by freddyym on 2/17/25, 8:48 PM with 48 comments
by Havoc on 2/18/25, 2:26 AM
It does also need to make a difference though. If Google has say three different ways of figuring out who I am and I eliminate one of them then nothing has changed.
Let’s say IP address, fingerprinting and cookies.
In that sense it is somewhat all or nothing. Either I’ve eliminated all three or I have not. I know that’s not precisely what the author means by all or nothing but there are certainly dynamics at play here that are not a smooth continuum
by 1970-01-01 on 2/17/25, 11:35 PM
Here's the rub. I buy that privacy is not dead, however free privacy is very limiting. Total privacy remains a complicated pay to play game.
by eth0up on 2/18/25, 3:10 AM
But to me it's similar to posture, or maybe hygiene. I stand tall but know I'm feeble. I wash but know the bacteria persists. And I actually think the invasion of privacy is analogous to bacteria in its inevitability, ubiquity, and perhaps even virulence snd symbiosis. It's a kind of day dream - one that if ever presenting actual opportunity, I will seize if I can grasp it. But I've come to not expect much of it, however much I desire it or make token efforts toward.
But I remain closely aligned with its principle. And I sustain its spirit. Primarily, I uphold it by valuing, respecting and defending the privacy of others where I'm able. There's a different kind of privacy, and vaguely but formidably unassailable solitude, for those who value the sanctity of others. I think it reduces the value of the corrupt currency of data, in some small way.
But I don't think I'd survive long without ublock or the cozy alcove of foss. Nor might I want to.
by tptacek on 2/18/25, 2:46 AM
Here's a concrete example: Let's say your friend just told you they moved their communications from SMS to Signal. This is something to celebrate! Your friend just improved their data privacy a lot by deciding to start using Signal instead of SMS. It is absolutely not the time to tell your friend things like "Okay, but you're not even using Firefox!
If a privacy source suggests that Firefox is an absolute improvement over other browsers without actually laying out the security tradeoffs you'd be making by adopting it, you should trust that source less.
I would personally go much farther with this analysis; I have categorical opinions about the relative security of browsers. But you don't have to follow me that far down the path to see the merit of the rule, because if you think "just use Firefox" is an uncomplicatedly strong recommendation, you're simply not paying attention to browser security at all, in which case: why are you making recommendations?
Most privacy and security guides are LARPs.
by protocolture on 2/18/25, 12:52 AM
When someone might benefit from marginal privacy, its best to ask who they want to be private from. Sometimes the juice is worth the squeeze (Privacy from ISP, Spouse etc) sometimes it isn't (State actors, large corps) depending on how much effort they want to put in.
by 0xCMP on 2/18/25, 1:21 AM
When you're starting out you're learning everything and trying to adjust your current usage with the limits of the private alternatives. And then we live in a society there is the learning curve for those who want to interact with you and are somehow willing to cooperate and use a more secure/private thing than the tool/service they're used to.
Let people get better and encourage them to keep going is definitely the right advice. The tone, intent, and timing of telling people how to keep going further is as important as the advice or recommendations you're giving them.
by claudiojulio on 2/17/25, 11:21 PM
by metalman on 2/18/25, 11:57 AM
by rzr on 2/18/25, 12:55 AM
"Your privacy is our priority..."
by godelski on 2/18/25, 3:27 AM
I see this mindset a lot with privacy, and I think a lot of it is apathy or more that people have been run down. I'm at the tail end of a CS PhD and I even have a hard time convincing people in my program to communicate with me over Signal vs text. Common answers being "they have my data anyways" and people buying into a whole ecosystem. But truth is, fragmenting your data is an important part to data privacy. You minimize what you can, and what you leak you try to distribute. Information's power is in its aggregation, so you make it harder to aggregate.
I think it is the same as with security. There's no real perfect security[1], and realistically security is more about putting up speed bumps than impenetrable doors. Just sometimes your speed bump is so large that you got to build a car that couldn't fit on the road if you want to make it over (you can always brute force a password). The goal is to make it too expensive, too time consuming, or too costly to use that route or maybe even to attempt an attack in the first place. The same is true for privacy. Make them pay more for that data. Make it harder to aggregate. Make your data as noisy or indistinguishable from noise as possible (small footprints are better than extra footprints). Because this isn't a zero-sum game instantaneous game, this is a constant battle and it is always cat and mouse.
But I do think we as the programmers, the developers, the makers, should also have a serious talk about the consequences of surveillance capitalism. With any engineering, it is always easy to get caught up in the upsides and downplay the downsides. The path to hell is paved with good intentions, not malice[2]. Every engineer has to have a code of ethics, surely Ethan Zuckerman didn't foresee the hell he created, and had good intentions. While we don't build bridges that can collapse (actually... we do) there can be no doubt that information can be weaponized. It seems no matter what your politics are that this is recognizable and in conversation. And I think these conversations can still be had in an apolitical setting (which I hope we will do here, but I understand the pull towards that direction[3]). I do encourage apolitical discussions because these can be had within the workplace and can be had without starting fights. I do believe that many people will often find themselves on the same side when had conversations not initiated this way they would not have. At the end of the day, it requires a community to make these changes and even if we disagree on some things that doesn't prevent us from working together towards common goals.
[0] Godel was said to have been inspired by the paradox "this statement is false" but that's probably folklore. "Indeterminate" here is equivalent to "this statement cannot be proved"
[1] Okay, I know, but if you know then you know what I mean here
[2] I think it is important to recognize that evil is often created when good men are trying their best. So be careful when making attributions, because evil is sly and subtle. If it weren't, we'd have purged it long ago.
[3] I believe that the discussion around "Turnkey Tyranny" often helps with keeping things apolitical. Because one needs not say that any one party is or will become tyrannical, but we can remain abstract in a future scenario and consider the risk-reward calculus (I'm sure more relevant than ever).