I’ve had people tell me that this is (their words, not mine): “mental illness”
Yep, I made the mistake of telling my family I care about my privacy. The amount of times I’ve been told the nothing to hide argument is stupid.
I started asking people who put that forward if they would give me their cellular phone unlocked for a hour. After all they have nothing to hide, right?
A few weeks ago, I would have said 100%. I am needlessly careful.
I know I’m protecting against privacy threats that are technically possible, but unlikely. Preventing the tracking is just an interesting hobby, to me.
But earlier this month, we learned that Meta went “all-in” on what I consider some fucked up shit - running a mini localhost server to track the vanishingly few people who bother to block their tracking.
So now I guess I’m only about 30% sure I’m being needlessly careful.
Yes, privacy is very important, but I’ve seen also a lot of tin foil hats arround here which don’t know really what is worth to protect and what only make browsing slower and more difficult. PEBCAK
I have been thinking about this a lot recently. I live a life where OPSEC is relevant. Its something that I have had to consider always, and has been for 2 decades. Even so, I wasn’t as concerned this whole time as I am these days. The fact is that technology is making it such that its no longer “im not a person of interest they wont spend resources on me” because data crunching is happening to such an extreme, on such a grand scale, that person of interest doesn’t even matter. Do you exist, yes. Do you have a digital foot print, yes you do. Even if you dont do a lot online. Your metrics are being captured and being inferenced, and systems are using predictive analysis to determine what you “may” do in a given situation. Depending on who controls those systems they may decide not to give you a chance to make that choice.
Ill I can say is that there are a large number of groups that want your data, for a lot of different reasons, and none of them are for your benefit. So, are you going to let them have it, or are you going to take steps to reign in the amount of info you leave about?
While certainly some people take it to a point that could be considered too far, I think that the reality is that you have to go very far if you want actual privacy today. I think most people either don’t know all the ways that their daily lives are being tracked and their activities are sold or they simply don’t care. To vast majority, doing anything that isn’t trivial is probably too far, and the more you talk about it with them, the more they will think it’s crazy. Most people of the older generation probably don’t “get it” or think it can be real, and very young people have probably never known privacy in their lives to much degree, so it can be a tough sell. I think Late Gen-X and Millienials are the main group that got to experience privacy when they were young and then saw it slowly eroded away in increasingly gross ways until it was gone.
Like most things on the internet it’s a game of one-upsmanship. User X uses Firefox with Incognito. User Y say’s that isn’t good enough for his own inconsistent definition of “good enough.”
So User-Y suggests Firefox with 14 different add-ons and only browse through an immutable VM. But then user-z comes along and says that if you are using windows at all, you don’t really care about privacy, so you should be using Icefox on some obscure fork of ubuntu through an immutable VM, with a pi-hole.
Then user-w says well if you aren’t using a VPN none of this matters, so Obviously you need to rent an Alibaba cloud server hosted in China, that you only connect to through a privacy respecting VPN, and then you only browse through TOR.And so on. By the time a user is asking about how to stop google ads, the only “serious” answer by the community involves using Packet over Ham-radio -> and spending thousands of dollars a month on 4 different cloud providers, rented through several shell companies set up in Switzerland, the Cayman Islands and China, while only typing in Esperanto using an ASCII-only font.
A year ago: yes.
Today: nope.
Yeah. I think people can become obsessive over it. I also think there is a large group of users who gamify privacy and act as if its an mmo quest where they just need to collect the best tools to win instead of being responsible and understanding threat modelling.
There is a point of diminishing returns. Like most things, you have to evaluate what you are willing to live with and let go.
I know someone who only browses incognito because they don’t want cookies tracking them. They log into everything every day. Which, imo, is worse because those cookies are still tracking you but you now have to log in everyday.
But for them they like the control.
I’ve moved most of my incidental link on my phone clicking to Firefox Focus (thanks to URL Checker) which has upped my privacy. I wouldn’t have made that change without the prompt that URL Checker provides though.
