Firstly, I’m not against privacy or anything, just ignorant. I do try to stay pretty private despite that.
I wanted to know what type of info (Corporations? Governments? Websites??) Typically get from you and how they use it and how that affects me.
SSRN is a kind of vast warehouse of academic papers, and one of the most excited and well-read ones is called “I’ve got nothing to hide and other misunderstandings of privacy.”
The essence of the idea is that privacy is about more than just hiding bad things. It’s about how imbalances and access to information can be used to manipulate you. Seemingly innocuous bits of information can be combined to reveal important things. And there are often subtle and invisible harms that are systematic in nature, enabling surveillance state institutions to use them to exercise greater amounts of control and anti-democratic ways, and it can create chilling effects on behavior and free speech.
Everyone should read academic papers regardless of scholarship. But at the same time, I don’t pretend not to be lazy, so let me summarize (no gee-pee-tee was used in this process):
comment 1/2
Section I. Introduction
skip :3
Section II. The “Nothing to Hide” argument
We expand the “nothing to hide” argument to a more compelling, defensible thesis.
“The NSA surveillance, data mining, or other government information- gathering programs will result in the disclosure of particular pieces of information to a few government officials, or perhaps only to government computers. This very limited disclosure of the particular information involved is not likely to be threatening to the privacy of law-abiding citizens. Only those who are engaged in illegal activities have a reason to hide this information. Although there may be some cases in which the information might be sensitive or embarrassing to law-abiding citizens, the limited disclosure lessens the threat to privacy. Moreover, the security interest in detecting, investigating, and preventing terrorist attacks is very high and outweighs whatever minimal or moderate privacy interests law-abiding citizens may have in these particular pieces of information.” (p. 753, or pdf page 9)
Section III. Conceptualizing Privacy
A. A Pluralistic Conception of Privacy (aka “what’s the definition”)
Privacy definitions suck.
- “privacy’s content covers intimate information, access, and decisions”? But your Social Security and religion are private but not intimate (p. 755, or pdf page 11).
- ye olde Harvard Law Review “right to be let alone”? But shoving someone and not leaving them alone isn’t a privacy violation (p. 755, or pdf page 11)
- The 1984 Orwellian thingy of social control by surveillance? But the boring data like the history of your beverage use and marital status isn’t very controlly (p. 756, or pdf page 12)
Since it isn’t only about inhibition or chilling (scaring people into not doing stuff) and more about a helpless powerless relationship with the important-life-decision institutions, Kafka’s The Trial is more accurate: a bureaucracy “with inscrutable purposes… uses people’s information to make important decisions about them, yet denies people the ability to participate in how their information is used” (p. 756-757, or pdf page 12-13).
To make privacy distinct and its issues more concrete – it is kinda a blobby subject (p. 759 or pdf page 15) – we define it as a blurry family relationship of kinda similar stuff (i.e. if it’s similar to the below, it’s in the privacy umbrella):
- Information Collection
- Surveillance
- Interrogation
- Main problem: “an activity by a person, business, or government entity creates harm by disrupting valuable activities of others” whether physical, emotional, chilling socially beneficial behavior like free speech, or power imbalances like executive branch power.
- Information Processing
- Aggregation
- Identification
- Insecurity: Information might be abused. You can think of ways ;)
- Secondary Use
- Exclusion: People have no access nor say in how their data is used
- Information Dissemination
- Breach of Confidentiality
- Disclosure
- Exposure
- Increased Accessibility
- Blackmail
- Appropriation
- Distortion
- Main problem: How info can transfer or be threatened to transfer
- Invasion
- Intrusion
- Decisional Interference
- Main problem: Your decisions are regulated
(p. 758-759, or pdf page 14-15)
((aside by me: Sheesh lol))
<deleted>
removed by moderator
Reason: doxxed OP
First, governments already have all the data they want from you. There’s no way around that. Second, the more information you have on the internet, the easier it is for someone to take your identity. Look up security breaches and hacks and it will become very obvious since many places put your personal info on the web while guaranteeing your info is safe. Third, there are databases that aren’t illegal that store your personal info that people can research to track you down. And it’s not originally meant for unscrupulous reasons. These databases were first meant to replace phone books which would post your contact number and address, but those have since been used for shady business. For example, if you get a lot of spam calls, that means you are on an internet database somewhere.
