-
This ties in to a lot of discussions including whether or not we should list something:
|
Beta Was this translation helpful? Give feedback.
Replies: 0 comments 17 replies
-
In my opinion:
One of the problems I see a lot in privacy communities is that people like to fear monger about Google, Apple, Microsoft (the so-called big-tech), then tell others to switch to an alternative with no apparent privacy/security improvements. A common example is people switching from Google products to a different service provider, without knowing exactly why they are doing it. Then, someone else comes along and accuse that new provider of being a honey pot, and we have drama with insane and stupid conspiracy theories. For every recommendation we make, there should be a specific threat that we are trying to solve. There is no point in switching from Gmail to ProtonMail if the threat is the service provider - both of them can trivially get your incoming unencrypted emails anyways (and they do indeed scan all of those emails), you have to trust them. The threat here is government requests to hand over your data - if we assume both providers to not be malicious, then Google has your entire mailbox to hand over. ProtonMail has almost everything to hand over as well - except for the message body which is stored encrypted using your own keys at rest. Only for this specific threat would using something like ProtonMail make sense. If the threat is the service provider, the only viable solution is to set up your own email server - shifting trust from one service provider to another will not solve it. Threat modeling is very important. This is a similar situation with VPN recommendations. A VPN does 2 things: shifting the risks from the ISP to itself, and protecting you from 3rd party IP based tracking. If the threat is 3rd party tracking, then a VPN is a valid solution to layer up your defenses. If the threat is the service provider profiling/tracking you, then you should be using Tor. A VPN is about as trustworthy as an ISP - neither of them are to be trusted, and you should always assume you are logged. While it makes sense for PG to go over the jurisdiction, privacy policies and whatnot when making a recommendation - threat modeling is much more important. If the technology cannot ensure your privacy, then it should not be considered as an option at all. Recently, the discussions about Invidious and Piped came up. What most people seem to forget is to do threat modeling - what is the threat here? The threat should not be "Google is profiling you", but rather, "your video streaming platform is profiling you". To fight against such threat, the first thing to do is to eliminate IP based tracking - you should always use a VPN. If you do not trust YouTube with your IPs, then you should not trust the Invidious operators with your IPs either. Likewise, if you cannot trust YouTube with your subscription list/playlist, then you should be storing those locally, using a client like FreeTube and Newpipe. Don't make an account on Invidious instances and have your subscription lists/playlists saved there. If you are not using this feature, then it makes little differences whether you are using the YouTube front end or Invidious. There has to be a real privacy improvement for something to be recommended. Someone recently told me that Invidious and Piped lets you watch YouTube without JavaScript, and if you do not have a subscription list/playlist, then yes, it is a security improvement (being able to just turn off JavaScript is a great plus). I am going to make a new PR regarding this very specific use case. Some people use Invidious, Piped, or even other networks like DTube, PeerTube, simply because of their fear of Google without having an actual threat model. They do not realize that doing this is does absolutely nothing for privacy - it is simply shifting trust from one party to another. It is not a viable approach and it is never going to work. This is the equivalent of switching from using Gmail to any other email provider out there without realizing that those email providers can read your emails as well. I do not believe that simply listing a bunch of alternatives to Google without any apparent privacy or security improvements will get PG anywhere far, and at best we will end up being the abomination that PTIO is right now. There is a reason that in security communities, PG/PTIO is viewed as a complete joke. In other words, alternatives to the "evil big tech" with no real privacy or security benefits should be out of scope. It is also important that PG should evaluates technologies based on their merits. For example, if the LBRY Desktop client helps users browse the LBRY Network privately, then it should be listed. Just because nasty people (Neo-Nazis) abuse the LBRY Network to host their insane ideologies doesn't mean LBRY should be delisted. If we are going to delist LBRY, then under the same logic, things like Tor, I2p, cryptocurrencies, should never be listed as well, because degenerates do use them quite a lot. It is a slippery slope. The only time something like this should be delisted is when it is designed specifically for illegal or unethical purposes. But LBRY isn't like that. It is built to be censorship resistant. Content creators (especially YouTubers) have their content backed up on LBRY channels in case they get de-platformed, and there are people like me who consume a lot of content on LBRY as well. Are we Nazis? No, we are not. There are people who see themselves as "free speech absolutists", who think that speech, no matter how wrong, disgusting, insane, should not be censored unless they call for direct violence. The LBRY folks are those people. They are idealists, not Nazis. To call people who simply believe in free speech Nazis is disgusting. That said, social issues should be out of scope for PG. |
Beta Was this translation helpful? Give feedback.
