First of all, don’t get me wrong: privacy is a very important topic. There are some really awesome projects out there, supported by an amazing community. They deserve much more visibility and support.
But I’m skeptical about it.
rooted before boot
IMHO, the fight against government agencies is lost. I mean, no hope at all. Most people don’t realize how far ahead they actually are. It’s impossible to even know where they are exactly, but based on the whistleblower disclosures (old, shitty tech they probably don’t even care about anymore), we can make a good estimate.
To summarize, if an agent like TAO wants to hack you, they can simply intercept the hardware you order and install backdoors on it. Do you encrypt your data? They have backdoors in cryptographic algorithms. Do you use Tor to lay low? They control most of the exit nodes on the Tor network. Do you neglect any communication over the internet and only do in-person meetups in a closed-door room on a rooftop? Guess what? Yeah, they nailed this too.
This last example is really interesting because it looks like something from a James Bond movie. An impressive piece of tech, right? Well, this is Cold War tech, from 1947. In 2014, people re-implemented the concept using video recording + machine learning.
How do you feel silly duck?
Do you finally realize how far in the lead they are? OK, then your next question might be: but if they have all of this power, why do we still see a lot of crimes, etc., without a solution?
Well, there are a couple of reasons. First, they don’t actually care enough about most crimes to use their full arsenal. But more importantly, when they do use these tools, they can’t always use the evidence in court. For any given evidence, the means used to acquire it must be explained—and revealing their methods would expose their capabilities. That’s why some agencies are known to drop charges so as not to reveal their arsenal.
neon compliance theater
The game is a little different for Big Tech, tho. I mean, they need to keep up the appearance of being the good guys, at least. Everyone knows they’re collecting our data, selling our data, and leaking our data to cybercriminals (maybe not intentionally, but… what’s the difference?). Governments try to add guardrails all the time, mainly because they don’t want their own data leaked to other agencies — don’t be naive (old-school politicians are really careless about their online privacy sometimes, even when handling top-secret, confidential subjects) — but we all know they have good lawyers to bypass these guardrails.
Actually, sometimes the profit is so high that a lawsuit isn’t even a big deal. So they just ignore the guardrails.
But since they lack control over critical infra (for now), this is a really interesting cat-and-mouse game that we might benefit from playing. The issue here isn’t the tools available — like I said in the opening, there are some really awesome projects out there. The problem is the lack of collective adoption. You might surround yourself with the best state-of-the-art, privacy-focused tools, best practices, hardening guides… but you still need to talk to other people.
That’s the whole point of the internet, god damn it.
I know all of your tech bros kinda like the idea of going full throttle into the privacy tech stack. What about your non-tech friends? Your family? Do they share this urge to purge convenience in exchange for privacy?
My point is that most people will never purge convenience in exchange for privacy. Some of these tools are really hard to get started with, if you think about it. And sometimes true privacy is synonymous with: self-hosting, P2P, no centralized discovery, etc - hardcore computing nerding. So again, how do you expect the people around you to adopt the same level of opsec as you?
A chain is only as strong as its weakest link.
I don’t think any of us have a good answer; going full opsec effectively means cutting yourself off from everyone else—which defeats the whole point of the internet: connecting and sharing with other people.
this almost sounds like an ascetic ideal tbh.
the co-op game
Privacy isn’t a solo speedrun. It’s a co-op game.
- Not because people are dumb, but because life is busy and convenience is real.
- The win is making privacy easier to adopt and easier to share.
I really think the best push we can give towards the privacy utopia is education. We need to empower people around us so they can adopt our awesome privacy toolkit. Only then we can enjoy privacy together and dance like nobody is watching ;D
I don’t really have time to contribute to any project right now (shame on me) but I really admire people who do. Our support for them is really important. I’ll drop some links below to resources that might help you explore the privacy landscape further.
See ya!