Depends on your threat model, the degree of interest in you from states, the resources and competency of the states interested in you, etc... Also, I think privacy for privacy's sake and without any real threat to which it's responding to, is entirely fine and understandable. If nobody were interested in my data at all I'd still practise a reasonable level of privacy because I think it's creepy for other people to know my business.
this post was submitted on 23 Jun 2025
91 points (94.2% liked)
Privacy
39154 readers
933 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
It's the correct amount of paranoia. The issue is society has normalized completely not giving a shit about your own privacy to the point where any attempt at preserving it is seen as abnormal.
I rarely consider anything "too far" unless you're doing something totally ineffective or duplicating effort, and not talking about redundancy. I think most people who say this are either the people who we need to be secure from or people who are ignorant to the threats. I'm not saying the same threats affect us all, but there's always a possibility you could become a target through whistleblowing, protest, being attractive, pissing off a random stranger, etc. And usually by the time you are a target, it's too late. Your information is already out there and it's difficult to stop broadcasting more with all of the tracking systems in place all over.
It's often not clinical paranoia that causes people to worry about security and/or privacy, primarily it's a desire for a minimal amount of privacy, hiding from predators, and/or basic protection from fascist regimes of various strengths that have taken over most governments. Often keeping a little privacy also is the best way to prevent becoming a target in the first place.
Many times throughout my life, what would seem like a reasonably easy question to answer has changed dramatically.
30 years ago you could look at data collection and go there's no way that they could store a meaningful amount of data about everyone.
20 years ago, you could look at data collection and go there's no way they could have the contents of every phone call It's just targeted it's not a big deal
We are at a point now where everything you ever wrote or said could be thrown into a model with such unimaginable levels of lossy compression that they could simply ask it if you are the kind of person who is into whatever the future administration deems as unacceptable and deny you access to things. All you need is a fascist regime or a dictatorship installed and all of a sudden anything you ever did can be used as grounds to lock you up.
On a governmental budget, it wouldn't even be that expensive and we're just at the beginning of this.
We have seen that governments can change quickly. We know the data collection is affordable and can be permanent.
Certainly some people privacy-minded to the point of compulsion. But I can't say that anyone is wrong to seek extreme levels of privacy based on trends and capabilities.
The "leave your cell phone at home and make sure somebody opens your apps and uses them" people aren't anywhere near as crazy as they used to sound
A few weeks ago, I would have said 100%. I am needlessly careful.
I know I'm protecting against privacy threats that are technically possible, but unlikely. Preventing the tracking is just an interesting hobby, to me.
But earlier this month, we learned that Meta went "all-in" on what I consider some fucked up shit - running a mini localhost server to track the vanishingly few people who bother to block their tracking.
So now I guess I'm only about 30% sure I'm being needlessly careful.
You really do have to obsess if you take this seriously. It really isn't feasible for most people to devote kind of time and effort that I do on this stuff. I usually describe it as a kind of hobby, and I try to limit my advice to address specific concerns or threat models.
Yes.
Like any interest, people get so far removed from the original point, it becomes about something new.
Like cast iron. People go from not really knowing about it to learning how to cook with it, to learning how to do basic maintenance. About 20% of people go completely off the rails, and they start buffing and polishing them like they are fabergé eggs, and joining cast iron groups.
Privacy is the same. Learn the basics, follow the basics, relax and get over yourself.
Yep, I made the mistake of telling my family I care about my privacy. The amount of times I've been told the nothing to hide argument is stupid.
I started asking people who put that forward if they would give me their cellular phone unlocked for a hour. After all they have nothing to hide, right?
Tell them to leave their front door unlocked. They should have no problem doing that, and if they do, call the police on them because it means they're hiding illegal activity in their home. /s
Or just ask if they have nothing to hide why do they poop with the door closed? What could they be doing in there?
I must be one of those. This shit is not okay, yall. Whole psychological profiles, humiliation tactics, and dystopian forms of control are right around the corner. Why would they keep Epstein alive when Palantir automated the job of the blackmail broker?
