I’ve had people tell me that this is (their words, not mine): “mental illness”
I have been thinking about this a lot recently. I live a life where OPSEC is relevant. Its something that I have had to consider always, and has been for 2 decades. Even so, I wasn’t as concerned this whole time as I am these days. The fact is that technology is making it such that its no longer “im not a person of interest they wont spend resources on me” because data crunching is happening to such an extreme, on such a grand scale, that person of interest doesn’t even matter. Do you exist, yes. Do you have a digital foot print, yes you do. Even if you dont do a lot online. Your metrics are being captured and being inferenced, and systems are using predictive analysis to determine what you “may” do in a given situation. Depending on who controls those systems they may decide not to give you a chance to make that choice.
Ill I can say is that there are a large number of groups that want your data, for a lot of different reasons, and none of them are for your benefit. So, are you going to let them have it, or are you going to take steps to reign in the amount of info you leave about?
I’ve thought a lot about this. By making the choices you do you already single handedly categorized yourself. We are under so much tech behind the scenes that any move you make puts you into an analytical box, spot how you do things here or there and you have a pattern of trade craft. With trade craft you can educatedly infer the rest with probability. Exactly how they caught Osama.
Edit: Even spoofing your moves in everyway your still going to be noticed. Hiding has long been gone. Cloaking is where we are somewhere between cloaking and multiple identities.
You really do have to obsess if you take this seriously. It really isn’t feasible for most people to devote kind of time and effort that I do on this stuff. I usually describe it as a kind of hobby, and I try to limit my advice to address specific concerns or threat models.
Yes, paranoia is not healthy. When people can’t formulate a realistic threat model then usually to be “safe” they assume everyone is out there to get them … while failing the most basic steps, e.g. not relying on surveillance capitalist fueled tools voluntarily.
We have people telling us the earth is flat. Them saying so doesn’t make our good old planet any flatter ;)
I mean one can find excess absolutely anywhere, that doesn’t demonstrate much imho.
It’s just a conscious approach to tech.
Yes, some people absolutely take things way too far, and often unproductively.
Like the person who was trying to disable websockets. Or the people who will shun signal, but jump directly on the flavour of the month signal clone, which might be completely backdoored.
If you dont know what you are doing, randomly turning things on and off at best does nothing, at worst makes you even more signaturable/trackable.
Its good to educate yourself on various protections, but unfortunately, it requires a lot of careful research and understanding.
There’s certainly also the aspect of simply “nerds who want to experiment.” I know I’ve tried out weirdo encrypted messengers and such in the past, just to never actually use it for anything and delete it. If you are smart, you know the difference between an experiment and sage advice. Boring stuff like the EFF’s Surveillance Self Defense suggest the reasonable tools for a spectrum of people’s threat models, but those things were all once experiments too.
I have no issue with tinkering, my issue is more when tinkering gets turned around into advice.
I think I would be happier if these communities/subreddits were a bit more explicit about “We are amateurs, for actual advice, go to X, Y, Z”.
Couldn’t agree more.
Yeah. I think people can become obsessive over it. I also think there is a large group of users who gamify privacy and act as if its an mmo quest where they just need to collect the best tools to win instead of being responsible and understanding threat modelling.
There is a point of diminishing returns. Like most things, you have to evaluate what you are willing to live with and let go.
I know someone who only browses incognito because they don’t want cookies tracking them. They log into everything every day. Which, imo, is worse because those cookies are still tracking you but you now have to log in everyday.
But for them they like the control.
I’ve moved most of my incidental link on my phone clicking to Firefox Focus (thanks to URL Checker) which has upped my privacy. I wouldn’t have made that change without the prompt that URL Checker provides though.
I use a VPN outside of my house and I use pihole at home. I am tempted to switch my DNS to unbound but the juice doesn’t seem to be worth the squeeze. We’ll see the next time I need to rebuild my pi.
I used to run unbound on my laptop just so I could configure stuff like forwarding zones with more precision than what a stub resolver normally gives you.
It can also be your validating DNSSEC resolver, which also satisfied that sort of morbid curiosity in me.
In the age of DoT and DoH, with endpoints hardcoded in browser binaries, that sort of thing has a lot less punch than it used to. Even back then Go binaries would start ignoring your
nsswitch.conf…
I haven’t been around these communities in a while, so I can’t really speak for /c/privacy as much as /r/privacy and other communities, but I’ve noticed far far far far too many posts which are blindly perfectionist, with no consideration of threat capabilities or their motivations. Privacy is futile without a realistic threat model, that’s how you get burned out solving non-problems and neglecting actual problems.
My threat model is largely just minimizing surveillance capitalism and avoiding basement-dweller neo-nazi stalkers from connecting any dots between my online personas and real life identity. Even for that, my measures are a bit excessive, but not to the point where I’m wasting much time or effort.
Daily reminder: “more private” and “more secure” are red flags. If you see or say these, without a very specific context, it’s the wrong attitude towards privacy and security. They’re not linear scales, they’re complex concepts. That’s why Tor Browser is excellent for my anonymity situation but atrociously insecure to anyone who is being personally targeted by malware (tl;dr monoculture ESR Firefox[1]). That’s why Graphene is not automatically anti-privacy simply because it runs on a Google Pixel and Android-based OS. (Google is one of my main adversaries.) And I think this simplistic ‘broscience’ style of “[x] is better than [y], [z] is bad” discourse is harmful and leads people into ineffective approaches.
There are probably some people that go too far, but that is true in any community. There are also people with a very legitimate threat model, for example if they are from insert your favourite dictatorship here and they have insert opinion against said regime
I mean, it can be a bit of an issue everywhere.
Hilariously this post was just above this one in my feed.