-
I agree with most of your message but we should be careful with statements like this one:
For some people switching platforms isn't always shifting trust to one platform to another. One may switch to another app because the code is open source which makes it more trustworthy. You can actually see (in the code) what the app is doing and how it changes over time. |
Beta Was this translation helpful? Give feedback.
-
My personal opinion is that Privacy Guides exists to provide information and advice about software which both improves privacy and security. Security does intersect with privacy (you can't have something private if it isn't secure). To evaluate these things I believe we must:
I think as far as target audience goes, anyone who is interested in improving their privacy. This is why recommendations have to actually be usable. While certain manual approaches like PGP encrypting all messages on an airgapped computer might provide maximum security, they come at a massive user experience disadvantage. Not everyone is trying to be the next Edward Snowden. I think if you are, you need specialized advice for your particular situation. That is where I disagree with PrivacyTools and all its rhetoric about, "eyes", "NSA" and state adversaries. It's not that those things aren't important, it's that simply recommending a bunch of tools (that you don't use or know anything about) isn't sufficient. Every time I look at that page and see the quotes in between each recommendation I cringe a little. Recommending Binance against the NSA, come on. Governments love cryptocurrency, well all of them except certain privacy coins. What auditor wouldn't love having a public ledger of all transactions. Binance is known to bend over backwards for any law enforcement (even ones in dodgy countries), because they're trying to legitimize their business, but anyway I digress.. I believe we should keep our tone and recommendations politically and geographically neutral. That means advising users to assess their own threat model, based on location, needs etc. The "eyes" agreement is not the only intelligence gathering agreement out there, and depending on where an individual lives it actually might be of minimal importance. For example if you were living in a dictatorship your local state is likely to be a much higher priority on your list than a distant country who passively observes. Our recommendations must be based on merit. We don't need to be involved in every social issue that exists. There are many problems in the world and trying to address all of them is never going to be sufficient. It is going to cause us to stray from our mission and that will compromise our integrity. We need to remember people come to the website to find out how to best protect their privacy. On that note I also don’t believe the site should be providing irrational advice against every product from “big tech”. The fact is software costs money to create. A lot of the best and most complex open source products out there are backed with some commercial for profit model. A lot of companies start out small and then grow to either be larger or acquired by bigger companies and that doesn't mean we should suddenly drop them as if they have done something wrong. It is worth continuing to evaluate if they change and how. Many open source products in fact use components created by large tech companies like Google and Microsoft. Those companies now release a huge amount of those components to open source (Go, .NET, AOSP etc), because community maintenance is an invaluable asset that saves them money long term. We want to eventually translate the website to other languages therefore social or political issues that are of concern to someone in one country might not be of concern to someone in another. We want to expand our blogging/news so that we're actually writing content about privacy and how it impacts various parts of the world. Before we do that though, we need to clean up the site, remove some of the bad or outdated legacy advice. Long term we want to incorporate a 501(c)(3) and further decentralize ownership over key assets. |
Beta Was this translation helpful? Give feedback.
My personal opinion is that Privacy Guides exists to provide information and advice about software which both improves privacy and security. Security does intersect with privacy (you can't have something private if it isn't secure).
To evaluate these things I believe we must: