> It's the mindset assuming that for anything to have value in data privacy it needs to be 100% perfectly private and secure.
It does also need to make a difference though. If Google has say three different ways of figuring out who I am and I eliminate one of them then nothing has changed.
Let’s say IP address, fingerprinting and cookies.
In that sense it is somewhat all or nothing. Either I’ve eliminated all three or I have not. I know that’s not precisely what the author means by all or nothing but there are certainly dynamics at play here that are not a smooth continuum
> Let’s say IP address, fingerprinting and cookies.
This will still not lead to a binary outcome. Cookies can be deleted and fingerprints aren't perfect. Nor is Google able to obtain this data from sites equally. Amazon and Facebook certainly are not sharing liberally, as this is a big part of their revenue streams too. Their competition can benefit us in our defense.
You also forget time. There is historical data, current data, and future data. You can tackle all of these, and they should be addressed differently. You can remove data and that can prevent future players or potential sales of your data. But we should also be really aware that the future data is most important. You change over time and they want to track these changes. The more you can limit their access, the more you fight back. One easy method is to use email masks. You can do this for free or relatively cheap, but I've changed most of my logins to unique emails as well as unique passwords (fwiw, Mozilla Relay integrates into Bitwarden, making this simple). I've now been able to track who is leaking my information to who, and better adapt to the environment. It also means that if one of these sites gets hacked than I can easily burn that email address and not be forever locked in a circulating list.
So I just want you to realize, you haven't been defeated yet. As long as you generate new data, there is time for you to fight back.
> If Google has say three different ways of figuring out who I am and I eliminate one of them then nothing has changed.
That's not true! If Google has three ways and you eliminate one, and nothing else ever happens, then you might as well not do anything. But if there's one approach to data security that protects you from one kind of tracking, and you "set it and forget it," then it's chugging away in the background not really protecting you now—but if you later "set and forget" two other approaches to data security, then, together, they might have eliminated the problem, even if none of them individually made any difference.
Long ago I started only using browsers in private/incognito mode with ads blocked with the idea that I was preserving my privacy in some meaningful way. It's been a few years since I realized this alone was a futile exercise because there's a lot of money paying for a lot of resourceful people whose raison d'etre is to poke holes in my fig leaf. It's small consolation to know that what I'm doing might work for the long tail of sites while doing nothing to hide me from the big players.
If you eliminate fingerprinting, that is in and of itself a fingerprint. If you block cookies, that is too. So the person with your IP address and blocks fingerprinting and cookies is you. Someone with your IP address and only blocking cookies could be you as well on another device, or a family member on their device. Either way, they're on to you
Classic example with theZuck claiming privacy is dead, yet goes off and buys the houses around him so he can have privacy while creating one of the largest privacy invading morally bankrupt companies.
Is it though? I don't think even rich individuals enjoy good privacy today. It's just that personal embarrassments cease to matter when you're rich and powerful.
There's a big difference between something you post intentionally that doesn't age well versus theZuckTracker5000(TM) that follows you every where you go on the internet without you explicitly consenting to it. There's a difference between showing people you went to suchandsuch location with suchandsuch friends doing suchandsuch that might only be legal in 28 states versus knowing exactly what you bought from where for how much and when. The graph you make with your posts is not the privacy being discussed. It is about the graph made by the invisible data paparazzi selling the most intimate and private bits of your life with whoever has the cash vs some paparazzi catching you in an unflattering situation from a mile away with a telephoto lens while you think you're having a private moment.
One of the fascinating effects of the EU's GDPR laws passing is that you can see european data get more expensive for data brokers to sell (I don't have sources for this, just something I read somewhere). Ostensibly, you now have a way to compete with different legislatures as to who is doing the best job of protecting their constituents' privacy-just see who's data is most expensive to aggregate/resell.
It's hard to discover how much money is being made off selling user data, and I think this only leads to smaller companies trading in user data to disappear, while the larger players can do more with your data behind the scenes. The larger companies having fewer competitors allows them to spend more of their time on finding ways that are "legal" to track users, ones which are technically in compliance with existing laws. Maybe my way of thinking about the situation is different than yours, and I could also be completely wrong. I am just much more pessimistic when it comes to how much value is in user data (especially as AI develops more), to think that larger players won't do anything they can to collect user data by finding loopholes in the law, or allowing themselves to be taken to court because the laws aren't defined well enough.
