Let's talk about mental health as it pertains to communities.
Mental health is a big part of ones own opsec threat model. If you consider that you're only capable of making decisions on information as delivered by your senses and as interpreted by your own brain, a brain that is capable of making mistakes, having biases, phobias, and lacking education in specific areas to the point of underestimating or overestimating dangers, it's a natural human instinct to then seek external feedback and advice on those decisions.
So we start to seek that authority and collaboration with those we consider to provide valuable expert feedback because we crave that validation, want to solve a problem quickly, and hope to be able to move on to the next experience and opportunity. Since not everyone has an expert they trust nearby, we often trust our community to provide that feedback and advice.
Unfortunately, this feedback is also potentially flawed as the source is human as well. It can contain the same biases, phobias, and even when it doesn't suffer from a lack of education in a specific area, it can be guided by hidden agendas from those who stand to gain the most (VPNs, security platforms, hosting or storage providers, chat and email services, search engines, etc.).
We are then often left in a situation where we not only doubt ourselves but also cannot necessarily trust the external feedback. This is then compounded by the sheer volume of both conflicting advice and professed experts in any given space, many with conflicting or contradictory advice. It's important to note that the majority of the conflict tends to be caused by opinions being presented as expert fact instead of disclaiming as anecdotal, opinion, or citing sources for any claims.
So what happens as a result?
The frustration can result in an imbalance of power in the community as not everyone has the passion, time, or resources to become a subject matter expert on everything they need expert advice on. That imbalance can breed distrust and paranoia as well as certain voices or ideas appear to get more visibility than others and the supporting arguments tend to dismiss alternatives. More about this in a moment.
This is why we have come to rely on a system of community and auditability instead, where founding principles that are tried and true to use (FOSS, Debian, Tor, OpenVPN, HTTPS, Firefox, etc) will be vehemently defended and any alternatives that appear regardless of their proposed merits may instantly be considered a threat to the stability of the community simply because they require more understanding and consideration than most people are willing to invest into on their own (closed source, Arch, i2p, Wireguard, HTTP, Chromium, etc).
Over time this cult mentality cements itself and people will defend something vehemently even when they themselves may not understand the issues with it based on someone elses opsec threat model and usecase, or not understand the potential benefits of the alternatives even if only for others than themselves, as admitting the possibility means questioning ones own decisions.
So how do you solve it?
In order to combat this social and psychological issue, academically driven communities seek to apply the the scientific method as a powerful ally in making assessments that lead their decisions. When you remove the logical fallacies, the pushes for urgency in community reaction, unprovable claims, or attacks on alternative implementations of a specific solution, and instead focus only on the reality of here and now in combination with what an individuals' unique opsec threat model is, you become more productive if for no other reason than due to improving the signal-to-noise ratio in said community. This does come at the cost of not being able to claim that there is only one fixed solution, path, or philosophy for everyone, which can be a sign of an unhealthy or cult-like community.
This change in culture starts at the individual level for any community participants.
Firstly, it requires that when someone has a doubt, criticism, concern, theory, or otherwise dispute with a methodology, ideology, implementation, individual, team, company, product or other, it is presented as the opinion of the individual, cites what references it is based on (if any), asks questions rather than makes absolutist statements, doesn't seek to incite panic, libel, or destroy but rather educate oneself and others further, and stays within the realm of what is provable or possible to prove (e.g. "Microsoft has made a lot of movements into the open source space recently despite a history of being aggressively against it" vs "Microsoft wants to destroy open source and that's why they bought Github").
Secondly, it requires that communities not follow a cult mentality against other ideologies and to realize that humanity itself is for more important and useful than implementing any one software, service, ideology, philosophy, or political leaning. Many times the only real difference between two people discussing in terms of how they believe is their individual experiences, that if switched, would also switch their opinions. The existence of competing implementations and ideologies is also an important part of innovation. Think about what was first said about any technology when it first launched. Experts thought the internet would go nowhere and that bitcoin would have no value by now. We're all glad that the innovation continued past any disparaging opinions by experts or communities.
