[nonrandomstring]

It seems sad that in 2022 it still needs explaining what privacy is and why its a good thing.

I don't wish to knock this great project, but I'm growing weary of reading what seem to be almost obligatory structures;

  1) Initial platitude about how smartphones are ubiquitous,
  inevitable, inescapable centres of existence without which humans
  would die within seconds.

  2) Tragic self-mocking account of how we're all idiots without
  self-control who can't work these things, but remain utterly
  dependent on technology we have no clue about.

  3) Confusing, terrifying litany of all the evil-doers, hackers,
  cybercriminals, corporations, agencies, and other bad guys f-king us
  over, while trying not to sound paranoid and hopeless.

  4) Optional apologetics justifying unconscionable shitshow of (3) on
  the basis of convenience and getting stuff for free. 

  5) (Point at which most normies stop reading) Solution involving
  jaibreaking, firmware updates, running a private VPS server,
  building your own DNS network and soldering in some new chips using
  dangerous solvents, X-Rays and a x100 bench microscope.

  6) Shrugging summary about how this "probably isn't for everyone".

[imiric]

> It seems sad that in 2022 it still needs explaining what privacy is and why its a good thing.

Because for most people privacy on the internet isn't important. They either don't care it's being abused ("I've got nothing to hide"), or are OK with paying the price of giving it away in exchange for the services they get, and think are entitled to, for free.

This has many reasons, and a major one IMO is that we didn't build privacy-focused tools from the beginning. The web was built with a consumerism model where the user is only meant to browse it. When corporations grew larger based on a very lucrative market and adtech was born, there was no going back. Now, privacy-focused individuals are desperately trying to educate people and reverse the trend, governments are attempting to catch up and fight it, but that train's not stopping anytime soon.

The sad part is that majority of people won't even be interested in this article, let alone use the tools it suggests.

As for the tools themselves, as someone who's been using a de-Googled phone for years now, I'd never use any of these. It's great that they're FOSS and request no permissions, but the fact they're built by the same team and market being "privacy-friendly" as their main selling point just feels off to me. There are similar alternatives already on F-Droid and I'd rather use apps from different developers, in case someone goes rogue I don't lose all my eggs, so to speak.

[pessimizer]

> Because for most people privacy on the internet isn't important.

This is untrue and the only place I see people claiming it's true (ironically) is here on HN. Privacy is intentionally made as difficult as possible when using anything where control could conceivably be centralized. These services are also made crucial through the elimination of others that are more privacy-respecting. In the case of the internet, this is inevitable because internet business don't have to make a profit, and they destroy the previous businesses that did.

I don't meet anyone who doesn't want privacy as the default. It's weird to even have to say that when Snapchat is winning among the generations that get most accused of being comfortable with this corporate and government-imposed lack of privacy.

[nl]

I don’t care particularly much about privacy.

This is a nuanced view where there are specific privacy features I care about in some circumstances. But I don't really care about the strong privacy against corporates or government that some do.

This view is informed by my migration from being strongly privacy focused in the 1990s and a subsequent careful analysis of actual harm.

Also I'd note that Snapchat is a great example of this. Privacy for things I care about but little from corporate advertising or governments.

[imiric]

> This is untrue

> I don't meet anyone who doesn't want privacy as the default.

We're both speaking from experience. You can't claim that my experience is untrue, just as I can't claim that yours is.

Most people I've spoken to--particularly outside of HN--in the baby boomer and generation X demographics, and even some millennials, have expressed what I said above. Practically speaking, almost anyone who is not technically savvy certainly wouldn't be concerned about protecting their online privacy, since the internet (or "Facebook") is just a tool they use to stay in touch and keep (mis)informed.

As more and more people come online their first exposure to the internet will be via these services. The failure of web developers has been not building privacy-focused tools from the beginning, and not educating people about what they're sacrificing by using "free" services. We can work on the latter, but the former will always be an uphill battle, as the momentum of adtech has taken over the web.

> Snapchat is winning among the generations that get most accused of being comfortable with this corporate and government-imposed lack of privacy

What makes you think Snapchat respects users' privacy? Snap is an opaque corporation, running a profitable ad-based business, like most tech giants.

I'd reckon that most Snapchat users don't use it because they think it's private, but because it has the content they're interested in. This is the same demographic obsessed with TikTok after all.