Another example of why it’s important is a personal experience. I was deployed, and my parents started getting messages from random people asking for my exact location and what operation I was involved in. They claimed they served with me and they wanted a way to send me mail. They refused and then started getting threats of having my niece and sister taken. When I found out, I got NCIS and the FBI involved and not long after the investigations started, there were no more messages.
Another example I can give to you is what started my perma ban on reddit. I saw the story of a man in Wyoming who accidentally ran a wolf over (the wolf was very injures). So instead of putting it out of it’s misery or calling animal services, he paraded the hurt animal around a bar for a few hours before taking it out back and putting it down. I found his phone number on aforementioned databases and posted it on reddit.
The moral of the story is that you are available and findable if you do not take proper steps
There was a jogging app known as Strava that posted an image on their Twitter that was a heatmap of all the jogging activities of all of their users. Their idea was just to show how popular their app was by showing the entire world lit up. Twitter users were able to locate secret US military bases on that data alone. Turns out nobody jogs in circles in the middle of the desert except GIs.
Recently a group of Harvard students did a demo where they used Meta’s camera glasses and a chain of commercial programs and products to find out people’s names, address, workplaces, and family based only on their facial data.
These are just two examples off the top of my head. Essentially, the more data someone can accumulate, the more info can be analyzed from it. With things like AI tools, that analysis is incredibly fast even with huge datasets.
I don’t know how someone can both have a one year old Lemmy account and have been born yesterday. A torrent of like-I’m-5 answers to these questions are readily available to you. Did you try any search engine? Or maybe YouTube?
People learn about different things at different times. If we care about promoting privacy we should be accomodating and not hostile about that.
Personally I think its great to have online discussions/questions available on a forum (like lemmy) that are federated and accessible anonymously as it allows answers or discussions to be created and available for others to search and find in the future. There’s a lot of content that I find where answers or discussions were posted on reddit, but I can’t access it if I’m trying to reach it anonymously (bad for privacy).
I would encourage these kind of posts as:
- They generate content for lemmy/the fediverse.
- The new content brings in more people, perspectives, and collaborations.
- People seeing active discussions on this site will inspire others to post more and help bring in other perspectives.
- Understanding the “Ten thousand” XKCD (xkcd.com) perspective lets you realize that people are learning all the time and that trying to get feedback in a forum is not a bad thing regardless of how many other options there are.
I feel like being spied on on the Internet is kind of like having a camera in your bathroom.
Sure they promise they’re only going to point it at the sink and just make sure that you’re engaging in proper toothbrushing habits.
Sure.
But they’ll set it at the point where the mirror shows the shower and the toilet and they’ve got smell detectors in there to determine how much food you’ve eaten and how well your digesting it and there’s a sensor in the toilet to check the content of your urine and then if you drink too much they’re going to tell your boss that you’ve been drinking because they detected the alcohol that your body flushed out in your urine when you peed.
And you have no control over who gets to see what’s going on in your bathroom.
It is morally wrong and psychologically oppressing to be spied upon.
And the powers that be are so focused on the benefits it gives them that they do not care about the negatives that affect us.
10 years ago by having your full name and face your whole data would be in risk of exposure like all social media apps your online footprint etc, etc and in the wrong hands hackers for example can do god knows what with it like sell your data to your enemies track it against you to steal your bank informations whatever they can put their hands on…
Nowadays they only need your face, almost everyone in the world has had uploaded a picture of them online somewhere and that’s enough to dox you and again your online digital footprint and again for whatever reason they want to possibly hurt you,
However having digital privacy forbids this data from leaking to the wrong hands and makes you a little more secure, just knowing little bit about your private life is sometimes enough to track you and open a weakness to take advantage of. this age isn’t for nuclear wars it’s about digital wars and data is power.
In addition to everythong everyone has said, one major thing that people often don’t think about privacy is how it relates to enshittification.
Modern software services try to optimize everything to make as much money as possible. Everything is a/b tested, and whatever increases some arbitrary metric is what gets released.
They do this by tracking a ton of metrics about how you interact with everything. I know where I work we collect data about every time you click on anything, how long you hover over buttons, etc.
Why do you need curtains on your windows?
To make sure the whole world isn’t just a window for the HR department. I can have “dissident” views, or just talk trash with my friends, and not get fired since it wasn’t at the office.
To make sure real dissidents (from totalitarian countries) can express their political views.
So a lady can send her husband feet pics without some secret agent spy gawking at them too.
So I can share my family’s secret BBQ sauce recipe with my cousin without Arby’s stealing it (they have eyes everywhere).
