I’m trying to get back to learning Rethink after giving up on it in 2022. Learning is like building a city. Rome wasn’t built overnight.
Do you guys feel there is a diminishing returns in hardening a phone in terms of privacy and security? Is it worth it chasing the last 10-15% if it requires a significant more effort? This isn’t about the enthusiasts here on PG. This is for the average Joe who probably doesn’t care a whole lot about privacy, but is willing to do something about it as long as there isn’t a lot of friction in the process. For example, an iPhone user will use a VPN with its DNS or NextDNS, install only the necessary apps, and use as many services as possible within the web browser.
Privacy doesn’t necessarily mean total anonymity. It might not be possible to achieve it without a lot of hassle, but taking relatively frictionless steps to achieve something is better than nothing. Agree or disagree?
I feel like there are definitely diminishing returns. Whether or not it’s worth doing more just depends on your threat model and how much you’ve already done. Or, if you just don’t mind doing it, or actually enjoy doing it, then sky is the limit.
I aim for 100% because I believe I can achieve it after breaking down every milestone/project first into manageable steps against my available resources.
To me it only makes sense to do this and keep improving no matter unless your threat model warrants it.
As a hobbyist, if you want to keep doing it no matter just because, you can of course continue to keep trying new things. To me that’s tiring and cumbersome just for the sake of it.
It really comes down to the relationship you want to keep having and maintaining with tech if you ask me.
100% is not always possible to achieve or even keep sustainably maintaining.
Unless you’re on Tails or Whonix and don’t use a smartphone at all 100% of the times and your entire OPSEC is ephemeral, what you’re suggesting is not possible if you ask me.
I’m not sure how else you think of it or are even trying to do it.
Definitely, and also the reality is that these things are like the absolute bare minimum for some threat models and certainly don’t guarantee your safety, privacy, or security online. There’s no such thing as 100% when it comes to digital privacy and security.
Well the next several steps involve self-hosting infrastructure that I have not previously deployed before, but I also need to update my OPSEC to utilize best practices and modern tools. There is still plenty of room to improve, but I have a firm grasp of my capabilities and pacing in order to achieve them in a timely manner.
My perspective of 100% is not necessarily the same as anyone else, and ceasing Internet usage entirely does not invalidate my own physical security and privacy needs/practices.
If you’re planning to go into the more advanced and laborious stuff, and your threat model actually requires that level of protection, I highly recommend structuring your systems and workflows to be as fail safe as possible. Don’t depend on yourself remembering to do something or check something. Automate tasks. Segregate your use cases on different OSes or hardware. At those levels, one slip can ruin your whole setup and require you to set stuff up again from scratch, or even buy new equipment. That’s at a pretty high level, but for people talking about super high privacy and security levels, that’s a main piece of advice I have. At those levels, I feel like Bazzel has some interesting insight into the non-tech stuff that can actually jeopardize your privacy and OPSEC as much or more as the digital stuff can. Worth reading his book in my opinion, even though I don’t agree with some of his advice or views. (Basically, I think he takes way more caution and steps in certain areas than in others, and the reality is that you’re only as strong as your weakest link, so any steps past that are wasted motion that are likely to cause fatigue or slips.)
Okay, I will attempt to explain it further. I have milestones with various manageable steps, and achieving all of them means 100%. It is basically my own roadmap.
Yeah totally. I just recommend his stuff to expose people to the broader picture of what threats are actually out there. It helps put things in perspective, like “oh, I’m not willing to do alllllll this work to be a ‘hundred percent’ so maybe I can actually chill and I’ve done good enough for now”.
All the power to anyone trying to achieve it. I ain’t criticizing anyone for trying. I cannot imagine a scenario where I have no cellular service. All postpaid plans in the US require a credit and ID check. So my carrier already knows me. The first battle is already lost. Maybe I’m crazy, but I’m assuming I can be tracked. I am also assuming they’re trying to monetize whatever data they have on me. My communication is inherently insecure. The NYT is reporting about how DHS is using the court system to unveil the identities of people using social media. Very interesting times indeed.
It’s very important to be explicitly clear with what and how you mean by what you say. Generally speaking, there are some things in the privacy context that you cannot make subjective because by definition that’s how how the word or the concept is generally understood or spoken about.
I disagree with your understanding and assessment you have for yourself in how you’re choosing to think about this.
Didn’t realize you expanded your post. Yeah, I did read his book on my ~16 hour flight to Singapore. Very interesting stuff. I’m still trying to learn from him and the experts here. I just don’t have the money to switch SIM cards every so often.