For me its probably the debate regarding using a VPN with tor - Like the tor devs themselves recommend against using a VPN with tor.
Another is also probably the argument of “nothing to hide, nothing to fear”.
deleted by creator
All Internet lol. But its also spying neighbors
Misconception: “I’m not interesting enough for anyone to surveil me.”
Reality: Mass surveillance.
Many people put privacy, security and anonymity all in a single basket. While they often go hand in hand between one another, they’re still fundamentally different things.
One of the most common misconceptions in the community itself is that there are absolute states of security and privacy. There aren’t.
You can’t defend against anything, you must consider your threat model before doing any advice given to you on privacy forums.
The threat model of everything possible drives people to schizophrenia. You will lose possible interactions with people as well as potential friendships, because you give out an aura of a weirdo.
I don’t think a simple misconception can create schizophrenia. It’s a complex neurochemical disease with genetic factors
That “not having” Facebook or [insert nearly any other major information-based corporation] means that those companies don’t have your information and profile already completed in their database.
Friends dont post media about friends online without consent
If you’ve ever had a contact allow a service to read their contacts, you are in their database. That then gets cross-referenced with the (relatively few) online store providers the first time you use that address - or the obfuscated emailname.store@* version that was meant to serialize or identify spammers but which the simplest script can undo. Now your shipping/billing address, phone, and partial purchase history can be linked with every social media company that weird chick who did upside down keg hits with you that one night decided to allow contact access. Or your aunt Gertrude.
And it’s not even that complicated. Are you in the contacts list of anyone who has ever used the internet? Google, yahoo, or microsoft definitely know who you are in their internal databases and can create a web of contacts and likely contacts just from a couple of emails. Heck, I remember when there were “contact synchronization” websites where you could transfer your contacts between gmail addresses, or to/from other mail services. It was free, so I can just about guarantee they’re selling all of your info, which has been checked and corroborated by however many of your contacts decided to use their services.
If you’ve ever had a contact allow a service to read their contacts, you are in their database.
If this happens in a professional context, this can be a violation of article 44 of the GDPR. I don’t know where exactly I’m going with this, but at least there are some laws around that, I guess.
And we know how strict these big companies are about voluntary compliance to the GDPR. ;-) I’m glad at least someone is putting in rules against this fuckery but, sadly, once that data is sold to the first outside vendor (Cambridge Analytica, Palantir, etc.) it’s out there and lives on the internet forever, even if the big boys are brought to heel by the EU.
Even the ones who actually want to respect the law won’t spend the time to double-check GDPR compliance with every little thing they do.
Almost everything that’s ever happened is a violation of article 44. In fact, the EU supreme court (I guess you’d call it) declared pretty much all EU-US data transfers from the last 20 years as unlawful. Fun.
People confusing privacy with secrecy.
“what do I care, I don’t have anything to hide”
That because being perfectly anonymous against all of the most advanced actors is near impossible that it’s not worth it. Every step taken DOES help reduce the amount of info out there on you and the amount of parties that have access to it. Not only that every step you take helps those around you too.
Its hard to make people understand that privacy is easy these days. Sure its not effortless but it isn’t as big of a hurdle as it could be
The biggest one people usually get wrong is thinking their messages on WhatsApp, Telegram, and other proprietary messengers are private
My brother does this. And it’s easy to see how people fall for this when the disinformation from those companies keeps telling you how private your messages are and that not even WhatsApp can read them. Yet when you lose your old phone and reinstall on a new phone, your old messages magically show up without you having to provide an encryption key.
your old messages magically show up without you having to provide an encryption key
Do they? I thought you had to explicitely back them up to get them on a new device. At least that’s how it was when I still used it.
They do with Telegram. In WhatsApp (if I recall correctly) it auto-retrieves from your google drive.
(Come to think of it…if that means the encryption key is just with you in your google drive and not with WhatsApp, then is that more secure than I have previously believed??)
With Signal they prompt you to pull the data and generate and encryption key. If you lose either of those things then there’s no way to get your messages back since no one else has them.
