Demystifying Digital Privacy and Security: The Need for User-Friendly Tools

Why does enhancing one’s digital privacy and security often seem so complex and time-consuming? To address this, shouldn’t there be a focus on developing scripts or applications that can automatically configure software to enhance privacy and security? This would not only assist users who lack technical skills in improving their privacy and security but also save time. However, it could potentially discourage them from understanding the intricacies of cybersecurity by making them more ‘complacent’.

Currently, it seems as though one needs a degree in computer science to enhance privacy and security, even though using a computer or the internet doesn’t require such expertise. I acknowledge that there are limitations to automated, one-size-fits-all solutions. Hence, I propose that these scripts or applications should have adjustable settings. This would allow users to alter the degree of security hardening and the corresponding software usability, either by using pre-configured profiles or by toggling settings on and off, on an individual basis.

Simultaneously, these tools could educate users about the function of each setting at various levels (e.g., on or off), the recommended level for each setting, and how each level impacts usability.

Consumers care more about convenience than anything else and companies are incentivized to track users and collect their data. Hence, most software these days comes shipped with all kinds of trackers, ads, and telemetry. The only times we see companies make an effort to protecting their users’ privacy is when either A) the company is in the business of protecting people’s privacy or B) the company is obligated by law to take measures to protect a person’s privacy.

If you care about your privacy, then you’ll have to go the extra mile and counter to the companies’ business objectives. For example, if you are using MacOS and you don’t want your device constantly phoning home to Apple, then you’re going to need a network monitor such as Little Snitch to block all of the requests. You’ll have to go through the entire process of setting it up, configuring it, and maintaining it. Now you’ll need to replicate the process for your browsers, applications, and other tools, which becomes complex and time consuming really fast.

Then you run into other issues, such as all your friends using Instagram or you’ve been using the Google or Microsoft Suite for productivity. Since you can’t fully control your data and the businesses are incentivized to collect your data, you’ll have to look for alternative tools. Not only do you need to look for the alternative tools, but you also have to get used to them and you have to figure out ways to bridge the gaps. For example, if you care about your data and want to delete Facebook, then you also lose contact with many of the contacts you had on Facebook.

If you care about privacy, you won’t get around doing some technical work and putting in the time to shield your privacy and control your data.

A few issues that the privacy community does face is the lack of UX focused decisions when creating new tools and getting stuck in technical lingo without a translation for your everyday joe. Regarding UX, many FOSS applications have terrible usability compared to the mainstream alternatives. However, there also isn’t much of a budget for UX design in the FOSS space since a lot of creators are already strapped for cash. It would be nice if we did get more people working in UX to contribute to some of the projects, however most contributors tend to just be focused on the functionality.

We could also do a better job translating guides and docs for someone who is new to the privacy and FOSS communities. Some require you to have extensive knowledge of SQL or how to use git. However, it’s challenging to figure out how to translate some of the content when most contributors are more technical and it’s sometimes unclear what we can safely assume the user may or may not know.

Lastly, I do believe the privacy community is making progress and it’s expanding as more people wake up to the reality of what happens when their data is not in their control. However, most will still prefer convenience than learning about digital privacy and making any substantial effort to protect their data. In the end we can work on making tools easier to use, create better content, but the market signals are pretty clear.

If you want scripts or tools that solve a problem, the best way to contribute is to create them and publish them. It’s a community effort at the end of the day.

Changing your email, search engine, browser, password manager, and 2fa to those with more privacy and/or security are the biggest bang for your buck.

All can be switched without a computer science degree and you will have done more than most people.

Good. Why don’t you do it?

You could start by writing a guide about everything you learned in the windows hardening thread and read more into it, so that you actually know what you write about. Afterwards you create a script to automate it. Publish it on something like GitHub so others can discuss issues and maintain and improve it.

Proposing something is easy. Getting to a state where you would call yourself knowledgeable enough to actually contribute something meaningful and then using your spare time to develop, publish and maintain it is a hell lot of work. Making solutions with a lot of options so everyone can adjust it to their needs even more so and can fill a full-time job.