The Process of Improving One's Privacy is Overwhelming

Summary:

We need to focus on making the information go from basic to complicated. We can not have complicated terminology and concepts randomly interspersed in introductory topics, or at the least we need to minimise this, because sometimes this will be necessary, which I do understand.

Also, I think threat modelling is a complicated way of saying, address your privacy problems, which are unique to you. But in most cases they really are not that unique unless you are a journalist or a “wanted” person by the government, this is evidenced by the Common Threats subtopic.

Original post:

Let me preface this by saying that my “expertise” is in the field of a natural science and not cybersecurity (I am not even sure if this word is technically correct for encompassing the concepts privacy and security).

In short I am overwhelmed by the amount of jargon and the length of explanations specifically in the Technology Essentials topic. However, this is not applicable to the Knowledge Base topic, where the subtopics are simply explained and easy to understand. This trend continues until, after the Introduction to Passwords subtopic, i.e., the Multi-Factor Authentication subtopic. From here it appears that there is a shift from simple, fundamental concepts to “tech jargon” (e.g., the names of certain processes), I will talk more on this later.

In the Recommend Tools topic, there seems to be a weak emphasis on Why and When we need to use these recommended tools, or at least these points are lost “in a sea of distractions”.

In summary, I love the goal of this website and I am by no means trying to insult the work done by the wonderful people here, but I need to know what I need to do, I think Threat Modelling is overcomplicating the process. What I am saying is that there should be a way for everyone to fulfil their human rights, in an easy manner (e.g., automatically).

In other words, we need a universal guide of essential tools that everyone needs, and a brief explanation of why we need them, and if applicable when we need to use them. For example, when should I use a VPN? I know from tediously searching throughout this website, I should use a VPN before connecting to TOR. Whereas, if I am not using TOR, I am told I should use a VPN everywhere, except when I am using websites that require my real life identity. This information is given to me in separated, discontinuous chunks. Thus, I think this website could be arranged more logically and educationally. What I mean by this is that before jargon is used, it needs to be introduced and explained. For example, from the Knowledge Base topic to the Technology Essentials topic and onward, there is a sharp transition from fundamental explanations to less fundamental explanations, that are discontinuously interspersed between somewhat unrelated tech jargon. This is confusing for the reader.

We need more of a textbook approach, where fundamental concepts are first explained, jargon is then introduced and explained, and readers can optionally read more complicated topics with their newfound knowledge of this jargon. I know doing this could require an entire cybersecurity course, but I am sure improvements could still be made.

TL;DR this process of improving privacy is currently ridiculously complicated.

With this being said what do I and everyone need to exactly do? To understand cybersecurity I need to understand how computers work. Also, how does encryption work? It seems to me tech and science, of which our knowledge of them is naturally simple due to our limited intelligence, are shrouded in jargon and unnecessary, artificial complexity.

Mod edit: Moved specific questions to What do I need to do?

So, what do I need to do? Setting up this website in a more straight forward simple way would answer all these questions and more.

Thank you for your feedback. So that I understand clearly, am I correct in seeing the way you break down the articles in the knowledge base is like this?:

fg75QDZYY8gb2FbN596×1488 98.5 KB

Yes, although I quit thoroughly reading when I reached the DNS Overview subtopic, so I am in no position to say that the rest of the subtopics are overly complicated. Also, I have slightly revised my post.

A post was merged into an existing topic: What do I need to do?

Okay, good to know thank you. If you don’t mind, I’ve moved your specific questions to a separate post, so that we (as a community) are able to discuss changes to the website in this topic, and you’re able to get your questions answered over there separately.

That is fine, quite frankly I have little idea of what I am doing. No problem. ;). I truly appreciate what you all do!

Creating a “getting started” guide of just basic/starter recommendations wouldn’t be impossible… Maybe in a format similar to Consumer Reports Security Planner (although we don’t necessarily agree with all of CR’s specific recommendations, the layout is nice/digestible).

Part of the difference between the articles you’ve noted is certainly who authored them which is something we should figure out on our end.

