This is a great forum to get advice. I’ve found it extremely useful.
The cliches get a bit wearisome.
Do we really need to preface every piece of advice with,
“Depends on your threat model.”?
Okay, Okay, I get it. It’s true.
But it’s kind of like being on a Survivalist Forum and starting every piece of advice with,
“Number 1–Don’t shoot yourself in the head.”
I thought of making this point subtly by commenting on every thread - “Depends on your threat model.” but when I started to look through the threads I see it’s already there at least once in practically every discussion. Point made.
I think threat modeling is very important. A couple of days ago, I was on here messaging someone who was concerned about state surveillance. Talking Tor, Proxies, VPNs, etc. They just wanted to get access to news sites, and not be restricted. That persons threat model would be something very different compared to someone who just wants to dodge Facebook. When you know a threat model, you know what kind of tools they might want/need, and help guide them in the right direction. Tool A, might be great for the FB dude, but not for the person evading Government surveillance.
As for the Linux thing… I gota agree. I love Linux, but it’s not a magic bullet. It’s a tool, that’s not a good fit for everyone.
A cliche I’m not too fond of:
“FOSS software is always better for privacy/security, than anything proprietary.”
Perhaps having standard threat model definitions/categories could help sort through recommendations that are appropriate for a particular person or use case. I think the Techlore video template with Zones would be a great starting place.
Then again, getting the privacy community to agree on anything as ‘standard’ is a whole other challenge. But maybe at least here on the techlore forums we could achieve some kind of standard threat model zones.
I don’t mind people mentioning that something depends on threat model because it’s true but also not everyone is familiar with threat modeling, especially someone new to being aware of this kind of thing.
That said, if all you’re going to reply with is “depends on your threat model”, that doesn’t add too much value. For the sake etiquette, it’s better to have a unique view you want to share even if you’re qualifying it with the threat model thing rather than just saying with nothing else.
I can’t think of cliches I would want to stop using, but I do agree that privacy conversations can feel repetitive depending on what you’re talking about. When we’re discussing tools, there are often limited options, so it’s like “for browsers use Brave, Firefox, or Tor, and maybe consider these other forks.” Like, boom, done, nothing has changed that much in that space, lol.
Who knows what threat model mean? Instead, we should refer to as your security plan. It is much clearer and doesn’t sound like a person who face grave, targeted threats needs (they prob need a threat model security plan too) and not the other 99.9% population.
Maybe mentioning your security plan when you post a question might be helpful(to the context of the question). It will help a lot when answering the question.
So, Signal uses AWS to host and Proton uses Google for alternative routing! Both are compromised!
Google started rolling out E2EE to RCS chats in Messages? Reddit’s comments are appalling, with barely anyone at least commending Google and wishing the best for them with what is a baseline for Android. Having questions and being curious (IE metadata policies) are fine. But why throw a fit over Google?
Or how laughable it is to switch from Facebook Messenger to SMS instead of something else…
After reading privsec.dev and actually using Big Tech for specific things (like Microsoft for Azure only and Chromebook for banking only), it appears I prefer to be knowledgeable about Big Tech as opposed to being particularly either for or against it. It could be because I like Big Tech for certain things, and/or I want to better understand (and make use) of issues Big Tech has.
It appears I aim to avoid taking direct sides as much as possible, whether out of curiosity, cooperation, or idealism. Or to put, “to address Big Tech, you must first know Big Tech”. I am against the idea of Big Tech going out of business like Blockbuster though.