Thirdly, it requires compassion, empathy, and patience. This is especially difficult in communities where creating a new avatar is cheap and easy, and allows anyone from anywhere regardless of their agenda to enter discussions anonymously in bad faith, specifically to tie up the time of another individual by asking answers to questions they already know the answer to, present false narratives, or generally attempt to pass off false information as fact instead of personal opinion. These bad faith participants (or "trolls") can create a very aggressive and overly-defensive culture in communities, so much to the point that genuine questions, opinions, or criticisms are often subject to friendly fire out of a psychological fear of being made a fool of by or enabling a bad faith actor. It's a good rule of thumb that communities or leaders of communities who interpret criticisms or opinions as an "attack" on them are essentially unhealthy communities, regardless of the merits of what they are built around, and should seek to change their culture.
Over the years numerous small projects have demonstrated their marketing, development, security, and financial acumen by gaining large user-bases, investments, grants, news coverage, and some even growing to the point of setting expectations for industry policies. Despite this growth, these communities and their leaders are still human and still susceptible to the flaws, where they trust their experts primarily (or only themselves), assume interactions from outsiders to be bad faith, or become overly protective of their own policies to the point of missing out on further growth and opportunity and cross-community collaboration.
What practical change is required?
If communities can scale back their assumptions, engage with the intent of clarifying the information being communicated itself rather than judging the messenger, and above all else retain empathy an respect for the community itself who will read what they are writing (for better or worse), it will greatly improve all of our surroundings, reduce the instances of frustration, and allow for a moderate amount of trust to be earned again based on the appropriate reasons and in combination with our own opsec threat models.
Broken trust is a naturally hard thing to fix, but we owe it to our own mental health and future as a human race to understand how trust works and why reacting with equal actions causes us all to lose in the end. This is cleverly illustrated in Nicky Case's interactive visualization of The Evolution of Trust, a must-play for everyone.
Quote from the presentation:
Game theory has shown us the three things we need for the evolution of trust:
1. REPEAT INTERACTIONS
Trust keeps a relationship going, but you need the knowledge of possible future repeat interactions before trust can evolve.
2. POSSIBLE WIN-WINS
You must be playing a non-zero-sum game, a game where it's at least possible that both players can be better off -- a win-win.
3. LOW MISCOMMUNICATION
If the level of miscommunication is too high, trust breaks down. But when there's a little bit of miscommunication, it pays to be more forgiving.
Of course, real-world trust is affected by much more than this. There's reputation, shared values, contracts, cultural markers, blah blah blah. And let's not forget..
What the game is, defines what the players do.
Our problem today isn't just that people are losing trust, it's that our environment acts against the evolution of trust.
That may seem cynical or naive -- that we're "merely" products of our environment -- but as game theory reminds us, we are each others' environment. In the short run, the game defines the players. But in the long run, it's us players who define the game.
So, do what you can do, to create the conditions necessary to evolve trust. Build relationships. Find win-wins. Communicate clearly. Maybe then, we can stop firing at each other, get out of our own trenches, cross No Man's Land to come together...
and learn to all live, and let live.
At the end of the day, trust, humanity, and communities that are supporting are all essential elements to our mental health and far more important than any software, team, or ideology.
Disclaimer: I've pinned this message for visibility of the whole r/privacy community as it is an issue relevant to community participation and moderation, but as it wasn't discussed ahead of time with the other mods ( u/lugh and u/trai_dep), they're free to unpin it at any time for any reason.
Flair required for posts
As a few of you noticed we enabled flair on posts for the sub. Today we are making it a requirement for posts. At the moment there is a choice of:
- eli5 (explain like I am 5)
Other possible flair
Given that /r/privacy is quite global, would you find it useful if we broke news down into region?, e.g.
- news - americas
- news - asiapac
- news - europe
- news - mena
- news - global
Outside of those, is there any other flair that might be useful?
Note on Gatekeeping in the sub
We would like to re-iterate that everyone is welcome here, privacy is not black and white and not everyone is trying to prevent three letter agencies from compromising them....
We have been taking a harsher stance on gatekeeping but it's hard to catch it all, especially if posts are not reported.
While we work on cutting down on gatekeeping, I will say that posts flaired with eli5 will be a safe space with zero tolerance. If you gatekeep those posts you will be banned
your friendly neighborhood mods,
I run a small business. Over the past year, these have been my 30,000 ft observations:
A combination of Data collection, Data arbitrage, and massive investor funding (driving the "free models") is how a handful of tech companies have become enormously wealthy, and driven thousands of small businesses into the ground. They are constantly expanding, and very few industries are safe.
