We have people telling us the earth is flat. Them saying so doesn't make our good old planet any flatter ;)

I mean one can find excess absolutely anywhere, that doesn't demonstrate much imho.

As long as everyone is having fun, I see no problem.

If you're not having fun switching mail providers, researching Gecko forks, or being a part-time sysadmin for your Fairphone, you should probably stop doing those things.

Yes, some people absolutely take things way too far, and often unproductively.

Like the person who was trying to disable websockets. Or the people who will shun signal, but jump directly on the flavour of the month signal clone, which might be completely backdoored.

If you dont know what you are doing, randomly turning things on and off at best does nothing, at worst makes you even more signaturable/trackable.

Its good to educate yourself on various protections, but unfortunately, it requires a lot of careful research and understanding.

Of course some people go too far. I think a lot of folks on here grossly overestimate / overstate their threat model, but I think the discussions are good for the limited few who really do need to cover their asses.

Me personally, I hate the idea of companies bidding for my attention without my consent, so I try and make it as hard as possible for them to get it. This just so happens to overlap nicely with the goals of the privacy community much of the time.

Most people have absolutely zero idea how much data they put out there, what's done with it, and why any rational person would be horrified if they knew the extent to which individuals were tracked. Simply put, short of showing them how their lives are made worse, they don't care, and can't be made to care.

For friends and family, you can do things like give them books or send articles explaining it slowly in parts. For everyone else, just ask them if they know how Google tracks what they do in Incognito windows and see what they say. If they say that Google can't or doesn't, they might as well say the Earth is flat. You can't argue with that, even though it's provably false.

I definetly take things too far in terms of my effort vs my current threat model. But there are many aspects of trying to increase privacy.

For one, I'm very interested in the philosophy, ethics and politics of privacy and adjacent fields such as security. Part of what I do is just learning.

Also I try to be a good role model to my AFK peers and family. Of course I don't try to get everyone to adopt my hobby. But as in every field it's hard to teach even the basic stuff to others without deeper understanding of the field.

Definitely yeah! If you’re just a regular person living in a fairly democratic country and you’re thinking about physically clogging your usb ports to avoid someone breaking in your room and tampering your device while you’re exploring Barcelona, or if you consider removing camera and microphone from your pixel phone that you use every day, you’re probably taking it too far.

OTOH I’m still having trouble getting people away from Meta apps and I think it’s absolutely crazy how little thought people put into the amount of data that Meta collects.

TBH even in many dictatorships you’re mostly fine just using a VPN and fake accounts if you have government critical opinions. But that’s just my personal experience. Goes without saying if you have a decent follower count or are some kind of journalist you should be very paranoid.

Anyway, the point is, it’s probably good to feel slightly paranoid because most people aren’t paranoid enough, but most of us are also not Edward Snowden or Saudi journalists, so there should be a balance between practicality and privacy.

Once, someone sent me an Amazon link for baby nappies, and fool me clicked on it. Now Amazon showed boomer me baby nappies suggestions for the next six months. AI at its best... These things annoy me, so I try to avoid being tracked whenever reasonably possible.

OTOH, I am old and hope to not live long enough to experience any rogue government or whatever else persecuting me for having clicked on a baby nappies link years ago; so my threat model is short term only. I keep my privacy to a level, where it hopefully prevents as many annoyances as possible, but does not hamper what I am doing online too much. If I was younger, I'd likely do more.

I'm like a test-bed for a) my business customers and b) friends and family. also, "wasting" time thusly is vastly better than my previous "hobby", namely buying new and exciting shit.

my customers benefit from me knowing how exactly (and why!) I should implement e.g. an unbound instance on-premise. or an in-house prosody communication platform. or the "dev team" (buncha dudes poking at wordpress) getting a slew of used elitebooks with linux for the price of one new windows-with-ai yoga the spec initially called for.

f&f benefit from my early adoption by way of trickle-down tech. no way is anyone of them going to selfhost all this crap, but they get sprinkles of benefits in the form of "get this phone with that OS with those apps" and they're dramatically better off. you don't need the new ideapad ryzen that's "on sale" (isn't), have this 10-year old macbook I fixed and installed linux on - off you go. you don't need the new phone that's "free" with an exorbitantly priced plan, have the cheapest plan with this Redmi/Poco phone I swapped the battery on and installed LineageOS.

as to practical considerations, any and all interactions with the likes of FAANG are and should be adversarial from the get-go, they are out to hurt you by any means necessary. them fucks lost the benefit of doubt ages ago so you not letting them have a millimeter of grasp in your domicile should be your primary task. as their gains are cumulative in nature, every battle won is significant and you'd do well to remind yourself constantly of that.