[izacus]

> Because for most people privacy on the internet isn't important. They either don't care it's being abused ("I've got nothing to hide"), or are OK with paying the price of giving it away in exchange for the services they get, and think are entitled to, for free.

The fact that "privacy" doesn't mean the same thing for all people isn't helping. Privacy fundamentalist use the same rhetoric and fundamentalism as Stallman does, where they use a definition of "privacy" which is disconnected from what most people are worried about when talking about "privacy".

Counting clicks on a button in an app (privacy fundamentalists: "spying") is far from concerning for most people while uploading their private messages, leaking their private pictures or having their coworkers read their messages is concerning. For an example of that, consider that in another comment thread on HN, the networkers were vehemently defending their right to reading anything and everything on "their" networks while still demanding privacy from their phones.

And as long as the definition of "privacy" is abused to harvest clicks and outrage, meaningful progress can't be made.

[autoexec]

> Counting clicks on a button in an app (privacy fundamentalists: "spying") is far from concerning for most people while uploading their private messages, leaking their private pictures or having their coworkers read their messages is concerning.

People aren't concerned about "clicks on a button" because they don't know what that means. It's never just "clicks". That's the problem with privacy. Everyone understands why it's bad when their coworkers can read their private messages, but nobody knows that because of the data they've given up but "don't care about" they got turned down from the last job or apartment they applied for, they're paying more for the exact same items than their neighbor while shopping online, companies are telling them their polices are one thing while others are getting better terms, they wait longer on hold when they call for tech support, or that it's why their health insurance bill went up again.

If people saw all the ways the data they gave up was being used to exploit them at every opportunity they'd care a whole lot more about what "privacy fundamentalists" consider spying, but unless the consequences are immediate and right in their faces they can continue to be manipulated without being aware.

[bornfreddy]

Yup, well said. And it's not like there are no alternatives. Even for "normies" there is /e/ OS (now Murena) where you can buy a ready made private (or at least mostly degoogled) phone. And for "techies" there is LineageOS, GrapheneOS,... maybe even Linux.

[bdominy]

End-to-end encryption will make a big difference as people choose applications that offer a great experience while protecting their data from 3rd parties. WhatsApp, Signal, and Apple are all making big pushes in this area and working to inform people about why it is important for their privacy. When I explain e2ee to people and how it is used in my own app for contact info sharing, they immediately get it and want it as a feature.

[imiric]

> WhatsApp, Signal, and Apple

One of these is not like the others. I have a hard time trusting Meta's and Apple's claims about privacy, including E2EE. They're both billion-dollar corporations with a history of deceiving marketing practices and data leaks. Meta's business model in particular is based on advertising and abusing users' privacy. Why should we trust WhatsApp has their users' best interests in mind, when the company that runs it makes a profit from exploiting user data? To say that it's a conflict of interest would be an understatement.

Good luck with your app, but please don't recommend Meta and Apple products to users concerned with privacy.

[bdominy]

Meta and Apple can both be sued or fined heavily if they are misrepresenting their use of e2ee. Signal has maybe 100 million users, but WhatsApp and Apple account for over 2 billion. They've done more to improve security in the text messaging space than any other group. Maybe they are doing it because they don't want data leaks any more than you do, or they sense the trend towards respecting user's privacy and want to at least appear to care. In any case, we should encourage this adoption of end-to-end encryption and support it where it makes sense.

[disadvantage]

> Because for most people privacy on the internet isn't important

That's changing. There's a movement online to get people weaned off big tech and surveillance capitalism. The thing about privacy online is that it's hard to measure, since many opt out of telemetry so you can't easily gauge just how many people have opted out of big tech & surveillance. I imagine the number is exponentially rising as each year passes.

Now I don't expect everyone to be fully private in 10 years, and you'll always get freeloaders exchanging personal data for something free. That's just a fact of life. You have to think of this in terms of 'radioactive waste'. They say data is 'the new oil' but it's really the new radioactive waste!

[imiric]

I wish I had your optimism.

> There's a movement online to get people weaned off big tech and surveillance capitalism.

This is a niche movement at best, ironically mostly followed by people who are already concerned about privacy. I doubt they manage to convince many others into joining them and abandoning big tech. My own attempts at doing so have mostly been met with a few responses: "I have nothing to hide", "It's too inconvenient to switch", "I just use it for X and don't spend a lot of time on it", or "I don't care".

