For me its probably the debate regarding using a VPN with tor - Like the tor devs themselves recommend against using a VPN with tor.

Another is also probably the argument of “nothing to hide, nothing to fear”.

  • fluckx@lemmy.world
    link
    fedilink
    arrow-up
    66
    ·
    edit-2
    1 year ago

    Another is also probably the argument of “nothing to hide, nothing to fear”.

    People always forget that you have nothing to hide if you know what they’re looking for. The problem is you don’t know what they’re looking for. And the thing they’re looking for can change over time. And once you’ve given it you can’t take it back.

    Not to mention that while you share it with one party, they’ll sell you off.

    People always assume nothing to hide means not doing anything illegal that’ll make you end up in jail.

    They think there’s somebody going through all the data and that this would be too much work. They really don’t/won’t understand that computers have been able to do this at scale for years.

    If any bigtech company does it it’s fine. But if I ask them for their unlocked phone for 10 minutes to sift through their messages with the promise I’ll give them free advice on how to solve their problems it’s none of my business.

    ¯\_(ツ)_/¯

    • Boozilla@lemmy.world
      link
      fedilink
      English
      arrow-up
      45
      ·
      1 year ago

      Those dumb people are confusing privacy with secrecy.

      A good example of privacy is a bathroom. Everyone knows what goes on in bathrooms. It’s not a secret. But you still close the door. Do those people with “nothing to hide” want the government recording and storing video of them every time they use the bathroom or have sex? If they answer “no”, then they value their privacy. (If they answer “yes” they should probably seek therapy).

      An example of secrecy is laundering money to avoid paying taxes on it. That’s not privacy, that’s hiding something illegal.

      • demystify@lemmy.ml
        link
        fedilink
        English
        arrow-up
        14
        arrow-down
        2
        ·
        1 year ago

        There, that’s the one argument I’ve been missing in my explanations. Thank you, kind sir or ma’am.

        • Adalast@lemmy.world
          link
          fedilink
          arrow-up
          6
          ·
          1 year ago

          I usually go a little harder with it. Suggest they strip down and walk down the street in the buff, or offer to look in their windows at night without them knowing. It’s amazing how people forget that “modesty” is another form of privacy. The issue is that people have a visceral understanding of what a violation of their direct privacy is and what it means, but their virtual privacy, they don’t understand the danger, not the implications of it being taken. Make them feel violated and them get them to equate the two feelings.

    • Sterile_Technique@lemmy.world
      link
      fedilink
      English
      arrow-up
      14
      ·
      1 year ago

      “I also have nothing to hide, but the assumption that everyone who wants to log every detail of my life isn’t doing so with malicious intent, is dangerous.”

    • meseek #2982@lemmy.ca
      link
      fedilink
      arrow-up
      10
      ·
      1 year ago

      I find it comical that the companies building this surveillance tech, that are quick to use the “if you have nothing to hide…” argument are as secretive and closed as any spy agency.

      Guess it’s just a one way street 🙄

  • miss_brainfart@lemmy.ml
    link
    fedilink
    arrow-up
    38
    arrow-down
    1
    ·
    1 year ago

    Many people put privacy, security and anonymity all in a single basket. While they often go hand in hand between one another, they’re still fundamentally different things.

    • 9tr6gyp3@lemmy.world
      link
      fedilink
      arrow-up
      15
      ·
      1 year ago

      To add to this, you arguably cant have privacy or anonymity without security first.

      If there are any vulnerabilities or design flaws for your device or its OS, you shouldn’t fully trust your device to handle sensitive tasks.

  • ono@lemmy.ca
    link
    fedilink
    English
    arrow-up
    34
    ·
    edit-2
    1 year ago

    Misconception: “I’m not interesting enough for anyone to surveil me.”

    Reality: Mass surveillance.

  • OsrsNeedsF2P@lemmy.ml
    link
    fedilink
    arrow-up
    23
    arrow-down
    1
    ·
    1 year ago

    The biggest one people usually get wrong is thinking their messages on WhatsApp, Telegram, and other proprietary messengers are private

    • cRazi_man@lemm.ee
      link
      fedilink
      arrow-up
      15
      ·
      edit-2
      1 year ago

      My brother does this. And it’s easy to see how people fall for this when the disinformation from those companies keeps telling you how private your messages are and that not even WhatsApp can read them. Yet when you lose your old phone and reinstall on a new phone, your old messages magically show up without you having to provide an encryption key.

      • miss_brainfart@lemmy.ml
        link
        fedilink
        arrow-up
        8
        ·
        1 year ago

        your old messages magically show up without you having to provide an encryption key

        Do they? I thought you had to explicitely back them up to get them on a new device. At least that’s how it was when I still used it.

