Really interesting read! And sorry for the coming wall of text!!
I'm not sure if this is completely related, but as an average-jane who is interested in upgrading my privacy in whatever ways I can without sacrificing too much convenience or letting it hinder just enjoying and living life, I often find that a hindrance for me is knowledge and understanding about tracking and whatnot (what's the antithesis of 'privacy'...?? Surveillance??). It's hard to defend yourself against something you don't *understand* how it works. And if I don't understand how something works, and how to defend myself, it can be easy to... give up.
If I compare my current practices to my practices before I started my privacy journey, I've improved my overall privacy and security fivefold. I mean, I was *atrocious*. I used the same emails and passwords everywhere, for *years*, and all of it had of course been in literally hundreds of breaches. It's a miracle nothing terrible happened. So, going from that to where I am now is in and of itself an accomplishment.
But something that in particular tends to weigh me down is crosstracking and linkability (?). That's kind of where my morale starts to falter, and I feel helpless. Simply because I don't know how said tracking works. I don't know if clicking link X on website Y, taking me to website Z will link my advertising ID and whatnot. I don't even know what I don't know (https://gradecalculator.mes.fm/img/memes/i-dont-know-what-i-dont-know.jpeg). I guess that, in tandem to me being an average jane about privacy puts me in a stalemate. I want to improve my privacy, but I'm not one of those people who *enjoys* getting down into the nitty gritty details about privacy. I'm probably never going to learn how to use, say, Linux. Ideally, I want things that work seamlessly without me needing to tinker with it, which means I can only choose between Windows or Mac, which I suppose comes at a cost to my privacy. Anyway.
Like I said, I've improved my privacy greatly. I try to be mindful of what I share online, how I use the internet, my phone, apps... I use the webpage version of certain services instead of using the app version... But at the end of the day, I don't know if it makes that much of a difference? If my usage is tracked and linked between different websites and services anyway? If I don't know how effective it is, it's easy to slip up. Maybe in the heat of the moment, I would download an app or sign in to some website that I shouldn't have (at least on a device that I shouldn't have), and if you've done that once, are you already done for? Now that information is stored in some server regardless if I delete the app and never do that again, so would it make a difference if I started using that app indefinitely? I'm of course generalising here, but that's sort of the things that I think about in terms of tracking and feeling helpless and just, lost.
All of this said, I don't mind going the extra mile for some possibility of less tracking, and I'm probably not going to throw in the towel any time soon. There are still some things I'd like to try out in the future, like setting up a pi-hole (man, I've tried to understand how *that* works and... I'll just have to hope some techie friend will be willing to help me). Not fully understanding doesn't have to be a complete hinderance. But I think it affects people like me quite a bit, people who are interested in improving their privacy but are just not very knowledgeable, and maybe have other things in life they'd rather focus on.
I think part of the reason why I'm word vomiting on your post is that I'm too scared and impatient to share this sort of stuff on, say, r/privacy, because you're often met with unfriendlyness and black and white thinking. If you're using one "bad" service, like facebook, you'll be told that everything else you do for privacy is for nothing. It's easy to be discouraged from caring about or trying to improve your privacy at all, which further increases the feeling of hopelessness and helplessness. And why would you try to learn to understand something that you're told is a losing game from the start? And another variable for me feeling helpless about this is the way that the playing field is constantly changing and evolving... Everyday, it seems that corporations find new ways to harvest more data, so even if I were at the top of the privacy game *today*, who knows if that would matter in a year when they've found new ways to track you? That then also pushes the goal post of what you would need to learn about and 'understand'. These are the kinds of depressing and fatalistic thoughts I have about privacy 👍
Gonna shut up now!! Again very interesting read and happy that you're back.
Yes, I see what you're saying. There's a few terms for what you're describing - "all or nothing thinking", "black and white thinking", "splitting", but it refers to a phenomenon where, basically speaking, there is no nuance or grey; it's either absolute perfect 100% secrecy from everyone all the time forever, or it's full complete public information streamed to YouTube to billions of people constantly. It's deeply dysfunctional as you can imagine, you see it in a lot of disorders but the one that springs to mind is borderline personality disorder. And while I don't want to say it's everywhere in the privacy "community", it's definitely common among the more vocal individuals in a lot of spaces.
Of course, it's not *totally* insane. There *is* a lot of surveillance and data harvesting, much of it either invisible or actively concealed, which does definitely push you towards this kind of more extremist position - I vaguely remember a story a while back where iPhones running a VPN had a kind of backdoor built in. So people who were more extreme and decided that iPhones were hopelessly compromised now could wave that around and justify "see, we told you!", but you can't wave around something like "we have no evidence Linux Mint is secretly activating your webcam" in the same way. So the rhetorical space is just borked from the get-go. In addition, the more extreme people tend to be more vocal, which means they drown out/drive away less extreme positions in any given space.
I think what a lot of people tend to forget is that privacy is not an end, it's a means. I'm not private for the sake of it, I'm private because I want to protect myself from identity theft and suchforth (also I think the tracking is just super-creepy in itself even if it doesn't lead to any direct harms). And that goal helps me make what decisions I need to make - I don't want my e-mail accounts hacked, so I use 2FA to secure them, and e-mail aliases (although that's mostly a spam thing). But if you view privacy as an end in itself, then there is no such guidance - any leakage of any information is a failure and bad, so you naturally end up pushed to more and more extreme methods.