> The thing about privacy online is that it's hard to measure, since many opt out of telemetry

Hah, right :) I think we can track it by simply seeing how the user bases compare between big tech and privacy-focused services. So far the numbers are several orders of magnitude apart, it's pointless to even compare them. There are many reasons for this, and I hope things keep improving, but I doubt we'll even make a dent in 10 years.

[nonrandomstring]

> This is a niche movement at best

No, really you are wrong. I am watching this closely and if you have not noticed the tectonic political shift going on you're living on Mars. Just the other day the US signed with 60 other signatory nations on a bill specifically set to burn down widespread privacy violations. And the US is tepid compared to a groundswell in Europe.

[pessimizer]

> It seems sad that in 2022 it still needs explaining what privacy is and why its a good thing.

It should be about as sad as the fact that addition and subtraction still need to be explained. People are still being born.

> I don't wish to knock this great project, but I'm growing weary of reading what seem to be almost obligatory structures;

If this is your first time reading something like this, you need the obligatory structure. If you already know everything, it's not for you. If it's complicated and normies can't do it, that can't be helped, it's what we have. If you are a normie looking for privacy and see that it looks unintelligibly difficult, that's educational. You might be upset by that fact, and therefore support and amplify criticisms of the current regimes, software that simplifies the process, and/or legislation to protect people.

[haswell]

> It should be about as sad as the fact that addition and subtraction still need to be explained. People are still being born.

This is the key. And privacy, the lack thereof, and what to do about it - is significantly harder to grok in 2022 than your standard education coursework.

Any material that attempts to educate and empower users on this subject should be encouraged.

Markets change when consumers demand it. Until consumers know what to demand and why they should demand it, change will not happen.

Not long ago, smart homes were reserved for tinkerers and tech savvy types. Now, almost anyone can set up some smart bulbs and such.

Staying private is in that earlier stage. Every product or movement that became accessible to the masses started out as an inaccessible or impractical hobby of a few.

[nonrandomstring]

> If this is your first time reading something like this, you need the obligatory structure.

I used to think the same way, and started out writing all my educational pieces in the vernacular structure... with great patience and sensitivity to the idea that maybe some people are ambivalent about privacy.

Over the years I've come to revise that.

We create mythologies in the hacker community. Amongst the many caricatures we conjure up are "Mom", "Gran" and someones "Little brother". These hopeless half-wits will set a computer on fire as soon as touch it. The reality is that todays "Granny" was head of social informatics at IBM in the 1960s. Todays "Mom" is ferociously aware of protecting her children, eschews 'nanny cams' and gets irate at the school for posting the class photo on Facebook.

We need to revise our stereotypes and should seriously ask; who are these imaginary people who are "reading this for the first time"?

Part of the reason I think we create these mythological half-wits is that it gives us a simple explanation as to why the uptake of dignity respecting technology is slow. The reality is that it's actively impeded, but we're not quite ready to fully take that on-board and point at the culprits.

Part of the solution I think is to adopt more direct speech, to stop treading on eggshells around privacy and start going in hard with a more mature understanding of where people are in 2022 with respect to their threat models around different technologies. Regular people get that the horsemen of the infopocalypse are bogus, that their phones are fundamentally insecure, and they want change.

> If it's complicated and normies [1] can't do it, that can't be helped

We do need to up the game in so many places, as you say, education and UI are still paramount.

> You might be upset by that fact, and therefore support and amplify criticisms of the current regimes, software that simplifies the process, and/or legislation to protect people.

You raise a really important issue. There's a lot of hostility towards advocates of rights respecting technology. I always assumed that came, at least here in forums like HN, from those directly involved in advertising and surveillance activities who see their livelihood threatened. But now I think there's more to it. I get about eighty percent very positive sentiment toward my Digital Vegan book, ten percent justifiably critical, but there's ten percent who are disproportionately angered and indignant.

I think the psychology is really complex and involves a kind of defensive rationalisation, learned helplessness, Stockholm syndrome and some sunk-cost bias. Some will vigorously shout down opponents in defending their right to be spied on and abused. Something's amiss there.

[1] sorry I used that word, it's demeaning

[1vuio0pswjnm7]

This project does not seem to contain any of the six points raised. Instead it is simply an introduction to open source apps for smartphones under the moniker that they are privacy-friendly. (For Android check out the NetGuard and PCAPdroid apps. I have not seen anything like them for iOS.)