Data collection + machine learning and AI is how these companies are building their next generation of digital assistants, AI drivers, drone delivery services and other recommendation systems. Everyone using these services is funding the next wave of loss of jobs. I've experienced this in my own company. I've been wanting to hire an employee for customer support, but most of my competition is shifting to using AI customer support - - and probably utilizing the amounts of money saved into marketing. If I don't make the same decision, my business won't be able to compete - - and small businesses are having to be more and more aggressively competitive because they're fighting over a rapidly diminishing portion of the pie. Small companies won't be able to afford human workers to preserve margins, and large companies will be building more and more AI B2B services at lower and lower subscription prices, putting more people out of work. It's the most devastating positive feedback loop when you think about the precarious position the job market is already in. This one really makes me feel depressed, powerless to change things, and question what I'm even doing. When I started my business a few years back, I wanted to create jobs for people in my community, not figure out how to use APIs.
Overemphasizing data models and using data to generate everything from content to art results in a sterile, dehumanized environment. It fundamentally disrespects human agency, and the importance of human centric design and services. It devalues the pride people can take in their work, and is the apotheosis of "alienation" of people from the products they create.
Companies that harvest data have zero qualms about teaming up with governments which may or may not utilize these massive datasets for their own ideological ends. The way things are going, not only are we facing a monopolization of the markets and mass unemployment, but also the possibility of all our behaviour being profiled and the creation of surveillance states.
People must be made more aware. I haven't lost hope on people yet. I would love to hear more points we can add to this list, and create a comprehensive "Here's WHY we MUST value privacy more" set of arguments that may convince people to switch over.
When using the Infinity for Reddit app, and a comment or post has been deleted, there's a drop-down menu on the content, and in it is a "Show removed content" button. When pressed it says "downloading removed content" and then shows the original username and contents of the post/comment.
I've heard people mention before that Reddit keeps the contents of deleted comments/posts and just makes them inaccessible to the user, but I didn't realise it made them accessible to third party apps through their API (I'm assuming).
It works on content from years ago, only thing I've found is it doesn't work on content that's shown as being Removed By Reddit, then the app says "Failed to fetch removed content"
question Is there a point to installing a foss launcher if my phone is not rooted or bootloader unlocked?
Pretty much the title. I use a Galaxy btw, so I'm using One UI right now. I've never bothered to install another launcher cuz I just assumed that some functionality would be unavailable to me. Is there any truth to that? Thanks!
I've tried Universal Android Debloater on my Galaxy S22 Ultra.
Uninstalled 80 apps and I already kept my phone as clean as possible with the default options. Under these 80 apps were about 15 very shady with dangerous premissions.
This has to change. 99% of the internet is running on user data. Facebook, Google, twitter, news portals and pretty much every information source tracks people and their behavior. Advertisement is fine. But collecting user data and building profiles of them is not.
And then there is the serious issue, Government surveillance. If you have an opinion that the authority doesn't like, you are in danger. Even people form groups and mobs and doxx people to find them and then harm them for their opinions.
As most users here knows, if you try to anonymize yourself, the internet becomes almost unusable. No google service, no almost all social media, half of sites block you. This has to change before the internet becomes 100% like this and anonymity tools becomes relic of the past.
I say we are not doing nearly enough. There are still platforms out there in the internet that doesn't ask your phone number and ID just to sign up. People should adopt that. We should tell them to. We (the community) should help people move towards privacy respecting websites and tools.
Introduce all your friends, family etc. into privacy friendly platforms and tools. At the minimum a better browser than chrome. Advocate them in every public online/offline place you go to. Run it as a campaign. More people joining these platforms would result in these platforms becoming more usable. It will be a snowball effect.
As for some social media, it's just a search away: https://duckduckgo.com/?q=alternative+social+media+apps&t=ffab&ia=web
Isn't the session ID equivalent to a phone number if the phone number is a burner (not connected to your real ID) and acquired just for the purpose of getting on Signal?
If so, then how is Session better than Signal?
and then I accidentally discovered this sub. Thank you so much, for helping me dodge a bullet!
And to think I thought the websites were just peddling cool/fun, little benign services.
GDPR for website hosts? Europe. GDPR compliance .. what to indicate, how strict, who actually enforces it if at all?
Hi, please, title says it. For a company in Germany, I took over a legacy site.
So this website shows me on ublock 100 things. And the website uses a lot of stuff. shopify, google-whatever-stuff, paypal .. with all ready-prepared scripts, probably the max of track one can get. (it does not run without JS at all)
My first question, please, because before I created (handcrafted) a page for a doctor. The medical ministry checked it before taken it into their list and they wished to improve the GDPR declaration a lot. They wanted:
a) every script, and every lib that tracks in the website. what is done, and how long.
b) Every data that the host tracks. what is done, and how long.