Yep, and then there’s probably a good number of people who have no idea of threat modelling who just copy those actions to say they have “good privacy”.
Tbh, I’m closer to the latter.
As long as everyone is having fun, I see no problem.
If you’re not having fun switching email providers, researching Gecko forks, or being a part-time sysadmin for your Fairphone, you should probably not do these things.
are you guys doing this for fun? i take some privacy precautions so i wont be mass targeted for anything i do today in the future.
I’d sure hope so! Many of the things that privacy nuts like us do are not efficient uses of one’s time.
They might require constant vigilance. They might need recurring work for continued effectiveness. They might necessitate exposure to intrusive negative emotions (“what is Google doing this week?!”).
If you’re not having fun, focus on measures that you implement once and then never have to think about again.
For example, I wouldn’t recommend GrapheneOS to a journalist in an authoritarian regime. It might be “more secure”, but they have a job to do and can’t keep dicking around with obscure pointer authentication settings or whatnot. They should just get a current iPhone, enable Lockdown Mode if its tradeoffs are acceptable to them, and continue doing their best job, which isn’t “phone administration”.
LARPing as Jason Bourne, or prepping for the Rokobasiliskocalypse, is a hobby. It’s okay, I do it too. However, it’s not approachable or understandable to people who don’t share that hobby, or are not as alarmed at the general state of things as we are.
people are literally targeted by this system today. and i live in the third world, i’m ripe for the taking.
i’m glad this can be a hobby for some of you guys though.
It kind of has to be, if you’re trying to be persistent about the whole thing. It’s easy to feel overwhelmed and burn out over all of the different threats we’re trying to defend against. I don’t see how you can keep at it for months or years if you feel no joy over it. But maybe being deathly, relentlessly afraid of the dangers around us is enough after all.
If you don’t even like doing this stuff, wouldn’t it be better to focus on measures that require little upkeep? This is what my example suggestion was getting at, something that’s as close to set-and-forget as possible, while getting you 90% of the way there. (Depending on your threat model, sure. If yours says that the sky is falling if Tim Apple gets your iCloud data, it certainly doesn’t apply.)
if you are properly threat modeling, getting away from big tech is a long process but not that complicated. for most people it pretty much just means replacing apps and deleting accounts. eventually maybe installing a rom.
honestly services like icloud are whats truly dangerous, but i digress.
Damn this take needs more love. You will get shouted down And downvoted to the lowest depths if you speak against anything that isn’t graphene. I like the project, it has merit. It’s far far from perfect in so many ways. I don’t believe it’s the white knight in shining armour we like to think it is. Good yes. Saving grace. Not by a long shot. It’s got many fundamental flaws.
Be conscious of your needs, not obsessive. I think a lot of people are obsessive and I get it totally. But FOMO is powerful. Don’t overwork your mind trying to be perfect that you never make moves. Life isn’t static. If your uneducated enough to truly need the utmost best tech stacks with no real knowledge on how to implement and deploy. You likely don’t need to be doing the shit your thinking of, or currently doing.
A few weeks ago, I would have said 100%. I am needlessly careful.
I know I’m protecting against privacy threats that are technically possible, but unlikely. Preventing the tracking is just an interesting hobby, to me.
But earlier this month, we learned that Meta went “all-in” on what I consider some fucked up shit - running a mini localhost server to track the vanishingly few people who bother to block their tracking.
So now I guess I’m only about 30% sure I’m being needlessly careful.
Most people have absolutely zero idea how much data they put out there, what’s done with it, and why any rational person would be horrified if they knew the extent to which individuals were tracked. Simply put, short of showing them how their livres are made worse, they don’t care, and can’t be made to care.
For friends and family, you can do things like give them books or send articles explaining it slowly in parts. For everyone else, just ask them if they know how Google tracks what they do in Incognito windows and see what they say. If they say that Google can’t or doesn’t, they might as well say the Earth is flat. You can’t argue with that, even though it’s provably false.
Most people have absolutely zero idea how much data they put out there
As evidence, I’ve heard people talk about worrying their phone is listening to their conversations. It’s not that they don’t care about privacy, it’s that they don’t even know what’s possible. With all the data collection that is happening, the data brokers are already selling a dataset predicting that you are going to be shopping for new baby items and what types of manipulative tactics are likely to work on you well before you talk to your friend about it.
I dunno, considering that Facebook data has been used to go after people, we’ve got fascists using every method possible to target their current hated group, and police everywhere ignoring or bypassing due process by just buying data, I don’t think it all paranoid to think that privacy concerns are already huge, and could get worse
I came to say, “just because you’re paranoid doesn’t mean they’re not out to get you.”
Depends how one looks at it. From purely practical POV, probably 90% of us don’t need to bolt their doors so much. But as a principle, as a society we’ve lost the “war” on privacy so much, that it really takes a long way to pull the dial back to where it should be
Definitely yeah! If you’re just a regular person living in a fairly democratic country and you’re thinking about physically clogging your usb ports to avoid someone breaking in your room and tampering your device while you’re exploring Barcelona, or if you consider removing camera and microphone from your pixel phone that you use every day, you’re probably taking it too far.
OTOH I’m still having trouble getting people away from Meta apps and I think it’s absolutely crazy how little thought people put into the amount of data that Meta collects.
TBH even in many dictatorships you’re mostly fine just using a VPN and fake accounts if you have government critical opinions. But that’s just my personal experience. Goes without saying if you have a decent follower count or are some kind of journalist you should be very paranoid.
Anyway, the point is, it’s probably good to feel slightly paranoid because most people aren’t paranoid enough, but most of us are also not Edward Snowden or Saudi journalists, so there should be a balance between practicality and privacy.
