The Concept of Broad "Do It Alls" is an Arbitrary Construct

A commentary about something I’ve been observing that should be talked about more, not just in the cybersecurity/privacy communities, but also be encouraged in daily life.

Compartmentalization, an approach to not only improve privacy and security, but to also keep things well-organized and mitigate issues. I view compartmentalization as the practice of creating structured, specific systems for a reasonable and effective goal or objective.

EX: “I need to use WhatsApp for my job. How can I do this aside pressuring coworkers into Signal?” An answer is to make or get a work phone and only have WhatsApp there and do not allow non-work matters on both WhatsApp and the phone. It also has the plus of allowing you to be less messy on your phone.

Or how Androids supporting multiple profiles to keep things separate is often praised as an advantage over iPhones.

Privacy.com turns out to be an excellent approach to managing expenses, not just securing your cards!

Similarly, Proton has done a solid job with approaching its ecosystem. Instead of locking you in, they give you choices on how to setup. Use Protonmail but don’t want ProtonVPN? That’s doable. Want to use ProtonDrive and Calendar but not Mail? Again, Proton accepts that. They bought SimpleLogin and don’t require someone on SimpleLogin to use Proton only.

Amazon, Google, and Microsoft overtly like enterprises and not non-enterprise individuals. Gmail is part of Google Workspace, which Google angles it for small businesses and similar and Contacts and Gmail has delegates who get access to them. If you need a simple Contacts or email solution, GContacts and Gmail are not your best choices, even if they both have privacy standards as solid as Proton’s!

Or how Amazon has seemingly better security measures for AWS than retail.

However, despite the benefits of compartmentalization (strengthened security and privacy, better organization and responsiveness, better use and identification of services to use), it seems the opposite is being championed. Where a service or a device does everything, even if they shouldn’t.

And this has gone quite to an extreme. For example, in addition to iMessage, I also support Signal and Element. There’s also the benefit that if iMessage goes out, Element and Signal are backups. (I actually experienced an iMessage failure before.)

However, despite my best efforts, no one else uses Signal or Element. Most around here only use iMessage and/or SMS for virtually everything.

(Apple really seems to pushes this broad do-it-all concept a lot IMO. Like, there was an idea Apple should have rebranded iPods into an audiophile audio line. Yet they ironically axed iTunes because iTunes was increasingly becoming a confusing do-it-all software!)

I could go for an hour of observations and implications of compartmentalization VS anti-compartmentalization (like the former resulting in people being much more reliable with their devices). But let’s go over some meaningful takeaways.

1. I think when we show how more consumer-friendly services like Proton and Signal are (and how business-focused Big Tech is), people will find increased interest in these services. How can we achieve this?

2. A common argument against compartmentalization is the allegation that compartmentalization is stupid because people will become numb and confused. But this isn’t the case because compartmentalization forces organization. How can we help others break past this anti-compartmentalization narrative?

3. While Gmail and Outlook are no longer great for consumers, this isn’t the case for something like Proton, which is fantastic for both consumers and enterprises. What meaning does this have in the subject of the consumer VS the enterprise? Is the trend that Gmail and Outlook going with part of the broader trends of tighter integration to the point lines are blurred and the business-ification of everything in daily life? How can we counter the unhealthy polarity of both trends Gmail and Outlook are exhibiting?

4. And here’s the fun one, tied to the concept of compartmentalization: the broad backlash among students against colleges going online asks what uses the Internet and web shouldn’t have. Aside most things involving real, in-person, human interactions, where else does it not make sense to be overly reliant or the Internet and web?

I wonder if anyone has done a survey on privacy. → What percentage of people want privacy out of the entire population of America, UK, Asia,… etc.?

Hm, this would be an interesting test, but I can give approximate breakdowns of reactions when I brought up Element and Signal.

ELEMENT: 100% of people whom I brought up with had no idea what Element is, and explaining the Matrix protocol only made this worse. With no one having an idea and everyone asking “who uses it?”, the success rate was 0%.

On an interesting note, about 25% criticized Discord, not for privacy, but mainly that it’s too hard to use, and this was primarily Gen Z. I did describe Element is like Discord done right.

SIGNAL: How did this happen? It’s a Top 15 messenger on iOS App Store, and still around 95% had no idea? 5% had some idea, but still rejected due because “no one” uses it. Success rate was 0%.

I really wonder what will happen when I pull iMessage and SMS support in favor for mainly Signal and Element, with the former being the main and the latter being an add-on and backup.

Like, I tried to present Signal as the best unifier of iMessage and Signal in light of the RCS controversy. I described its benefits, many of which exceed that of iMessage (Signal is more pluralist) and SMS (Signal is more accessible).

An interesting response was with a friend who’s also into digital privacy. She uses DDG as her search engine. I introduced Signal to her and she seemed a bit interested. We currently use SMS. However, this ultimately failed due to her insisting all messengers have loopholes and just assume what you send is public info anyway. What?!