I use a VPN outside of my house and I use pihole at home. I am tempted to switch my DNS to unbound but the juice doesn’t seem to be worth the squeeze. We’ll see the next time I need to rebuild my pi.
I used to run unbound on my laptop just so I could configure stuff like forwarding zones with more precision than what a stub resolver normally gives you.
It can also be your validating DNSSEC resolver, which also satisfied that sort of morbid curiosity in me.
In the age of DoT and DoH, with endpoints hardcoded in browser binaries, that sort of thing has a lot less punch than it used to. Even back then Go binaries would start ignoring your
nsswitch.conf…DNSSEC always causes errors on my pihole set up and end up disabling it. The upstream is DoH though (via dnscrypt) so it’s technically DNSSEC but without the clients seeing the authentication. That’s enough for me.
At some point, I fully expect apps and websites to begin resolving DNS directly instead of relying on the OS to provide resolution services. At that point our options will be to wholesale block IP addresses at the router.
Yes, paranoia is not healthy. When people can’t formulate a realistic threat model then usually to be “safe” they assume everyone is out there to get them … while failing the most basic steps, e.g. not relying on surveillance capitalist fueled tools voluntarily.
Yeh my family treat me like I am a nut job. I only swapped away from google and ask them to think about the orgs they spend their money on for example Amazon.
It’s amazing how many people got on board with Covid conspiracies but questioning where you data goes, who’s using it, what for, no that’s a bit far lol.
As long as everyone is having fun, I see no problem.
If you’re not having fun switching mail providers, researching Gecko forks, or being a part-time sysadmin for your Fairphone, you should probably stop doing those things.
are you guys doing this for fun? i take some privacy precautions so i wont be mass targeted for anything i do today in the future.
I’d sure hope so! Many of the things that privacy nuts like us do are not efficient uses of one’s time.
They might require constant vigilance. They might need recurring work for continued effectiveness. They might necessitate exposure to intrusive negative emotions (“what is Google doing this week?!”).
If you’re not having fun, focus on measures that you implement once and then never have to think about again.
For example, I wouldn’t recommend GrapheneOS to a journalist in an authoritarian regime. It might be “more secure”, but they have a job to do and can’t keep dicking around with obscure pointer authentication settings or whatnot. They should just get a current iPhone, enable Lockdown Mode if its tradeoffs are acceptable to them, and continue doing their best job, which isn’t “phone administration”.
LARPing as Jason Bourne, or prepping for the Rokobasiliskocalypse, is a hobby. It’s okay, I do it too. However, it’s not approachable or understandable to people who don’t share that hobby, or are not as alarmed at the general state of things as we are.
people are literally targeted by this system today. and i live in the third world, i’m ripe for the taking.
i’m glad this can be a hobby for some of you guys though.
There are probably some people that go too far, but that is true in any community. There are also people with a very legitimate threat model, for example if they are from insert your favourite dictatorship here and they have insert opinion against said regime
Yep, and then there’s probably a good number of people who have no idea of threat modelling who just copy those actions to say they have “good privacy”.
Tbh, I’m closer to the latter.
https://www.explainxkcd.com/wiki/index.php/2501:_Average_Familiarity
Relevant XKCD;
I feel that it is closer to the fact that the communities forgot most beginners are completely new to this in general. They might not even know what exactly a ‘browser’ is, much less cookies and stuff.
Hence when we try to spoonfeed them information, it comes off as overwhelming and forced.
Agree that there are some extremist, but they mostly act in good faith tbh.
Another thing I noticed is there are more preachers of ‘how’ than ‘why’. Having a beginner go down the route of privacy without giving them a purpose to do so is quite off-putting.
It’s just a conscious approach to tech.
We have people telling us the earth is flat. Them saying so doesn’t make our good old planet any flatter ;)
I mean one can find excess absolutely anywhere, that doesn’t demonstrate much imho.
