind). And these things are all easily verifiable from your browser. Without an adblocker, go browse the internet and keep track of how many 1x1 tracking pixels get dropped on you. Checkout what’s in your cookie store and what’s sitting in
sessionStorageandlocalStorage.So, I think groups like r/privacy focus a lot on sci-fi inspired dystopia, when instead they could be focused on more real world dystopia.
I haven’t been around these communities in a while, so I can’t really speak for /c/privacy as much as /r/privacy and other communities, but I’ve noticed far far far far too many posts which are blindly perfectionist, with no consideration of threat capabilities or their motivations. Privacy is futile without a realistic threat model, that’s how you get burned out solving non-problems and neglecting actual problems.
My threat model is largely just minimizing surveillance capitalism and avoiding basement-dweller neo-nazi stalkers from connecting any dots between my online personas and real life identity. Even for that, my measures are a bit excessive, but not to the point where I’m wasting much time or effort.
Daily reminder: “more private” and “more secure” are red flags. If you see or say these, without a very specific context, it’s the wrong attitude towards privacy and security. They’re not linear scales, they’re complex concepts. That’s why Tor Browser is excellent for my anonymity situation but atrociously insecure to anyone who is being personally targeted by malware (tl;dr monoculture ESR Firefox[1]). That’s why Graphene is not automatically anti-privacy simply because it runs on a Google Pixel and Android-based OS. (Google is one of my main adversaries.) And I think this simplistic ‘broscience’ style of “[x] is better than [y], [z] is bad” discourse is harmful and leads people into ineffective approaches.
Depends on your threat model, the degree of interest in you from states, the resources and competency of the states interested in you, etc… Also, I think privacy for privacy’s sake and without any real threat to which it’s responding to, is entirely fine and understandable. If nobody were interested in my data at all I’d still practise a reasonable level of privacy because I think it’s creepy for other people to know my business.
I rarely consider anything “too far” unless you’re doing something totally ineffective or duplicating effort, and not talking about redundancy. I think most people who say this are either the people who we need to be secure from or people who are ignorant to the threats. I’m not saying the same threats affect us all, but there’s always a possibility you could become a target through whistleblowing, protest, being attractive, pissing off a random stranger, etc. And usually by the time you are a target, it’s too late. Your information is already out there and it’s difficult to stop broadcasting more with all of the tracking systems in place all over.
It’s often not clinical paranoia that causes people to worry about security and/or privacy, primarily it’s a desire for a minimal amount of privacy, hiding from predators, and/or basic protection from fascist regimes of various strengths that have taken over most governments. Often keeping a little privacy also is the best way to prevent becoming a target in the first place.
I dunno, considering that Facebook data has been used to go after people, we’ve got fascists using every method possible to target their current hated group, and police everywhere ignoring or bypassing due process by just buying data, I don’t think it all paranoid to think that privacy concerns are already huge, and could get worse
I came to say, “just because you’re paranoid doesn’t mean they’re not out to get you.”
Of course some people go too far. I think a lot of folks on here grossly overestimate / overstate their threat model, but I think the discussions are good for the limited few who really do need to cover their asses.
Me personally, I hate the idea of companies bidding for my attention without my consent, so I try and make it as hard as possible for them to get it. This just so happens to overlap nicely with the goals of the privacy community much of the time.
I mean font ad blockers cover that.
There are probably some people that go too far, but that is true in any community. There are also people with a very legitimate threat model, for example if they are from insert your favourite dictatorship here and they have insert opinion against said regime
I mean, it can be a bit of an issue everywhere.
Hilariously this post was just above this one in my feed.
Yep, and then there’s probably a good number of people who have no idea of threat modelling who just copy those actions to say they have “good privacy”.
Tbh, I’m closer to the latter.
As long as everyone is having fun, I see no problem.
If you’re not having fun switching email providers, researching Gecko forks, or being a part-time sysadmin for your Fairphone, you should probably not do these things.
are you guys doing this for fun? i take some privacy precautions so i wont be mass targeted for anything i do today in the future.
I’d sure hope so! Many of the things that privacy nuts like us do are not efficient uses of one’s time.
They might require constant vigilance. They might need recurring work for continued effectiveness. They might necessitate exposure to intrusive negative emotions (“what is Google doing this week?!”).
If you’re not having fun, focus on measures that you implement once and then never have to think about again.
For example, I wouldn’t recommend GrapheneOS to a journalist in an authoritarian regime. It might be “more secure”, but they have a job to do and can’t keep dicking around with obscure pointer authentication settings or whatnot. They should just get a current iPhone, enable Lockdown Mode if its tradeoffs are acceptable to them, and continue doing their best job, which isn’t “phone administration”.
LARPing as Jason Bourne, or prepping for the Rokobasiliskocalypse, is a hobby. It’s okay, I do it too. However, it’s not approachable or understandable to people who don’t share that hobby, or are not as alarmed at the general state of things as we are.
people are literally targeted by this system today. and i live in the third world, i’m ripe for the taking.
i’m glad this can be a hobby for some of you guys though.
It kind of has to be, if you’re trying to be persistent about the whole thing. It’s easy to feel overwhelmed and burn out over all of the different threats we’re trying to defend against. I don’t see how you can keep at it for months or years if you feel no joy over it. But maybe being deathly, relentlessly afraid of the dangers around us is enough after all.