The problem doesn’t seem to be simply about privacy and security anymore. Yes, it’s still a major part, but there also seems to be an elitist popularity contest.

If it’s not popular enough (at a very high threshold), forget about it.

This low-key reminds me of the Chromebook stigma. Sure, Chromebooks leave to be desired privacy-wise, but they’re excellent for high-security purposes. Techlore mentioned this at least three times. Yet, often, especially in the impressionable tech YouTube community, Chromebooks are laughed down as toys for elementary school kids and nothing else. No meaningful analysis of its strengths and weaknesses, and characteristics and use cases.

It’s like how only a small handful of tech YouTubers I’ve watched even mentioned anything beyond Big Tech. Like good luck finding a Pixel review in which the reviewer used GrapheneOS or similar on it to test.

I was wondering about the people with whom you speak with.

Are they software engineers, technicians, you know,… people with some kind of technical background.
Or are they reality tv show junkies who are unwilling to engage in conversation requiring deep thought?
It seems you are using a good amount of energy to express the importance of privacy. But are you using your energy effectively?
Expressing oneself in a given amount of time to an audience who is capable and have a willingness to listen is practical. Are you talking to these kinds of people?
Do the people you speak with engage in counter-arguments?
Do you see yourself (or could one perceive you as) a preacher, teacher or voluntarist educator?

I’ve never seen a bee flying about the desert. Why? Because there are no flowers.

I’m yet unsure how consumer friendly these services are. The biggest drawback of Google products is…well…that it is Google. Assuming you don’t like their data hoarding or business ethics. They offer a huge amount of fantastic services for little or no money and their security is really good. Proton has a good e-mail service, but it is relatively expensive and the rest is just under development. Moving to Proton caused me to desintegrate my whole ecosystem (calendar, drive, documents). Although I happily use it myself I find it hard to find an argument for other people to do the same. Same counts for other things like using Signal instead of WhatsApp (which also involves a network effect, so you could argue whether you have a choice at all).

Most people around me have absolutely no feeling with IT and generally see it as a nasty distraction from what they want to be bothered with. Security and privacy are generally abstract and difficult to comprehend. If they don’t know what the fuzz is about, it’s really hard to start talking about security management like thread modeling, compartimentalization, etc.

I don’t think that people have a problem with compartmentalization, it’s just that they have no clue what it is all about.

Stand directly behind the person whom you are trying to convince while they are using their computer or phone.
When they become irritated by your looking over their shoulder, tell them you are simulating a government agency.

I’d actually disagree with that. With Proton’s restructuring, if you want any of the advanced features of any one of their services, you need to pay for the advanced features of all of their services - and in the case of things like the VPN, the free tier just doesn’t cut it, at least for me. And I think you have to create a Mail account to use any of the services at all, similarly to how you need to have a GMail address to use Google Calender or YouTube or whatever. So I’d say greater compartmentalisation is a poor justification for preferring Proton over Google in this regard, because they seem roughly equally intertwined from what I can tell.

I suspect that this is an artefact of where your attention is, because this is not a trend I see. But even if we grant that you are correct on the general trend, compartmentalisation vs centralisation is ultimately something that’s going to depend on the individual and their circumstances. For example, it’s convenient for me to use the calculator on my phone rather than carrying a calculator should I need one. Similarly for torches or music player or watch or notepad or to-do list or GPS or e-reader or any of the other functions a modern smartphone serves. I gain serious convenience from having those all on one device, rather than having a dozen or more. Obviously depending on my threat model I might want to separate some things, but again, that’s going to depend on the individual context.

If we’re talking about apps, the same logic applies. I use Signal both as a communication tool and as a note-taking app, for example. I could have them separate, but that just adds one more thing cluttering up my phone. Security-wise it reduces my attack surface, and privacy-wise I know my notes are encrypted on the device.

As to your take-aways, again I think this is an artefact of where you’re looking - I haven’t seen anyone questioning whether universities should be online or not. I’ve seen people debating the relative merits, but that’s a strategic discussion, not a moral one. I’m sure you have seen these, and it’s possible I’m out of touch, but even if we grant that that’s kind of a different topic to what I understand your main thesis to be.

Really wouldn’t recommend this. It won’t make people more aware of privacy invasions, it’ll just make them think you’re a tool. And frankly, they’d be right even if you’re entirely correct.

A lot of my friends (including me) have associations with engineering, usually either they are engineers outright or work heavily with engineers. That friend who uses DDG is a software engineer, and I thought she would be really into Signal, not just on the privacy and security side, but also on the innovation side.

I think I (unfortunately) struggle to use my energy effectively. The main challenge is even the idea of having it as a choice/backup (and not the choice) doesn’t go. For instance, the most common response was along the lines of “Why? I only use iMessage and that’s enough”.

So, I wouldn’t really say people are unwilling to listen. It’s that, if I have to hypothesize, it’s strong skepticism. Like, it appears as a unprecedented or (ironically) a black box situation. So, counter-arguments are fairly rare and tend to be indirect.