        • cRazi_man@lemm.ee
          link
          fedilink
          arrow-up
          7
          ·
          edit-2
          1 year ago

          They do with Telegram. In WhatsApp (if I recall correctly) it auto-retrieves from your google drive.

          (Come to think of it…if that means the encryption key is just with you in your google drive and not with WhatsApp, then is that more secure than I have previously believed??)

          With Signal they prompt you to pull the data and generate and encryption key. If you lose either of those things then there’s no way to get your messages back since no one else has them.

          • miss_brainfart@lemmy.ml
            link
            fedilink
            arrow-up
            5
            arrow-down
            1
            ·
            1 year ago

            Telegram doesn’t surprise me, chats aren’t even encrypted per default in some instances (group chats, I believe?)

            But then again, how solid is any encryption if Matrix bridges can exist?

            • nitneroc@lemmy.one
              link
              fedilink
              arrow-up
              4
              ·
              1 year ago

              Matrix bridges have nothing to do with encryption, they read the messages exactly the same way a client would, and send them to the other side of the bridge exactly the same way a client would.

              • miss_brainfart@lemmy.ml
                link
                fedilink
                arrow-up
                2
                ·
                1 year ago

                They have a lot to do with encryption. As an example, Signal and Matrix use different encryption standards. So to get a message across, it needs to be decrypted mid-transit, to then be re-encrypted with the protocol of the recipient.

                Any one of your contacts can set this up without your knowledge or consent, and then there’s a gap in the encryption. They can just freely give away the keys to their chats they have with you, and now a third-party has the means to decrypt your messages.

                That’s pretty fucked if you think about it, but there’s not much you can do.

                Sure, it’s not a huge problem if the service doing it is verifiable to have good security and doesn’t snoop, but it’s still adding another link in the chain to trust and to keep intact.

                • nitneroc@lemmy.one
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  1 year ago

                  That’s exactly what I said, each side of the bridge has its own encryption standard (or no encryption at all).

                  The encryption could be as solid as possible, the problem would remain unchanged: to bridge messages between two services that are not interoperable, you need to decrypt them at some point.

            • Amju Wolf@pawb.social
              link
              fedilink
              arrow-up
              3
              arrow-down
              3
              ·
              1 year ago

              No Telegram chats are end-to-end encrypted by default. And I don’t know anyone who’d use the feature regularly (it’s a hassle).

              And, to be fair, it’s not really necessary for most day to day messaging.

              • miss_brainfart@lemmy.ml
                link
                fedilink
                arrow-up
                3
                ·
                1 year ago

                I think it’s very much necessary to insist on our right to privacy. Personal chats not being encrypted should be a clear and absolute NO for anyone.

                • Amju Wolf@pawb.social
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  1 year ago

                  Ideally, yeah. Practically, shit like stickers or media sharing is way more important to the vast majority of people.

              • library_napper@monyet.cc
                link
                fedilink
                arrow-up
                3
                arrow-down
                1
                ·
                1 year ago

                That’s not true. Please don’t spread misinformation. That’s literally the point of this thread.

                TLS encryption to telegram servers is not e2ee. That’s the point

      • ZapBeebz_@lemmy.world
        link
        fedilink
        arrow-up
        3
        arrow-down
        1
        ·
        1 year ago

        FWIW, I swap between phones weekly (separate work phone w/o cameras, but same phone number), and transfer my WhatsApp account at the same time. Both the phones have their own unique message history, and it does not sync between devices. I do not have backups enabled on either phone.

  • Overzeetop@kbin.social
    link
    fedilink
    arrow-up
    19
    ·
    1 year ago

    That “not having” Facebook or [insert nearly any other major information-based corporation] means that those companies don’t have your information and profile already completed in their database.

      • Overzeetop@kbin.social
        link
        fedilink
        arrow-up
        5
        arrow-down
        1
        ·
        1 year ago

        If you’ve ever had a contact allow a service to read their contacts, you are in their database. That then gets cross-referenced with the (relatively few) online store providers the first time you use that address - or the obfuscated emailname.store@* version that was meant to serialize or identify spammers but which the simplest script can undo. Now your shipping/billing address, phone, and partial purchase history can be linked with every social media company that weird chick who did upside down keg hits with you that one night decided to allow contact access. Or your aunt Gertrude.

        And it’s not even that complicated. Are you in the contacts list of anyone who has ever used the internet? Google, yahoo, or microsoft definitely know who you are in their internal databases and can create a web of contacts and likely contacts just from a couple of emails. Heck, I remember when there were “contact synchronization” websites where you could transfer your contacts between gmail addresses, or to/from other mail services. It was free, so I can just about guarantee they’re selling all of your info, which has been checked and corroborated by however many of your contacts decided to use their services.

