Do you actually use the privacy socially?

Like for example, I have signal, session, berty, element, briar installed. I hav pgp keys for all my email accounts. But I never get to use them. None of my friends or family are willing to use them. I am forced to use WhatsApp to communicate with family, and have lost contact with all my friends, because they refuse to use anything other than Instagram, Snapchat or Facebook. When emailing, everyone I know refuses to even listen to the concept of pgp keys. Its like I am practically using signal and session currently only for the note to self feature. I even have a family group on signal after forcing them to use it, but none of my family even opens it.
If I try to explain privacy to either my family or friends, they are like so what if we are tracked. We get better ads, serving our needs better, and are helping the tech companies with our data. They don’t care about privacy at all.
Are you all also facing similar issues?

1 Like

Hi @Vicky , heard the saying, “You can lead a horse to water but cannot make her drink?” I experience the same thing with family and friends who feel zero pain using predatory communication apps. Think of it from their viewpoint, why would they change (takes effort) to accommodate you? I suggest you continue leading by example. Share the benefits of privacy in a non-pushy way. Wait until they feel pain or read in their echo chambers something so concerning about a lack of privacy that they come to you. It’s the first follower concept ala the shirtless dancing guy. Keep the faith :grin:

10 Likes

Thanks for the video, it is a remarkable concept. I will follow the concept :blush:!! I really appreciate the video recommendation and the advice, it vibes with me and has helped cleared my head.

2 Likes

It’s an issue, definitely. What I normally do is use e-mail encryption on-demand. I don’t force it, but I attach my PGP key to the emails I send and if they choose to, they will import and use my key. If it’s not sensitive, there’s no need to force encryption, it’s just a supported feature in so many clients that I don’t see a point not to in 2022. It’s important to hold onto what digital freedoms we have because they could be gone tomorrow. Many privacy standards we have now are being fought against on a daily basis. Sadly, many people choose convenience of Facebook Messenger and WhatsApp over Signal and Session, Briar, Tor, etc. It’s a battle you can’t win. When someone is lulled into a state of comfort by their captors, they will bend and eventually break. That’s what has happened. Your friends and family see no need to protect their emails because they “have nothing to hide” or “it’s too difficult to learn”. Well, how did you learn to drive a car? You practiced. How did you learn to walk and talk? Practice. It’s the exact same principle here. You need to learn to walk before you can run, and eventually, swim in the digital world. We also have a larger enemy to our 1st and 4th amendment rights established by the Constitution: global surveillance, which is by far the biggest reason to have secure communications channels to friends and colleagues, as well as family. It’s your right, but you can’t be forced to practice.

2 Likes

Yes, I use but in practice only Signal right now, it’s not an easy task to make people to install Signal where I live, because everybody uses WhatsApp here, but you need to make one by one to install, start with a friend who is more into tech or privacy, after that install (and make easy to find/use) on your parents phone, then one by one friend, if a friend ask you to fix their computer or something similar, answer “I do, I help you, if you install Signal”.

Don’t try to make an intire group to install Signal, make one by one.

3 Likes

It’s difficult to convince people to care more about their privacy. Once you’re at a point where you can’t convince people to switch, you have to try to have your cake an eat it to, with as least tracking as possible.

I believe matrix has a bridge protocol for whatsapp, so maybe you could try that.
You can also try various methods to mediate the tracking. If you’re using whatsapp on mobile, using NextDNS to block the telemetry server pings whatsapp sends out, and using a VPN to hide your IP address is not that bad of an idea. There are likely more things you could do, however I’m unsure.
If you use whatsapp on PC, don’t use the app but instead run it in a hardened browser with NextDNS, maybe you could use tor but I don’t know if whatsapp would like you signing on over tor IPs.

As for the PGP email problem, I’m not knowledgeable in that so I can’t help you there, sorry!

There are privacy compromises I make in my life to stay in touch with my friends. While I will never install social media like instagram, I have SnapChat on my phone to communicate with friends, and Whatsapp to occasionally speak to family. I also run Discord in my browser, but overall I have made efforts to reduce the digital footprint I leave behind.

As for convincing someone to care about their privacy, just send them this

3 Likes

I am very proud that I have gotten a bunch of people over to signal, a couple over to bitwarden w/yubikey as well as a one over to Tutanota. I wish I had friends who used xmpp but i dont. I did get two over to threema and one over to briar. I even have been able to two over to linux all in the last two years.

2 Likes

I am on a discord server with a bunch of buddies. It was formerly a Facebook group. One day everyone got tired of having their posts removed for not meeting Facebook’s community standards and we collectively agreed to move.

Just keep putting the info out there in a non-pushy way. When the time is right they will ask you for suggestions to improve privacy.

PS… I am aware Discord is not perfect for privacy, but I believe its an upgrade from Facebook. We already discussed Mastodon if Discord ever goes south :slightly_smiling_face:

2 Likes

Initial thoughts

I am aware Discord is not perfect for privacy

It isn’t great, and compared to the rest of the real-time clients out there (like Element with Matrix) for privacy, it’s not even good. But if you’re looking for simple communication among friends, that is a decent option and might be better for COMSEC than Facebook Messenger. Although, you can sign up to Discord using Tor, so that sort of redeems it from a high level perspective of privacy. Just consider that it was created for gamers to talk in real-time and is not privacy-oriented. That said, they have a great UX; it’s easy to use and they respect your use of a VPN or transparent Tor proxy.

But if you want real private and secure messaging, you would want to use something like Briar.