Like most things on the internet it's a game of one-upsmanship. User X uses Firefox with Incognito. User Y say's that isn't good enough for his own inconsistent definition of "good enough."
So User-Y suggests Firefox with 14 different add-ons and only browse through an immutable VM.
But then user-z comes along and says that if you are using windows at all, you don't really care about privacy, so you should be using Icefox on some obscure fork of ubuntu through an immutable VM, with a pi-hole.
Then user-w says well if you aren't using a VPN none of this matters, so Obviously you need to rent an Alibaba cloud server hosted in China, that you only connect to through a privacy respecting VPN, and then you only browse through TOR.
And so on. By the time a user is asking about how to stop google ads, the only "serious" answer by the community involves using Packet over Ham-radio -> and spending thousands of dollars a month on 4 different cloud providers, rented through several shell companies set up in Switzerland, the Cayman Islands and China, while only typing in Esperanto using an ASCII-only font.
It's so overwhelming. I just want to be able to use Wireshark well to figure out wft is going on at my house with outbound surveillance data.
Wireshark is the wrong tool for the job unless you are only interested in the destination IPs, but those are useless to most people because malware and PUPs are hosted on public cloud services or rarely hijacked insecure endpoints, so what value is a source IP going to get you? For example most 'suspicious' traffic is from your cell phone and some app is phoning home over TLS, with 'home' being an elastic IP in AWS.
There are probably some people that go too far, but that is true in any community. There are also people with a very legitimate threat model, for example if they are from insert your favourite dictatorship here and they have insert opinion against said regime
I mean, it can be a bit of an issue everywhere.
Hilariously this post was just above this one in my feed.
Yep, and then there's probably a good number of people who have no idea of threat modelling who just copy those actions to say they have "good privacy".
Tbh, I'm closer to the latter.
As long as everyone is having fun, I see no problem.
If you're not having fun switching mail providers, researching Gecko forks, or being a part-time sysadmin for your Fairphone, you should probably stop doing those things.
are you guys doing this for fun? i take some privacy precautions so i wont be mass targeted for anything i do today in the future.
I'd sure hope so! Many of the things that privacy nuts like us do are not efficient uses of one's time.
They might require constant vigilance. They might need recurring work for continued effectiveness. They might necessitate exposure to intrusive negative emotions ("what is Google doing this week?!").
If you're not having fun, focus on measures that you implement once and then never have to think about again.
For example, I wouldn't recommend GrapheneOS to a journalist in an authoritarian regime. It might be "more secure", but they have a job to do and can't keep dicking around with obscure pointer authentication settings or whatnot. They should just get a current iPhone, enable Lockdown Mode if its tradeoffs are acceptable to them, and continue doing their best job, which isn't "phone administration".
LARPing as Jason Bourne, or prepping for the Rokobasiliskocalypse, is a hobby. It's okay, I do it too. However, it's not approachable or understandable to people who don't share that hobby, or are not as alarmed at the general state of things as we are.
people are literally targeted by this system today. and i live in the third world, i'm ripe for the taking.
not everyone has the same cybersecurity needs, its cool this can be a fun hobby for some of you guys though.
load more comments
(2 replies)
Damn this take needs more love. You will get shouted down And downvoted to the lowest depths if you speak against anything that isn't graphene. I like the project, it has merit. It's far far from perfect in so many ways. I don't believe it's the white knight in shining armour we like to think it is. Good yes. Saving grace. Not by a long shot. It's got many fundamental flaws.
Be conscious of your needs, not obsessive. I think a lot of people are obsessive and I get it totally. But FOMO is powerful. Don't overwork your mind trying to be perfect that you never make moves. Life isn't static. If your uneducated enough to truly need the utmost best tech stacks with no real knowledge on how to implement and deploy. You likely don't need to be doing the shit your thinking of, or currently doing.
Yeh my family treat me like I am a nut job. I only swapped away from google and ask them to think about the orgs they spend their money on for example Amazon.
