Yes and no.

A lot of privacy threads focus on fantastical what-if scenarios that just never really come up. For the majority of Internet users, the biggest threat they would face comes from the adtech sector. Now most people aren't going to understand what is collected in realtime as that's usually company specific and usually encoded on the site/app, but standards are all open for anyone to read. Mostly this is going to come in the form of OpenRTB 2.6 (https://iabtechlab.com/wp-content/uploads/2022/04/OpenRTB-2-6_FINAL.pdf) or the Prebid library and its User ID Module (https://docs.prebid.org/dev-docs/modules/userId.html) with maybe some custom fields and VERY granular audience mapping.

Specific to that standard, 3.2.20 Object: User and 3.2.27 Object: EID and 3.2.28 Object: UID are the important ones, but honestly all of the information can be used in conjunction with other pieces. Now if you look through that info, you'll notice you don't really see that much. You're real name isn't present. Your email isn't present. Your physical address isn't present (although its likely your geo location info is accurate from the device object). The thing is that so many little bread crumbs exists and so many actors are mapping those bread crumbs that once human psychology is overlaid on top of it crazy amounts of information that was not collected can be inferred. People think info like "His name is John Smith" is important when really "This is device ID EA7583CD-A667-48BC-B806-42ECB2B48606" and the numerous IDs built from that or a dozen other things is what matters.

Just from that standard with enough data/time, its possible to determine your demographic/sociographic information. One could determine who you will vote for and political leanings, how much money you make, what your job is, your sexual orientation, etc. This is great if someone is trying to sell you Tide detergent, but its also really useful if you're wanting to start a "grassroots" campaign to add/remove rights for specific citizens. It allows you to know where you can get a foothold for your legislation (Cambridge Analytica comes to mind). And these things are all easily verifiable from your browser. Without an adblocker, go browse the internet and keep track of how many 1x1 tracking pixels get dropped on you. Checkout what's in your cookie store and what's sitting in sessionStorage and localStorage.

So, I think groups like r/privacy focus a lot on sci-fi inspired dystopia, when instead they could be focused on more real world dystopia.

I haven't been around these communities in a while, so I can't really speak for /c/privacy as much as /r/privacy and other communities, but I've noticed far far far far too many posts which are blindly perfectionist, with no consideration of threat capabilities or their motivations. Privacy is futile without a realistic threat model, that's how you get burned out solving non-problems and neglecting actual problems.

My threat model is largely just minimizing surveillance capitalism and avoiding basement-dweller neo-nazi stalkers from connecting any dots between my online personas and real life identity. Even for that, my measures are a bit excessive, but not to the point where I'm wasting much time or effort.

Daily reminder: "more private" and "more secure" are red flags. If you see or say these, without a very specific context, it's the wrong attitude towards privacy and security. They're not linear scales, they're complex concepts. That's why Tor Browser is excellent for my anonymity situation but atrociously insecure to anyone who is being personally targeted by malware (tl;dr monoculture ESR Firefox^[1]^). That's why Graphene is not automatically anti-privacy simply because it runs on a Google Pixel and Android-based OS. (Google is one of my main adversaries.) And I think this simplistic 'broscience' style of "[x] is better than [y], [z] is bad" discourse is harmful and leads people into ineffective approaches.

Depends on your threat model, the degree of interest in you from states, the resources and competency of the states interested in you, etc... Also, I think privacy for privacy's sake and without any real threat to which it's responding to, is entirely fine and understandable. If nobody were interested in my data at all I'd still practise a reasonable level of privacy because I think it's creepy for other people to know my business.

It's the correct amount of paranoia. The issue is society has normalized completely not giving a shit about your own privacy to the point where any attempt at preserving it is seen as abnormal.

I rarely consider anything "too far" unless you're doing something totally ineffective or duplicating effort, and not talking about redundancy. I think most people who say this are either the people who we need to be secure from or people who are ignorant to the threats. I'm not saying the same threats affect us all, but there's always a possibility you could become a target through whistleblowing, protest, being attractive, pissing off a random stranger, etc. And usually by the time you are a target, it's too late. Your information is already out there and it's difficult to stop broadcasting more with all of the tracking systems in place all over.

It's often not clinical paranoia that causes people to worry about security and/or privacy, primarily it's a desire for a minimal amount of privacy, hiding from predators, and/or basic protection from fascist regimes of various strengths that have taken over most governments. Often keeping a little privacy also is the best way to prevent becoming a target in the first place.