The weird thing about how I angle privacy is I don’t really obviously present myself as an outright helpful person who is teaching people concepts, like what Techlore does! Instead, I present privacy infused with a broader mindset of pragmatism. What is an exemplary approach? What is an exemplary path to utilization? What is an exemplary path to leverage the technology? I tend to be quite inquisitive and curious about the technologies behind and how it works.

This is subtly reflective of my attitude towards Big Tech. Most in the privacy community are fairly critical towards Big Tech (which is totally fine) while that fringe group are outright hostile and at times aggressive. But my attitude is this:

Big Tech is extremely imperfect the way it is. And the privacy issues are only the tip of the iceberg. And they will have to face the truth that sooner than later, they cannot do everything. They will become a jack of all trades, master of none and even risk becoming another 20th century Ottoman Empire. The main issue I see with Big Tech is they are heavily misaligned with what (I personally think) they should be.

Surveillance capitalism is a waste and the invasive advertising is faltering. Not just ethically, but also technologically. I find it holds companies and services back.

Big Tech should be leaders (not the leaders) alongside others, Proton, Signal in R&D. Commanding excellent privacy and security is a cornerstone of being a leader in R&D. And their leadership status commands something they (Big Tech) seem to be neglecting: they have the social responsibility of empowering those who emerge, the innovators of tomorrow.

Google, you seem to care a lot about the Cloud Builders, always happily broadcasting podcasts about how others utilize your services to create something really cool.

This is why capitalG, Verily, X, and GV are my favorite Alphabet subsidiaries. How I personally would find an Amazon that spun off its retail and non-R&D enterprises (like entertainment) from AWS and R&D an elegant Amazon. How I only use Google for Cloud Platform and developer products and none of Workspace. And also Maps, Search, Photos, and YouTube are also unused.

I had a lot of fun learning Nextcloud and leveraging other services for docs and find using them for my personal life is actually treating Google much better.

This might sound really weird, but using Google for Cloud Platform and developer products feels like stroking a soft, cute animal. Using their privacy-invasive services felt like poking sticks into the animal’s eyes. I don’t know why I feel this way. Maybe I really grew to like the dev products and feel I’m somehow harming Google by tacitly condoning their most brazen problems.

Enjoyed reading your counter-points and I’d like to add and comment.

! I only use mail and VPN with a custom domain and pay their highest plan. And somehow I thought not using Calendar and Drive weren’t a big deal. And I realize, I hope Proton allows deleting all proton-owned addresses and only use custom domains. (And yet you can delete your Gmail address and still use your Google account fine.)

You raise a valid point. And it is sound to say Proton’s promise of compartmentalization leaves to be desired. Maybe, they can make optionals and separate subscriptions in the future, where combining all four leads to a package subscription. I thought Proton had better compartmentalization because Google really actively tries to hook you in without even mentioning compartmentalization while Proton did answer these questions and seems more tolerant to it.

TIL Signal can be used for note-taking. And you raise valid points, especially how centralization VS compartmentalization is determined by that person. And having a calculator on your phone, along with watch, notepad, MP3 player, and other (once) single-purpose electronics, is totally fine.

The point I was making was over-centralization. Like, it’s extremely commonplace where I work where people literally use their personal emails and phones for work, even if both have been provided to them for work and/or school. Or it’s like how the main counter-argument against Signal and Element was along the lines of “only one is good for everything. A second is pointless”. I must’ve been a bit unclear on that.

And I’ll say, that Signal strategy sounds really interesting! Let me go try it out on my Signal profile!

The backlash I was talking about was colleges going online during the pandemic. Yes, it was the right thing to do in light of the pandemic, and online colleges like WGU do serve a valid demographic that traditional colleges can’t serve well, particularly those with dedicated family and/or professional lives. As in, they have an outright (often professional) full-time job instead of an internship or something.

And the backlash was primarily about things like isolation and teaching faults. And privacy was also a problem, especially with testing software (whole other topic). You are not out of touch. As I reiterate, you raised some genuinely meaningful counterpoints, and I wanted to respond to that.

I’d rather be thought of as a tool than a lemming.

… OK? Nobody thinks you’re a tiny rodent, so I guess you’re OK on that front?

But since I was clearly saying it was strategically a poor decision unlikely to convince people of the need for personal privacy (instead convincing them to not associate with the person doing it), I guess that’s your call to make, depending on what you’re trying to accomplish.

have a look at this post:

afterwards this video:

… I have absolutely no idea what you’re driving at. Nobody here is arguing that privacy is bad, and you’re the only one making political points, so you’re arguing against a point that literally nobody is making. You may as well be arguing that burgers are better than pizza for all the relevance it has.

Sorry, no, that’s a lie. I see, very clearly, what you’re trying to accomplish. I just think it’s patently pathetic and I have no patience for indulging that kind of nonsense. Go flex somewhere else.