I wanted to convince my friend that privacy is important, and his privacy is at risk because he uses lots of big tech services (Snapchat, Outlook, etc.). Here’s what I did:
I opened a pseudo Outlook account with a fake name. Used that account to email my friend some personal information about his life. I talked about his hobbies, interests, where he used to live (the city only), and talked about his other friends in the email.
My friend, not knowing it was me, texted me saying he was freaking out. Then, using my pseudo account, I emailed him saying I got all this information from public data brokers. Told him his privacy is at steak and he needs to switch over to more private alternatives before his data falls in the wrong hands.
Right after that, my friend, a loyal Chrome user, started using Tor Browser, Signal, and Proton VPN. Although my trick worked, do you think my trick was immoral and just wrong? Would do you something similar to convince your friends that their privacy is at risk?
IMO, your trick was indeed rather devious and manipulative, if not of an abusive kind. What’s for the morality of it it really depends on what info you presented to him and if it could have been gathered only from open sources and bought from data brokers, not phished from him or his acquaintances or by stalking him. The last two methods aren’t ethical, IMO. You should teach him to be afraid of real tangible threats, not some imaginary creeps.
Sadly, not all info about us can be found in open sources, much of it is in the big tech’s black boxes, and you can’t present it to spook a friend, because it’s unobtainable. And this is a much more real threat than stalkers.
i don’t think it’s super moral as a method to convince someone, every person makes it’s choice and privacy is part of it. it is better to switch a service at a time quietly if he agrees (chrome - brave, gmail - proton mail and use good passwords) but make him pass from chrome to tor is a bit intense especially the way he scares him is not the best method
Your friend made his choice to switch to the privacy because of the artificial non-real threat, so you actually made the quality of his contact with the reality worse;
You didn’t tell your friend it was you, so you lied, so it’s dishonest and not fair;
Instead of being privacy-conscious out of ideals, out of a personal moral choice and out of a decision that isn’t forced, your friend is privacy-conscious out of fear.
I think privacy is important too, but you should remember that friends are not made for you to push your way of life on them, and if it is your friend, you shouldn’t do something like that if your friend doesn’t want to do it voluntarily even if you think you’re right. And it’s the second important thing: no matter how confident you are about the rightfulness of your own position, you can always be wrong, so let others make their own choice. You can just make sure your friend knows your opinion if you think it’s necessary for them to hear, but never force it.
This isn’t a cult. People aren’t somehow “in” if they use FOSS services and “out” if they don’t. It’s about people being genuinely aware of the risks associated with being online, and mitigating them to the degree to which they choose. It isn’t really your problem what other people choose to use (except to talk to you). All you can (and should do) is discuss your point of view, and why you refuse to use those services. It’s pretty controlling to make someone else use a service they don’t really have a need for.
What you did was scare someone into doing something that wasn’t any of your business. You actively lied about the state of his privacy. Absolutely nothing stopped you from giving him the information with your real name and showing him where his information was. Besides, how much of it was at risk specifically because of “big tech” services, and not because of other things like electoral registers?
Maybe your intentions were not malicious, but I don’t think you were being a good friend. You were way more controlling than you should have been, and I would apologise to your friend.
Moreover, as many others have pointed out, you haven’t really given him a clear idea of what information about him is visible. He is now using TOR and protonVPN despite probably not needing either tool, though both might not even help him improve his privacy.
Instead, you could have simply shown him the personal data that’s publicly visible, and had an honest discussion as to how that data is publicly visible. You could have shown him how outlook “knows” all of his alt accounts and home addresses. Same with Google.
I hope this thread serves as a reminder for others as to what not to do.
Sometimes i get an impression that it is for some folks. Such situations and mindset always weird me out af, when people a ready for such unethical measures to “turn” or “onboard” people that trust them into their “religion”.
To me privacy is a lifestyle or simple common sense rather than an ultimate goal of existence that can justify any measures to achieve it.
And yeah, totally agree. This thread should stay up and be an example. Thanks to the author for sharing and to the awesome folks that expressed their opinions and made many great points.
I’m sorry but this is a really shitty thing to do to someone you care about. All you had to do was to gather all the publicly available information you could find about your friend and present it to him in a nice formatted document. It would have achieved the same goal and it wouldn’t cause unnecessary stress and anxiety.
It would be really difficult to pull this off objectively. Because you know a lot about your friend already and much more than it’s online. This also once crossed my mind, but exactly for the reason of objectivity, I dismissed that idea.
If I wanted to do something like this I wanted to be sure that it’s as objective as possible and as much true as possible. Without any space for different interpretation.
Anyway, I don’t think this is the way and the OP’s way definitely not.
There are plenty of people out there who upon reading a exhausting report of their personal information online would just say oh well. Can not do anything about it.
No way would I condone the OP actions.
If I considered a friend a liability, I would pester them with the data they are leaking to a point that they would stop being a liability.
I don’t bother family and friends about sharing a picture with myself in the back ground on social media but they all know I do not give them permission to post pictures of me.
Sharing travel information etc is just poor OpSec and my friends and family understand this.
Techlore is spreading privacy and security to the masses. The Techlore Discussions forum is a home for reasonable privacy and security discussions.