Telegram doesn’t surprise me, chats aren’t even encrypted per default in some instances (group chats, I believe?)
But then again, how solid is any encryption if Matrix bridges can exist?
Matrix bridges have nothing to do with encryption, they read the messages exactly the same way a client would, and send them to the other side of the bridge exactly the same way a client would.
They have a lot to do with encryption. As an example, Signal and Matrix use different encryption standards. So to get a message across, it needs to be decrypted mid-transit, to then be re-encrypted with the protocol of the recipient.
Any one of your contacts can set this up without your knowledge or consent, and then there’s a gap in the encryption. They can just freely give away the keys to their chats they have with you, and now a third-party has the means to decrypt your messages.
That’s pretty fucked if you think about it, but there’s not much you can do.
Sure, it’s not a huge problem if the service doing it is verifiable to have good security and doesn’t snoop, but it’s still adding another link in the chain to trust and to keep intact.
That’s exactly what I said, each side of the bridge has its own encryption standard (or no encryption at all).
The encryption could be as solid as possible, the problem would remain unchanged: to bridge messages between two services that are not interoperable, you need to decrypt them at some point.
No Telegram chats are end-to-end encrypted by default. And I don’t know anyone who’d use the feature regularly (it’s a hassle).
And, to be fair, it’s not really necessary for most day to day messaging.
That’s not true. Please don’t spread misinformation. That’s literally the point of this thread.
TLS encryption to telegram servers is not e2ee. That’s the point
Indeed. That’s literally what I said.
I think it’s very much necessary to insist on our right to privacy. Personal chats not being encrypted should be a clear and absolute NO for anyone.
Ideally, yeah. Practically, shit like stickers or media sharing is way more important to the vast majority of people.
The Google Drive backups are not encrypted by default. It looks like they’ve recently added the option to encrypt backups with your own key or password, which is a decent feature.
That a VPN automatically makes your online activities more private.
The assumed connection between advertising and privacy. While they are often related, there are situations where they can be different concerns. Two very common lines of reasoning I see a lot:
-
Regarding Brave - that is is just an advertising company so shouldn’t be considered for privacy - without getting into a whole debate about Brave, I think advertising can (and used to for many years) be done in a way that doesn’t harm privacy. And while many privacy advocates may be 100% against advertising of any kind, I think there are some people out there that care a lot about the privacy but not as much against any ad of any kind. The idea of a model that respects privacy but allows for advertising supported free content is at very least interesting to me.
-
The assumption that Apple’s growing advertising business must mean declines in privacy coming. While they certainly could lead to that, I don’t think that is a given. There are several areas (specifically areas where already browsing 3rd party items such as apps or businesses) where contextual ads could be effective without harming privacy at all. Not saying I approve at all of these advertising moves on what are sold as premium devices, just that the assumed decrease in privacy is assuming a lot.
My point is only that these can and potentially should be looked at as separate issues. I’m not ignoring that there is a conflict of interest created where a company like Brave could go back on privacy features to improve the advertising features or that Apple does the same for their advertising money, but I think it’s a bit of a miss to assume the worst possible outcome in these and other scenarios.
Ads are useless as people harden up. Its just exploitation of goods, standars Capitalist bullshit.
The result is that the goods are worthless but also people are hardened up. They are less sensitive.
When I open any “social media” on other peoples phones, its shocking how full of ads that is. I enjoy my comfortable bubble without that.
So as Ads are overused, they need to get better. But the real problem is that ads suck and should not exist in any way like they do today.
-
That it exists.
You absolutely can use a VPN and tor, and maintain a good security posture.
https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN
There are trade-offs to be made, but in many scenarios it’s net positive for the users.
I think the Tor foundation doesn’t want to make sweeping generalizations that don’t apply to all users. There’s a huge difference between we can’t make a general recommendation, and you absolutely should not do this.
deleted by creator
Breaking a lot of pages and slow down the browsing, because no knowing the difference between private and tecnical data, blocking or spoofing all of them indisciminately and not only the private data and those which need to be protected.
