Practical privacy and simple cybersecurity.
TheNewOil.org

The Greatest Enemy of Privacy

There are many enemies of privacy. There are politicians claiming the (at best) misguided pretense of “protecting the children,” intelligence agencies claiming “national security,” companies claiming to give us “the best experience” or serve us the most relevant ads, and even individuals who seek to intimidate us and threaten us for any number of perceived slights. But there is one enemy who I’ve come to believe stands head and shoulders above the rest as the greatest enemy of privacy, one who will utterly destroy us if we can’t get it in check: the community itself.

I’ve been listening to a lot of military history lately, so pardon me for going to the military comparisons lately, but as a veteran my thoughts on this matter immediately went to rivalries with other military branches. For those who don’t know, there is a nonstop – usually friendly – rivalry among the different branches. I’ve laughed at many slang put-downs like “Chair Force” or “Never Again Volunteer Yourself,” even when they’re aimed at my own branch. But even when those jovial rivalries borderline on genuine contempt and a feeling of superiority (justified or not), there’s always that “one team, one fight” mentality lying beneath it all: we may think our branch is better or that your guys are soft or bad at what they do, but we still want everyone to go home to their families at the end of the tour. This is why “blue on blue” is perhaps the worst (or at least one of the worst) crimes a military member can commit, regardless if it’s inter- or intrabranch. I would be appalled to hear of a Marine attacking a Soldier or a Sailor shooting an Airman. And yet, this is the norm in the privacy community.

To be clear, this isn’t the same as having an opinion. I’m sure we’ve all experienced going to see a highly-praised movie and walking out going “really? Everyone loves that trash?” or finding out that a movie we love was poorly received (Tenet is one of my favorite movies and I will die on that hill). Opinions are fine, even if it’s “I think the UI of one app is better than another.” Personally, I’m even willing to accept conspiracy theories – such as “Signal is a honeypot” – so long as it’s clearly noted as an opinion without solid evidence. The problem is that in the privacy community, some of these opinions are held so dearly and with such rabid fervor that it boils over into fanaticism, misinformation, and harm to the community.

Let’s talk about browsers for example. We basically have two choices in the privacy space: Brave & Firefox (including Firefox-based forks like Librewolf, Mullvad Browser, and others). When I have to give an “elevator pitch” or a “quick set-it-and-forget-it” recommendation to non-privacy folks, 99% of the time, I say Brave. It’s an obvious choice. It’s available on all platforms (and the feature set is nearly identical on all platforms), it comes by default with strong privacy protections like tracker blocking and anti-fingerprinting, it comes with a clean and familiar UI, and it has a slight security edge being based on Chromium (which is widely regarded as having better sandboxing compared to Firefox’s engine). As a bonus, it comes with an ad-blocker so users can see the difference and it ships with the Brave search engine, which is my personal favorite and is more private and independent of Google. Plus Brave is constantly innovating with new privacy-focused features enabled by default and invisible to the end user.

The Brave-haters are almost certainly foaming at the mouth reading that paragraph. They’ll cite concerns like Brave’s affiliate link scandal, the collection of funds ostensibly on behalf of creators without telling them, the installation of programs without user consent, that using Brave contributes to the Chromium marketshare and further solidifies Google’s dominant monopoly position, and more. These are all valid points, for sure, and I’ve even omitted a few others. But this is an example of many of the logical fallacies which are sabotaging the community. (One is double-standards, as Mozilla is also rife with scandals and criticisms, many of them equally valid, but that's not what I want to get into here.)

The biggest one – which I believe is where the others stem from – is the “false equivalence” fallacy, which is where you assume that everyone else thinks or acts just like you. The irony is that this fallacy is nearly ubiquitous among “normies.” The common refrain of “nothing to hide” is based on false equivalence: “Well I would never use OSINT to scam someone into sending me thousands of dollars, why would anyone else?” “Well I would never dox someone and harass or SWAT them no matter how much I dislike them or their opinions, why would anyone else?” But we do this in the privacy community too. “Well I value the hyper-maximum level of privacy and anonymity, why wouldn’t anyone else?” “Well I think that circumstantial argument against a company is a good one, why wouldn’t someone else?” This fallacy – which, it must be said, displays an unbelievable level of narcissism – is the one from which all others stem. Because we assume that everyone values the same level of privacy, we end up gatekeeping. After all, if I want the maximum level of privacy, why wouldn’t anyone else? Maybe because they’re a single parent of three small children. I’m not a parent. I have plenty of time to sit around and tinker with things. I know from my conversations with parents that that’s a luxury. Most parents simply don’t have that kind of time.