The problem I have reading criticisms of anyone else's interest in computer privacy is that in general most but not all people these days who are using their ability to program computers as a paying job are somehow reliant on the sustenance and/or growth of online advertising or other money-raising strategies that depend on surveillance of people's computer use, or simply people's continued computer ignorance. In the case that the critic has any connection to this type of "work", there is, IMHO, a conflict-of-interest/bias to consider. Needless to say, "normies" generally have neither the time nor inclination to pen such criticisms let alone read them.

It is remarkable how developers commenting on HN are so willing to speak on behalf of "normies". One can see this practice not only in this thread but routinely, on nearly every privacy-related discussion on HN. If normies were given a vote how would they exercise it. When iOS users were given the choice to block apps from tracking them, what choice did they make. Facebook lost 20% of its market value as a result of Apple giving people that choice. It's too easy to manipulate choice and then pontificate about what they do or do not want. This is the game "tech" companies play.

In any event, I think the six points lead to the following conclusion: we need to have (more) laws that regulate online advertising and the privacy-invasive practices used to support it. If computer surveillance shenanigans employed by "tech" companies were sufficiently regulated, it would bring a swift end to the type of "web content" described by the six points.

[nonrandomstring]

> in general most but not all people these days who are using their ability to program computers as a paying job are somehow reliant on the sustenance and/or growth of online advertising or other money-raising strategies that depend on surveillance of people's computer use,

In my book I address precisely this. What I found in my research is that this is a driver in the privacy crisis, but it's a distorted account.

The software industry is enormous. The vast majority of it still delivers traditional value. In automotive, medical, military, civic infrastructure and commodities, space, pharmaceuticals, agriculture, education and much, much more - the majority of working programmers build benevolent utility for a fair days pay without compromising their morals.

The disease is in the smartphone/web ecosystem (I am simply paraphrasing it's creator Sir Tim Berners Lee), and we should not confuse that with the wider project of computing in general.

What is called "Silicon Valley" (The Californian Ethos) in the vernacular, is an aberration. Its culture is disproportionately supposed to operate throughout "tech". Part of this operation, and power, is indeed rooted in it's mythology, and the projection of its ideals, that there is "no alternative" and that the grotesque exploitation of other peoples private lives is somehow a natural, evolutionary condition of networked digital technology. It's insistence that "this is how we pay for free" is victim blaming.

> or simply people's continued computer ignorance.

Yes, but there's more to it than you surmise. The ignorance has overtaken the creators and investors as much as the users ("consumers in a marketplace"). We were long ago swamped in the complexity and uncontrollable churn of our own creations. Not to realise this is to set up a Machiavellian "us and them" schism, to put too much blame on ourselves and users as exploiters and victims respectively. The way out of this to admit that we don't have the first f-king clue what we're doing with technology and haven't for almost 30 years. The tech revolution has never had a telos, and is mostly the product of bored mathematicians creating solutions looking for problems.

To escape that spiral we need a new revolution of digital literacy. Digital Literacy 1.0 was all about discovering what amazing things computers are, and what they can do. Having now explored many the dangerous things computers shouldn't do, Digital Literacy 2.0 will be about figuring out what we really want them for, and why.

> It is remarkable how developers commenting on HN are so willing to speak on behalf of "normies".

Absolutely. I'm sorry that I too fall into that, and using that word. The arrogance is astonishing. Many of us are still stuck in a down-talking mansplaining way of seeing the world and have a good dose of "saviour complex".

> If normies were given a vote how would they exercise it?

The problem I am alluding to in my original (sardonic but hopefully not disparaging to TFA) comment is that right now it's not fair to even invoke the concept of choice. The greatest triumph of SV tech this past couple decades has been creating the illusion of unprecedented choice while stymying it and boiling down the market to a handful of near monopolies. These contradictions run deep. It's there in the distance between Apple's 1984 SuperBowl Ad, and its bid to introduce mandatory client-side content scanning almost 40 years later.

> laws that regulate online advertising and the privacy-invasive practices used to support it.

I am against regulation as a rule. If we're going to have it I see mandated interoperability and a legal support for radical consumer choice as a better way. The most powerful choice people may still have is non-participation.