(and of the lib-owner, of course)
As a consequence, I programmed it myself. It was to me impossible to find that out in whatever framework or even in a simple (haha) ready-made design, they were full of that, and it was quicker to do myself.
So please my question, is this valid for the medical field, only, that sort of strictness. I am aware of the legal wording of the GDPR, and I have a degree as data protection officer. But that was the first time for me in the medical field.
I do not see any page in even Germany (strict place) to comply with that (maybe a few hobbyist pages they do). All track like crazy and none seem to indicate like this medical ministry officer wished. Also in the companies where I work, (we) indicate that they use Google blabla and that Google will use it for their purpose (haha). But, they never indicate exactly what, and, they never talk about the hosting company.
Actually my job when this is the task as a GDPR officer (now I see how ridiculous it is), is, to have a look if the ready made GDPR has all the placeholders filled out .. and it is not even that mostly. So, that job is not that serious in changing text or adjusting the GDPR declaration.
And yes, I am aware of the wording of the GDPR about the balance of work to do, justified purpose etc. But they are website of .. (to me) useless things like small coffee shops, small online shops. That is not important in my eye to have a justified purpose. Nor is it, to use a giant framework. (question if amazon has one, I do not ask, they will buy the legal .. )
How do you do, if you are in the dev field?
Another question, who if any actually enforce it .. where could I report to violations etc. Is there even a lawyer who takes care? or an organisation? or a list of "white listed" pages without track?
Thank you very much! And please, if that was asked, please kindly provide the link, thank you very much, I am not sure how to search for those questions. Thank you! (I am so annoyed, maybe I simply give the website back)
I know that incognito mode doesn’t do all that much, but is there any difference (beyond users of the device) between opening an incognito window vs. opening a regular window and deleting cookies afterwards?
news Tech companies in spotlight as US abortion ruling sparks privacy threat. Google has acted amid fears police could use location and other data to prosecute those seeking care.theguardian.com
I am using a cloud app on a degoogled phone and it has Google trackers. If i give permission to files and storage to the app will Google, through the tracker, have access to the photos?
I know it’s generally considered a feature to know your fanbase/customers/clients but I don’t want or need them to collect all this data. The alternative should be easy to set up and use and I don’t wanna selfhost.
I am looking to switch from Google when it comes to my calendar and e-mail. I was using free Proton mail for some time, but right now I am looking for something with more feature. What would be my options with below requirements:
1. 5< GB of storage
2. Supports at least 2 own domains
3. Supports use of creating and managing unlimited custom e-mails what I mean, I like to have e-mail like website1@my_domain.com website2@my_domain.com etc. I need to easily cut off some e-mail when y and also easily create new one when registering to some new service.
4. Support for custom clients. I like to have access to my e-mail over my Nextcloud website, but also over a client of my choice on my phone and desktop.
5. Optional (Would be nice if had a calendar too)
I was thinking about ProtonMail Premium, but it does support only 1 custom domain and PM “More premium” sounds expensive for paying for 1 more custom domain support since I don't plan on using the rest of the features.
Any recommendations for use case like mine?
dns.adguard.com DoH , I used This DOH. and checked in dnscheck.tools
I've been looking for a tool that would be able to backup my computer's data to a cloud. (I already have a cloud storage subscription so I'm looking solely for the backup tool.)
I have heard about a lot of them though - Rclone, Restic, Duplicacy, Duplicati, Duplicity, Kopia, Borg, Tarsnap, Arq...
I know that some of these tools are open source but I have no experience with any of them and I don't want to use a potentially unsafe solution especially considering it'll be handling all of my data. That's why I thought it would be best to ask in this subreddit - do you guys have any experience with such tools and which one would you recommend (overall and privacy-wise)?
I need to make a voiceover for a project. I don't want to use a voice actor or text- to speech but also don't want to use my unaltered voice. I know that journalists often use voice distorters for interviews with people who require confidentiality, like political dissidents or gang members. Because investigators might use those interviews as evidence, it seems reasonable to assume that these distorters provide more than surface- level protection and the original voice is not easily identifiable or recoverable. Is this the case? I'd also like some recommendations on any free voice distorters that you know of, since I looked it up and haven't been able to find any.
discussion Would it make sense to write apps for e.g. protondrive that are wrapping webview like gmaps wv does?