If you don’t even like doing this stuff, wouldn’t it be better to focus on measures that require little upkeep? This is what my example suggestion was getting at, something that’s as close to set-and-forget as possible, while getting you 90% of the way there. (Depending on your threat model, sure. If yours says that the sky is falling if Tim Apple gets your iCloud data, it certainly doesn’t apply.)
if you are properly threat modeling, getting away from big tech is a long process but not that complicated. for most people it pretty much just means replacing apps and deleting accounts. eventually maybe installing a rom.
honestly services like icloud are whats truly dangerous, but i digress.
Damn this take needs more love. You will get shouted down And downvoted to the lowest depths if you speak against anything that isn’t graphene. I like the project, it has merit. It’s far far from perfect in so many ways. I don’t believe it’s the white knight in shining armour we like to think it is. Good yes. Saving grace. Not by a long shot. It’s got many fundamental flaws.
Be conscious of your needs, not obsessive. I think a lot of people are obsessive and I get it totally. But FOMO is powerful. Don’t overwork your mind trying to be perfect that you never make moves. Life isn’t static. If your uneducated enough to truly need the utmost best tech stacks with no real knowledge on how to implement and deploy. You likely don’t need to be doing the shit your thinking of, or currently doing.
Depends how one looks at it. From purely practical POV, probably 90% of us don’t need to bolt their doors so much. But as a principle, as a society we’ve lost the “war” on privacy so much, that it really takes a long way to pull the dial back to where it should be
I definetly take things too far in terms of my effort vs my current threat model. But there are many aspects of trying to increase privacy.
For one, I’m very interested in the philosophy, ethics and politics of privacy and adjacent fields such as security. Part of what I do is just learning.
Also I try to be a good role model to my AFK peers and family. Of course I don’t try to get everyone to adopt my hobby. But as in every field it’s hard to teach even the basic stuff to others without deeper understanding of the field.
But as in every field it’s hard to teach even the basic stuff to others without deeper understanding of the field.
That’s so true, but even more true in IT… It changes so rapidly and things don’t stay the same over time… It’s not like a degree in Biology where things you learn stay relatively the same !
IT is 5 inches deep but miles long ! (Something like that!)
Yes and I see two reasonable reasons for that.
One is that, like in most communities, those that feel more compelled to post and comment are those that are more passionate about the topic and/or have more extreme views.
The other reason is that given the sensitive nature of the topic, without knowing the threat level of the reader I can see how one would be reluctant to go for the “good enough”.
Definitely yeah! If you’re just a regular person living in a fairly democratic country and you’re thinking about physically clogging your usb ports to avoid someone breaking in your room and tampering your device while you’re exploring Barcelona, or if you consider removing camera and microphone from your pixel phone that you use every day, you’re probably taking it too far.
OTOH I’m still having trouble getting people away from Meta apps and I think it’s absolutely crazy how little thought people put into the amount of data that Meta collects.
TBH even in many dictatorships you’re mostly fine just using a VPN and fake accounts if you have government critical opinions. But that’s just my personal experience. Goes without saying if you have a decent follower count or are some kind of journalist you should be very paranoid.
Anyway, the point is, it’s probably good to feel slightly paranoid because most people aren’t paranoid enough, but most of us are also not Edward Snowden or Saudi journalists, so there should be a balance between practicality and privacy.
Yeh my family treat me like I am a nut job. I only swapped away from google and ask them to think about the orgs they spend their money on for example Amazon.
It’s amazing how many people got on board with Covid conspiracies but questioning where you data goes, who’s using it, what for, no that’s a bit far lol.
Told my older parents I use a custom ROM with a profile for work and a profile for personal and they asked me what I’m hiding, and why I’m so paranoid. I said… it’s not paranoia, it’s organization. Color coding profiles allows my mind to switch gears from work to personal life like mental compartments. I am a boring person. I have nothing to be paranoid about. They didn’t believe me. Oh well…
Edit: part of me thinks the whole mental state switching from work profile to personal is an ADHD aspect as well. Especially the color coding helps wonders.
I’m like a test-bed for a) my business customers and b) friends and family. also, “wasting” time thusly is vastly better than my previous “hobby”, namely buying new and exciting shit.
my customers benefit from me knowing how exactly (and why!) I should implement e.g. an unbound instance on-premise. or an in-house prosody communication platform. or the “dev team” (buncha dudes poking at wordpress) getting a slew of used elitebooks with linux for the price of one new windows-with-ai yoga the spec initially called for.
f&f benefit from my early adoption by way of trickle-down tech. no way is anyone of them going to selfhost all this crap, but they get sprinkles of benefits in the form of “get this phone with that OS with those apps” and they’re dramatically better off. you don’t need the new ideapad ryzen that’s “on sale” (isn’t), have this 10-year old macbook I fixed and installed linux on - off you go. you don’t need the new phone that’s “free” with an exorbitantly priced plan, have the cheapest plan with this Redmi/Poco phone I swapped the battery on and installed LineageOS.
as to practical considerations, any and all interactions with the likes of FAANG are and should be adversarial from the get-go, they are out to hurt you by any means necessary. them fucks lost the benefit of doubt ages ago so you not letting them have a millimeter of grasp in your domicile should be your primary task. as their gains are cumulative in nature, every battle won is significant and you’d do well to remind yourself constantly of that.
https://www.explainxkcd.com/wiki/index.php/2501:_Average_Familiarity
Relevant XKCD;
I feel that it is closer to the fact that the communities forgot most beginners are completely new to this in general. They might not even know what exactly a ‘browser’ is, much less cookies and stuff.
Hence when we try to spoonfeed them information, it comes off as overwhelming and forced.
Agree that there are some extremist, but they mostly act in good faith tbh.
Another thing I noticed is there are more preachers of ‘how’ than ‘why’. Having a beginner go down the route of privacy without giving them a purpose to do so is quite off-putting.
