Is Privacy Worth It?
When I announced I would be closing my communities earlier this year, a curious thing happened: a surprising number of regulars replied with some variation of “I think this is my exit.” While some were specifically talking about Matrix, claiming that mine was the only room they were really active in and therefore they saw no point to having a Matrix account anymore, at least one specifically announced they would be quitting privacy entirely, save for a few basic techniques like using a password manager and being mindful of what to post online. While I didn’t expect the number of people responding that way, I was expecting that response from one or two people. If you check any given privacy forum – especially the ones with a heavy overlap of mainstream users such as Reddit – you’ll find no shortage of people asking “is all this work worth it?” and/or announcing that they’re giving up privacy because it’s too much work. So what gives? Is privacy worth the work?
The short answer, which I’m sure will come as no surprise to most of my readers, is “of course it is.” The more nuanced follow up, however, is that it’s only worth the work if you’re putting in the right amount of work.
Threat modeling is a foundational topic in the privacy community. Privacy Guides has a page about this, which was partially inspired by my own page on the topic, which was heavily drawn from EFF’s page. Techlore also has a video, Firewalls Don’t Stop Dragons talks about it in his book, and I’m sure many others have weighed in in various forms. Despite the abundance of discussion and variety of available formats and perspectives to explain it, many still struggle. Probably about half of the consulting requests I receive are requests to help better define and nail down a real threat model. An improper threat model – or lack of one entirely – will lead to an inconsistent and often unnecessary amount of action on the user’s end. The problem with the digital world is that because it is abstract, it can be hard to get a proper gauge of the realities of the situation.
Imagine it this way: let’s say every time you stepped outside your front door, you decided you want to be safe, so you dressed head-to-toe in full combat gear, complete with bulky full-body kevlar, a helmet, safety glasses, steel-toed boots, and gloves. I can stop the scenario here: even for those of us living in the roughest places, that’s a silly visual because it’s overkill. To be a little detailed, it also goes back to that word I used: “you want to be safe.” Safe from what? The sun? Then just put on some sunscreen and a hat. The cold? Put on a jacket. Danger? Keep your eyes up, headphones out (or low), and be aware of your surroundings.
Yet, many of us do the equivalent of overdressing in our digital lives because, as I said, we don’t always see it right away. Most people can instantly tell when they might be putting on too many items of clothing. Even something as simple as a jacket – when you feel the weight and restriction of movement – makes you pause enough to go “how cold is it really outside?” With the digital world, it can be much harder to notice the added weight, at least for a while. This makes it easier to overdress and not notice for a long time – or to dress up in full armor except for going barefoot (like I said, inconsistent action). In the past, I’ve compared some of the easier cybersecurity strategies with locking your front door: it’s technically inconvenient but we accept that inconvenience because the dramatic increase in security and safety outweighs it. This is comparable to things like using a password manager and 2FA or making the upfront switching cost to another service. Unfortunately with the more dramatic changes, it often takes several measures at once or a period of time – or both – before you begin to notice the increased digital weight. In many cases, when I have the opportunity to speak to people who aren’t yet at the point of giving up but are feeling overwhelmed, it doesn’t take long to learn that they never properly threat modeled, usually citing a lack of understanding how to. Once they understand the concept, they quickly start to realize where they can safely dial back to something less stressful without risking themselves and where they should instead focus more attention to improve. You don’t need the entire suit of body armor, you just need to put on a jacket.
The result of an incorrect threat model is extreme: burnout, isolation, loneliness, and stress. A classic story that always come to mind for me is the Redditor who claimed that they had successfully removed all DRM and propriety software from their home: no Netflix, no YouTube, etc. This person claimed to be actively dating, but decried the difficulty they were having meeting women. They went on to note that they required everyone who communicated with them to move off the dating app to a PGP-based encrypted messenger and to verify keys out-of-band. This person divulged little else about their life, but I have a hard time believing that it was safe for them to use online dating but not safe to relax some of their other choices as a compromise. They had allowed their privacy lifestyle to become so unnecessarily extreme that it alienated them and caused them to miss out on life.
This is what most people are asking when they ask if privacy is worth it. “Do I have to be alone? Do I have to miss out on meeting new people? On friends? On love? On my dream job? On watching my distant loved ones go through life?” My answer for most people is that if that’s what it’s costing you, you’re doing too much. I think sometimes giving up these services can be a shock at first, and I suspect that might be a cause of stress to some. In those cases, users will have to get creative. In the absence of a social news feed, I rely on RSS. As an introvert I don’t feel the need to get out of the house often or have a lot of friends but I do still frequently attend meetups, concerts, and see friends to get my socialization. As my friends and family have come to respect my lifestyle, they make a point of sending me videos, pictures, and other content that they also posted online so that I don’t miss out. In other cases, perhaps a service is necessary and one can simply rethink their usage and relationship to it. If you really need Facebook for a certain group or event invites, do you need the app on your phone? Perhaps you can just log in once a day via the website to check for notifications and then log right off.
This, of course, is going back to threat modeling. “What are you trying to protect and from who?” What’s the risk of using Facebook once per day for a few minutes to check notifications? How can you minimize those risks? Is that risk now acceptable to you after making those changes? The vast majority of people I speak to don’t have high threat models by their own admission. Simply using Facebook once a day in a hardened browser with a VPN is plenty to protect their privacy – they never have to post, it doesn’t track their location 24/7, and the browser will defeat most other tracking attempts. Coupled with the basic cybersecurity advice – like strong passwords and 2FA – and for the overwhelming majority of people, this is an acceptable compromise. Of course, in this example you’ll still need to give Facebook some real information about you as they become increasingly demanding of that stuff, but threat modeling applies here, too. What are the risks? Someone knowing that you have a Facebook account? Are you in any groups you’d rather people not know you were in? For most people, these are acceptable risks. At that point you just need to be disciplined: log off immediately after checking notifications, never post, don’t put the app on your phone, etc.
To be clear, as I’ve said many times before, I do encourage people to do as much as they can. If you don’t need Facebook at all – as I don’t – then don’t sign up. Moral arguments aside, your data can’t be breached if they don’t have it in the first place. (This of course doesn’t address off-site tracking but that’s a different discussion.) Even if your threat model is low, it can’t hurt to purchase a data removal service just in case or to use a VPN if you can afford one. It’s easier to be proactive than reactive and every little bit adds up. However, we must be careful not to go overboard with this stuff and let privacy negatively impact our lives, and that starts with a good threat model. A good threat model helps you make the right decisions. When you go “money is tight, I’m not sure I want to pay for a VPN,” a threat model helps you go “that’s okay, not having a VPN fits your threat model, here’s some other ways you can work around it.” On the other hand, a good threat model also gives you the peace of mind to say “I know I don’t need to switch to Linux, but I want to and it won’t negatively impact my life, so let’s go download that.”
Privacy is very much worth it, but as I’ve said numerous times, privacy is a spectrum, not a “yes or no.” How much privacy you need varies from person to person, and thus “worth it” will also vary. By threat modeling and finding the right amount you need, you can allocate the resources you have correctly and find the right balance to make it worthwhile for you. But whether you’re looking to do the bare minimum or trying to go as far as possible, make sure you’re balancing your privacy journey with all other areas of your life to get the most out of it. There’s more to life than just privacy, and protecting those other things also makes it worthwhile.
You can find more recommended services and programs at TheNewOil.org, and you can find our other content across the web here or support our work in a variety of ways here. You can also leave a comment on this post here: Discuss...