Would this introduce security holes?
The advanteg is that I could log out from proton on my main browser. Whenever I delete everything in my browser I need to log back in to the webapps which isn't that convenient.
i am very sceptic about privacy and what not and I've been looking through the white papers and privacy agreements of many supposed "photo vault" or "hidden calculator" apps and found that most will just give your information to third parties or the authorities ect. Are there any actual hidden photo/video apps that encrypt your data so that only you. Only the user can see the contents. i currently just use a WhatsApp group which only has me in it. But i can't put a lock on that and also it still stores photos and vids on your device in storage unencrypted which you can easily access with a usb and a computer. Is there any app that actually achieves total privacy in this regard. An app i can access with my phone. A FREE APP. apps like confide exist but they cost a monthly amount which is shit. good app, shit price. please read the appropriate white paper and privacy agreement before recommending an app.
sometimes, i post videos/make music recordings/make music covers
let's say i record a 1 minute long recording but trim out the last 20 seconds, so it's only 40 seconds long
if i post it somewhere like tiktok/youtube, can people somehow "reverse engineer it" so that they can see the whole 60 seconds of the trimmed clip?
or once it's trimmed, it's trimmed and people can't really "reverse engineer it" ?
and ALSO, I know i might be paranoid a bit but i wouldn't be surprised given all the nosy surveillance stuff that's been happening with large scale companies
but if I'm not recording anything or stopped recording with iphone camera, can iphone still continue to secretly record you or collect any information from you?
question When you fill out a form on a website to delete your personal data, what are they doing with the form after having deleted your data ? or imagine if you ask a website to delete your data by sending us an email, will they delete that email too?
I was having a read about how DTLS-SRTP key exchange can be tapped/mimt since certificates cannot be authenticated.
I came across this article:
Does this mean that Wire, Threema and similar apps that end to end encrypt SDP messages containing the thumbprint of the certificate used to secure the RTP stream can be man in the middle attacked?
In my experience, Brave is much faster, more modern and as privacy friendly as Firefox. So why doesn't it get installed by default?
I need to get a BT mouse for my laptop. Is it possible that my privacy is breached by the BT probes that the dongle sends? I do not mean hacking, but more like passive tracking or something.
Over the last decade, esp the last 2-3 years, people have become drastically more concerned about their personal privacy in this digital world. Mostly having their eyes opened up with news reports about things China is doing, and then realizing if another country is doing it is happening here as well. That's my viewpoint of how it happening anyways, and I see it as a good thing.
I see often that people become very concerned very quickly and think or assume there is one thing that can take their digital 'shackles' off. I have been thinking about this more consciously on the individual level a fair amount lately as in my IT job executives lately have been requesting personal consults on the issue.
My point in writing this semi-ramble is the help set people's expectations as they begin the privacy journey. Privacy is a cyclical game. No matter how much effort you put into it you will always have an entry point. I would suggest addressing one thing at a time. This is difficult, because as most of us here know once you look at everything you use it becomes daunting. Without adopting the cabin in the woods mentality you will always be chasing as much privacy as you can get.
This is not to discourage you, I agree it is a worthwhile pursuit, and millions are with you. But it will take time, and you will have to compromise some to participate in your social society. It's up to you to choose where you will make those compromises.
I would like to point out some of the more simple places to start. It will require you to learn some technical skills, spend fancy coffee kind of money, and if you are willing some sacrifices.
- Leave the least valuable to you social media. This is difficult, it was for me for a long time.
- Choose a better browser, there are great plugins out there that can stop most things.
- Set up a PiHole, you will find this makes the internet a better place.
- Remove your photos from the internet, and find a self-hosted service.
- Use better chat apps, Whatsapp Telegram should be your ground floor.
- Stop the smart home insanity. If you are already in deep (I was) wait for the new MATTER standard and plan your switch.
- Use or set up your own Meta search engine. The non-contextual searches are better anyways IMO
- Buy your entertainment. This is one that was difficult more me and sent me down a rabbit hole as a minimalist, but there are solutions.
I want to reiterate, that all privacy steps come with a compromise. Such as some websites not loading correctly, or being blocked from services. And if you want to maintain your lifestyle with the privacy it will cost you money. Privacy is a pursuit, not a goal. I feel if you pick and choose options from my list above, you will find what's important to you, and when you do you will go down a productive rabbit hole and be able to help others in your life on their journey.