57
submitted 4 months ago by SentientFishbowl@lemmy.ml to c/privacy@lemmy.ml

I was watching Eric Murphy's video on "Privacy faigue" and it certainly provided some food for thought. (https://www.youtube.com/watch?v=Ab6ryHD_ahQ)

I like how he conceptualizes privacy as multilevelled, with no one-size-fits-all solution, which should be tailored based on the individual's threat model.

So, with that in mind: what would y'all consider your threat model?

As far as I'm concerned I suppose my main goal is to avoid advertisements, particularly targeted advertisement. Additionally I would obviously like to avoid getting hacked, but I know I'm not being targeted particularly (and wouldn't be a worthwhile target anyway). Curious to see if I have any obvious blindspots that could be remedied based on everyone else's answers.

all 34 comments
sorted by: hot top controversial new old
[-] Deckweiss@lemmy.world 48 points 4 months ago* (last edited 4 months ago)

I once talked with a colleague from the data-analysis field. Apparently the company they work at is somewhat in the legally grey area.

They advised other companies on hiring candidates, by scraping all possible data about them online (which included buying anonymized advertising data and correlating it to all their publically available data and the data from the application). Using that, they claim to predict worker motivation, loyalty, how often they are sick, their political alignment, what their acceptable rate is, if they are going to ask for a raise, how well they work under pressure and much much more.

Since hearing it this has basically become my thread model.

As I am writing this, I realize that it is probably time to delete my Lemmy account and never post here again lol

[-] SentientFishbowl@lemmy.ml 15 points 4 months ago

Jeez, that's terrifying.

[-] GolfNovemberUniform@lemmy.ml 7 points 4 months ago

I think you can stay anonymous (as in your threat model) on Lemmy as long as you use a VPN and keep your style of speech different than your "real" one

[-] grue@lemmy.world 7 points 4 months ago* (last edited 4 months ago)

and keep your style of speech different than your “real” one

Good luck with that!

I kinda feel like you'd need to run your comments through a style transfer LLM in order to do that successfully and consistently.

[-] GolfNovemberUniform@lemmy.ml 6 points 4 months ago

Or just be extremely careful and lose your mind due to the stress like I did!

[-] mynamesnotrick@lemmy.zip 4 points 4 months ago

Fucking hell.

[-] InputZero@lemmy.ml 3 points 4 months ago

If those companies that say they get other companies to delete your data weren't just going to turn around and sell their data I might actually sign up for one at this point. Sadly, even the heroes are villains in this story.

[-] JoeKrogan@lemmy.world 18 points 4 months ago* (last edited 4 months ago)

Random hackers, companies, dragnet surveillance.

The companies are probably the biggest exposure as we are forced to interact with them for utilities, flights etc . They get hacked all of the time and dont bother to secure their data.

Also as a side note I hate how lots of places just assume you want to download their shitty spyware ridden apps or hand over your phone number or an email.

[-] TheButtonJustSpins@infosec.pub 11 points 4 months ago

Also as a side note I hate how lots of places just assume you want to download their shitty spyware ridden apps or hand over your phone number or an email.

Or want notifications. No, recipe site, I don't want desktop notifications from you.

[-] kbal@fedia.io 16 points 4 months ago

Default threat model: Some malignant demon, who is at once exceedingly potent and deceitful, has employed all his artifice to deceive me

[-] bobotron@lemm.ee 1 points 4 months ago

Surprised to see the correct answer so far down the list 😔

[-] GolfNovemberUniform@lemmy.ml 8 points 4 months ago

I'm an activist so yk I probably need a more strict model

[-] SentientFishbowl@lemmy.ml 3 points 4 months ago

Would you consider all activists on the same threat level? I was imagining what the Just Stop Oil protesters in the UK might consider their threat model, I'd imagine it would be different to an activist in Iran or Russia for instance. Am I wrong?

[-] grue@lemmy.world 2 points 4 months ago

Definitely not. Which country the activist is in is one difference, but what they're an activist about is another. Here in the US, some activists get shot by police while other activists get police marching with them, for example.

[-] GolfNovemberUniform@lemmy.ml 1 points 4 months ago

If we were talking about the EU or the UK, probably you're right. But in the US the situation is not great afaik

[-] TGhost@lemmy.ml 3 points 4 months ago

same for EU, Yep,

They explain that it will be to prevent the child abuse content, but we already know,.. its false.

[-] GolfNovemberUniform@lemmy.ml 4 points 4 months ago

At least the chat control law got denied one more time

[-] SentientFishbowl@lemmy.ml 1 points 4 months ago

Okay, thank you.

[-] Ilandar@aussie.zone 8 points 4 months ago

I am mostly concerned with tracking from the private sector; I see privacy as more of an ethical dilemma than an immediate threat, although the corporate surveillance business model is contributing to problems in the real world (data drives social media algorithms which brainwash and radicalise people, leading to increased violence and social chaos). If there is a better alternative to some privacy-invasive big tech app or service then I will make the effort to switch to that. I am willing to sacrifice convenience to support projects that I believe are doing things the right way, or at least putting some effort into being better. However the reality is that most people, whether it's my friends and family or just acquaintances, do not share my ethical concerns and/or are unwilling to make personal sacrifices and this means I will always need to remain open to compromise to avoid isolating myself socially.