Many times throughout my life, what would seem like a reasonably easy question to answer has changed dramatically.

30 years ago you could look at data collection and go there's no way that they could store a meaningful amount of data about everyone.

20 years ago you could look at data collection and go there's no way they could have the contents of every phone call It's just targeted it's not a big deal

We are the point now, where everything you ever wrote or said could be thrown into a model with such unimaginable levels of lossy compression that they could simply ask it if you are the kind of person who is into whatever the future administration deems as unacceptable and deny you access to things. All you need is a fascist regime or a dictatorship installed and all of a sudden anything you ever did can be used as grounds to lock you up.

On a governmental budget it wouldn't even be that expensive and we're just at the beginning of this.

We have seen that governments can change quickly, We know the data collection is affordable and can be permanent.

Certainly some people privacy-minded to the point of compulsion. But I can't say that anyone is wrong to seek extreme levels of privacy based on trends and capabilities.

They leave your cell phone at home and make sure somebody opens your apps and uses them people aren't anywhere near as crazy as they used to sound

I must be one of those. This shit is not okay, yall. Whole psychological profiles, humiliation tactics, and dystopian forms of control are right around the corner. Why would they keep Epstein alive when Palantir automated the job of the blackmail broker?

Yes.

Like any interest, people get so far removed from the original point, it becomes about something new.

Like cast iron. People go from not really knowing about it to learning how to cook with it, to learning how to do basic maintenance. About 20% of people go completely off the rails, and they start buffing and polishing them like they are fabergé eggs, and joining cast iron groups.

Privacy is the same. Learn the basics, follow the basics, relax and get over yourself.

You really do have to obsess if you take this seriously. It really isn't feasible for most people to devote kind of time and effort that I do on this stuff. I usually describe it as a kind of hobby, and I try to limit my advice to address specific concerns or threat models.

Yep, I made the mistake of telling my family I care about my privacy. The amount of times I've been told the nothing to hide argument is stupid.

Yes, privacy is very important, but I've seen also a lot of tin foil hats arround here which don't know really what is worth to protect and what only make browsing slower and more difficult. PEBCAK

I have been thinking about this a lot recently. I live a life where OPSEC is relevant. Its something that I have had to consider always, and has been for 2 decades. Even so, I wasn't as concerned this whole time as I am these days. The fact is that technology is making it such that its no longer "im not a person of interest they wont spend resources on me" because data crunching is happening to such an extreme, on such a grand scale, that person of interest doesn't even matter. Do you exist, yes. Do you have a digital foot print, yes you do. Even if you dont do a lot online. Your metrics are being captured and being inferenced, and systems are using predictive analysis to determine what you "may" do in a given situation. Depending on who controls those systems they may decide not to give you a chance to make that choice.

Ill I can say is that there are a large number of groups that want your data, for a lot of different reasons, and none of them are for your benefit. So, are you going to let them have it, or are you going to take steps to reign in the amount of info you leave about?

A few weeks ago, I would have said 100%. I am needlessly careful.

I know I'm protecting against privacy threats that are technically possible, but unlikely. Preventing the tracking is just an interesting hobby, to me.

But earlier this month, we learned that Meta went "all-in" on what I consider some fucked up shit - running a mini localhost server to track the vanishingly few people who bother to block their tracking.

So now I guess I'm only about 30% sure I'm being needlessly careful.

While certainly some people take it to a point that could be considered too far, I think that the reality is that you have to go very far if you want actual privacy today. I think most people either don't know all the ways that their daily lives are being tracked and their activities are sold or they simply don't care. To vast majority, doing anything that isn't trivial is probably too far, and the more you talk about it with them, the more they will think it's crazy. Most people of the older generation probably don't "get it" or think it can be real, and very young people have probably never known privacy in their lives to much degree, so it can be a tough sell. I think Late Gen-X and Millienials are the main group that got to experience privacy when they were young and then saw it slowly eroded away in increasingly gross ways until it was gone.

Like most things on the internet it's a game of one-upsmanship. User X uses Firefox with Incognito. User Y say's that isn't good enough for his own inconsistent definition of "good enough."
So User-Y suggests Firefox with 14 different add-ons and only browse through an immutable VM. But then user-z comes along and says that if you are using windows at all, you don't really care about privacy, so you should be using Icefox on some obscure fork of ubuntu through an immutable VM, with a pi-hole.
Then user-w says well if you aren't using a VPN none of this matters, so Obviously you need to rent an Alibaba cloud server hosted in China, that you only connect to through a privacy respecting VPN, and then you only browse through TOR.

