Why privacy matters

Status
Not open for further replies.
Excellent post Garak ðŸ‘

Total privacy is not really a possibility in today's world, but at the same time ridiculing others for trying to limit the invation of privacy by various corporations shows lack of knowledge on the subject.

There is also documented cases throughout the history of various regimes trying to limit individual privacy through low tech solutions such as checkpoints, home inspections etc. The excuse was salways the same, if you have nothing to hide, you should be fine with such practices.

Now it is being done with technology and behind the scenes, but the excuse seems to always be the same.
Why is that? Do you guys think the history repeats itself just by accident?
 
Thank you. People have to realize that privacy just isn't about government, or companies, or hackers. It's about all three. A friend of mine recently had both his email and his credit card hacked; he simply had a confluence of circumstances and was vulnerable by using a couple bad practices. It all got sorted out thanks to some very quick action, but exhibiting caution with your privacy pays off.

I don't need tracking cookies following me around until they expire or until I buy a new computer. I want them there when I need them, and that's it, so I have my settings and browsing habits tweaked accordingly. If I want to send encrypted email, I will. I don't accept iTunes terms of service, so won't use the product. I use free and open software almost exclusively because I can. There's a difference between products and services that are provided for free on that model compared to those that are provided for free because they want to sell you something or sell you to someone else.

Even setting up multiple email accounts is something that I recommend. The email address that my credit card companies have is different than the email address that I use to buy things online. That can go a long way to prevent a lot of trouble if one email address happens to get hacked or if a merchant from whom I purchase gets a database hacked. It's far from a perfect solution, but it does reduce the number of social engineering attacks someone can do if they call customer support. Not knowing "your own" email address makes it a bit more difficult to commandeer someone's credit card.

Oh, and don't use "What's the first name of your favourite Beatle?" as a security question. That came up in Canada.
wink.gif
 
Most times hackings can be avoided. Please give us the specifics..... how / when / where........etc.
Are you saying Google is to blame and (garbage) Proton is the Savior?
 
No, I'm absolutely not saying that it's Google's fault and Proton would have saved him. I'm certain he had a weak password and/or used the same password for some site he purchased online from and his email and he used the same email address for his purchases as for his credit card. He might have even used the same password for his credit card. What I'm saying is that one can enhance one's privacy and security by a few small tweaks, and people overlook very basic things all the time. He is to blame, not Google, at least as far as I can envision, and all I'm saying is it's silly to not think about one's privacy and security - both - and see where we can improve things for ourselves.

I've said before, I'm not terribly impressed with Proton or Hush. They have great encryption and security within their own email domain. That's why I say they are great for a small enterprise solution. They have good privacy policies. For a person sending an email to someone who's not on the Proton (or Hush or whatever service we're talking about) service and who is not GPG conversant, all you're really getting is a nice privacy policy. You're not getting the benefit of encryption. If you're satisfied with your own ISP's privacy policy, you may as well do your email through them and save the cash.

If you have a business with a reasonably small number of employees who are accessing their work email from home or from cell phones, a Proton or Hush plan is an effective way to have very secure email within the organization and to manage employee turnaround. In a larger organization, there might be some better ways to tackle that.

For individual encryption, the only way Proton, Hush, and its ilk can work is if everyone signs up to the same email provider (one has to be chosen among the secure types) and those who don't sign up are conversant in GPG. That's not going to happen. Using email in a secure fashion is just not in the cards for the vast majority of users, and it never will be. As I already mentioned, I don't like an email provider, be it Hush or Proton, having custody of my private key. A significant amount of the security in email encryption comes from the physical security of the private key - private key missing or destroyed or corrupted, the email will never be opened. GPG is the most robust secure way for email. Hardly anyone knows how to use it and if the average person could be taught or forced, they'd have no concept how to handle the keys and their own emails would be inaccessible to them in record time. Proton and Hush simplify things by handling the keys, with only the passphrase the responsibility of the user. That reduces security in my view, but at least people with a Proton email address can privately communicate with another Proton user, and a Hush with another Hush.

Ironically, Gmail is ahead in that regard, since at least gmail to gmail is encrypted, and their user base dwarfs that of Proton or Hush. Their privacy policy just leaves much to be desired.

Phil Zimmerman is trying another project, but if his goal is to get around these weaknesses I've outlined, he will fail miserably.
 
Ok, privacytools.io and tweakhound are good sites with guides if you wish to increase your privacy. Linux is excellent for PCs, Windows 10 the worst I have seen with call home (Microsoft) routines. For Phones, Blackberry (non-android software) versions and older hard coded Java phones are good. Once we had a software program update decide it was going to reenable a call home routine, problem is it was on a standalone secure system and the security software saw the unauthorized attempt to access a port and shut all mission access to every port to secure data lines. Leadership was not happy.

Haven't seen a perfect secure email program yet. Even Gmail scans everything going through it servers. Garak is right, Proton and hush are okay for day to day data running public servers.
 
Originally Posted by KrisZ
Excellent post Garak ðŸ‘

Total privacy is not really a possibility in today's world, but at the same time ridiculing others for trying to limit the invation of privacy by various corporations shows lack of knowledge on the subject.