For me, privacy is a way, or tao. It's how I carry myself, internally, externally. And I know much of my effort is ineffective. I know I'm oozing identifiers and unique signatures everywhere.
But to me it's similar to posture, or maybe hygiene. I stand tall but know I'm feeble. I wash but know the bacteria persists. And I actually think the invasion of privacy is analogous to bacteria in its inevitability, ubiquity, and perhaps even virulence snd symbiosis. It's a kind of day dream - one that if ever presenting actual opportunity, I will seize if I can grasp it. But I've come to not expect much of it, however much I desire it or make token efforts toward.
But I remain closely aligned with its principle. And I sustain its spirit. Primarily, I uphold it by valuing, respecting and defending the privacy of others where I'm able. There's a different kind of privacy, and vaguely but formidably unassailable solitude, for those who value the sanctity of others. I think it reduces the value of the corrupt currency of data, in some small way.
But I don't think I'd survive long without ublock or the cozy alcove of foss. Nor might I want to.
Again, and tediously, with my rule of thumb about privacy technology guides:
Here's a concrete example: Let's say your friend just told you they moved their communications from SMS to Signal. This is something to celebrate! Your friend just improved their data privacy a lot by deciding to start using Signal instead of SMS. It is absolutely not the time to tell your friend things like "Okay, but you're not even using Firefox!
If a privacy source suggests that Firefox is an absolute improvement over other browsers without actually laying out the security tradeoffs you'd be making by adopting it, you should trust that source less.
I would personally go much farther with this analysis; I have categorical opinions about the relative security of browsers. But you don't have to follow me that far down the path to see the merit of the rule, because if you think "just use Firefox" is an uncomplicatedly strong recommendation, you're simply not paying attention to browser security at all, in which case: why are you making recommendations?
You’re quoting from a hypothetical discussion scenario, not an actual recommendation.
They do indeed recommend Firefox (as a third choice, after Tor and Mullvad Browsers), and the recommendation page doesn’t go into reasoning, sadly, but it does discuss some pitfalls of the default config and how to fix them: https://www.privacyguides.org/en/desktop-browsers/#firefox
Most are, most are affiliate link-farms in disguise as well, and privacyguides.org is written in response to such guides.
It is called privacy guides and not security guides for a reason, and many of our basic "recommendations" are geared towards a specific threat model that does not include, for example, being targeted by law enforcement or others with access to zero-day vulnerabilities or similarly targeted exploits. They are geared towards avoiding commercial-grade tracking, especially by corporations, and dragnet mass surveillance programs.
This is why we place so much of an emphasis on threat modeling before suggesting recommendations in the first place though, to make sure readers know exactly when the recommendations apply to them and when they instead need to seek additional resources. We have countless pages within our community forum detailing why and when Chromium is technically superior to Firefox.
This is also why we don't recommend Firefox on mobile devices at all, because while we do feel Firefox on desktop is adequately secure for many people, we don't feel that is the case on Android, unfortunately.
Anyways, thank you for your insight. I will look into making this more clear at a glance.
Privacy is dead. But its all the more worthwhile to resurrect it.
When someone might benefit from marginal privacy, its best to ask who they want to be private from. Sometimes the juice is worth the squeeze (Privacy from ISP, Spouse etc) sometimes it isn't (State actors, large corps) depending on how much effort they want to put in.
It's also important to remember how easy it feels to setup and use when it's all done and working.
When you're starting out you're learning everything and trying to adjust your current usage with the limits of the private alternatives. And then we live in a society there is the learning curve for those who want to interact with you and are somehow willing to cooperate and use a more secure/private thing than the tool/service they're used to.
Let people get better and encourage them to keep going is definitely the right advice. The tone, intent, and timing of telling people how to keep going further is as important as the advice or recommendations you're giving them.
I don't trust Privacy Guides. They must have some kind of deal with Brave. They didn't accept Brave and then out of nowhere they start accepting it with the excuse of having a Chromium-based browser.
