
Privacy is Power: Why the fight for privacy matters - mobitar
https://journal.standardnotes.org/privacy-is-power-f0a064ab36ea#.9op3ljljh
======
dcposch
Best part of the article: explaining how privacy is a public good.

TLDR: privacy isn't just about "keeping secrets" or having "something to
hide".

Privacy for a whole population is power. Once a population has lost its right
to privacy, once people's conversations and movements are monitored, they're
rendered powerless. It becomes easy to strip away their other rights.

\--

Worst part of the article: the recommendations at the end.

The author lists a kitchen sink full of privacy tools including Telegram,
which the entire infosec community agrees is terrible. Do not use Telegram.

Use Tor, use Signal.

~~~
newscracker
> Worst part of the article: the recommendations at the end.

> The author lists a kitchen sink full of privacy tools including Telegram,
> which the entire infosec community agrees is terrible. Do not use Telegram.

> Use Tor, use Signal.

Usability, or lack of annoyances, will always trump security and privacy. Tor
is way too slow for most purposes. In my experience, I don't believe it can be
a generic mass solution (people in most places around the world already have
slow connections - sharing that with others would be the last thing they'd
want to do, even though more people running Tor means it gets better, on
average, for everyone).

Signal is way too deficient on features and usability compared to Telegram. I
want to get out of Telegram and use Signal, but it's at least a few years
behind Telegram in various ways (speed, features, lack of good desktop
options, relying only on phone number with no usernames or other ways to
add/establish contacts, and more). By the time Signal catches up, I believe
Telegram would be far ahead again. For messaging and privacy, what would be
better to have is a decentralized system that has good usability, multi-device
support and can become popular.

~~~
j_s
If you're prioritizing features and usability, WhatsApp is considered more
favorably than Telegram.

~~~
1propionyl
WhatsApp is owned by Facebook.

They almost certainly do not have privacy as a central focus beyond its
utility as a marketing bullet.

It's just more embrace, extend, extinguish.

Facebook is doubling down on Messenger. They don't want to support multiple
messengers. As soon as they can find a way to convert those pesky privacy-
conscious Europeans to Messenger, WhatsApp is dead.

~~~
marcosdumay
They may not do it for the best reasons, but they do have a better
implementation than Telegram and, the most important, Watsapp is private by
default.

Telling people to move from Watsapp to Telegram nowadays is bad advice. for
any point of view.

------
educar
Those who are privacy conscious must first take the step towards self-hosting.
They are many interesting approaches that are trying to make self-hosting
practical. They make it trivial to run your own mail server, keep your
contacts/calendar/files/notes. Why trust yet another mail/cloud company
(yahoo, anyone?)? There are promising existing projects out there (like
cloudron.io, sandstorm.io, yunohost). Go try them out today. The projects are
open source and have issue trackers where you can contribute even if you are
not a developer. Such solutions will empower the average person in the future.

~~~
schoen
Self-hosting has a severe metadata tradeoff. Suppose that you and I each self-
host a mail server. Now we e-mail each other to talk about how great
decentralization is and how much we both hate wiretapping.

With self-hosting and SMTP, there is now a very clear TCP metadata record
showing how my home IP address connected on port 25 to your home IP address.
Maybe the next day you write back, and there's another nice clear metadata
record showing your address connecting to me. Now any ISP between us, and
anyone who can tap the ISPs' cables, knows that you and I are corresponding.

If we were both using Gmail, this metadata pattern would pretty much not
appear at all: we would each make an HTTPS connection to Gmail and exchange a
bunch of data, and while in principle my upload would be matched in size by
your download, it would be extraordinarily noisy in many ways and hard to
correlate in practice. On the other hand, Gmail would know everything about
us.

Having Gmail know everything about us is clearly terrible and not a good
privacy solution. However, having all of the ISPs be able to learn our
detailed correspondence patterns and relationships is _also_ clearly terrible
and not a good privacy solution. So, self-hosting being a clear privacy win
for messaging will require a lot of technical improvements on the metadata
front. It isn't a clear win in this respect today; it most likely depends on
whether you see ISPs (and people who can compromise or coerce them) or Google
(and people who can compromise or coerce them) as a bigger risk overall.