Reasons not to use Discord

It isn’t E2EE. It’s closed-source (though that isn’t always an indication of it being insecure). It doesn’t have PFS, zero-access encryption, and doesn’t protect your metadata. The default privacy settings are terrible. It requires email (which requires you to use a burner email to avoid KYC tactics). You can run it through Tor but it’s difficult and the usability is atrocious. There are bridges to Matrix but why not just use Matrix to begin with? Also, a huge note, it’s also highly centralized and as I noted about self-hosting in a previous post, you are putting your trust in that particular discord server’s privacy policy. It’s something I would personally avoid for any contact with friends or coworkers because of the fact that I can’t verify any of their security claims on my own time.

Well, maybe you are a regular netizen. That’s fine, you probably have no reason to encrypt your communications. But you still should try versus “I have nothing to hide.” Your encryption should matter to you, and to your friends, even if you are just gaming or working on a team project. I would say it’s secure for work-from-home stuff, but it’s not even good for that, compared to Slack or other alternatives that both respect your communication security and simultaneously offer a better text-based chat. Slack even lets you save posts for later, which is not possible on Discord. Overall, it’s better for all situations, but still not something I consider secure for sensitive topics (work-from-home sensitive, not government-level (SCI) comms).

In the end, you can suggest your friends towards a better alternative, but most people are so comfortable in the box they are not willing to step outside of it. Those people are especially susceptible to communications tampering/surveillance, as well as telemetry. It will be especially hard to get them to walk a path of privacy when they’ve been using the Discord and are already familiar with it.

Teaching security and privacy to others

I recommend following the EFF’s guide to teaching others if you’re concerned about you/them.

  • Make it personal, not technical.
  • Explain your thinking.
  • Give a recommendation anyway.
  • Give the audience a place to look for deeper explanations and updates.

This way, you don’t just randomly flood someone with, “Hey, you know what Alice? You should really use this technically cryptographically secure messaging app that supports PGP and OTR.” You’re trying to offer something way beyond their current understanding of how their communication works and they will probably not be turned on by such an offer. I gradually introduced my parents to a password manager after they’d been hacked twice and had their passwords shared in a data breach. They still were wary. It’s new and it’s threatening to them because they live inside the box.

7 Likes

I think that you might be taking your privacy and security too seriously.
I have a signal account to talk to people about sensitive stuff, I encrypt
my drives with LUKS and I study information security, but let’s not go
too crazy with that. I still have to use those popular internet
messengers in order to not loose contact with my friends, my
Boss, my schoolmates etc. The
harsh truth is that most people will never care about such
topics, so you have to adapt to the real world situation.

Assuming that you are an average citizen of a relatively democratic
country, I do not think that someone who works for Facebook or
Snapchat or even your ISP would be actually interested in looking
inside your conversations about school,work etc.

The moment in which privacy and security starts to negatively affect
your life is usually the moment in which you should rethink your
threat model and your life goals. If you need to talk about something
sensitive with people who refuse to use secure communication
methods, simply meet them in real life and discuss the topic there.
If you want to use PGP with your email, consider using premium
SimpleLogin tier which can automatically encrypt all incoming emails
before they will arrive to your inbox.

Just try not to be too extreme with privacy and security, and perhabs
try to introduce some changes to your life overtime. Before you even
start talking about PGP, signal etc. try to have small talk with
people and deduce if they even want to be bothered with the topic.
Some people might want to listen to you when they will need a
solution to a specific problem (I usually convince people to use
signal and bitwarden in that way).

2 Likes

It’s a very personal thing to to determine what our threat model’s should be, but I also think you raise a good point about not letting our anxieties be king.

If our worries about privacy are the only consideration for making threat model decisions and it’s to the detriment of connecting with friends and family, I think that’s a red flag personally. Not a red flag as in that someone shouldn’t go that far if they need to, but in that it should make us pause and think about everything else that’s important in life.

I think that privacy and security conscious people are especially susceptible to being anxious in a mentally unhealthy way. The privacy community many times exacerbates that accidentally or ignorantly. There are real and valuable counterbalances to consider when making your threat model, like staying in touch with friends and family. I think that for most people we have to keep things in context.

I know that at the end of the day we each make our own threat model. Just really think about what you’re giving up and if you’re going too far for yourself.

3 Likes

Fam has Signal and uses it.
I also have Briar. Tutanota, Tor, encrypt with Boxcryptor (proprietary) and use 2fa as much as possible. With the exception of 2fa, no one else will use these apps. :rofl:

1 Like

Good points. I brought these private apps into my household first as well. I had to convince them little by little and just turn their frustrations with the way big tech applications work into an argument for the alternatives. Now everyone uses Brave browser, DuckDuckGo and Signal. My mother and sister are even daily driving Linux comfortably (though I take care of updating my mom’s system for her of course :smiley: )

Take it slow and use what opportunities become available organically to you.

5 Likes

Anytime I am “selling” a private or secure app to someone I tend to focus on the usability and features of the app and just kind of throw in the fact that it is private as a bonus.

I’ve got a lot of people using Signal and for the most part it is due to stuff like the size of files you can send. For Brave I can say it blocks ads by default and it runs faster than chrome. If someone wants a password manager. I push them towards Bitwarden because it’s just as fully featured if not more so than something like Lastpass but is open source, so you may as well just use Bitwarden.

I feel like for most people stuff like that is more important to them than simply the privacy aspect of it.

Just a quick note about using a more private and secure email provider. While yes most people who you would be sending emails to use something like gmail or outlook, institutions tend to have their own domains. I see it as a win if you can keep Google from seeing your financial or medical information.

3 Likes

Sure do!
I mostly use Signal. I feel like I’ve gotten very lucky that I’ve been able to get some of my family and friends on Signal.

I usually manage to get them over by telling them things that you can’t do on regular messaging apps, then explain to them why I use it. It usually works but if it doesn’t then it just doesn’t.
As it’s been said before a million times, it’s difficult to get people to care about privacy.

4 Likes

Related:

1 Like