[tripu]

Author here. (Thank you for all the comments!)

Yes, I know SSH tunnelling and compiling your own Android are tall orders for the average user. Here I'm just hinting at some examples that are well-known among us geeks, but there are easier to use alternatives to all that. I suspect Protonmail is as easy to use as GMail. VPNs are so easy to use nowadays. The UX on Signal isn't particularly challenging to the average user of WhatsApp.

There is a lot we techies can do to educate normies and respectfully push them in the right direction, but we keep on neglecting that responsibility under the excuses of bad usability, lack of features, or convenience for users.

On an earlier draft I also had a sentence like: “a big effort in usability and outreach is needed”. Definitely so.

My point is not that we can get all EU citizens to switch to SSH tunnelling and Purism, but that we IT professionals should spend more time and effort educating a fraction of the population to move the deal in the right direction and avert catastrophe.

[nonrandomstring]

> we keep on neglecting that responsibility under the excuses of bad usability, lack of features, or convenience for users.

A value leverage point to look at is; why are these perceived to be in tension in the first place?

Revising the concepts of "convenience" and "usability" to incorporate not having your life, business and affairs ruined petty tyrants seems the way to go.

It seems quite possible to design software such that it's more difficult not to encrypt than it is to use insecure defaults.

That's more or less what happened with browsers vis a vis https by default, no? I really have to go out of my way these days to view a plain http site.

[iggldiggl]

> I suspect Protonmail is as easy to use as GMail.

End-to-end encryption without a trusted server makes multi-device usage rather complicated within a number of contexts. Full-text search for example then requires all your e-mails to be indexed on each individual device you're using for accessing Protonmail, and you need to keep that index permanently unless you want to re-download all messages and re-index them again the next time you need to search something.

I don't very frequently use full-text search from my phone for example, but when I need it, I do need it, so neither proposition (permanently occupying valuable space on my mobile phone with a search index I only occasionally need, or else wasting a noticeable amount of time and data volume to re-index all mails every time I want to search something) sounds really enticing.

[pmarreck]

> avert catastrophe

Catastrophe, you mean like thousands of radicalized people meeting securely in secret online to disrupt an objectively legitimate thing?

I would like more widespread penetration of critical thinking (such as teaching people to pattern-match on the most common fallacious techniques used by cults, conspiracy theorists, propagandists, modern snake-oil salesmen, and other ne'er-do-wells) before we deploy some "mass security recommendation" that would enable people to more comfortably plan things like firebombing vaccination centers based on secretly-exchanged nonsense. I mean, isn't that why "the authorities" (assuming they are good actors, which is of course an unknown) are nervous about pervasive, easily-accessible security?

Fortunately, it seems like most bad actors are idiots who have zero qualms about insecurely broadcasting their thoughts on social media leading up to their committing of despicable acts. But your efforts might make such "precognitive noise" "secure by default".

(In principle, I agree with you. This Martin Fowler piece on privacy, I consider seminal: https://martinfowler.com/articles/bothersome-privacy.html I'm just saying that no single technology seems to be a universally-satisfying panacea.)

[qweqwe14]

Privacy for everyone includes privacy for people you don't like. Having literally everyone know about ways to have secure and private communications would actually be a good thing.

Do the bad guys use these technologies? Yes, but so what? It's like saying that we shouldn't educate people about knives because some guy can use it to kill people.

This whole fear of educating people about privacy tools because some criminals will use it is so tired and irrational. Criminals do it already and have done it for a long time. It's inevitable that more people will use them in the future, including the "bad guys". How about we just accelerate it and instead think of why people commit crimes in the first place? Nah, too hard, let's try to ban math instead.

> Fortunately, it seems like most bad actors are idiots who have zero qualms about insecurely broadcasting their thoughts on social media leading up to their committing of despicable acts.

At some point they'll stop doing it and become more aware of their OPSEC. Or they do it intentionally because they want to get caught.

[OfSanguineFire]

> There is a lot we techies can do to educate normies...

This isn’t something you’ll find universal agreement about. My own position is that we techies are seen as weirdos by most of the population, and what we should do is leave normal people alone. Definitely not try to “educate” them – think about how elitist that’s going to sound to many of them.

[actuallyalys]

The phrasing of "educate" (not to mention "normies") definitely implies a patronizing and unhelpful approach. I don't think technical people should go around giving unsolicited lectures to people they perceive as lacking technical expertise. However, I don't think there's anything wrong with technical people sharing what we know in a respectful way to people who are actually interested in a way that accounts for their needs. For example, if a social group you're in is deciding what messaging app to use to coordinate meeting up, it would be appropriate to share what you know about the various options' end-to-end encryption. But going on a rant about the privacy issues of a social media app because a distant relative mentioned it offhandedly probably isn't productive.

By analogy, I wouldn't mind a friend with medical training sharing what they know about heatstroke prevention to a group of us before we embark on an hike. I would mind them giving me nutrition advice based solely on what I ordered at a restaurant.

(Edited to fix wording)

[salawat]

I find the opposite. When I really sit down and lay out for my parents the implementation details of what goes on, yes, immediately the reaction is to the negative. They come back later though and ask for clarification. They ask more questions, and they more patiently listen to the answers.

Education has always been and always will be an uphill battle. No one likes to be taught. We do it anyway, because both are enriched in so doing.

[fsflover]

> compiling your own Android

I think this is a mistake. If you actually want to switch to FLOSS and control your own devices, you should abandon semi-proprietary technology relying on a huge corporation and switch to a GNU/Linux phone, like I did.