But these are all specific things. The truth is that we simply cannot trust institutions with all our data. I don’t need a reason for privacy. They need a reason to have my info. Security is a legit reason to seek citizens’ info, generally, but you should need a specific security-related reason to access a specific person’s data.
Because, even if what you’re doing now is fine, moral and legal, it might not be perceived as that later, whether by your friends, neighbors or government. This has become especially relevant in recent years. Even if your own opinion shifts to match later trends, your past actions might hurt you.
You might be doing nothing wrong and still jeopardize your future self.
The same reason why you have curtains over your windows, so random people cant peek into your private life.
Privacy is important because it gives you control over your life; details, info, thoughts, emotions…
I recently met a guy out of town at a trade show. We were both in the same show, grabbing some snacks, and I complimented his hat. We started talking, a little this, a little that. Eventually we parted ways. On the outro we introduced ourselves by first name only, more as a BTW side note because we might run into each other again. Why am I telling this story?
Because I forgot his name almost instantly and really only remember his hat. I know nothing about the guy. He knows nothing about me. But wouldn’t it be weird if I didn’t just remember his first name, but I knew his last name too? Where he lived, worked, shopped for groceries, sexual orientation, he last time he ordered pizza and what toppings were on it, how he voted last election, etc… If I knew all that about him, I could have a much more in depth conversation with him. And even if I had no mal intent and simply wanted to give him better experiences in life…that’s not my decision to make. He didn’t ask for that. And it’s freaking weird.
But that’s what has been made normal in our lives. Privacy helps keep your life…well, private.
Then the rabbit hole goes deep on nefarious uses. And it’s not “its possible” to do this, but rather “it’s being done” (with absolutely no doubt or argument).
I’m probably gonna mess this quote up, but I thought it was brilliant:
“Privacy is essential to security, and shitty people feel entitled to take that away from you.”
You can’t be secure in your dealings or operate on equal footing (economically speaking, as others here have pointed out) without a measure of privacy.
You have asked the most important question in this topic. Privacy and security only have meaning when you develop a threat model or encounter a threat. With digital security it is usually pretty straightforward in that you don’t want anyone else controlling your computer or phone and using it for their own ends. And a lapse in digital security can ruin attempts to secure privacy.
Privacy is where threat models should be developed so that you (1) don’t waste time worrying about and working around nonexistent threats and (2) can think holistically about a given threat and not believe in a false means of privacy.
For example, if you are of a marginalized community, closeted, and in a very unsafe living situation, your main threat model might be getting doxxed and outed. To prevent this you should ensure that there is zero to no information that would link your real identity to an online identity and you should roll accounts to ensure small slipups can’t be correlated. VPNs probably don’t help in this threat model but they don’t hurt either. A private browser does nothing in this situation. Securing your phone and not leaving it unlocked anywhere is good for this situation (sometimes privacy isn’t really about tech but behavior). Using strong passwords that can’t be guessed helps with this situation. Making a plan to move to a safe living situation so you can be out will resolve the threat entirely, though it may mean needing to think about new ones.
Notice that the government was not in this threat model and that it was more about violence towards the marginalized. Cis white guy techbros generally have nothing to worry about re: infosec and are just being enthusiasts or LARPers. Nobody is showing up at their house with a gun and the feds are not going to arrest you for having the most “centrist” political takes and actions available. The people that need to project themselves are those facing overt targeted marginslization or who take political action that the government wants to, or would eventually want to, suppress. For example, the US government labelled anti-apartheid groups as terrorist organizations and intimidated or jailed those they could identify. It has a habit of doing this to any advocacy groups that gain steam and actually pose a political threat to their opponents.
Even if you don’t have a threat model, though, having good digital hygiene is useful in case one develops in the future. You may currently do political work that seems safe, and it is because it is not perceived as a threat. Let’s say you help organize unions. But there have been times where organizing unions would mean you’re targeted by the government and hired thugs and those times can easily return. If they have compiled a database of likely union sympathizers, will your name be in there? Maybe that’s a risk that you just take. But maybe you should use good privacy practices so that you can go underground when needed.
The latter applies to the threatless cis white techbro “centrists”. Such an individually may someday change politically or in their gender identity and having good practices would then pay off.
Hi! Although your post is full of reasonable advice on maintaining privacy online I want to challenge you on the statement that the threat model matters. The contrapositive of the statement “I don’t need privacy if I have nothing to hide” is “I have something to hide, if I need privacy”. This puts those marginalized groups you mentioned in a position where simply by using a privacy tool or technique, they draw suspicion to themselves. It might immediately raise subconscious alarms in internet communities like facebook, where the expectation is that you use your real name.