Hey, I'm Justin from the 501(c)(3) fiscal host of Privacy Guides, MAGIC Grants. Us board members administer the funds for Privacy Guides, and we are different people than those who are on the Privacy Guides committee.
I assure you that Privacy Guides has not made a deal with Brave or any other of the tools that it recommends on the website. I'm happy to address any other questions about raising funds if you have them.
There are lengthy discussions about whether to recommend a tool or not on the Privacy Guides GitHub and their forum. There is a lot of great context there.
> There are lengthy discussions about whether to recommend a tool or not on the Privacy Guides GitHub and their forum
The process doesn't strike me as consensus driven? Mods/team have become gatekeepers (both for persisting with existing recommendations or adding new ones), including aggressively shutting down conversations/threads they personally don't like (I was told, all moderation actions are final, regardless of who on the team does it, even if why they did it doesn't hold water). I imagine, such a rigid setup is in response to prevent bad faith actors (but then, I lose count of how many times team/mods have called others "extremist", using it as a slur, just because ... reasons).
It is hard to definitively prove ulterior motive, but other folks do observe such nefariousness and come to their own conclusions, valid or not, as GP has done.
All that to say, the way it is currently run, "discussions happened" isn't really the defence you think it is.
We don't have a deal with Brave. It was added almost 3 years ago, and nobody has even proposed removing it in the time since. Furthermore, it would be insane and likely illegal for a public charity to strike a deal to serve an undisclosed advertisement for a product from a private company.
I think our position on Brave is clear enough from the very first paragraph in the guide:
> We recommend Mullvad Browser if you are focused on strong privacy protections and anti-fingerprinting out of the box, Firefox for casual internet browsers looking for a good alternative to Google Chrome, and Brave if you need Chromium browser compatibility.
> We recommend Mullvad Browser if you are focused on strong privacy protections and anti-fingerprinting out of the box
Just want to put emphasis on “out of the box”. Changing any of the default settings will cause you to stand out. The fingerprinting protection is essentially to have a bunch of people all using the same browser with all of the mechanisms used for fingerprinting being either disabled or giving the same results on all installations; everyone has the same fingerprint.
> We recommend Mullvad Browser if you are focused on strong privacy protections and anti-fingerprinting out of the box, Firefox for casual internet browsers looking for a good alternative to Google Chrome, and Brave if you need Chromium browser compatibility.
What about a WebKit based browser?
"Orion comes with state-of-the-art ad and tracker blocking enabled by default, unlike any other browser in existence... Beyond blocking all ads and trackers by default, Orion is also a zero telemetry browser. It protects you from websites on the web, and the browser itself never leaks your private information anywhere."
They specifically state on their page for the Brave listing (and all the other ones) that they aren't affiliated with any of the projects they recommend. They also list the criteria they have for listing a project. If you think something shady's going on, perhaps you could point out which of their publicly available criteria Brave doesn't meet?
Agree. Firefox is the only browser I "trust". It does the best job of respecting the user out of any available option. I am the user and I deserve respect. You are also users, and you deserve respect, too.
In their defense, I think it is good to have a more private chromium browser if we’re talking about the subject of accessibility for new folks. Much easier to get them off chrome proper.
I dont understand the needed distinction between "chromium" and "non-chromium" browsers, thyre just web engines and ultimately technical details. Although chromium having significantly more compatibility (or chrome features that websites use) the average consumer will be using websites that keep strict accordance with webstandards to support safari.
For technical users its another story but for the average user the web engine of your browser doesnt matter, just the shell around it, so I find it quite silly the notion we need X browser and also an X chromium browser
I am somewhere in the middle. If people could see something like Privacy Guides that is trying to be a primary privacy resource, and then look up any advice on another source, it could be useful. People aren't used to challenging something they read when it comes to privacy from a "trusted source", and I think that should be a key part of privacy and security. Try to find other sources, that aren't connected, to back up a claim.
third approach, is to batten down the hatches as tight as possible,pragmatism, with the objective of seeing as little proof, ie: targeted adds, inbox invasions, etc. That they are in fact violating privacy rights wholesale.And so one ,not see or hear much of the material bieng pushed. Two, as a bonus, knowing that it's costing them. And three, returning serve by useing the web and its tools, to sell my business and things for sale, but in a manner that requires a customer to perform a search.
