Be warned, this post might as well offend you — it’s actually the same topic, and mostly the same post, as I was trying to write months ago and the last of a series of drafts that Typo made me lose and for which I was actually quite pissed off at it.
A premise, considering my current employer, you could expect that I’m biased. People who have known me for a while should know that this has always been my point of view and a payslip is not enough for buying my ideals. A second premise is that what I’m writing here is my personal opinion and has nothing to do with my employer.
Before getting into the details of my personal view on privacy, I’ll have to at least categorize who I am. I’m most definitely not a public figure, but I’m also not a complete nobody. I’m not sure if I’m notable, I’m not an activist as Jürgen is, but with being a Gentoo developer, I end up in a more visible spot than your average person. Even so, I’m not an A-list or even a B-list blogger.. maybe a D-list, for Diego, would be okay. It is obvious too when you consider that my blog has unmoderated, unlimited, non-captcha comments and yet I receive only a handful of them per post.
It is not something I care to think about too much, but I have noticed when I started working here in Dublin, that there were people that already knew me, even when I did not know them before, if not by a name passing on my blog’s comments. It does not mean much, of course, as my contribution to the world is still negligible. But it does mean that what I write on my blog, on my (public) Twitter, Facebook, Google+ profiles, is seriously public. My blog, my mailing list posts, even my IRC history is something that not only employers can look into, but also something that an enemy, if there are still some out there that didn’t grow bored of making my life miserable, would be able to leverage.
So with this premise, what is my idea of privacy? Well, as you probably remember, I have no problem with relatively-big corporation knowing what I buy and given how I use both FourSquare and Ingress, I have no problem with them knowing where I am in most cases. I also have no problem with most of my friends to know where I am, sure, it takes away from me the option of lying to people if I don’t want to go out with them — I count that as a positive note though, as my friends can count on the fact that I’m not doing that. Myself, if I was to do that, I would probably just not count them as friends, and thus would not have a problem with telling them that I don’t want to see them.
Is there anything I don’t want to broadcast? Sure, plenty. And I don’t do that by default. My opinion of people, for instance, is not something I tend to talk about, well, depends on the people of course. And there are habits of my own that I’d rather not talk about. And embarrassing personal problems too, but these do not include, for instance, my diabetes or my pancreatic problems, even though, as medical records, they are among the most protected data about me that is to be found out there.
Let me try to make a practical example of what my concerns of privacy actually are. It’s not a mystery that I’m no good with relationships – surprise, surprise, for a geek – and I’m pretty sure I admitted before to being a virgin as of 28 years of age (and counting). If I was to meet a gal with whom there could be a reciprocal attraction (unlikelier by the day), that would be one thing that I wouldn’t want to be known right away by everyone on earth. If nothing else, because I would probably not believe in the situation myself.
But more importantly, both details and general gists would have different circles of people who would get to know them at different times. My mother would, most definitely, be the last one to know — I originally wrote “my family” (which is basically me, my mother and my sister and her husband), then I realized that something that I similarly wanted to keep from them happened recently, when I got almost mugged. My sister got to know about that episode the week after it happened, when I had to go to the dentist and get the tooth extracted — the punch caused me an abscess that was quite painful and dangerous. I was broadcasting the event to the public and keeping it from my family because I did not want to worry them until the whole thing was completed. My mother still does not know that happened. Helps that neither speak or read English.
So going back to the example above, it’s a certainty that my colleagues would probably find out almost first, as I’m a person of routine and anything that breaks said routine is going to be pretty visible. I could make an excuse, but why? So it’s just going to be noticed. But unless I broadcast it, my sister and mother will not get to know it until I tell them. Sure, FourSquare could possibly deduce a change in behaviour, or notice that I’m checking in with a different set of friends; a government agency tracking my phone and hers could possibly find that I’m taking long walks with a new person (and that could be easily mixed in with my phone often taking long walks with other people as I play Ingress), but what would they care about it? It’s not illegal here.
And here’s the first tenet of my personal privacy policy: the fact that I can afford not to hide from governments is a privilege, and so is my ability to broadcast my position and my habits. I live and lived in countries that are relatively civil, I’m not, say, a gay person in Russia, and, sorry to say this so bluntly, I’m not female, which makes showing people that I’m somewhere alone not that much of a concern. This is the same concept of threat model that applies to computer security and other security areas; in my threat model, what I’m concerned about are not state actors or corporations, but rather criminals and personal enemies.
Back again at the example, if actually going out with somebody would break my routine enough to be noticeable, becoming sexually active I’d expect not to – just a guess, given that I’m not able to tell at this point – and that does change a few more things. Given it would be something private between me and this hypothetical significant other, I wouldn’t be talking about it in the open, which means even my colleagues would not know about it. Somebody would probably know that basically right away: my doctor for sure, and possibly my pharmacist (yes, I do have a local pharmacy, the one where I go buy my insulin and the other prescription drugs I have to take). The former would know when I ask him a new set of blood tests to be safe, the latter would know when I’d be asking for condoms for the first time. Alternatively, Tesco would know when I’d order them from the website, and the delivery guy would know as well, when he comes delivering. I’m pretty sure between the two options I’d go with the pharmacy, as I’ve already given up with being embarrassed when talking with them.