The only way privacy measures work for anyone, is if they’re implemented for everyone.
Further, I’d like to challenge the concept that a cis white tech bro has nothing to hide. There’s a big invisible “for now” at the end of that statement. The internet, mostly, never forgets. We’ve had waves of comedians get “cancelled” over tweets they made years ago. Times change, people grow, laws regress. Posting statements about abortions is as of this year, suddenly unsafe. Maybe posting about neurodivergence comes next. Who knows with the way the world is going, maybe 5 years from now you’ll regret having posts on /c/atheism associated with you.
I think a good way to be considerate of privacy is to think in terms of identities, what those identities are for, and what links those identities. Does your identity on github need make comments about your political leanings? Should your resume have a link to your github? Does your identity on etsy need to have a link to your onlyfans? Does your dating profile need a link to your reddit account? Your “2nd” reddit account? Not all of these are clear yes or no answers, they’re just things to consider and make decisions about. Also, consider what class identities you only have one of, and what class of identities are for the most part unchangeable, e.g. attaching your phone number to two separate identities functionally links them.
The contrapositive of the statement “I don’t need privacy if I have nothing to hide” is “I have something to hide, if I need privacy”.
I said neither. I said that the marginalized have relevant threat models and, at least in the state they are currently in, cis white techbros generally do not and treat privacy as a hobby, failing to develop realistic threat models. This doesn’t translate into either of those sentiments.
This puts those marginalized groups you mentioned in a position where simply by using a privacy tool or technique, they draw suspicion to themselves.
That really depends on the specifics of the technique and if your threat model is the entities that could draw those conclusions, namely a government, they will tend to do that regardless. For those threat models you should really be shedding digital communication entirely and making a plan to leave.
But sure, something like having a ton of boring and diverse traffic in a VPN is useful for making them a privacy tool at all.
It might immediately raise subconscious alarms in internet communities like facebook, where the expectation is that you use your real name.
Alarms among who and what are the threats? This means nothing without a threat model.
The only way privacy measures work for anyone, is if they’re implemented for everyone.
This is simply false. For example, not everyone needs to meet in-person just for that to be an option for staying private. So long as you have a means to avoid leaking certain information to certain people, you can meet the needs of a threat model.
Further, I’d like to challenge the concept that a cis white tech bro has nothing to hide.
Not what I said.
I think a good way to be considerate of privacy is to think in terms of identities, what those identities are for, and what links those identities.
The only meaningful way to think about it is in terms of threat models. Identities are an aspect of engaging in certain online activities, they only have meaning relative to a threat model. I agree that it is a good idea to keep employers out of your political activity by not tying them together but that is because we live under capitalism where your employer can remove your means to provide for itself whenever it wants. The threat model is ubiquitous, just differing slightly in its form (delays, the need for lawyers, etc). There are of course more threat models re: political activity.
The risk of not considering threat models and instead adopting broad brush practices is that you can fail to adequately weigh threats or get a false sense of security.
💯
My threat model is a potentially violent stalker and my professional reputation. I keep any identifying details online to a minimum so he can’t track me down and I keep separation between political activity and my professional identity compartmentalized.
Stuff like volunteering for the ACLU should not matter when I apply for a new job. But there are assholes out there and I would rather they websearch my name and find nothing rather than something they would see negatively for any reason. I know some hiring managers in my company try to avoid anyone with politics that would align with pro-union positions because … well, because they are anti-union assholes. I can’t always avoid that in my career so I’ll at least work against them in my own chosen way instead of theirs.
Those are good reasons and I’m glad you think about and develop these threat models. And sorry you have to deal with them.
Something else we should also be worried about is data leaks. Investments in consumer data security don’t raise stock prices so it’ll be underfunded by corps. Suddenly there will be huge breaches of consumer data accessible by everyone.
You can imagine all sorts of black mail attempts,not just by hackers, but ordinary people who know how to sparse the raw data.
You can have private “viewing habits” or edgy jokes you made sent to your company’s HR and shit. Also of course now the government has access to all of this information. Can you imagine the government passing some draconian “stop terrorists, and also protect the kids” bill. They could start spying on or even prosecuting those reading material related to stuff like the anarchist’s cookbook and similar.
At the end of the day, data that doesn’t exist can’t be leaked.
