this post was submitted on 25 May 2024
132 points (95.8% liked)

Privacy

31981 readers
340 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

In sharing this video here I'm preaching to the choir, but I do think it indirectly raised a valuable point which probably doesn't get spoken about enough in privacy communities. That is, in choosing to use even a single product or service that is more privacy-respecting than the equivalent big tech alternative, you are showing that there is a demand for privacy and helping to keep these alternative projects alive so they can continue to improve. Digital privacy is slowly becoming more mainstream and viable because people like you are choosing to fight back instead of giving up.

The example I often think about in my life is email. I used to be a big Google fan back in the early 2010s and the concept of digital privacy wasn't even on my radar. I loved my Gmail account and thought it was incredible that Google offered me this amazing service completely free of charge. However, as I became increasingly concerned about my digital privacy throughout the 2010s, I started looking for alternatives. In 2020 I opened an account with Proton Mail, which had launched all the way back in 2014. A big part of the reason it was available to me 6 years later as a mature service is because people who were clued into digital privacy way before me chose to support it instead of giving up and going back to Gmail. This is my attitude now towards a lot of privacy-respecting and FOSS projects: I choose to support them so that they have the best chance of surviving and improving to the point that the next wave of new privacy-minded people can consider them a viable alternative and make the switch.

all 27 comments
sorted by: hot top controversial new old
[–] [email protected] 5 points 5 months ago* (last edited 5 months ago)

After so much time of thinking, researching and testing all kinds of technologies and tools, my best recommendation to those who talk to me about privacy is the following: keep your profile public, the one that everyone knows, the one related to work and to all government services, services like Amazon etc. Only use those what you supposedly should and even need to continue moving in society. But, keep a second profile, absolutely isolated and disconnected from the first, and where you have your ENTIRE real private world. The one that you only want to share with those you trust. It's more or less what should be done in society in the real world. And to all this, personally, in that public profile, what I do is block all communication between entities as much as possible, just because I hate that they make free money from me. I also mold it to my convenience.

[–] [email protected] 1 points 5 months ago (1 children)

Fraid so. The very act of connection lays you open to the world even if you have the latest greatest firewall and vpn

[–] [email protected] 4 points 5 months ago* (last edited 5 months ago)

VPNs won't really make you private

[–] [email protected] 4 points 5 months ago

counter-question: Is it impossible to be private offline?

[–] [email protected] 7 points 5 months ago

transcribed from video:

I think there are good solutions we can implement to mitigate a lot of the surveillance. And I don't think the solution is to just lay down and die. If everyone thought like privacy doomers, none of this [privacy related issues] would even be a discussion.

They [pessimists] really just making the world worse place by giving up. And that's what a lot of pessimism really is, when you dig down deep, just a coping mechanism for covering up the fact that you're too lazy to take action. All you have to do is take action, instead of doing nothing.

The world needs more people who just care, don't be a doomer.

[–] [email protected] 4 points 5 months ago

Long ago I used a system called hushmail that promised a lot of the same as proton. Eventually I set up my own but it still has the problem of having to relay outgoing external mail through another box because of all the restrictions on home based dynamic IPs, so it's largely relegated to system alerts in house rather than general use.

It's a balancing act to be sure. VPNs stop local ISP inspection in exchange for potential viewing by the VPN host. DNS filters can only filter known threats. Things like P2P private nets can be infiltrated by 3rd parties via the '6 degrees of separation' premise or even tracking pixels.

Making the picture muddy is about the best we can do, but it's always worth the effort to not be another data point in the profile machine.

[–] [email protected] 17 points 5 months ago* (last edited 5 months ago) (2 children)

Short answer, yes, its impossible, even using TOR network ith VPN and other security measures. We can only minimize our digital footprint, but certainly no one should have any illusions about being able to avoid, with a shitty Laptop or PC, large companies and governments with large data centers, IT specialist squads and even Quantumcomputers can profile us. Absolute privacy on the Internet does not exist, if you want privacy, turn off your PC and read a book.

https://en.wikipedia.org/wiki/List_of_government_mass_surveillance_projects

[–] [email protected] 3 points 5 months ago (2 children)

Quantum computers eh? Yeah that's not even remotely true. Currently they are a scientific curiosity with very very little practical use.

[–] [email protected] 2 points 5 months ago

It does not even matter, namely if tomorrow quantum computers were to become a commodity then we would at the same time switch to quantum resistant encryption, e.g https://csrc.nist.gov/projects/post-quantum-cryptography

The name "post quantum encryption" sounds super complicated, and to be fair the math behind it is beyond my understanding (and I won't even claim I would have enough time in my life time to study it and assume I can formally prove all of it to be correct) yet switching is actually relatively trivial, namely your software, say a browser like Firefox or Chrome, and the server it communicates with, e.g lemmy.ml relying on e.g nginx or Apache, "just" have to have at least 1 matching encryption scheme, one way to exchange data that is post-quantum resistant. In practice that means configuration files on both sides that you, as a user, do not even know exist and that can be done through basic updates.