~~~
daurnimator
I feel like using something like TOR would help here: it would create a
background noise of other traffic while also providing a way for _other_ users
to not have to connect directly to the remote server.

So I ask: is there a way to provide an _optional_ TOR endpoint? e.g. can I
have an MX record with high priority that points to a .onion address, and then
have a backup (with lower priority) that points to the normal global IP?

~~~
schoen
Currently there is no support for this in MTA software. If it were supported,
you could imagine having somewhat better privacy properties for e-mail with
other people who also used this particular setup. However, if you simply re-
decentralize your e-mail using today's e-mail technology, you won't get those
benefits in the short term.

~~~
daurnimator
Why would you need software for it _in_ the MTA? Use a local resolver with
tor's dns option + automapping

------
saycheese
Largest issue with privacy is that in my experience generally speaking that
the average person does not see privacy as a priority, or worse, questions the
need for it.

~~~
anigbrowl
There's a third possibility, which is that people are rationally aware that
the cost of preserving privacy on the individual level significantly outweighs
the benefits most of the time (rather like not buying insurance), and that in
any case the technological, economic, and political asymmetries between
individual and corporate/governmental actors are so huge that it's pointless
anyway.

I use Tor some of the time. I would like to use Tor all the time for
everything, but the reality is that using Tor is slow as mud so for 98% of my
browsing activities I use Chrome, even though I know I'm giving away a lot of
information about myself in the process.

Likewise, I live in a house. I can lock the doors and windows, but the reality
is that any determined individual or group could easily kick in the door and
enter the house. Do I spend a fortune rebuilding and reinforcing the structure
so that I can have a front door like a bank vault, or do I invest a bit of
money in simpler security options and cultivate good relationships with my
neighbors?

It's not that people don't care about privacy (though not everyone does), but
that subconsciously most people realize they can't possibly win an arms race
and so opt for greater quality of life at the expense of security.

~~~
amirmc
> _" There's a third possibility, which is that people are rationally
> aware..."_

I agree that this possibility exists but I also think it's a _tiny_ minority
of people online. There's enough info out there to demonstrate that people
_aren 't_ rationally aware of many things (although they may believe they
are).

In the current example, I'd bet that most folks don't even understand how much
info they reveal online and what can be inferred about them. The very reason
the house analogy exists is because it's tangible and 'real-world' but it's
not really a fair comparison. If people had the option to live in a fortress,
that still had windows and easy access for approved people, and didn't look
too different, they'd likely take it. Such options either don't exist or are
too expensive.

~~~
__jal
This.

Also: peer pressure. As a non-Facebook user, I get questioned about why fairly
often, and my family makes passive-aggressive noises about missing pictures
and whatnot.

And here, any time this comes up, someone thinks they're being clever by
pointing out _other_ intrusive systems of surveillance (like cell phones) that
I surely must be unaware of or inconsistent about.

My theory regarding some (certainly not all) people in the latter group are
well aware of how much they're giving up and don't like the idea that other
people are doing better at maintaining privacy, a bit like the drunk pushing a
drink on someone trying to get sober. A lot of other people are simply unaware
of the power of the data they're giving up, or believe that since "everybody
else does", it can't be that important.

Social cues are really important.

~~~
jayajay
Even as a non-Facebook user, if you were to _only_ post on HackerNews all of
the time, a lot could be inferred about you. Apparently, the value of sharing
exceeds the cost in privacy. There are many types of thoughts of that people
would share on the internet, some more revealing than others (e.g. "Today is
Friday" vs. "I am 190lbs"). Some people must be very skilled at posting inert
content which does not in any way tie to their personal lives, others may not
be -- or simply don't care, or believe the sharing value to be very high, etc.

In terms of psychology, UI/UX design and engineered content could try to
maximize the likelihood of getting a user to post emotionally-charged or
revealing content.

~~~
__jal
Of course. Facebook (or Google, for that matter) isn't magic, just in
possession of a really intrusive nose for others' business and the war chest
to do something about it.

Detectives, private or otherwise, are sometimes very skilled at doing the same
thing in conversation (of course, this is not automated and very expensive).
This isn't news.

What is news is the scope and automation. The surveillance-entertainment
complex is unhealthily healthy.

------
dandelion_lover
I found [https://prism-break.org](https://prism-break.org) a good list of
software/services helping our privacy.

