[copsarebastards]

> Analogies are inexact by semantic definition, and that doesn't make then "faulty".

Well, it makes them useless as evidence. An argument by analogy simply isn't a valid argument. Don't you remember the "You wouldn't steal a car" ads?

> Privacy is readily available through https, two factor OAuth, etc.

HTTPS is broken by privileged man-in-the-middle attacks (attacks where the attacker has key signing power) and downgrade attacks. And that is when it's even available (it isn't always). And even against attackers with less power, it only provides privacy for what you send over the wire, not who you send it to. And finally, this all assumes that you're sending your data to an entity which won't simply sell it to whoever is willing to pay a few bucks (an uneducated user might think, for example, that data sent through GMail is private).

I'm not even gonna touch "two factor OAuth"; I'm not sure what kind of privacy you even think that provides.

In short, you clearly have no knowledge about what does and does not provide privacy. It would behoove you to not make claims on topics you are ignorant of.

[bduerst]

Analogies aren't evidence, they're a tool for explanation, again by semantic definition.

It's committing a no-true-scotsman to say that "privacy isn't as easily available as oxygen" when you change it to "true privacy is is really perfect privacy" when faced with HTTPs and OAuth.

All privacy & security tools are are imperfect, but most of us find the right level, rather than live in a faraday cage in our mother's basements (that's the point). Unless of course, copsarebastards, you need that level of privacy - then I'm not going to judge.

[copsarebastards]

> Analogies aren't evidence, they're a tool for explanation, again by semantic definition.

Agreed, that's what I've been saying all along.

So then why did you use an analogy? Did you really think the sentences "Privacy is easily available" or "People only have to use privacy tools when they are doing something that they want to keep private" needed explanation? Perhaps I assumed you were using it as evidence when you weren't, but you have to admit that's a reasonable assumption given that the analogy is completely pointless otherwise.

> It's committing a no-true-scotsman to say that "privacy isn't as easily available as oxygen" when you change it to "true privacy is is really perfect privacy" when faced with HTTPs and OAuth.

Imperfect privacy isn't privacy. Either people are able to look at your data or they aren't. If people are able to look at your data, you don't have privacy. This isn't a complicated idea or a "no true scotsman" fallacy, it's the meaning of the word "privacy".

We have plenty of evidence showing that the NSA surveils data which is "protected" by HTTPS, ergo, HTTPS does not provide privacy. And the NSA isn't the only actor with this capability.

And OAuth doesn't provide privacy. It's not even the problem that OAuth tries to solve. OAuth provides authentication, which is an element of privacy, but it takes more than simply showing that a person is who they claim to be to provide privacy.

> All privacy & security tools are are imperfect, but most of us find the right level, rather than live in a faraday cage in our mother's basements (that's the point).

That's exactly not what happens. The average user simply is not informed enough to make an educated choice about what level of privacy they want and make choices to get that level of privacy. As a result, people don't find the right level of privacy. Closeted gay people get outed by their Facebook friend graph, pregnant teenagers have their pregnancies publicized by their targeted ads, celebrities have their nude photos leaked to the public, adultery website users and corporate employees have their information leaked, women are found by their jealous law enforcement exes misusing surveillance technologies. Only a fraction of these people actually knew what risk they were taking when they friended someone on Facebook, searched for goods on Amazon, texted a nude photo to a lover, put their credit card into a website, gave their info to their employers, or made a phone call.

Obviously living in a faraday cage in your mother's basement isn't the answer: that's a straw man argument.

The answer, in my opinion, is both social and technical. Socially, we need to get people to prioritize privacy and use privacy by default, we need people in power to respect and protect the right to privacy rather than actively taking it away from people. From the technical side, we need privacy tools that are faster, more secure, and easier to use, and we need decentralization so that violating people's privacy is no longer an option.