And so on. By the time a user is asking about how to stop google ads, the only "serious" answer by the community involves using Packet over Ham-radio -> and spending thousands of dollars a month on 4 different cloud providers, rented through several shell companies set up in Switzerland, the Cayman Islands and China, while only typing in Esperanto using an ASCII-only font.

A year ago: yes.

Today: nope.

Yeah. I think people can become obsessive over it. I also think there is a large group of users who gamify privacy and act as if its an mmo quest where they just need to collect the best tools to win instead of being responsible and understanding threat modelling.

Yes, paranoia is not healthy. When people can't formulate a realistic threat model then usually to be "safe" they assume everyone is out there to get them ... while failing the most basic steps, e.g. not relying on surveillance capitalist fueled tools voluntarily.

https://www.explainxkcd.com/wiki/index.php/2501:_Average_Familiarity

Relevant XKCD;

I feel that it is closer to the fact that the communities forgot most beginners are completely new to this in general. They might not even know what exactly a 'browser' is, much less cookies and stuff.

Hence when we try to spoonfeed them information, it comes off as overwhelming and forced.

Agree that there are some extremist, but they mostly act in good faith tbh.

Another thing I noticed is there are more preachers of 'how' than 'why'. Having a beginner go down the route of privacy without giving them a purpose to do so is quite off-putting.

Yeh my family treat me like I am a nut job. I only swapped away from google and ask them to think about the orgs they spend their money on for example Amazon.

It’s amazing how many people got on board with Covid conspiracies but questioning where you data goes, who’s using it, what for, no that’s a bit far lol.

I think that "mental illness" kind of comments would come from people whose attitude for safety in many aspects of life is "that's never going to happen (to me)". Those people exist, so sooner or later you'll see comments like that.

On the other hand everybody is trying to find a balance in convenience and safety and the situations and environments and life on general for one person can be quite different from that of some others'. So what's adequate for one won't be for another.

It's like PPE or personal finance or many other things. There's no one size that fits all and finding the right fit isn't easy. For a lot of us it's work in progress. Sometimes you know what's definitely needed and tweak the details. Sometimes you know something is not going well and needs to change.

Maybe it's enough to say that it's complicated and have some compassion and support for people that think it isn't. Or people that think it's all too much to handle.

Yes and I see two reasonable reasons for that.

One is that, like in most communities, those that feel more compelled to post and comment are those that are more passionate about the topic and/or have more extreme views.

The other reason is that given the sensitive nature of the topic, without knowing the threat level of the reader I can see how one would be reluctant to go for the "good enough".

I'm like a test-bed for a) my business customers and b) friends and family. also, "wasting" time thusly is vastly better than my previous "hobby", namely buying new and exciting shit.

my customers benefit from me knowing how exactly (and why!) I should implement e.g. an unbound instance on-premise. or an in-house prosody communication platform. or the "dev team" (buncha dudes poking at wordpress) getting a slew of used elitebooks with linux for the price of one new windows-with-ai yoga the spec initially called for.

f&f benefit from my early adoption by way of trickle-down tech. no way is anyone of them going to selfhost all this crap, but they get sprinkles of benefits in the form of "get this phone with that OS with those apps" and they're dramatically better off. you don't need the new ideapad ryzen that's "on sale" (isn't), have this 10-year old macbook I fixed and installed linux on - off you go. you don't need the new phone that's "free" with an exorbitantly priced plan, have the cheapest plan with this Redmi/Poco phone I swapped the battery on and installed LineageOS.

as to practical considerations, any and all interactions with the likes of FAANG are and should be adversarial from the get-go, they are out to hurt you by any means necessary. them fucks lost the benefit of doubt ages ago so you not letting them have a millimeter of grasp in your domicile should be your primary task. as their gains are cumulative in nature, every battle won is significant and you'd do well to remind yourself constantly of that.

Once, someone sent me an Amazon link for baby nappies, and fool me clicked on it. Now Amazon showed boomer me baby nappies suggestions for the next six months. AI at its best... These things annoy me, so I try to avoid being tracked whenever reasonably possible.

OTOH, I am old and hope to not live long enough to experience any rogue government or whatever else persecuting me for having clicked on a baby nappies link years ago; so my threat model is short term only. I keep my privacy to a level, where it hopefully prevents as many annoyances as possible, but does not hamper what I am doing online too much. If I was younger, I'd likely do more.