~~~
oconnore
Also:

\- print a letter on a laser printer, drop it off at any USPS pickup box. No
return address. Strong 4th amendment protections

\- write in a journal with a pen

~~~
dandelion_lover
>print a letter on a laser printer

but be careful, just for a case:

[https://www.eff.org/pages/list-printers-which-do-or-do-
not-d...](https://www.eff.org/pages/list-printers-which-do-or-do-not-display-
tracking-dots)

~~~
ue_
This jumped to my mind immediately with the laser printer mention!

------
cryoshon
here is a stupid argument for privacy that i just invented based off of the
article's mentioning of 1776:

if the british colonists had no privacy, the american revolution would never
have happened. troublemakers would have been either nipped in the bud, or
never even thought that they could successfully challenge the existing power
structure.

what god-fearing amurican is going to argue against privacy when you frame it
as a patriotic issue? sure, there's no logic or graceful rhetoric here, but
who needs logic when you have emotional arousal?

those of us who have enough brain cells to rub together need to start thinking
about how to slam the idiots with arguments they can't get around while
maintaining a veneer of nationalism. "you're unamerican if you're against
privacy, because we needed privacy to execute the most hallowed event in our
civic religion: revolution against the british." that kind of garbage.

it's time to discard clean argumentation and jump into the mud-- it's the only
way to make people care about an abstract issue that people have been taught
to disregard like privacy.

~~~
K0SM0S
You've just come up with a variation on the theme of "First they came..." [1]
by Pastor Martin Niemöller (1892-1984).

> First they came for the Socialists, and I did not speak out—

> Because I was not a Socialist.

> Then they came for the Trade Unionists, and I did not speak out—

> Because I was not a Trade Unionist.

> Then they came for the Jews, and I did not speak out—

> Because I was not a Jew.

> Then they came for me—and there was no one left to speak for me.

The deeper reasons for privacy are historical, political, and ultimately may
become a matter of life or death. It wouldn't be surprising, history is full
of precedents.

[1]
[https://en.wikipedia.org/wiki/First_they_came_..](https://en.wikipedia.org/wiki/First_they_came_..).

------
opaque_salmon
It would be nice to see the issue of privacy, especially in regards to data
privacy, evolve beyond a black and white matter. Privacy is important it
allows for a bubble of safety and security in our lives. On the other hand,
there is real value and utility through data, but often at the expense of
privacy.

I think that the trade-off between the utility of data and privacy can be
explored in such a way that everyone benefits. Ensuring a balance of power in
regards to privacy between individuals, government, and private entities is a
worthwhile, but difficult, venture. Data is a good medium for this discussion
because of its increasing value in an age where we're collecting more than we
can use. Government and society can benefit from data driven policies and
public datasets (ala data.gov). Individuals can regain control and benefit
from a collective use of data. Corporations already hold and make profits on
massive monopolies of user data, but often liability involved with private
data preempts sharing.

I think these kinds of conversations will need to be tackled and absorbed by
the wider audience before it can have a real impact. In any case, it will be
interesting to see what direction privacy as an issue goes toward. Personally,
I will be continuing to be more aware of the issue and use products that have
privacy in mind.

------
newsat13
Why is "very few people care" an argument _against_ privacy solutions? There
are so many niche markets in this world. Not everything needs to be a billion
dollar business.

~~~
Spooky23
Its the inverse of network effect.

A few years ago I bought a GPG card and used it to encrypt long term backup
media. I created a key, did the whole PGP thing, etc.

It was cool and all, but it's value from a communications perspective is zero.
I have about 2,000 contacts that I keep track of... and exactly two had public
keys. The value of that network is near zero, because I really don't transmit
anything via e,ail that has a high value justifying the considerable hassle.

At work, we have the ability to use Microsoft rights management to optionally
encrypt email or attachments. It is easy as pie -- literally press a button.
In some cases Outlook will nudge you to do so! With nearly 400M messages, less
that 20k were protected, and most of those were for a pilot using policy based
encryption.

------
jayajay
People aren't paranoid enough. Being paranoid carries so much negative stigma,
it feels that we are selecting _against_ it. Try to a remember the last time
you revealed your paranoia _and weren 't_ a complete buzzkill. But hey, you
can fear what you know. You can even fear what you know you _don 't_ know. But
you can't fear what you _don 't_ know you don't know!

