News article about the ‘extreme privacy’ community on Marketplace, which is part of Minnesota Public Radio.
Something rubbed me the wrong way about Triedman’s characterization of the extreme privacy community, so I pored over his linked op-ed: Threat Model - by Hal Triedman - Reboot
This reality points to the key misunderstanding of extreme privacy, at least in its hobby form: it posits that surveillance is an atomic problem that should be tackled by enlightened individuals or families, rather than a networked phenomenon that implicates society more broadly.
Does it though? Yes, America is has quite the individualist culture, but do the extreme privacy “hobbyists” predominantly think that individuals opting-out is the sole solution to mass surveillance? I don’t, and I find that assertion reductive and defamatory.
I think we’re all opting ourselves out now, as that’s a practical defensive posture we’re already late to adopt. That in no way precludes less immediate efforts towards improving the sad status quo. After all, fixing societal problems quickly is inconceivable to all but the most naively optimistic. Meanwhile, your interfacing with surveillance and/or your self-publishing of data are daily or near-daily activities you have much agency to change today.
Rendering yourself disappeared is inherently self-limiting, and invisibility is an individualistic trap. To disappear is to cede the space you once took up, to cast away the chance that, just maybe, your visibility could create change.
I think this is Triedman is rationalizing his own refusal to quit social media rather than addressing any actual philosophical or social truths of breaking with the surveillance-friendly/apathetic dominant culture. Visibility isn’t the only way to make change. In fact, in the case of social media, which itself depends on user generated content (in essence, access to people), I believe invisibility, that is divestment, can do more than any amount of rhetorical posts on the platform.
3 Likes
Not a fan of this Hal guy, I feel like he says a lot without saying anything… but in a very poetic way.
I think when we’re talking about the “extreme privacy” community, there’s, I think, a couple of different branches of that. First of all, there are people — women, queer people, sex workers, people who might be gender minorities or sexual minorities — who are disproportionately subjected to online harassment, doxing, swatting, all of these horrific online practices. And on the other hand, there are people who are sort of curious about this. And I think that those two communities, in terms of their orientation and their drive to do it, really differ. I think that it’s important to disambiguate those two groups and say they actually might have different drives here.
This seems politically biased in favor of left-wing policies and issues. I got into the privacy community nearly a decade ago and have met people of different origins with different use cases and different threat models. There are people who get into extreme privacy because they live under an oppressive regime, who could potentially end up dead if something went wrong. Thinking of Pegasus here for example. There is curiosity, but I haven’t met too many who got obsessed with privacy for no reason other than simple curiosity.I did meet some who are a bit more neurotic than the average who get sucked into it out of paranoia. But Paranoia ≠ Opsec.
There are people who get into this field because they are looking to exercise freedom of speech and freedom of expression. These are people who would otherwise face repercussions whether socially or legally. You see it on social media platforms where someone says something another person doesn’t like, then they go out of their way to contact that person’s employer to get them fired, which is pretty disgraceful.
You also have people attending protests who have to protect their identity. Doesn’t matter it’s left-wing or right-wing and I believe the conservatives learned that lesson from J6.
I could go on with different types of people that are in the broader privacy community, but point is that it’s not just one or two types of people.
This reality points to the key misunderstanding of extreme privacy, at least in its hobby form: it posits that surveillance is an atomic problem that should be tackled by enlightened individuals or families, rather than a networked phenomenon that implicates society more broadly. The world—particularly those of us who believe in protest, political advocacy, and active participatory citizenship—undoubtedly has many practical skills to learn from extreme privacy. But as extreme privacy practitioners hide from the internet, they betray a worldview that can be just as pathological as the informational fatalism that impedes individual action on privacy: a deep nihilism about other humans.
Extreme privacy practitioners don’t hide from the internet, if anything they’re likely to be more active on the internet than the average, since you have to be somewhat tech savvy to make any progress. Regarding having a deep nihilism about other humans, that’s just an assumption.
Honestly, I don’t really understand the point of his writings. It just seems a bit like an intellectual circle jerk compared to Michael Bazzell who provides actionable information regardless of worldview or political bias.
Edit: I don’t believe it’s a good idea to invite political and cultural bias into the privacy community. It’s just going to divide the community like it has with communities on any big tech social media platforms. Privacy and opsec do not have a political leaning or are associated with one side, but not the other. Laws can affect your threat model, but again that’s more of a practical issue in the end.
2 Likes
By assuming there would only be two sides to something you’re already showing a political and cultural bias! Its impossible to argue from a perfectly unbiased stance as such thing simply does not exist.
I believe there is a place for actionable information, just like there is one for the “intellectual circle jerk” that can guide your overall approach
3 Likes
Much agree, though the example given might have been some hypothetical.
