Why security is more important than privacy

hey i want your opinions on why security is more important than privacy beacuse I always hear people talking about security more often than privacy it’s really complicated for some one like myself so what can we do to convince people to Care about privacy as well

Without good security, your goals for privacy mean nothing. Think of it this way. If privacy is closing the door/window, then security is locking them.

Take Tor as an example. Tor uses several lagers of encryption, to keep your data secure and private. Each node removes a part of that encryption, and reads only what it needs. Now imagine if that encryption was not there. You’d be sending all your data, through several different nodes (computers), all seeing what you’re doing. Each node will know what you’re doing, making Tor a worse proxy.

Now let’s look at email services. Most of your life is likely contained in email form. Names, addresses, relationships, income, and much more. Whether it’s in your inbox, your friends, employers, mothers, it’s likely there. Now imagine that the email service did not use good security. One breach, and all that data could be in the hands of a malicious actor. At the very least, it could be stored in plain text, on a paste bin page. Your info, visible to everyone.

I could go on. Security comes before privacy. Without the ability to lock that door, all someone has to do is open it.

2 Likes

Security and privacy are interconnected. I see little point in arguing over which is more important. They are both critically important for civil liberties.

An important thing that more people need to understand about privacy is that any data collected about you by a private company may be accessible to governments, including your own, often without a warrant.

3 Likes

They are interconnected, but privacy simply cannot exist without good security. Though too much security can also impact privacy negatively.

2 Likes

So ask me why many people treat privacy like trash it’s not great at all that makes security seems better without privacy

Perhaps you should ask people you know who don’t care about privacy why they feel that way?

1 Like

Security is the first step towards privacy. There can be no privacy without security. If Protonmail had a RCE bug on its server hypervisor all it’s privacy promises mean nothing. Security will always come first.

Wtf? How much security is “too much security” and how can it negatively impact privacy?

Here are some measures:

  1. SMS 2FA gives away a phone number. 2FA is a good security practice, but this method gives up a key piece of identification.
  2. Anti-malware is very important, but you give up information related to your files. Not to mention other potential issues, like key logging.
  3. Telemetry is very good to make services bug-free, and a smooth experience, but this can be abused.
  4. A VPN is good for security, on open WiFi. Though, you’ll be shoving all your data through a company, that might not have the best intentions.
  5. A script blocker (uBlock Origin) can be great for both privacy and security. Though, using extra blocklists can make you more unique to fingerprinting.

It’s a security practice and like all other security practices it has it’s drawbacks. It’s not “security” but rather a bad “security practice” normies use. So your argument doesn’t hold.

Not related to security in any sense whatsoever.

VPN also has nothing to do with security. It merely can replace your ISP (here it’s an untrusted Wifi) and it can prevent the ISP from snooping into the http sites you visit.

No. A script Blocker merely serves as a convenience; ie. blocking unwanted popups and ads. There’s a reason Tor project asks users not to use them and doesn’t ship with one either. As a matter of fact, script blockers are allowed to modify the browser DOM which makes it possible to inject whatever the script blocker wants to which you might have guessed it; is a bad for security and privacy.

Not necessarily. Most server space hypervisors don’t run them and neither it’s required on mobile devices because of a strong and well planned threat model of Android/IOS. Windows have a much permissive file system and doesn’t really have much sandboxing outside it’s UWP and MS-Store apps which makes it more susceptible to malware attacks. (Note: I am talking about generic malware here.). Therefore Windows does require Anti-malware, but with time let’s hope things are change for the better.

Better privacy helps to achieve better security, and better security helps achieve more privacy. It all depends on who you want privacy/security from.

For ex., if you use 2FA, you have better privacy against hackers, and better security.
If you use Protonmail, you have better privacy from your email provider, and better security in case your email provider was compromised.