------
turc1656
"Missed any? Shoot me a message on Twitter: @bitario"

I don't have a Twitter account, but if the author happens to be reading this
(or if anyone wants to shoot a message to him), I use Threema for secure
messaging. I love it. But I admit to not having used the others so I can't
comment on how it ranks against the competition.

[https://threema.ch/en](https://threema.ch/en)
[https://play.google.com/store/apps/details?id=ch.threema.app...](https://play.google.com/store/apps/details?id=ch.threema.app&hl=en)

~~~
passivepinetree
What's the advantage of this over, say, Signal?

~~~
bigbugbag
Is signal previous name textsecure ? Those who dropped SMS support of their
secure texting application so now it requires a data plan to be remotely
useful.

That's about when Openwhisper / Signal lost me, I'm not gonna trust them with
anything anymore. Also worth mentioning that all communication go through a
single point of failure central server, it requires a phone number to register
and is not available outside the worst privacy offender device: smartphones.

------
abandonliberty
The simplest argument for privacy: if the powerful value it, so should you.

~~~
themacguffinman
The slightly more complicated truth: people with power have different problems
and threats.

~~~
absconder
True. But then, keeping within the frames of parent's argument, if you want
power (you do), you want privacy.

------
godmodus
Sort of ironic to see bitcoins being hacked away due to lax security with the
phone system, too. Ud think after mitnick, it wouldnt be possible, but our
leadera today are actively choosing to ignore history's lessons, and we enable
them.

Privacy and Security are the battlefields of today, and the wars of tomorrow.
It'll hurt Badly when that impending 1984 world rains down on us, very soon.
That said, we'll win, eventually. :o)

~~~
brokenmachine
I'm not so optimistic.

I don't believe people will ever get their liberties back when they are
finally all taken away. :(

Our naive and apathetic population will find out eventually.

~~~
godmodus
Society is a sleeping giant. Aslong as food and shelter are there, people will
stay dormant.

But eventually, one of these two things will be taken away. Maybe food. Maybe
the security of shelter... Look at North Korea, defectors left and right,
despite the horrors. Though ill admit to the difficulty of localities. Horrors
can be committed, and sustained, upon a minority, while the majority sleeps,
we enable north Korea, but only because it's a local, distant horror.

Bur when the majority is fucked.. The hackers, the rebels, the adamant few
WILL fuel the fires of revolution.

But ill admit again to the sophistication of our current system and it's
cruelty. It will delay improvement. It's a cat/mouse scenario. We're the cat,
and we're sound asleep for now. Trump and the falling apart of the EU will
shake the house though. Or maybe they wont, but stench of war is in the
air.amd the higher ups, no matter how sophisticated, are only human.

It's important not to give in to desperation and paranoia. Education (math,
science, history, art) will help keep the population capable and give them the
tools to transform society when the day comes where we must act.

------
kyleschiller
It's nice to have a private notes app, my bigger concern is about what happens
as the entire ecosystem becomes increasingly monopolized.

Any platform enhanced by ML powered by proprietary data will create huge
barriers to entry for potential competitors. Even if privacy becomes important
to consumers, app alternatives with have to at least match the mainstream
version in 100 other ways. As much as Google has contributed to ML tooling and
research, their data will ensure that services like Duck Duck Go stay obscure.

Network effects, economies of scale and the dynamics of VC funding will all
exacerbate this as well.

~~~
mobitar
You're right in that it's hard to create a new billion dollar privacy company.
But there are plenty of opportunities to create "small businesses" focused on
privacy. Basecamp sized companies. In fact, that's the advantage small
founders have now: is to not be big, but be intentionally small.

~~~
kyleschiller
Yeah, that's true, I do dream of a future where more people are creating toy
apps for their friends and family with no intention of scaling. Udacity has
strayed a little bit from this with their focus on ML courses, but SMBs are
absolutely preferable in my mind.

EDIT: also why I love FOSS.