It’s amazing how many people got on board with Covid conspiracies but questioning where you data goes, who’s using it, what for, no that’s a bit far lol.
Told my older parents I use a custom ROM with a profile for work and a profile for personal and they asked me what I'm hiding, and why I'm so paranoid. I said.. it's not paranoia, it's organization. Color coding profiles allows my mind to switch gears from work to personal life like mental compartments. I am a boring person. I have nothing to be paranoid about. They didn't believe me. Oh well....
Edit: part of me thinks the whole mental state switching from work profile to personal is an ADHD aspect as well. Especially the color coding helps wonders.
Likely
While certainly some people take it to a point that could be considered too far, I think that the reality is that you have to go very far if you want actual privacy today. I think most people either don't know all the ways that their daily lives are being tracked and their activities are sold or they simply don't care. To vast majority, doing anything that isn't trivial is probably too far, and the more you talk about it with them, the more they will think it's crazy. Most people of the older generation probably don't "get it" or think it can be real, and very young people have probably never known privacy in their lives to much degree, so it can be a tough sell. I think Late Gen-X and Millienials are the main group that got to experience privacy when they were young and then saw it slowly eroded away in increasingly gross ways until it was gone.
Yeah. I think people can become obsessive over it. I also think there is a large group of users who gamify privacy and act as if its an mmo quest where they just need to collect the best tools to win instead of being responsible and understanding threat modelling.
There is a point of diminishing returns. Like most things, you have to evaluate what you are willing to live with and let go.
I know someone who only browses incognito because they don't want cookies tracking them. They log into everything every day. Which, imo, is worse because those cookies are still tracking you but you now have to log in everyday.
But for them they like the control.
I've moved most of my incidental link on my phone clicking to Firefox Focus (thanks to URL Checker) which has upped my privacy. I wouldn't have made that change without the prompt that URL Checker provides though.
I use a VPN outside of my house and I use pihole at home. I am tempted to switch my DNS to unbound but the juice doesn't seem to be worth the squeeze. We'll see the next time I need to rebuild my pi.
load more comments
(2 replies)
I have been thinking about this a lot recently. I live a life where OPSEC is relevant. Its something that I have had to consider always, and has been for 2 decades. Even so, I wasn't as concerned this whole time as I am these days. The fact is that technology is making it such that its no longer "im not a person of interest they wont spend resources on me" because data crunching is happening to such an extreme, on such a grand scale, that person of interest doesn't even matter. Do you exist, yes. Do you have a digital foot print, yes you do. Even if you dont do a lot online. Your metrics are being captured and being inferenced, and systems are using predictive analysis to determine what you "may" do in a given situation. Depending on who controls those systems they may decide not to give you a chance to make that choice.
Ill I can say is that there are a large number of groups that want your data, for a lot of different reasons, and none of them are for your benefit. So, are you going to let them have it, or are you going to take steps to reign in the amount of info you leave about?
I've thought a lot about this. By making the choices you do you already single handedly categorized yourself. We are under so much tech behind the scenes that any move you make puts you into an analytical box, spot how you do things here or there and you have a pattern of trade craft. With trade craft you can educatedly infer the rest with probability. Exactly how they caught Osama.
Edit: Even spoofing your moves in everyway your still going to be noticed. Hiding has long been gone. Cloaking is where we are somewhere between cloaking and multiple identities.
A year ago: yes.
Today: nope.
It's just a conscious approach to tech.
We have people telling us the earth is flat. Them saying so doesn't make our good old planet any flatter ;)
I mean one can find excess absolutely anywhere, that doesn't demonstrate much imho.
Yes, paranoia is not healthy. When people can't formulate a realistic threat model then usually to be "safe" they assume everyone is out there to get them ... while failing the most basic steps, e.g. not relying on surveillance capitalist fueled tools voluntarily.