Security usually focuses on keeping hackers out, but privacy is usually about having control over your data and who has access to it. I am more concerned about hackers abusing my data, than about Google having it. I’m more concerned about losing my money and about identity theft, than about targeted ads.

Take, for example, KYC laws in the US. Those are ostensibly for security, but they sure aren’t private for people wanting to open a bank account or get a credit card. Security can be taken to an extreme degree and a system can be designed want to know everything about those who use it in order to protect against malicious end users.

Anti-cheat software could also be looked at as security gone too far. Sure ain’t private.

In this thread I have used the word “security” to imply the end-user security and not the DRM encryption stuff. and if you respect your privacy then I am afraid you will have to stop playing games all together(as they use a lot of Facebook stuff and it all comes integrated) You have to pay money for the ingame stuff etc.

Examples of security theater.

I personally take a ‘security first’ approach to my threat model. I first worry about securing data, devices, and my home network from external malicious actors then look to what level of privacy is needed from anyone inside that ‘secure’ area.

An example would be using Google drive for cloud storage. You can turn on APP allowing only logins with hardware security key/long complex password. That gives excellent security but Google still has internal access. Encrypting files client side prior to upload through Veracrypt, Cryptomator, or similar software provides privacy from Google. An added security bonus is that your data is now secure from insider attacks within the cloud provider.

In most cases increasing one will increase another. But there are exceptions to be wary of. Anti-virus software is a case of potentially increased security with a compromise on privacy. Or using a private open source operating system or browser that is slow to get security updates.

However in most cases privacy/security are in close agreement. Anonymity, on the other hand, is a whole other issue with sometimes significant tradeoffs on the security front but would be outside the scope of this threads topic.

What’s the point to all of this it’s not great to use big tech services just beacuse they have better security practices

Anti Virus does not increase security. Does the opposite actually.

Foss projects could also implement better security and I would be more than happy to recommend them over their propietary counterparts. There are some Foss projects that do take security seriously like Signal and GrapheneOS. But sadly the list for insecure foss projects is too long and instead of using those insecure services it’s better to use big tech manufactured stuff. Better Security practices should be the standard for everyone be it FOSS or Proprietary software.
BTW Big tech companies also implement poor sec. standards ex- Meta, Adobe, Zoom etc.

1 Like

I generally agree that anti-virus is usually crap which is why I said ‘potentially’. I have not evaluated all anti-virus products so there is some small chance one or more are actually good. Though it is a very small chance.

Also generally agree. Security is not inherent in big tech proprietary products nor is it inhere in FOSS. It is a case by case issue and anyone painting with a broad brush is doing themselves a disservice. Right tool for the right job kinda thing.

Depends on what you mean by ‘all this’. Everyone has a different use case/threat model. Some tools are critical to one person but irrelevant to another.

Privacy ultimately is about control over your data. Control over what data is shared and with whom. Understanding all the ways data is collected from us and learning about tools to limit/block that data collection is what ‘all this’ is about to me. Who we are comfortable sharing what data with and for what purpose will vary greatly. We all benefit from learning about the issues of data collection and how to limit it to what level each person wants. Control over data is privacy. Hiding everything from everyone is not most people’s end goal. If it is for you, that is perfectly valid. It is equally valid for someone to be ok sharing their OS type, browser, IP address, and location with Google (through accessing Google Drive on the web or via application) but not the internal content of the files stored.

As long as the person doing that is making the deliberate choice they have control of their own privacy.

No, Anti-Virus softwares are flawed by design. It requires full privilege of the device to function, requires to intercept every email. Both of which breaks the principle of least privilege. It’s powerless against logic bomb attacks. There cannot be any “good” antivirus.

The word for this is fascism.

1 Like

Let me ask you what’s more concerning:

  1. A hacker has your emails
  2. Google has your emails

Google will probably use my emails to target ads at me, or build a profile on me. Since I’m not someone who is being targeted, this is not a concern for me. But if a hacker gets my emails, they can do all sorts of damage with it.