"Binary thinking" and "zero-sum game framing" are (ime) extremely common logical facilities that affect even highly educated people. I think the reason for this is that these framing are approximate solutions. But truth is that approximate solutions are often insufficient. Very few things are zero-sum games once we incorporate that pesky variable "time". I often see this framing with economics, yet a rising tide lifts all ships and even poor men (in developed countries at least) are far better off than kings of old. Similarly, one of the greatest advancements in logic in the 20th century was where (one of) my namesake noted that a binary decision has a third answer: "indeterminate"[0]. This is also at the heart of both computer science (halting) and physics.
I see this mindset a lot with privacy, and I think a lot of it is apathy or more that people have been run down. I'm at the tail end of a CS PhD and I even have a hard time convincing people in my program to communicate with me over Signal vs text. Common answers being "they have my data anyways" and people buying into a whole ecosystem. But truth is, fragmenting your data is an important part to data privacy. You minimize what you can, and what you leak you try to distribute. Information's power is in its aggregation, so you make it harder to aggregate.
I think it is the same as with security. There's no real perfect security[1], and realistically security is more about putting up speed bumps than impenetrable doors. Just sometimes your speed bump is so large that you got to build a car that couldn't fit on the road if you want to make it over (you can always brute force a password). The goal is to make it too expensive, too time consuming, or too costly to use that route or maybe even to attempt an attack in the first place. The same is true for privacy. Make them pay more for that data. Make it harder to aggregate. Make your data as noisy or indistinguishable from noise as possible (small footprints are better than extra footprints). Because this isn't a zero-sum game instantaneous game, this is a constant battle and it is always cat and mouse.
But I do think we as the programmers, the developers, the makers, should also have a serious talk about the consequences of surveillance capitalism. With any engineering, it is always easy to get caught up in the upsides and downplay the downsides. The path to hell is paved with good intentions, not malice[2]. Every engineer has to have a code of ethics, surely Ethan Zuckerman didn't foresee the hell he created, and had good intentions. While we don't build bridges that can collapse (actually... we do) there can be no doubt that information can be weaponized. It seems no matter what your politics are that this is recognizable and in conversation. And I think these conversations can still be had in an apolitical setting (which I hope we will do here, but I understand the pull towards that direction[3]). I do encourage apolitical discussions because these can be had within the workplace and can be had without starting fights. I do believe that many people will often find themselves on the same side when had conversations not initiated this way they would not have. At the end of the day, it requires a community to make these changes and even if we disagree on some things that doesn't prevent us from working together towards common goals.
[0] Godel was said to have been inspired by the paradox "this statement is false" but that's probably folklore. "Indeterminate" here is equivalent to "this statement cannot be proved"
[1] Okay, I know, but if you know then you know what I mean here
[2] I think it is important to recognize that evil is often created when good men are trying their best. So be careful when making attributions, because evil is sly and subtle. If it weren't, we'd have purged it long ago.
[3] I believe that the discussion around "Turnkey Tyranny" often helps with keeping things apolitical. Because one needs not say that any one party is or will become tyrannical, but we can remain abstract in a future scenario and consider the risk-reward calculus (I'm sure more relevant than ever).
> It's the mindset assuming that for anything to have value in data privacy it needs to be 100% perfectly private and secure.
It does also need to make a difference though. If Google has say three different ways of figuring out who I am and I eliminate one of them then nothing has changed.
Let’s say IP address, fingerprinting and cookies.
In that sense it is somewhat all or nothing. Either I’ve eliminated all three or I have not. I know that’s not precisely what the author means by all or nothing but there are certainly dynamics at play here that are not a smooth continuum
This will still not lead to a binary outcome. Cookies can be deleted and fingerprints aren't perfect. Nor is Google able to obtain this data from sites equally. Amazon and Facebook certainly are not sharing liberally, as this is a big part of their revenue streams too. Their competition can benefit us in our defense.