I think all the information is fine, however, arrangement is key. In some cases, jargon is used without proper background information. Importantly, I think one category should be for lazy people who do not care about any background information, it should just be simple recommendations, that everyone should use, consisting only of why and when they should use it. The next category should be fundamental background information and explanation of jargon, for more interested readers, it would preface the previous category the “why and when they should use it” information, it would add more conceptual information and be optional, and the third category should be for more “complicated”, jargon-filled topics.

Thanks, for listening, your openness will be the reason for your success.

This is definitely a suggestion I’m sympathetic towards, but there’s also been a lot of feedback over the years urging us to avoid exactly this…

…in favor of the “threat modeling first” model we currently start our knowledge base off with. Which I do also agree with, to be clear. I’m unconvinced that starting the site off with standalone recommendations (for the “lazy people”) is the best approach to begin educating “normal people” about privacy.

The ultimate goal has always been to encourage people to think for themselves instead of follow our directions, and I’m not sure how to reconcile those differences very effectively. Going to give this more thought…

Some related discussion:

I know that you stopped reading at the DNS Overview subtopic, but what are your thoughts on this flow chart on the same page? DNS Overview - Privacy Guides

I personally found it very useful to help me determine that I should use a VPN and shouldn’t use encrypted DNS.

Edit: Using the flow chart also helped in prioritizing the information that I planned to read. If encrypted DNS is something that I should not use (since I am more inclined to use a VPN), then I probably don’t need to read the jargon, as you put it, related to encrypted DNS. I could focus my attention to another page of the Knowledge Base.

It also nails the element of simplicity that you emphasize.

Sorry, I need to be more clear, I do agree with you. I do think you should begin with introductory, conceptual, fundamental information, that explains jargon. The next section where you introduce the tools, and why and where you should use them should link to the concepts explained in the first section. Skipping the first section should be explicitly stated as optional for “lazy” users or users without time, to at least give them a chance of improving their privacy without being intimidated, however, this should not come at the cost for users who want to be more informed. If you section off or compartmentalise, and label sections for users of different interest levels, and label them for who they are for, this will avoid any issues, I would imagine.

Nevertheless, ignore what I just said, we need to focus on making the information go from basic to complicated. We can not have complicated terminology and concepts randomly interspersed in introductory topics, or at the least we need to minimise this, because sometimes this will be necessary, which I do understand.

Also, I think threat modelling is a complicated way of saying, address your privacy problems, which are unique to you. But in most cases they really are not that unique unless you are a journalist or a “wanted” person by the government, this is evidenced by the Common Threats subtopic.

I definitely agree with you Redoomed.

That is an interesting point. Perhaps one should first be introduced to those common threats and some ways to ameliorate them and only then think about threat modelling. I see how it can be overwhelming to do it the other way around.

I recently read the entire website without having any background in IT, with little knowledge of computers. I skipped things which involved tools/devices not relevant to me, had to Duckduckgo a lot of other things, and was still left with quite a lot of questions. So I agree with the general sentiment that the website could be improved, and that the process of improving one’s privacy is overwhelming.

But I believe much of this is down to the nature of the subject itself. It is indeed a rabbit hole, and it seems there is too much debate within the community of privacy tech-geeks to allow for the type of simplifying which you are calling for. And therefore if the contributors to this site wish to recommend something, they need to explicate why (with reference to relevant technology). For people who just want to fulfill their human rights with confidence, it is a learning curve yes.

For something more beginner-friendly, I think the TechLore Youtube channel is great, there is a “go incognito” comprehensive guide which I think would be much easier to understand than this website (but this website has the benefit of being more rigorous and update-able, I believe).

Final thought: I do not think it is necessarily overwhelming to go from no digital privacy to more private than the 99% of people. Just swap Google for Tor/Brave, Gmail for Proton, buy a VPN, Signal whenever possible and quit social media. Don’t overthink it like us. If you want to understand the weaknesses of whatever approach you choose, to be more comprehensive, and to maximize privacy without it becoming unfeasible, then yes it is overwhelming. This is because we live an ecosystem which is unfriendly to privacy to such an extent that full privacy is near impossible if you shop online or use the internet for work.

7 posts were split to a new topic: Is ProtonVPN Premium better than Free?

(I had a whole pharagraph written but accidently messed it up. Nevermind, not gonna rewrite it again)

Such a shame, but I understand.