        • miss_brainfart@lemmy.ml
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          If you’ve ever had a contact allow a service to read their contacts, you are in their database.

          If this happens in a professional context, this can be a violation of article 44 of the GDPR. I don’t know where exactly I’m going with this, but at least there are some laws around that, I guess.

          • Overzeetop@kbin.social
            link
            fedilink
            arrow-up
            3
            ·
            1 year ago

            And we know how strict these big companies are about voluntary compliance to the GDPR. ;-) I’m glad at least someone is putting in rules against this fuckery but, sadly, once that data is sold to the first outside vendor (Cambridge Analytica, Palantir, etc.) it’s out there and lives on the internet forever, even if the big boys are brought to heel by the EU.

            • miss_brainfart@lemmy.ml
              link
              fedilink
              arrow-up
              2
              ·
              1 year ago

              Even the ones who actually want to respect the law won’t spend the time to double-check GDPR compliance with every little thing they do.

              Almost everything that’s ever happened is a violation of article 44. In fact, the EU supreme court (I guess you’d call it) declared pretty much all EU-US data transfers from the last 20 years as unlawful. Fun.

  • moreeni@lemm.ee
    link
    fedilink
    arrow-up
    17
    ·
    edit-2
    1 year ago

    One of the most common misconceptions in the community itself is that there are absolute states of security and privacy. There aren’t.

    You can’t defend against anything, you must consider your threat model before doing any advice given to you on privacy forums.

    The threat model of everything possible drives people to schizophrenia. You will lose possible interactions with people as well as potential friendships, because you give out an aura of a weirdo.

    • PM_ME_FAT_ENBIES@lib.lgbt
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      I don’t think a simple misconception can create schizophrenia. It’s a complex neurochemical disease with genetic factors

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    16
    ·
    edit-2
    1 year ago

    You absolutely can use a VPN and tor, and maintain a good security posture.

    https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN

    There are trade-offs to be made, but in many scenarios it’s net positive for the users.

    I think the Tor foundation doesn’t want to make sweeping generalizations that don’t apply to all users. There’s a huge difference between we can’t make a general recommendation, and you absolutely should not do this.

  • Possibly linux@lemmy.zip
    link
    fedilink
    English
    arrow-up
    8
    ·
    1 year ago

    Its hard to make people understand that privacy is easy these days. Sure its not effortless but it isn’t as big of a hurdle as it could be

  • andruid@lemmy.ml
    link
    fedilink
    arrow-up
    8
    ·
    1 year ago

    That because being perfectly anonymous against all of the most advanced actors is near impossible that it’s not worth it. Every step taken DOES help reduce the amount of info out there on you and the amount of parties that have access to it. Not only that every step you take helps those around you too.

  • Zerush@lemmy.ml
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    Breaking a lot of pages and slow down the browsing, because no knowing the difference between private and tecnical data, blocking or spoofing all of them indisciminately and not only the private data and those which need to be protected.

  • Fly4aShyGuy@lemmy.one
    link
    fedilink
    arrow-up
    4
    ·
    edit-2
    1 year ago

    The assumed connection between advertising and privacy. While they are often related, there are situations where they can be different concerns. Two very common lines of reasoning I see a lot:

    • Regarding Brave - that is is just an advertising company so shouldn’t be considered for privacy - without getting into a whole debate about Brave, I think advertising can (and used to for many years) be done in a way that doesn’t harm privacy. And while many privacy advocates may be 100% against advertising of any kind, I think there are some people out there that care a lot about the privacy but not as much against any ad of any kind. The idea of a model that respects privacy but allows for advertising supported free content is at very least interesting to me.

    • The assumption that Apple’s growing advertising business must mean declines in privacy coming. While they certainly could lead to that, I don’t think that is a given. There are several areas (specifically areas where already browsing 3rd party items such as apps or businesses) where contextual ads could be effective without harming privacy at all. Not saying I approve at all of these advertising moves on what are sold as premium devices, just that the assumed decrease in privacy is assuming a lot.

    My point is only that these can and potentially should be looked at as separate issues. I’m not ignoring that there is a conflict of interest created where a company like Brave could go back on privacy features to improve the advertising features or that Apple does the same for their advertising money, but I think it’s a bit of a miss to assume the worst possible outcome in these and other scenarios.

    • Pantherina@feddit.de
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Ads are useless as people harden up. Its just exploitation of goods, standars Capitalist bullshit.

      The result is that the goods are worthless but also people are hardened up. They are less sensitive.

      When I open any “social media” on other peoples phones, its shocking how full of ads that is. I enjoy my comfortable bubble without that.

      So as Ads are overused, they need to get better. But the real problem is that ads suck and should not exist in any way like they do today.