You also forget time. There is historical data, current data, and future data. You can tackle all of these, and they should be addressed differently. You can remove data and that can prevent future players or potential sales of your data. But we should also be really aware that the future data is most important. You change over time and they want to track these changes. The more you can limit their access, the more you fight back. One easy method is to use email masks. You can do this for free or relatively cheap, but I've changed most of my logins to unique emails as well as unique passwords (fwiw, Mozilla Relay integrates into Bitwarden, making this simple). I've now been able to track who is leaking my information to who, and better adapt to the environment. It also means that if one of these sites gets hacked than I can easily burn that email address and not be forever locked in a circulating list.
So I just want you to realize, you haven't been defeated yet. As long as you generate new data, there is time for you to fight back.
Yes. But there are all sorts of sites that only track you with cookies, or IP address + cookies, and separating cookies helps a lot with those.
> If Google has say three different ways of figuring out who I am and I eliminate one of them then nothing has changed.
That's not true! If Google has three ways and you eliminate one, and nothing else ever happens, then you might as well not do anything. But if there's one approach to data security that protects you from one kind of tracking, and you "set it and forget it," then it's chugging away in the background not really protecting you now—but if you later "set and forget" two other approaches to data security, then, together, they might have eliminated the problem, even if none of them individually made any difference.
(Stating the attempted refutation this way, it feels kind of like the privacy version of the refutation of "what good is half an eye?", e.g., https://evolution.berkeley.edu/evolution-101/the-big-issues/...)
Long ago I started only using browsers in private/incognito mode with ads blocked with the idea that I was preserving my privacy in some meaningful way. It's been a few years since I realized this alone was a futile exercise because there's a lot of money paying for a lot of resourceful people whose raison d'etre is to poke holes in my fig leaf. It's small consolation to know that what I'm doing might work for the long tail of sites while doing nothing to hide me from the big players.
If you eliminate fingerprinting, that is in and of itself a fingerprint. If you block cookies, that is too. So the person with your IP address and blocks fingerprinting and cookies is you. Someone with your IP address and only blocking cookies could be you as well on another device, or a family member on their device. Either way, they're on to you
> If you eliminate fingerprinting, that is in and of itself a fingerprint.
This is why you should "eliminate fingerprinting" by randomizing your fingerprint.
1 reply →
>The point here is to reduce harm and improve privacy by small increments at a pace that is realistically sustainable for an average person.
Here's the rub. I buy that privacy is not dead, however free privacy is very limiting. Total privacy remains a complicated pay to play game.
Classic example with theZuck claiming privacy is dead, yet goes off and buys the houses around him so he can have privacy while creating one of the largest privacy invading morally bankrupt companies.
Though everything he says gets leaked to the media so the public got a little bit back at him.
Is it though? I don't think even rich individuals enjoy good privacy today. It's just that personal embarrassments cease to matter when you're rich and powerful.
There's a big difference between something you post intentionally that doesn't age well versus theZuckTracker5000(TM) that follows you every where you go on the internet without you explicitly consenting to it. There's a difference between showing people you went to suchandsuch location with suchandsuch friends doing suchandsuch that might only be legal in 28 states versus knowing exactly what you bought from where for how much and when. The graph you make with your posts is not the privacy being discussed. It is about the graph made by the invisible data paparazzi selling the most intimate and private bits of your life with whoever has the cash vs some paparazzi catching you in an unflattering situation from a mile away with a telephoto lens while you think you're having a private moment.
1 reply →
One of the fascinating effects of the EU's GDPR laws passing is that you can see european data get more expensive for data brokers to sell (I don't have sources for this, just something I read somewhere). Ostensibly, you now have a way to compete with different legislatures as to who is doing the best job of protecting their constituents' privacy-just see who's data is most expensive to aggregate/resell.
It's hard to discover how much money is being made off selling user data, and I think this only leads to smaller companies trading in user data to disappear, while the larger players can do more with your data behind the scenes. The larger companies having fewer competitors allows them to spend more of their time on finding ways that are "legal" to track users, ones which are technically in compliance with existing laws. Maybe my way of thinking about the situation is different than yours, and I could also be completely wrong. I am just much more pessimistic when it comes to how much value is in user data (especially as AI develops more), to think that larger players won't do anything they can to collect user data by finding loopholes in the law, or allowing themselves to be taken to court because the laws aren't defined well enough.