When it comes to the public sector, I am mostly interested in circumventing the federal government's mandatory data retention laws. which were imposed by a conservative government I didn't vote for. Again, this is more of an ethical decision; I believe I should have the right to opt out and if the government won't allow me to do that then the next step is to use tools like VPNs to ensure that data is less personally identifying than it otherwise would be. And again, like data collection from the private sector, my attitude towards government data collection varies depending on whether I see a reason for it to exist. Mandatory data collection of lawful civilians for vague "national security" reasons is overreach and doesn't have an obvious practical benefit, but during the worst of the COVID years I was okay with the compulsory government tracking of where I had been and when. I saw the pandemic as an immediate challenge we needed to overcome as a society and I was willing to sacrifice my privacy to contribute towards the collective effort.

[-] possiblylinux127@lemmy.zip 6 points 4 months ago* (last edited 4 months ago)

EVERYONE AND I'M ALWAYS BEHIND THE CURVE

Seriously though the world is scary for privacy and freedom

[-] d00phy@lemmy.world 6 points 4 months ago

Awhile back, I got a bookbub deal alert email about a series called the Lattice Trilogy. When I read the synopsis, I wasn’t sure I’d buy the premise: a future where privacy simply doesn’t exist. Still, out of curiosity and an extremely low price, I gave it a read. Wound up reading all three books. Since then, I’ve been watching privacy die in much less sci-fi-y circumstances.

[-] qpsLCV5@lemmy.ml 3 points 4 months ago* (last edited 4 months ago)

i'm thinking long term - sure, right now google knowing everything about me isn't dangerous. but if a massive political slide to the right happens in countries that host services, suddenly all the saved data from many years ago can be used against me. and don't fall for the "end to end encrypted" bullshit either - all these services can flip a switch and have your encryption keys instantly. (or, if its an open source app that ACTUALLY keeps keys on the device only, which is extremely rare, it's one update away from happening, and you better read the whole diff every update and compile the app yourself.)

that's why i choose to self host everything. yes there's a risk of being hacked, or installing something malicious because i don't read every diff on every update. but i feel more confortable with it being my own responsibility, and my services are also all on seperate virtual machines to hopefully isolate any breaches.

[-] Imprint9816@lemmy.dbzer0.com 2 points 4 months ago

That's not how end to end encryption works.

Your scared of a slide to the right but already falling for their propaganda to undermine privacy by destroying encryption.

[-] icedcoffee@lemm.ee 2 points 4 months ago

I found the Anarcho-Texh security guide helpful in getting started thinking about this with more nuance. I’m including the link below but here’s a short summary

Are you an: Individual Journalist Targeted Activist

Are you annoying: Random assholes Assholes with resources The State

Each category has bigger security needs on one side and more powerful tools on the other. It’s kind of humbling to realize that I’m just an individual and the NSA has no special interest in me, but that makes me feel better using a separate browser without additional security to shop on sites that block a VPN etc

(Also tbh I’m not sure when this page was last updated and I have no involvement with the org. Just a cool resource)

https://github.com/AnarchoTechNYC/meta/wiki/Persona-based-training-matrix

[-] Rentlar@lemmy.ca 2 points 4 months ago

No one person/company/entity can know everything about me.

Well, they could, but the price would be high and I suppose I'd end up dating someone who went through that level of effort to know me anyway. :P

[-] synopsis9408@fedia.io 1 points 4 months ago

Other people. I don't care that much about corporations getting my data for advertising. I just want my accounts to be secure and not to be spied on by nosy people.

[-] eveninghere@beehaw.org 1 points 4 months ago

My online activities. I don't want the attacker to identify them with me. Well, it's never perfect, but yeah. I don't really care about personalized ads. m

I'd even prefer them over stupid semi-pornographic ads for the average person. I don't know other countries but nearly all Japanese websites are full of such semi-porns to the level I wouldn't screen-share my webbrowser...

[-] lud@lemm.ee 1 points 4 months ago

Mainly it's similar to yours but recently I'm at an elevated risk of targeted attacks due to work. I don't think anyone will or has tried to hack me though except by trying random old leaked credentials, but that doesn't count.

[-] Hirom@beehaw.org 1 points 4 months ago

Scams, identity thefts, manipulation through targeted ads (eg Cambridge Analytica), malware delivered via ads

[-] tetris11@lemmy.ml 1 points 4 months ago

(Aww yeah,)
Threat model: midnight
Makes all the trackers fail all right
From Apple to the Metaverse fall guy

[-] trickster@infosec.pub 1 points 4 months ago

Privacy to me is not the goal, not an end. Rather, it's means to an end.

My threat model resembles one of an activist.

If you're interested, here's a great framework for approaching privacy and security in a complex, systematic and consistent way: https://linddun.org/go/

It helped me and the people.

this post was submitted on 21 Jun 2024
57 points (100.0% liked)

Privacy

31874 readers
238 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS