For me its probably the debate regarding using a VPN with tor - Like the tor devs themselves recommend against using a VPN with tor.
Another is also probably the argument of “nothing to hide, nothing to fear”.
Another is also probably the argument of “nothing to hide, nothing to fear”.
People always forget that you have nothing to hide if you know what they’re looking for. The problem is you don’t know what they’re looking for. And the thing they’re looking for can change over time. And once you’ve given it you can’t take it back.
Not to mention that while you share it with one party, they’ll sell you off.
People always assume nothing to hide means not doing anything illegal that’ll make you end up in jail.
They think there’s somebody going through all the data and that this would be too much work. They really don’t/won’t understand that computers have been able to do this at scale for years.
If any bigtech company does it it’s fine. But if I ask them for their unlocked phone for 10 minutes to sift through their messages with the promise I’ll give them free advice on how to solve their problems it’s none of my business.
¯\_(ツ)_/¯Those dumb people are confusing privacy with secrecy.
A good example of privacy is a bathroom. Everyone knows what goes on in bathrooms. It’s not a secret. But you still close the door. Do those people with “nothing to hide” want the government recording and storing video of them every time they use the bathroom or have sex? If they answer “no”, then they value their privacy. (If they answer “yes” they should probably seek therapy).
An example of secrecy is laundering money to avoid paying taxes on it. That’s not privacy, that’s hiding something illegal.
There, that’s the one argument I’ve been missing in my explanations. Thank you, kind sir or ma’am.
I usually go a little harder with it. Suggest they strip down and walk down the street in the buff, or offer to look in their windows at night without them knowing. It’s amazing how people forget that “modesty” is another form of privacy. The issue is that people have a visceral understanding of what a violation of their direct privacy is and what it means, but their virtual privacy, they don’t understand the danger, not the implications of it being taken. Make them feel violated and them get them to equate the two feelings.
“I also have nothing to hide, but the assumption that everyone who wants to log every detail of my life isn’t doing so with malicious intent, is dangerous.”
I find it comical that the companies building this surveillance tech, that are quick to use the “if you have nothing to hide…” argument are as secretive and closed as any spy agency.
Guess it’s just a one way street 🙄
deleted by creator
All Internet lol. But its also spying neighbors
Many people put privacy, security and anonymity all in a single basket. While they often go hand in hand between one another, they’re still fundamentally different things.
To add to this, you arguably cant have privacy or anonymity without security first.
If there are any vulnerabilities or design flaws for your device or its OS, you shouldn’t fully trust your device to handle sensitive tasks.
Misconception: “I’m not interesting enough for anyone to surveil me.”
Reality: Mass surveillance.
People confusing privacy with secrecy.
“what do I care, I don’t have anything to hide”
The biggest one people usually get wrong is thinking their messages on WhatsApp, Telegram, and other proprietary messengers are private
My brother does this. And it’s easy to see how people fall for this when the disinformation from those companies keeps telling you how private your messages are and that not even WhatsApp can read them. Yet when you lose your old phone and reinstall on a new phone, your old messages magically show up without you having to provide an encryption key.
your old messages magically show up without you having to provide an encryption key
Do they? I thought you had to explicitely back them up to get them on a new device. At least that’s how it was when I still used it.
They do with Telegram. In WhatsApp (if I recall correctly) it auto-retrieves from your google drive.
(Come to think of it…if that means the encryption key is just with you in your google drive and not with WhatsApp, then is that more secure than I have previously believed??)
With Signal they prompt you to pull the data and generate and encryption key. If you lose either of those things then there’s no way to get your messages back since no one else has them.
Telegram doesn’t surprise me, chats aren’t even encrypted per default in some instances (group chats, I believe?)
But then again, how solid is any encryption if Matrix bridges can exist?
Matrix bridges have nothing to do with encryption, they read the messages exactly the same way a client would, and send them to the other side of the bridge exactly the same way a client would.
They have a lot to do with encryption. As an example, Signal and Matrix use different encryption standards. So to get a message across, it needs to be decrypted mid-transit, to then be re-encrypted with the protocol of the recipient.
Any one of your contacts can set this up without your knowledge or consent, and then there’s a gap in the encryption. They can just freely give away the keys to their chats they have with you, and now a third-party has the means to decrypt your messages.
That’s pretty fucked if you think about it, but there’s not much you can do.
Sure, it’s not a huge problem if the service doing it is verifiable to have good security and doesn’t snoop, but it’s still adding another link in the chain to trust and to keep intact.
That’s exactly what I said, each side of the bridge has its own encryption standard (or no encryption at all).
The encryption could be as solid as possible, the problem would remain unchanged: to bridge messages between two services that are not interoperable, you need to decrypt them at some point.
No Telegram chats are end-to-end encrypted by default. And I don’t know anyone who’d use the feature regularly (it’s a hassle).
And, to be fair, it’s not really necessary for most day to day messaging.
I think it’s very much necessary to insist on our right to privacy. Personal chats not being encrypted should be a clear and absolute NO for anyone.
Ideally, yeah. Practically, shit like stickers or media sharing is way more important to the vast majority of people.
That’s not true. Please don’t spread misinformation. That’s literally the point of this thread.
TLS encryption to telegram servers is not e2ee. That’s the point
Indeed. That’s literally what I said.
The Google Drive backups are not encrypted by default. It looks like they’ve recently added the option to encrypt backups with your own key or password, which is a decent feature.