2 replies →
For me, privacy is a way, or tao. It's how I carry myself, internally, externally. And I know much of my effort is ineffective. I know I'm oozing identifiers and unique signatures everywhere.
But to me it's similar to posture, or maybe hygiene. I stand tall but know I'm feeble. I wash but know the bacteria persists. And I actually think the invasion of privacy is analogous to bacteria in its inevitability, ubiquity, and perhaps even virulence snd symbiosis. It's a kind of day dream - one that if ever presenting actual opportunity, I will seize if I can grasp it. But I've come to not expect much of it, however much I desire it or make token efforts toward.
But I remain closely aligned with its principle. And I sustain its spirit. Primarily, I uphold it by valuing, respecting and defending the privacy of others where I'm able. There's a different kind of privacy, and vaguely but formidably unassailable solitude, for those who value the sanctity of others. I think it reduces the value of the corrupt currency of data, in some small way.
But I don't think I'd survive long without ublock or the cozy alcove of foss. Nor might I want to.
Poetic
Again, and tediously, with my rule of thumb about privacy technology guides:
Here's a concrete example: Let's say your friend just told you they moved their communications from SMS to Signal. This is something to celebrate! Your friend just improved their data privacy a lot by deciding to start using Signal instead of SMS. It is absolutely not the time to tell your friend things like "Okay, but you're not even using Firefox!
If a privacy source suggests that Firefox is an absolute improvement over other browsers without actually laying out the security tradeoffs you'd be making by adopting it, you should trust that source less.
I would personally go much farther with this analysis; I have categorical opinions about the relative security of browsers. But you don't have to follow me that far down the path to see the merit of the rule, because if you think "just use Firefox" is an uncomplicatedly strong recommendation, you're simply not paying attention to browser security at all, in which case: why are you making recommendations?
Most privacy and security guides are LARPs.
You’re quoting from a hypothetical discussion scenario, not an actual recommendation.
They do indeed recommend Firefox (as a third choice, after Tor and Mullvad Browsers), and the recommendation page doesn’t go into reasoning, sadly, but it does discuss some pitfalls of the default config and how to fix them: https://www.privacyguides.org/en/desktop-browsers/#firefox
Most are, most are affiliate link-farms in disguise as well, and privacyguides.org is written in response to such guides.
It is called privacy guides and not security guides for a reason, and many of our basic "recommendations" are geared towards a specific threat model that does not include, for example, being targeted by law enforcement or others with access to zero-day vulnerabilities or similarly targeted exploits. They are geared towards avoiding commercial-grade tracking, especially by corporations, and dragnet mass surveillance programs.
This is why we place so much of an emphasis on threat modeling before suggesting recommendations in the first place though, to make sure readers know exactly when the recommendations apply to them and when they instead need to seek additional resources. We have countless pages within our community forum detailing why and when Chromium is technically superior to Firefox.
This is also why we don't recommend Firefox on mobile devices at all, because while we do feel Firefox on desktop is adequately secure for many people, we don't feel that is the case on Android, unfortunately.
Anyways, thank you for your insight. I will look into making this more clear at a glance.
There's a lot more context about what browsers they recommend (and what they recommend them for) on the dedicated page for it: https://www.privacyguides.org/en/desktop-browsers/
The part you quoted was an example of what _not_ to do ("not the time").
I read it accurately.
Privacy is dead. But its all the more worthwhile to resurrect it.
When someone might benefit from marginal privacy, its best to ask who they want to be private from. Sometimes the juice is worth the squeeze (Privacy from ISP, Spouse etc) sometimes it isn't (State actors, large corps) depending on how much effort they want to put in.
It's also important to remember how easy it feels to setup and use when it's all done and working.
When you're starting out you're learning everything and trying to adjust your current usage with the limits of the private alternatives. And then we live in a society there is the learning curve for those who want to interact with you and are somehow willing to cooperate and use a more secure/private thing than the tool/service they're used to.
Let people get better and encourage them to keep going is definitely the right advice. The tone, intent, and timing of telling people how to keep going further is as important as the advice or recommendations you're giving them.
I don't trust Privacy Guides. They must have some kind of deal with Brave. They didn't accept Brave and then out of nowhere they start accepting it with the excuse of having a Chromium-based browser.
Hey, I'm Justin from the 501(c)(3) fiscal host of Privacy Guides, MAGIC Grants. Us board members administer the funds for Privacy Guides, and we are different people than those who are on the Privacy Guides committee.
I assure you that Privacy Guides has not made a deal with Brave or any other of the tools that it recommends on the website. I'm happy to address any other questions about raising funds if you have them.
There are lengthy discussions about whether to recommend a tool or not on the Privacy Guides GitHub and their forum. There is a lot of great context there.
I don't doubt PrivacyGuides but...
> There are lengthy discussions about whether to recommend a tool or not on the Privacy Guides GitHub and their forum
The process doesn't strike me as consensus driven? Mods/team have become gatekeepers (both for persisting with existing recommendations or adding new ones), including aggressively shutting down conversations/threads they personally don't like (I was told, all moderation actions are final, regardless of who on the team does it, even if why they did it doesn't hold water). I imagine, such a rigid setup is in response to prevent bad faith actors (but then, I lose count of how many times team/mods have called others "extremist", using it as a slur, just because ... reasons).
It is hard to definitively prove ulterior motive, but other folks do observe such nefariousness and come to their own conclusions, valid or not, as GP has done.
All that to say, the way it is currently run, "discussions happened" isn't really the defence you think it is.
We don't have a deal with Brave. It was added almost 3 years ago, and nobody has even proposed removing it in the time since. Furthermore, it would be insane and likely illegal for a public charity to strike a deal to serve an undisclosed advertisement for a product from a private company.
I think our position on Brave is clear enough from the very first paragraph in the guide:
> We recommend Mullvad Browser if you are focused on strong privacy protections and anti-fingerprinting out of the box, Firefox for casual internet browsers looking for a good alternative to Google Chrome, and Brave if you need Chromium browser compatibility.
edit: ninja'd by justin lol
> We recommend Mullvad Browser if you are focused on strong privacy protections and anti-fingerprinting out of the box
Just want to put emphasis on “out of the box”. Changing any of the default settings will cause you to stand out. The fingerprinting protection is essentially to have a bunch of people all using the same browser with all of the mechanisms used for fingerprinting being either disabled or giving the same results on all installations; everyone has the same fingerprint.
1 reply →
> We recommend Mullvad Browser if you are focused on strong privacy protections and anti-fingerprinting out of the box, Firefox for casual internet browsers looking for a good alternative to Google Chrome, and Brave if you need Chromium browser compatibility.
What about a WebKit based browser?
"Orion comes with state-of-the-art ad and tracker blocking enabled by default, unlike any other browser in existence... Beyond blocking all ads and trackers by default, Orion is also a zero telemetry browser. It protects you from websites on the web, and the browser itself never leaks your private information anywhere."
https://kagi.com/orion/
They specifically state on their page for the Brave listing (and all the other ones) that they aren't affiliated with any of the projects they recommend. They also list the criteria they have for listing a project. If you think something shady's going on, perhaps you could point out which of their publicly available criteria Brave doesn't meet?
Agree. Firefox is the only browser I "trust". It does the best job of respecting the user out of any available option. I am the user and I deserve respect. You are also users, and you deserve respect, too.
> Agree. Firefox is the only browser I "trust".
Your personal preference does not prove this website is engaging in shady deals, as the person you’re agreeing with claims.
> It does the best job of respecting the user out of any available option.
Maybe. That too is debatable. Mozilla’s track record with Firefox and privacy has been less than stellar as time goes by.
https://www.privacyguides.org/articles/2024/07/14/mozilla-di...
In their defense, I think it is good to have a more private chromium browser if we’re talking about the subject of accessibility for new folks. Much easier to get them off chrome proper.