I think this is what people are gesturing at when they talk about threat models (when they're not using to to grandstand, anyway). If you think about what you're trying to achieve in concrete, actual terms, I find that much more helpful. In fact, if it helps, I would recommend taboo-ing the word "private" or "secure" entirely when making decisions.
As to running Linux... eh, I guess, if you want to. I do (Mint), and I genuinely prefer it over Windows (which I basically only use for gaming and specific software for work), but I'll freely admit it's not for everyone, and it definitely can make a lot of things more twitchy. Whether the trade-off is worth it is ultimately going to be an individual decision. I would not recommend most of my friends run Linux, for example, even if they're technically capable, because the benefits to them are minimal.
(Sorry, one last point. I'm a bit of a gasbag.)
At the risk of tooting my own horn, I do think a lot of the issues in the garbage fire we call the privacy "community" is in part due to poor understanding of the psychological aspects going on. Whether that's the social dynamics of any kind of community to how we judge threats or learned helplessness etc, I sincerely believe having a basic understanding of psychology is massively beneficial in any field which involves working with people. And for various reasons, the online discussion in this space is dominated by tech-y people. Don't get me wrong, tech-y people absolutely have a place to speak here, someone needs to explain to me what an "encrypted tunnel" even is. But they ultimately have one perspective, however useful it may be, and that implies blindness to other ways of seeing.
In short, just do what you can and try not to stress over stuff you can't, or would be too hard. You *can* maybe try not to actively use invasive apps on your phone, or at least limit things - using the web form is much better if you can manage it, but it's not always feasible all the time for everyone. You *can't* use a super-double-encrypted phone running a custom OS which blocks all known and unknown trackers direct or indirect. This is not a goal, it's a means to a goal. Do what you want/need to within your means, and that's good enough :)
Although this comment itself is not objectionable, the account itself is very clearly a spam account, and has in the past posted content that does cross the line, and I have extremely high confidence that this will continue. As a result, I am concluding that this account is extremely unlikely to contribute to anything resembling useful discussion, and has a (small) chance of exposing people to malware.
In addition, I just don't feel good about allowing content from spam accounts on here, even if the content itself is not objectionable. I'm aware of the philosophical problems this position creates, and I do encourage discussion and alternative suggestions, but for now I'm perma-banning this account.
Really interesting read! And sorry for the coming wall of text!!
I'm not sure if this is completely related, but as an average-jane who is interested in upgrading my privacy in whatever ways I can without sacrificing too much convenience or letting it hinder just enjoying and living life, I often find that a hindrance for me is knowledge and understanding about tracking and whatnot (what's the antithesis of 'privacy'...?? Surveillance??). It's hard to defend yourself against something you don't *understand* how it works. And if I don't understand how something works, and how to defend myself, it can be easy to... give up.
If I compare my current practices to my practices before I started my privacy journey, I've improved my overall privacy and security fivefold. I mean, I was *atrocious*. I used the same emails and passwords everywhere, for *years*, and all of it had of course been in literally hundreds of breaches. It's a miracle nothing terrible happened. So, going from that to where I am now is in and of itself an accomplishment.
But something that in particular tends to weigh me down is crosstracking and linkability (?). That's kind of where my morale starts to falter, and I feel helpless. Simply because I don't know how said tracking works. I don't know if clicking link X on website Y, taking me to website Z will link my advertising ID and whatnot. I don't even know what I don't know (https://gradecalculator.mes.fm/img/memes/i-dont-know-what-i-dont-know.jpeg). I guess that, in tandem to me being an average jane about privacy puts me in a stalemate. I want to improve my privacy, but I'm not one of those people who *enjoys* getting down into the nitty gritty details about privacy. I'm probably never going to learn how to use, say, Linux. Ideally, I want things that work seamlessly without me needing to tinker with it, which means I can only choose between Windows or Mac, which I suppose comes at a cost to my privacy. Anyway.
Like I said, I've improved my privacy greatly. I try to be mindful of what I share online, how I use the internet, my phone, apps... I use the webpage version of certain services instead of using the app version... But at the end of the day, I don't know if it makes that much of a difference? If my usage is tracked and linked between different websites and services anyway? If I don't know how effective it is, it's easy to slip up. Maybe in the heat of the moment, I would download an app or sign in to some website that I shouldn't have (at least on a device that I shouldn't have), and if you've done that once, are you already done for? Now that information is stored in some server regardless if I delete the app and never do that again, so would it make a difference if I started using that app indefinitely? I'm of course generalising here, but that's sort of the things that I think about in terms of tracking and feeling helpless and just, lost.
All of this said, I don't mind going the extra mile for some possibility of less tracking, and I'm probably not going to throw in the towel any time soon. There are still some things I'd like to try out in the future, like setting up a pi-hole (man, I've tried to understand how *that* works and... I'll just have to hope some techie friend will be willing to help me). Not fully understanding doesn't have to be a complete hinderance. But I think it affects people like me quite a bit, people who are interested in improving their privacy but are just not very knowledgeable, and maybe have other things in life they'd rather focus on.
