I’m new to privacy. I don’t have a lot of useful insights, but there are some things I’ve realized that I don’t really see talked about a lot, so I thought it would be nice to give more voice to these. Warning, but the biggest reason these aren’t discussed super often is because much of these are niche, but they were things I was surprised about, so my main goal is to make it so that people newer than me are not so surprised by these things.
1. It’s hard/inconvenient/under-discussed finding phone numbers for SMS verification
This has been the biggest surprise for me. It’s pretty easy to find solutions to hide your email address, your payment information, and your name. It’s much harder to do the same, or at least the information isn’t out there. This goes double, because a surprising amount of services will not let you register without a phone number. More than you think, and none of it by necessity. I’ll often find myself on a whim wanting to sign up for something, only to be stopped by a phone number prompt, and I’ll be scouring the internet to find a number I can use. The excuse is almost always for 2fa. Amazon is one of these services, which stinks because it’s cited on the Techlore youtube channel as well as others a a good way to receive packages anonymously. This phone number sign up issue isn’t brought up. I think I found a solution, but I haven’t tried it yet. It literally stops me from signing up to some things because I have no way to get a number for them.
2. Many online shops will not allow you to check out as a guest
Following up from the Amazon thing, you can’t check out as a guest on Amazon and many other websites. You must sign up, which again is a bummer considering how good Amazon lockers are supposed to be for privacy.
3. A lot of advice on privacy online seems to assume that you’re not being private in another way
This is difficult to explain. A good example is that it’s often said that when registering a new phone, it should be done far away from your home, and that optimally you would never be on your home wifi with that new phone. This is obviously very inconvenient, but also seems to smuggle in the idea that your home wifi isn’t secure. But there are ways to secure your home wifi. Changing your DNS, hardening your firewall settings, adding security to your switch and router, compartmentalizing what devices on your wifi network have access to which, changing your wifi name and passwords, adding guest wifis to you set up, etc. There isn’t really a lot of information out there on how necessary it is to never be on your wifi if you’ve done all this “hardening” because it seems like all info made on this subject assumes that no one does. My intuition is that there’s a lot of info on privacy that works like this, which makes it tough to know how to act if these things are being done. Like if you live somewhere and there’s no record that you live there, does it then matter for you to not turn on your phone near where you live if it’s assumed that you’ll use no location services while at home with your name attached to it? Answers tho things like these are hard to find.
4. Some privacy alternatives are so superior that you forget that others can be inferior
I used to be one of those people who would use the same few passwords for everything. I used to sign up for everything with a facebook/google log in. I used to give everything my one email address. The one most massive privacy/security combo that improved my quality of life is the password manager/alias email combo. The idea that it’s actually more convenient to not use the same password for everything is kind of mind blowing. I actually get no spam now too. I haven’t gotten a single piece of spam since changing email providers. So it surprises me that you can’t remove deleted contacts from Signal without blocking them, or you can’t have multiple phone numbers signed into the same phone on the same app for some reason or that you can’t change the names or pictures of contacts on Signal without linking Signal to your contacts, or add wallpapers to Signal Desktop. A lot of services in the privacy space are actually pretty bad about feature parity. I’m not really criticizing any of this, I get why it happens, it’s just something you’re not really prepared for until you’re in it.
5. Opsec is WAY more important than privacy/security software/services
Opsec (operation security = aka how you behave to be private and secure) is something I figured would just come with having all the software, but it doesn’t always. Forming good habits is. It’s easy to habitually make strong passwords when it’s built into your password manager, but using different browsers for different purposes, even when the one you use is good for privacy already, is something you have to train yourself to do. Once a habit is formed things are easy, but the surprising thing for me was that it doesn’t come naturally. If you get a private email address, but you don’t actually send emails privately, you’re not changing much. These are things I’m still learning about and figuring out, but it’s been really important for me to keep in mind. I just have really bad learned behavior when it comes to this stuff.
6. Privacy and anonymity and pseudonymity are similar, but different and those differences are important
I almost think that the topic “privacy and security” should be renamed “privacy, anonymity, pseudonymity, and security.” Privacy and anonymity are often grouped together because anonymity (and pseudonymity) can provide privacy, but they’re all different and I think its important to understand the differences and benefits.
Private = Particular access
Public = Universal access
Privacy = Control over particular access
Security = Ability to enforce particular access
Anonymity = Different general identity
Pseudonymity = Different specific identity
A good example of these differences and their importance is that accounts on this forum are likely pseudonymous for the most part, which aids in privacy, but they are not anonymous as there is an identity attached to them - just not yours. Browsing the internet on TOR is anonymous because there is no specific pseudonym attached to it or specific finger printable identity if you’re doing everything right. Instead, it’s the general “TOR” group identity. I don’t know if there are any services that actually have truly anonymous chats as you’d need to have it so that no one can tell for sure who is speaking, which would be annoying. Idk if even 4chan works like this.
Some of the Techlore guys have their names on here. Assuming they don’t use pseudonyms, because the forum is public, nothing they say here is private or pseudonymous. To that end, even when using a pseudonym, in some ways nothing you say here is private because your pseudonym is public. Your thoughts are public, but that they are your thoughts is private. There’s not a lot of emphasis on these differences and their importance. Especially anonymity vs pseudonymity. Most of the time that people use the word “anonymous,” pseudonymous is a better word. I think they’re all independently important, but anonymity and pseudonymity are things I didn’t really consider until I got more into this stuff.
7. “Publicity” is rarely talked about
It’s kind of assumed that everything should be the most private. The closest we get to a direct confrontation with how to deal with public things is the idea of threat modeling, but it deals more specifically with privacy even then. Even Edward Snowden does some things publicly, yet how operate publicly isn’t really discussed, especially as a privacy-aware person. I want people in my circle to use private services for example, but to I want this to be a public part of my persona? Am I a privacy advocate, or just someone who is private? Discussions around privacy help half way with this, but I think a focus on the public stuff would help the other stuff.
There’s also a rarely talked about correlation between privacy, security, and publicity: the higher your security, the more effective your privacy. This also means that the less secure something is, the more effectively public it is by definition. Now your security could just be that it’s a really well kept secret and nothing else, but the important thing to keep in mind is that what makes something private is specifically how secure it is. A park is less private than a house because there is no lock to a park, but an unlocked house is effectively just as public as a park even though we don’t think of things that way. A park only one person knows about is effectively more private than a house everyone knows about even if technically anyone could access it. Effectively, only one person can. Technically the house is more private, but effectively anyone who knows how to break into a house can access the well known house.
There’s probably more, but I figure this is a good jumping off point. Are there any things that surprised you about these topics when starting out that you don’t really see talked about?