I dont understand the needed distinction between "chromium" and "non-chromium" browsers, thyre just web engines and ultimately technical details. Although chromium having significantly more compatibility (or chrome features that websites use) the average consumer will be using websites that keep strict accordance with webstandards to support safari. For technical users its another story but for the average user the web engine of your browser doesnt matter, just the shell around it, so I find it quite silly the notion we need X browser and also an X chromium browser
5 replies →
I am somewhere in the middle. If people could see something like Privacy Guides that is trying to be a primary privacy resource, and then look up any advice on another source, it could be useful. People aren't used to challenging something they read when it comes to privacy from a "trusted source", and I think that should be a key part of privacy and security. Try to find other sources, that aren't connected, to back up a claim.
third approach, is to batten down the hatches as tight as possible,pragmatism, with the objective of seeing as little proof, ie: targeted adds, inbox invasions, etc. That they are in fact violating privacy rights wholesale.And so one ,not see or hear much of the material bieng pushed. Two, as a bonus, knowing that it's costing them. And three, returning serve by useing the web and its tools, to sell my business and things for sale, but in a manner that requires a customer to perform a search.
Only the word has been hijacked at best
"Your privacy is our priority..."
"Binary thinking" and "zero-sum game framing" are (ime) extremely common logical facilities that affect even highly educated people. I think the reason for this is that these framing are approximate solutions. But truth is that approximate solutions are often insufficient. Very few things are zero-sum games once we incorporate that pesky variable "time". I often see this framing with economics, yet a rising tide lifts all ships and even poor men (in developed countries at least) are far better off than kings of old. Similarly, one of the greatest advancements in logic in the 20th century was where (one of) my namesake noted that a binary decision has a third answer: "indeterminate"[0]. This is also at the heart of both computer science (halting) and physics.
I see this mindset a lot with privacy, and I think a lot of it is apathy or more that people have been run down. I'm at the tail end of a CS PhD and I even have a hard time convincing people in my program to communicate with me over Signal vs text. Common answers being "they have my data anyways" and people buying into a whole ecosystem. But truth is, fragmenting your data is an important part to data privacy. You minimize what you can, and what you leak you try to distribute. Information's power is in its aggregation, so you make it harder to aggregate.
I think it is the same as with security. There's no real perfect security[1], and realistically security is more about putting up speed bumps than impenetrable doors. Just sometimes your speed bump is so large that you got to build a car that couldn't fit on the road if you want to make it over (you can always brute force a password). The goal is to make it too expensive, too time consuming, or too costly to use that route or maybe even to attempt an attack in the first place. The same is true for privacy. Make them pay more for that data. Make it harder to aggregate. Make your data as noisy or indistinguishable from noise as possible (small footprints are better than extra footprints). Because this isn't a zero-sum game instantaneous game, this is a constant battle and it is always cat and mouse.
But I do think we as the programmers, the developers, the makers, should also have a serious talk about the consequences of surveillance capitalism. With any engineering, it is always easy to get caught up in the upsides and downplay the downsides. The path to hell is paved with good intentions, not malice[2]. Every engineer has to have a code of ethics, surely Ethan Zuckerman didn't foresee the hell he created, and had good intentions. While we don't build bridges that can collapse (actually... we do) there can be no doubt that information can be weaponized. It seems no matter what your politics are that this is recognizable and in conversation. And I think these conversations can still be had in an apolitical setting (which I hope we will do here, but I understand the pull towards that direction[3]). I do encourage apolitical discussions because these can be had within the workplace and can be had without starting fights. I do believe that many people will often find themselves on the same side when had conversations not initiated this way they would not have. At the end of the day, it requires a community to make these changes and even if we disagree on some things that doesn't prevent us from working together towards common goals.
[0] Godel was said to have been inspired by the paradox "this statement is false" but that's probably folklore. "Indeterminate" here is equivalent to "this statement cannot be proved"
[1] Okay, I know, but if you know then you know what I mean here
[2] I think it is important to recognize that evil is often created when good men are trying their best. So be careful when making attributions, because evil is sly and subtle. If it weren't, we'd have purged it long ago.
[3] I believe that the discussion around "Turnkey Tyranny" often helps with keeping things apolitical. Because one needs not say that any one party is or will become tyrannical, but we can remain abstract in a future scenario and consider the risk-reward calculus (I'm sure more relevant than ever).
[dead]
[dead]