FWIW, I swap between phones weekly (separate work phone w/o cameras, but same phone number), and transfer my WhatsApp account at the same time. Both the phones have their own unique message history, and it does not sync between devices. I do not have backups enabled on either phone.
That “not having” Facebook or [insert nearly any other major information-based corporation] means that those companies don’t have your information and profile already completed in their database.
Friends dont post media about friends online without consent
If you’ve ever had a contact allow a service to read their contacts, you are in their database. That then gets cross-referenced with the (relatively few) online store providers the first time you use that address - or the obfuscated emailname.store@* version that was meant to serialize or identify spammers but which the simplest script can undo. Now your shipping/billing address, phone, and partial purchase history can be linked with every social media company that weird chick who did upside down keg hits with you that one night decided to allow contact access. Or your aunt Gertrude.
And it’s not even that complicated. Are you in the contacts list of anyone who has ever used the internet? Google, yahoo, or microsoft definitely know who you are in their internal databases and can create a web of contacts and likely contacts just from a couple of emails. Heck, I remember when there were “contact synchronization” websites where you could transfer your contacts between gmail addresses, or to/from other mail services. It was free, so I can just about guarantee they’re selling all of your info, which has been checked and corroborated by however many of your contacts decided to use their services.
If you’ve ever had a contact allow a service to read their contacts, you are in their database.
If this happens in a professional context, this can be a violation of article 44 of the GDPR. I don’t know where exactly I’m going with this, but at least there are some laws around that, I guess.
And we know how strict these big companies are about voluntary compliance to the GDPR. ;-) I’m glad at least someone is putting in rules against this fuckery but, sadly, once that data is sold to the first outside vendor (Cambridge Analytica, Palantir, etc.) it’s out there and lives on the internet forever, even if the big boys are brought to heel by the EU.
Even the ones who actually want to respect the law won’t spend the time to double-check GDPR compliance with every little thing they do.
Almost everything that’s ever happened is a violation of article 44. In fact, the EU supreme court (I guess you’d call it) declared pretty much all EU-US data transfers from the last 20 years as unlawful. Fun.
One of the most common misconceptions in the community itself is that there are absolute states of security and privacy. There aren’t.
You can’t defend against anything, you must consider your threat model before doing any advice given to you on privacy forums.
The threat model of everything possible drives people to schizophrenia. You will lose possible interactions with people as well as potential friendships, because you give out an aura of a weirdo.
I don’t think a simple misconception can create schizophrenia. It’s a complex neurochemical disease with genetic factors
You absolutely can use a VPN and tor, and maintain a good security posture.
https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN
There are trade-offs to be made, but in many scenarios it’s net positive for the users.
I think the Tor foundation doesn’t want to make sweeping generalizations that don’t apply to all users. There’s a huge difference between we can’t make a general recommendation, and you absolutely should not do this.
Its hard to make people understand that privacy is easy these days. Sure its not effortless but it isn’t as big of a hurdle as it could be
That because being perfectly anonymous against all of the most advanced actors is near impossible that it’s not worth it. Every step taken DOES help reduce the amount of info out there on you and the amount of parties that have access to it. Not only that every step you take helps those around you too.
That a VPN automatically makes your online activities more private.
Let me know more about the argument against VPN +tor
You have already read the whole argumentation of the anti_tor+vpn fanatics (yep, they exist): The tor devs don’t recommend it.
What they will never tell you is that the devs say it as general advice for those who don’t know what they are doing.The (real) points against it can be summed up in two, that certain unusual configurations (that you would never apply accidentally or as a newbie) are insecure, and that vpn providers might not be reliable.
Thanks , yea that’s what I thought
They probably are referring to this:
https://support.torproject.org/faq/
Can I use a VPN with Tor?
Generally speaking, we don’t recommend using a VPN with Tor unless you’re an advanced user who knows how to configure both in a way that doesn’t compromise your privacy.
You can find more detailed information about Tor + VPN at our wiki.
That it exists.
The assumed connection between advertising and privacy. While they are often related, there are situations where they can be different concerns. Two very common lines of reasoning I see a lot:
-
Regarding Brave - that is is just an advertising company so shouldn’t be considered for privacy - without getting into a whole debate about Brave, I think advertising can (and used to for many years) be done in a way that doesn’t harm privacy. And while many privacy advocates may be 100% against advertising of any kind, I think there are some people out there that care a lot about the privacy but not as much against any ad of any kind. The idea of a model that respects privacy but allows for advertising supported free content is at very least interesting to me.
-
The assumption that Apple’s growing advertising business must mean declines in privacy coming. While they certainly could lead to that, I don’t think that is a given. There are several areas (specifically areas where already browsing 3rd party items such as apps or businesses) where contextual ads could be effective without harming privacy at all. Not saying I approve at all of these advertising moves on what are sold as premium devices, just that the assumed decrease in privacy is assuming a lot.
My point is only that these can and potentially should be looked at as separate issues. I’m not ignoring that there is a conflict of interest created where a company like Brave could go back on privacy features to improve the advertising features or that Apple does the same for their advertising money, but I think it’s a bit of a miss to assume the worst possible outcome in these and other scenarios.
Ads are useless as people harden up. Its just exploitation of goods, standars Capitalist bullshit.
The result is that the goods are worthless but also people are hardened up. They are less sensitive.
When I open any “social media” on other peoples phones, its shocking how full of ads that is. I enjoy my comfortable bubble without that.
So as Ads are overused, they need to get better. But the real problem is that ads suck and should not exist in any way like they do today.
-