------
Insanity
I have in recent months become increasingly aware of this, and have taken
steps towards being more private online but I am not completely there yet.
Though I do run Linux, stay shy of social media and use Signal for messages, I
still lacked a better email provider. (And I am still looking into which VPN
to get)

This article was the push that I needed to also finally ditch my old (hotmail)
account and switch to protonmail. When you have a lot of communication going
on with an email account I feel like the change is not that easy, but it'll be
worth it.

~~~
newscracker
Last year I looked at various services for email and finally switched to
posteo.de. It's cheaper than Fastmail and Protonmail listed in this article,
promises privacy and the company has a lot of good ideals and actions that I
like.

I needed IMAP and didn't want to be locked in to one provider if I ever wanted
to move out (Protonmail's IMAP is just now in beta, more than two years after
the request was made by people, and all users are tied to Protonmail because
there is no export of all mails or non-Protonmail-app mechanisms to retrieve
mail).

The lack of custom domain support in posteo (for privacy reasons - what it
calls "data economy") was a concern for me on portability, but it's a
compromise I decided to make.

------
jwatte
It's not that privacy isn't locally good if it could be had, it's that or
can't be had, and letting only some people (more powerful) have privacy is
actively bad.

Just like we have to prepare for the post labor society, we have to prepare
for the post privacy society. It's not about what we'd like to be true, it's
about what's actually true.

------
ujttpu
Whenever I ask questions about people's attitude towards privacy they also end
up with, I have nothing to hide, and all counter examples are vague and not
directly applicable. I'm working on turning the privacy talk around, to frame
it around the loss of freedom, Freedom from criminals, Freedom of
relationship, Freedom of self expression, Freedom from profiling. We can then
explore which freedoms are relevant to the individual and which are not.

Freedom from criminals: Computer systems are not secure. The more we share
online the bigger the danger when the data is leaked. A very real concern that
is often overlooked is that governments and companies are incapable of keeping
our data secure. By collecting addresses, medical data, bank information we
are all exposing ourselves to risks of having our identity, money and medical
information stolen or to be held for ransom.

Freedom of relationship: Private conversations can be made public, your
opinions and interests can be made public without your intention. For example
facebook changing their privacy settings suddenly makes your private links
shared, or private matters suddenly appear where you don't intend them to be.
Like product adverts showing up at work, sharing our private purchases with
colleagues.

Freedom of self expression: We loose control of when content goes public.
Suddenly our ideas and works can be shared without our consent or credit even
without our knowledge. An art sharing site suddenly uses our work in private
folders for advertisements because they now have access to them. When
uploading on line we lose control of our data and if they are taken there is
little recourse.

Freedom from profiling: Decisions are made about you without your direct input
affecting the news you see, the products you are advertised, and the prices
you are offered. Governments have started placing us on lists along with real
criminals based on where we have been, who we have met, and what we have seen.
We have no control of the profile that is made on us and we have no access to
it.

We, those worried about privacy, can see the overlaps between the loss of
freedoms, but by presenting them in these forms it makes for conversations
that continue beyond I have nothing to hide. Depending on who I am talking to
I can question into which freedom they are comfortable losing and which they
are not.

Personally living in a 1st world country with an stable and amicable
democratic government my greatest concerns are freedom from criminals and
freedom of self expression.

~~~
tornadoboy55
Just use Snowdens quote: saying you don't need privacy because you have
nothing to hide is like saying you don't need free speech because you have
nothing to say.

To be honest, I actually ran a very private setup (Copperhead OS, Protonmail,
MacBook with all non-draconian privacy settings turned on) for about 2 years,
but in the end I realized I was gaining (almost) nothing compared to just
Google's services, and losing a whole lot in terms of ease-of-use and
integration. All in all its the same thing with privacy as it is with
security: you can create all the good systems in the world, but if its a
hassle, you'll run into privacy/security fatigue soon and the whole system
becomes moot because you'll be the weakest link and start bypassing your own
systems.

------
fosco
I really like this stance, I think this argument needs a little more
sharpening so that it generates action from people who not in our bubble
outside of the tech scene.

------
sirrele
Really enjoyed this post, seriously, thank you.

------
barbs
Does anyone know what the title image comes from and/or why it's relevant? I
really like it!

~~~
s_p_lee
It's the cover art to an edition of The Martian Chronicles. See:

[http://www.michaelwhelan.com/galleries/descent/](http://www.michaelwhelan.com/galleries/descent/)

------
known
Civilization is the progress toward a society of privacy --Ayn Rand