That’s just one example, but it’s also worth discussing another way this presents: assuming everyone is just like you. “Well I’m a single person who’s super excited by tech and all this other stuff, why isn’t everyone else?” For the same reason that there isn’t one type of movie in theaters. Everyone has different interests, values, and again, situations. I’m a white cis male who works as a sound guy in the US. For me to assume that everyone is in the situation is to be egregiously disrespectful of journalists, activists, and minorities in other repressive areas. For me to assume that everyone makes enough money to have disposable income and the free time to learn how to self-host – even a simple setup like Docker or a Raspberry Pi – is to be unbelievably discriminatory against people who are barely making ends meet and can’t afford paid services like VPNs or VoIP. To assume that everyone values the same things as you and is in the same situation as you – and therefore must do the same things you do privacy-wise – is to display a toxic level of narcissism that’s harmful not only to the community, but quite frankly I think is harmful to you as a person. If you’re this person, I encourage you to do some self growth. To be clear, humans are naturally selfish creatures. We all have moments, and it’s very healthy to prioritize yourself at times. It’s normal – though perhaps not healthy – to start off assuming the person you’re talking to is just like you. However, once they start showing deviations, for you to continue to assume rather than adjusting your assumptions or asking questions, that’s when things get toxic. If your 24/7 mode is “well why doesn’t everyone just do what I do?” without ever adjusting when new information comes in, that’s a serious red flag of character.

At the end of the day, I believe this is our way forward: empathy, patience, and encouragement. One of the biggest problems with the internet is that it makes us faceless. Sometimes taking the face off a person is a wonderful blessing – giving both of you time to formulate your ideas more fully, for example. Other times, it has the opposite effect, dehumanizing the other party you’re speaking to and making them a username on a screen rather than a real human with a rich life, backstory, complex cast of characters coming and going, hopes and fears, stressors, good days and bad, etc. Slightly off topic but one of my favorite daydreaming exercises is to imagine hyperfamous people in mundane situations: Taylor Swift grocery shopping (she probably has others do it for her, but that’s not important, it’s a thought experiment), James Hetfield cooking dinner, Leonardo DiCaprio brushing his teeth. It’s kind of funny, but it also humanizes them. It reminds me that they’re just normal people. Some days that’s inspiring: there’s nothing they’re doing that I can’t do cause they’re just like me (theoretically). Other times, it’s just an interesting visual. I think practicing something like this every time we disagree with someone is a great practice. You may still not agree with them, but at least you can approach the conversation from a calm place of empathy. Maybe they’re new to their privacy journey. Maybe they don’t know what you know – in which case it may not be out of line to ask if they’re interested in hearing why you recommend what you do. Maybe they have a completely different set of resources – both time and money – or a totally different threat model that simply doesn’t call for the same things you need. Always remember that none of us know everything. In How To Win Friends & Influence People, author Dale Carnegie said something to the effect of meeting a man who was rather unpleasant to be around and noting to himself “if I were in his shoes, I should feel the same as him. Literally! If I had lived his life, I would have all his same experiences and thus his worldview, opinions, and perspective. I would be him, personality and all.” It’s helpful to keep this in mind, especially when you’re confused why people do things differently than you.

Ultimately, we need to remember the “one team, one fight” mentality. Regardless of how far along the privacy spectrum you go or how you choose to get there, we’re all fighting for the same thing: privacy as a human right, which means it’s for everyone – not just developers or people with time and money or people who meet our arbitrary standards. Imagine saying only people who farm wheat deserve bread because they’re the ones who have the land, time, and knowledge of how to do make it. If that sounds insane, it’s cause it is. Just because someone can’t afford a server or is genuinely too busy to learn code or can’t afford a device that can dual-boot doesn’t mean they somehow deserve less privacy than you. That’s not how human rights work. If we can’t reign in our adversarial infighting in the privacy community, then our other enemies – Big Tech, governments, etc – don’t even need to waste their time with us. We’ll destroy ourselves.

You can find more recommended services and programs at TheNewOil.org, and you can find our other content across the web here or support our work in a variety of ways here. You can also leave a comment on this post here: Discuss...