I think part of the reason why I'm word vomiting on your post is that I'm too scared and impatient to share this sort of stuff on, say, r/privacy, because you're often met with unfriendlyness and black and white thinking. If you're using one "bad" service, like facebook, you'll be told that everything else you do for privacy is for nothing. It's easy to be discouraged from caring about or trying to improve your privacy at all, which further increases the feeling of hopelessness and helplessness. And why would you try to learn to understand something that you're told is a losing game from the start? And another variable for me feeling helpless about this is the way that the playing field is constantly changing and evolving... Everyday, it seems that corporations find new ways to harvest more data, so even if I were at the top of the privacy game *today*, who knows if that would matter in a year when they've found new ways to track you? That then also pushes the goal post of what you would need to learn about and 'understand'. These are the kinds of depressing and fatalistic thoughts I have about privacy 👍
Gonna shut up now!! Again very interesting read and happy that you're back.
Glad you got something out of it :)
Yes, I see what you're saying. There's a few terms for what you're describing - "all or nothing thinking", "black and white thinking", "splitting", but it refers to a phenomenon where, basically speaking, there is no nuance or grey; it's either absolute perfect 100% secrecy from everyone all the time forever, or it's full complete public information streamed to YouTube to billions of people constantly. It's deeply dysfunctional as you can imagine, you see it in a lot of disorders but the one that springs to mind is borderline personality disorder. And while I don't want to say it's everywhere in the privacy "community", it's definitely common among the more vocal individuals in a lot of spaces.
Of course, it's not *totally* insane. There *is* a lot of surveillance and data harvesting, much of it either invisible or actively concealed, which does definitely push you towards this kind of more extremist position - I vaguely remember a story a while back where iPhones running a VPN had a kind of backdoor built in. So people who were more extreme and decided that iPhones were hopelessly compromised now could wave that around and justify "see, we told you!", but you can't wave around something like "we have no evidence Linux Mint is secretly activating your webcam" in the same way. So the rhetorical space is just borked from the get-go. In addition, the more extreme people tend to be more vocal, which means they drown out/drive away less extreme positions in any given space.
I think what a lot of people tend to forget is that privacy is not an end, it's a means. I'm not private for the sake of it, I'm private because I want to protect myself from identity theft and suchforth (also I think the tracking is just super-creepy in itself even if it doesn't lead to any direct harms). And that goal helps me make what decisions I need to make - I don't want my e-mail accounts hacked, so I use 2FA to secure them, and e-mail aliases (although that's mostly a spam thing). But if you view privacy as an end in itself, then there is no such guidance - any leakage of any information is a failure and bad, so you naturally end up pushed to more and more extreme methods.
I think this is what people are gesturing at when they talk about threat models (when they're not using to to grandstand, anyway). If you think about what you're trying to achieve in concrete, actual terms, I find that much more helpful. In fact, if it helps, I would recommend taboo-ing the word "private" or "secure" entirely when making decisions.
As to running Linux... eh, I guess, if you want to. I do (Mint), and I genuinely prefer it over Windows (which I basically only use for gaming and specific software for work), but I'll freely admit it's not for everyone, and it definitely can make a lot of things more twitchy. Whether the trade-off is worth it is ultimately going to be an individual decision. I would not recommend most of my friends run Linux, for example, even if they're technically capable, because the benefits to them are minimal.
(Sorry, one last point. I'm a bit of a gasbag.)
At the risk of tooting my own horn, I do think a lot of the issues in the garbage fire we call the privacy "community" is in part due to poor understanding of the psychological aspects going on. Whether that's the social dynamics of any kind of community to how we judge threats or learned helplessness etc, I sincerely believe having a basic understanding of psychology is massively beneficial in any field which involves working with people. And for various reasons, the online discussion in this space is dominated by tech-y people. Don't get me wrong, tech-y people absolutely have a place to speak here, someone needs to explain to me what an "encrypted tunnel" even is. But they ultimately have one perspective, however useful it may be, and that implies blindness to other ways of seeing.
In short, just do what you can and try not to stress over stuff you can't, or would be too hard. You *can* maybe try not to actively use invasive apps on your phone, or at least limit things - using the web form is much better if you can manage it, but it's not always feasible all the time for everyone. You *can't* use a super-double-encrypted phone running a custom OS which blocks all known and unknown trackers direct or indirect. This is not a goal, it's a means to a goal. Do what you want/need to within your means, and that's good enough :)
Although this comment itself is not objectionable, the account itself is very clearly a spam account, and has in the past posted content that does cross the line, and I have extremely high confidence that this will continue. As a result, I am concluding that this account is extremely unlikely to contribute to anything resembling useful discussion, and has a (small) chance of exposing people to malware.
In addition, I just don't feel good about allowing content from spam accounts on here, even if the content itself is not objectionable. I'm aware of the philosophical problems this position creates, and I do encourage discussion and alternative suggestions, but for now I'm perma-banning this account.