Yes and I see two reasonable reasons for that.

One is that, like in most communities, those that feel more compelled to post and comment are those that are more passionate about the topic and/or have more extreme views.

The other reason is that given the sensitive nature of the topic, without knowing the threat level of the reader I can see how one would be reluctant to go for the "good enough".

I think that "mental illness" kind of comments would come from people whose attitude for safety in many aspects of life is "that's never going to happen (to me)". Those people exist, so sooner or later you'll see comments like that.

On the other hand everybody is trying to find a balance in convenience and safety and the situations and environments and life on general for one person can be quite different from that of some others'. So what's adequate for one won't be for another.

It's like PPE or personal finance or many other things. There's no one size that fits all and finding the right fit isn't easy. For a lot of us it's work in progress. Sometimes you know what's definitely needed and tweak the details. Sometimes you know something is not going well and needs to change.

Maybe it's enough to say that it's complicated and have some compassion and support for people that think it isn't. Or people that think it's all too much to handle.

Yeh my family treat me like I am a nut job. I only swapped away from google and ask them to think about the orgs they spend their money on for example Amazon.

It’s amazing how many people got on board with Covid conspiracies but questioning where you data goes, who’s using it, what for, no that’s a bit far lol.

explainxkcd.com/wiki/index.php…

Relevant XKCD;

I feel that it is closer to the fact that the communities forgot most beginners are completely new to this in general. They might not even know what exactly a 'browser' is, much less cookies and stuff.

Hence when we try to spoonfeed them information, it comes off as overwhelming and forced.

Agree that there are some extremist, but they mostly act in good faith tbh.

Another thing I noticed is there are more preachers of 'how' than 'why'. Having a beginner go down the route of privacy without giving them a purpose to do so is quite off-putting.

A year ago: yes.

Today: nope.

Like most things on the internet it's a game of one-upsmanship. User X uses Firefox with Incognito. User Y say's that isn't good enough for his own inconsistent definition of "good enough."
So User-Y suggests Firefox with 14 different add-ons and only browse through an immutable VM.
But then user-z comes along and says that if you are using windows at all, you don't really care about privacy, so you should be using Icefox on some obscure fork of ubuntu through an immutable VM, with a pi-hole.
Then user-w says well if you aren't using a VPN none of this matters, so Obviously you need to rent an Alibaba cloud server hosted in China, that you only connect to through a privacy respecting VPN, and then you only browse through TOR.

And so on. By the time a user is asking about how to stop google ads, the only "serious" answer by the community involves using Packet over Ham-radio -> and spending thousands of dollars a month on 4 different cloud providers, rented through several shell companies set up in Switzerland, the Cayman Islands and China, while only typing in Esperanto using an ASCII-only font.

A few weeks ago, I would have said 100%. I am needlessly careful.

I know I'm protecting against privacy threats that are technically possible, but unlikely. Preventing the tracking is just an interesting hobby, to me.

But earlier this month, we learned that Meta went "all-in" on what I consider some fucked up shit - running a mini localhost server to track the vanishingly few people who bother to block their tracking.

So now I guess I'm only about 30% sure I'm being needlessly careful.

I have been thinking about this a lot recently. I live a life where OPSEC is relevant. Its something that I have had to consider always, and has been for 2 decades. Even so, I wasn't as concerned this whole time as I am these days. The fact is that technology is making it such that its no longer "im not a person of interest they wont spend resources on me" because data crunching is happening to such an extreme, on such a grand scale, that person of interest doesn't even matter. Do you exist, yes. Do you have a digital foot print, yes you do. Even if you dont do a lot online. Your metrics are being captured and being inferenced, and systems are using predictive analysis to determine what you "may" do in a given situation. Depending on who controls those systems they may decide not to give you a chance to make that choice.

Ill I can say is that there are a large number of groups that want your data, for a lot of different reasons, and none of them are for your benefit. So, are you going to let them have it, or are you going to take steps to reign in the amount of info you leave about?

Yes.

Like any interest, people get so far removed from the original point, it becomes about something new.

Like cast iron. People go from not really knowing about it to learning how to cook with it, to learning how to do basic maintenance. About 20% of people go completely off the rails, and they start buffing and polishing them like they are fabergé eggs, and joining cast iron groups.

Privacy is the same. Learn the basics, follow the basics, relax and get over yourself.