I dunno, considering that Facebook data has been used to go after people, we've got fascists using every method possible to target their current hated group, and police everywhere ignoring or bypassing due process by just buying data, I don't think it all paranoid to think that privacy concerns are already huge, and could get worse
I came to say, "just because you're paranoid doesn't mean they're not out to get you."
https://www.explainxkcd.com/wiki/index.php/2501:_Average_Familiarity
Relevant XKCD;
I feel that it is closer to the fact that the communities forgot most beginners are completely new to this in general. They might not even know what exactly a 'browser' is, much less cookies and stuff.
Hence when we try to spoonfeed them information, it comes off as overwhelming and forced.
Agree that there are some extremist, but they mostly act in good faith tbh.
Another thing I noticed is there are more preachers of 'how' than 'why'. Having a beginner go down the route of privacy without giving them a purpose to do so is quite off-putting.
Yes, some people absolutely take things way too far, and often unproductively.
Like the person who was trying to disable websockets. Or the people who will shun signal, but jump directly on the flavour of the month signal clone, which might be completely backdoored.
If you dont know what you are doing, randomly turning things on and off at best does nothing, at worst makes you even more signaturable/trackable.
Its good to educate yourself on various protections, but unfortunately, it requires a lot of careful research and understanding.
There's certainly also the aspect of simply "nerds who want to experiment." I know I've tried out weirdo encrypted messengers and such in the past, just to never actually use it for anything and delete it. If you are smart, you know the difference between an experiment and sage advice. Boring stuff like the EFF's Surveillance Self Defense suggest the reasonable tools for a spectrum of people's threat models, but those things were all once experiments too.
I have no issue with tinkering, my issue is more when tinkering gets turned around into advice.
I think I would be happier if these communities/subreddits were a bit more explicit about "We are amateurs, for actual advice, go to X, Y, Z".
Couldn’t agree more.
Depends how one looks at it. From purely practical POV, probably 90% of us don't need to bolt their doors so much. But as a principle, as a society we've lost the "war" on privacy so much, that it really takes a long way to pull the dial back to where it should be
Yes, privacy is very important, but I've seen also a lot of tin foil hats arround here which don't know really what is worth to protect and what only make browsing slower and more difficult. PEBCAK
I definetly take things too far in terms of my effort vs my current threat model. But there are many aspects of trying to increase privacy.
For one, I'm very interested in the philosophy, ethics and politics of privacy and adjacent fields such as security. Part of what I do is just learning.
Also I try to be a good role model to my AFK peers and family. Of course I don't try to get everyone to adopt my hobby. But as in every field it's hard to teach even the basic stuff to others without deeper understanding of the field.
But as in every field it's hard to teach even the basic stuff to others without deeper understanding of the field.
That's so true, but even more true in IT... It changes so rapidly and things don't stay the same over time... It's not like a degree in Biology where things you learn stay relatively the same !
IT is 5 inches deep but miles long ! (Something like that!)
Of course some people go too far. I think a lot of folks on here grossly overestimate / overstate their threat model, but I think the discussions are good for the limited few who really do need to cover their asses.
Me personally, I hate the idea of companies bidding for my attention without my consent, so I try and make it as hard as possible for them to get it. This just so happens to overlap nicely with the goals of the privacy community much of the time.
load more comments
(1 replies)
Definitely yeah! If you’re just a regular person living in a fairly democratic country and you’re thinking about physically clogging your usb ports to avoid someone breaking in your room and tampering your device while you’re exploring Barcelona, or if you consider removing camera and microphone from your pixel phone that you use every day, you’re probably taking it too far.
OTOH I’m still having trouble getting people away from Meta apps and I think it’s absolutely crazy how little thought people put into the amount of data that Meta collects.
TBH even in many dictatorships you’re mostly fine just using a VPN and fake accounts if you have government critical opinions. But that’s just my personal experience. Goes without saying if you have a decent follower count or are some kind of journalist you should be very paranoid.
Anyway, the point is, it’s probably good to feel slightly paranoid because most people aren’t paranoid enough, but most of us are also not Edward Snowden or Saudi journalists, so there should be a balance between practicality and privacy.
view more: next ›