TL;DR: most users will switch to post-quantum encryption without even realizing, and then even if say the NSA were to buy a $1T quantum computer, even your $1K computer and the $10K server it communicates with would be able to handle it no problem, even a $30 Raspberry Pi computer will.

[–] [email protected] 1 points 5 months ago

Yes, this is what they say. Maybe true, but how long? Do you think that surveillance companies like Google, once this technology is implemented, and financed by secret services and the military, will use it exclusively for the good of humanity? We will see

https://blog.google/technology/research/google-gesda-and-xprize-launch-new-competition-in-quantum-applications/

[–] [email protected] 14 points 5 months ago

It's just more complicated than 0, no privacy or 1 full privacy.

[–] [email protected] 34 points 5 months ago (1 children)

"The price of freedom is eternal vigilance" - Aldous Huxley

[–] [email protected] 2 points 5 months ago (1 children)

I'm assuming this quote attribution is a joke...

[–] [email protected] -1 points 5 months ago (1 children)

Not sure what you mean, this is an Aldous Huxley quote

[–] [email protected] 4 points 5 months ago (1 children)

Thomas Jefferson said it a wee bit earlier.

[–] [email protected] 2 points 5 months ago

You're right, downvoted myself.

[–] [email protected] 2 points 5 months ago* (last edited 5 months ago) (1 children)

Every time I talk about privacy online, the pessimists always come out. "It's impossible to have any online privacy.

My experience is actually completely opposite. While mainstream "normies" don't seem to care, most of them are using readily available privacy tools in their communication daily. Things like WhatsApp, Signal and iMessage. Most websites these days are HTTPS enabled. Governments are so concerned about this loss of monitoring capability, they're trying to craft laws which allow them to backdoor devices before encryption happens. And they're meeting resistance, despite all the lobbying (see Chat Control2.0). We've never had as widely adopted privacy tools as we have today.

Big tech and advertising are two problems that still create trouble. A lot of this stems from completely different, non-privacy related reasons (the lax US policies concerning anti-consumer and monopoly laws) but even here policies around the world are slowly catching up. GDPR gives Europeans quite a bit of control over our data and while this is still just one baby step - it's much better than it used to be. There's a lot of global inequality here though. Facebook/Meta is synonymous to Internet in the developing world, because they've used their monopoly money to exploit the situation. Digital imperialism is still strong.

I'm not going to harp too much on SMTP privacy, Proton has a bunch of nice services. If that's where your MX happens to point at is, then great, but we do also need to slowly move away from these old protocols that offer no privacy choice (yeah I know, SMTP is here to stay).

What I'd like to see more, is talk about threat modeling in this space. Because that's where it all starts and threat models are quite personal. There's no "one size fits all" privacy, because our needs vary. Political dissident living in exile from hostile government has completely different needs for privacy compared to a person who doesn't like YouTube ads. We should try to foster easily digestible discussion around personal threat modeling - right now we (the privacy crowd) come across as loonies since lot of the advice we give starts from the wrong end of the model.

I don't see digital privacy as a pessimistic space. But what do I know, I'm not a content creator.

[–] [email protected] 5 points 5 months ago* (last edited 5 months ago) (1 children)

I notice you quoted the sentence from the description - did you watch the video itself? You are actually repeating a lot Eric's points and are really in agreement with him. He mentions how privacy is becoming increasingly mainstream to the point that even his "normie" brother started using Brave without his knowledge or input, and he also has a section in there on threat modelling (he calls it the "privacy spectrum") which he has made an entire video about in the past.

The "pessimistic" introduction is really just a setup for his positive counterargument. He's not actually pessimistic about digital privacy as you seem to believe.

[–] [email protected] 3 points 5 months ago (1 children)

I notice you quoted the sentence from the description - did you watch the video itself?

No, I'm afraid I didn't.

[–] [email protected] 3 points 5 months ago (1 children)

At least you did a good job summarising it for everyone else!

[–] [email protected] 4 points 5 months ago

Ah, well. Maybe that saves a click and 10 minutes of someones life.

[–] [email protected] 50 points 5 months ago (1 children)

Never give up,
each eye you poke out is one less they can use for data collection.

It's a slow process and they'll grow more eyes,
but the less they have on you,
the more private you'll be.

[–] [email protected] 6 points 5 months ago

Also remember there are many many people like you poking out eyes by themselves, day in and day out.

You're not alone, and you only need to hold the line till we can bring in legislative measures to hold it for you.