To close this, I would like to note that even though I live in what is mostly a glass house, I don’t expect everybody else to do so too. I’m just writing this to signify that I don’t think that there are many threat models that apply to me, for which I would start wearing a tinfoil hat in light of the “NSA revelations” that last year brought us. Maybe for some of you there are, but I doubt that all the people that have been fretting about tor attacks and the like have good reason to do so.
I’m sure that there are people out there that, under oppressive governments, that entrust their life to Tor and similar tools, so identifying and resolving its vulnerabilities is something that I can’t disagree with. On the other hand, as I said before most of the self-defined privacy advocates out there tend to not consider that this also helps also people like the SilkRoad users. While I’m definitely okay with legalization of marijuana, I’m of that opinion because it would avoid the existence of things like SilkRoad.
On the other hand, the NSA revelations do concern me, not because I’m scared of the NSA, but because if they can do it now, others will be able to do so in the future, and if those others are criminals, then I’d be scared of them. So please let’s all try to make things better, encrypt everything, research and find way around browser fingerprinting and help the EFF (I’m a donor too). Just keep in mind what your threat models are, rather than just blindly follow the blogosphere’s hysteria.
I think you’re cute Diego 😉
Nitpick; there’s a typo: “,w then”Also a risk you do not discuss is that people you care and will care about might not be rational or not properly understand what you divulge. It is easy to get the wrong impression on someone from writings on such personal topics.To be more concrete, I’m thinking about potential dates.
From my own experience, at the same age, your personal situation is not hopeless. A possible interesting fact is that I meet my wife after moving to another country (from France to Australia), it still took a couple of years from the time I moved.I otherwise have a similar approach to my data. I call it pragmatic.
Very nice writeup, I thoroughly admire your ability talk sensibly and level-headedly about these issues.I am very much of a split mind about privacy these days myself.On the one hand, I cannot shake a certain paranoia about information winding up at people “with leverage” – and I think this does include the government/law enforcement (by the “do not attribute to malice that which can be explained by stupidity” argument). If you haven’t seen it, definitely read “Little Brother” http://craphound.com/little…Also, I’m *not* an extroverted person – so combined with the above that’s quite effectively kept me from using facebook, Google+, … in the past. Yes, I do have accounts on most of them because quite a lot of services are not accessible in any other way, but those accounts are as empty as possible.Now my situation is changing, and this would be a natural time to start using social networking properly. But I’m not sure if/how I’ll get over a certain conflict of interest in my head:For my network socialization to be what I’d like it to be, I’d have to become fairly active and transparent – overcoming my introvertedness to a certain degree.On the other hand, as you elaborated, this would generate a whole lot of public information. I do not have a problem with this information to be available to my friends, and not even to social enemies – I think I know how to deal with that.But considering that I’m freelancing, there is a lingering worry: That such information might be used as leverage in business dealings, similar to what you said about not being able to lie to friends about an appointment. Considering the kind of sh*t I’ve already gotten in negotiations, I wouldn’t put something like “my problem’s still open, and you went out and watched *what* with *whom* last night??” past certain customers.Of course, that’s the kind of customer I’d rather be rid of anyway; but with the economic situation being what it is I feel that I cannot really be any more choosy than I already am…
Hm, to be honest I am not particularly worried about any privacy threat to myself currently.I kind of believe that it doesn’t really affect my opinions or what I say much if someone is listening.However, that does not imply that I feel that privacy does not matter.The thing is that there _are_ people who need privacy or anonymity to be safe. And there are people who will speak less openly if surveillance is (or even just is believed to be) everywhere.I do not see how these people will be able to keep it unless we all try to keep it (to a degree), if you’re the only one doing a certain thing you become easily identifiable and thus obviously not anonymous anymore.And of course, the other part is the “currently” thing. Who knows what the future brings, and starting to build the right tools, infrastructure etc. when they are needed is a bit late. And unless people actually use it, it isn’t tested, which in general experience means it doesn’t work.And when I think how on Ubuntu for example the enigmail plugin is still broken (as in, doesn’t even load) on ARM and nobody cares (even though it’s a trivial fix), the tools are in a horrible state right now.Not to mention certain companies sending their data unencrypted around half the globe obviously thinking “oh, nobody is going to listen in on us…” (and guessing by the reaction not even making the “do not let anyone listen in on our expensively purchased connections” part of their SLAs) – I wonder how many people started wondering about how nice it is when your business depends on someone who who happily sells out their (paying!) customers, I sure did…
There’s a view from another perspective that might be interesting to you: http://geer.tinho.net/geer….