There are also people from netsec/software communities which want to “make things better” and the self hosting community of sysops which don’t want to be reliant on some company. The latter is usually without control there is a very high chance of enshitification.
a privacy engineer who recently wrote about the “extreme privacy”
I will say though I dislike the term “extreme privacy”, because it has some congruence with “extremism” and “crazy”. I personally think a better term is “privacy aware”.
The reason is because in regard to social media websites it’s usually the fact that people don’t know what is being collected, how it can be used or derive new information in a larger dataset that is a motivating factor for leaving such services.
I also think it has connotations of “maximum privacy” which is bad, too, because actions should have a purpose and we like to encourage people to think about what it is they’re actually trying to do in regard to threat modeling and avoid pointless badness enumeration activities like “degoogling”, which may very well have conflicting goals anyway. The latter example would be better defined as avoiding services which are funded by advertising/data gathering. A company like Google or Microsoft is usually large enough they have multiple “goals”, and not all of them are privacy invasive (popular privacy misconception).
6 Likes
I will say though I dislike the term “extreme privacy”, because it has some congruence with “extremism” and “crazy”. I personally think a better term is “privacy aware”.
I agree, it’s not a great term. It makes for a great buzzword, especially in the marketing sense, but it’s inaccurate and does give off a bad vibe. Reminds me a bit of how the term “deep web” got abused by crappy YTers just making up fictional stories for entertainment rather than taking it for what it is.
The reason is because in regard to social media websites it’s usually the fact that people don’t know what is being collected, how it can be used or derive new information in a larger dataset that is a motivating factor for leaving such services.
From a UX design and usability perspective, it’s pretty bad how companies explain what data they collect, since it’s buried in legal documentation, which the average will not read and may not even comprehend. Literacy rate, especially in the US, is pretty bad. However, at the same time, if someone uses a services and agree to the terms, then anything goes (according to the terms). It’s not illegal nor is it necessarily unethical in every situation, but it is deceptive and deliberate, especially when you take all the BS marketing into account.
I also think it has connotations of “maximum privacy” which is bad, too, because actions should have a purpose and we like to encourage people to think about what it is they’re actually trying to do in regard to threat modeling and avoid pointless badness enumeration activities like “degoogling”, which may very well have conflicting goals anyway. The latter example would be better defined as avoiding services which are funded by advertising/data gathering. A company like Google or Microsoft is usually large enough they have multiple “goals”, and not all of them one purpose (popular privacy misconception.
It runs along the lines of “The top 10 best phones to buy in 2024!” and all the other clickbait articles that have been SEOed into oblivion. In reality, there is no one size fits all and if we’re talking best then the question is “relative to what and in what context?” It’s really just problem solving. You have a problem, in this case a threat, and you have certain options to resolve the problem or counter the threat. Unfortunately, cognitively speaking, this can become pretty complex, which means people shy away from it and instead gravitate more so to doing what is convenient.
1 Like
Many privacy aware people definitely have a nuanced view of the subject, but I also have seen the kind of sentiment being described even on this forum sometimes. Generally this is in the form of not having a threat model, wanting to be completely invisible, or excessive paranoia about privacy/security risks.
3 Likes
I just figured, it would be extremely interesting to conduct a survey using the big five personality test to figure out what traits are associated with people who get into the privacy & security field. The same was done in the nootropics/cognitive enhancer community a while ago:
https://darktka.github.io/
https://www.researchgate.net/publication/7014171_The_Mini-IPIP_Scales_Tiny-yet-Effective_Measures_of_the_Big_Five_Factors_of_Personality
Would love to know what traits are the most strongly associated with an interest in privacy and have some data on it rather than going off of anecdotes.
The article smells like bullshit. Use of false claims and words like “extreme” seems to me like an attempt to discourage privacy and defame the privacy community.
Like what others have said here, the privacy community has never posited atomic individual action that the author claims, nor try to disappear from the internet. Many people in the privacy community try to onboard everyday people, because they know that privacy is a social issue beyond the individual. It’s the world we live in that gives privacy aware people no choice but to act individually (as a first step).
From my point of view, desire to opt out is caused more by mass surveillance being overwhelming (ubiquitous, intrusive and the norm) than by individualism. However, there might very well be a correlation between the two.
Indeed, it’s not a good idea to invite political or cultural bias into the privacy community. However, though not intrinsic to any side of politics, privacy/security is political and cultural. Assuming this political spectrum for the sake of argument, in my view, collectivist privacy/security is “left” leaning, individualist privacy/security is “right” leaning, privacy/security for people (freedom) is “bottom” leaning, “national security” (euphemism for state supremacy) is “top” leaning.
I say “the privacy community” lightly to refer to the group of people who share privacy as a common value and help each other to that aim, and don’t claim that it is a contiguous group of people who think alike and have common life experience.
1 Like
Acknowledging that certain groups are disproportionately subjected to online harassment is not “left-wing.”
2 Likes
If you’re in the USA that is. Not necessarily the case elsewhere