There is also documented cases throughout the history of various regimes trying to limit individual privacy through low tech solutions such as checkpoints, home inspections etc. The excuse was salways the same, if you have nothing to hide, you should be fine with such practices.

Now it is being done with technology and behind the scenes, but the excuse seems to always be the same.
Why is that? Do you guys think the history repeats itself just by accident?



Please explain this all encompassing statement...........what do I need to fear if I have nothing to hide? Where is my privacy when I use credit cards-have several bank accounts, couple of car loans, own a home, and carry around a "live" cell phone? Have you read each companies privacy policies and the information they share that you can't limit? Because I have read them.

Yea-I'm ignorant all right.
 
Last edited:
It's not about living in fear or having something to hide. You do have an element of privacy when you use credit cards. When you use credit cards, you do have certain expectations, and you've read the agreements and privacy policies. Google doesn't need to sell my information, and I'll limit their ability to do so. Hackers don't need to steal my identity or compromise my credit cards, and I'll limit their ability to try. The government doesn't need to read my business correspondence, and I'll limit their ability to do so.

That's not fear, that's reality. If I posted my credit card information here, I'm sure someone or some bot would misuse it in short order. You keep private what you can, what you should, what you want to. As I pointed out in another thread, I don't shower in my front yard with the garden hose, and I don't need an indecent exposure law to disabuse me of that notion. It's just something I wouldn't do, and most people wouldn't.

And I don't carry a cell phone, and I likely never will. Why should I pay a cell phone company and a provider a big chunk of money to carry around a tracking device, with the added privilege of people annoying me?
 
Originally Posted by Garak
It's not about living in fear or having something to hide. You do have an element of privacy when you use credit cards. When you use credit cards, you do have certain expectations, and you've read the agreements and privacy policies. Google doesn't need to sell my information, and I'll limit their ability to do so. Hackers don't need to steal my identity or compromise my credit cards, and I'll limit their ability to try. The government doesn't need to read my business correspondence, and I'll limit their ability to do so.

That's not fear, that's reality. If I posted my credit card information here, I'm sure someone or some bot would misuse it in short order. You keep private what you can, what you should, what you want to. As I pointed out in another thread, I don't shower in my front yard with the garden hose, and I don't need an indecent exposure law to disabuse me of that notion. It's just something I wouldn't do, and most people wouldn't.

And I don't carry a cell phone, and I likely never will. Why should I pay a cell phone company and a provider a big chunk of money to carry around a tracking device, with the added privilege of people annoying me?



You need some professional assistance. You reek of Paranoia.
...... and the government has the ability to read all of your correspondence electronically, any time they desire. Their means is beyond comprehending sophistication. They can ever hear you vocally, using a small cordless device that fits in a shirt pocket, from a block away.

Everyone needs to chill-out. I could care-less if businesses and governments know I like guns, oil, pro sports and communications with the dead.
Let them spy all they want...... I really don't care, nor have anything to hide. Nothing shady in T7's current or past.
 
Last edited:
Originally Posted by Triple_Se7en


You need some professional assistance. You reek of Paranoia.
...... and the government has the ability to read all of your correspondence electronically, any time they desire. Their means is beyond comprehending sophistication. They can ever hear you vocally, using a small cordless device that fits in a shirt pocket, from a block away.

Everyone needs to chill-out. I could care-less if businesses and governments know I like guns, oil, pro sports and communications with the dead.
Let them spy all they want...... I really don't care, nor have anything to hide. Nothing shady in T7's current or past.


This is pretty rich coming from the guy talking about the impending apocalypse
crazy2.gif
 
Originally Posted by Triple_Se7en
...... and the government has the ability to read all of your correspondence electronically, any time they desire. Their means is beyond comprehending sophistication. They can ever hear you vocally, using a small cordless device that fits in a shirt pocket, from a block away.

It's not paranoia. I don't think they're out to get me, whoever "they" might be. I do know what their capabilities are. Like I said, this isn't all about government. I have no illusions what a state level actor can accomplish when sufficiently motivated. The government is only a small part of the issue. It's also not about having a shady past. A search engine doesn't need more from me than my IP and search term so they can respond to a search query. An email provider should be concerned with nothing except that what they are processing conforms to RFC 2822 and other similar standards. When a company looks for "more" and that "more" doesn't benefit me, they will find that this request for "more" will be blocked or the answer will be obfuscated.

From the government perspective, if they want to devote the monumental resources to being able to decrypt a GPG encrypted business email, or a GPG encrypted expense claim or GST return I have stored on the cloud, all to see something they already have in their custody, more power to them. However, that's my point. It's really not about them. This isn't political, and it shouldn't be, and isn't supposed to be here, on BITOG.

Cloud storage, for instance, is useful. Whoever is providing that service, however, does not need to see what I have there. They don't need to see my GST returns or the payroll numbers for my staff. In fact, it's not paranoia, but it is my responsibility, enshrined in law, to ensure that those things are secured. There's much talk about paranoia here. However, if I back up my employees' pay stubs and deduction information online in an unencrypted fashion and I ever get caught, I'll be dealing with the government for not safely storing that information and I will be subject to sanction. Accordingly, my backups are secured in a way that is legally accepted in Canada (and approved within Canada's Department of National Security and Defence's internal policy for Protected "B" material. I very regularly back up all business "data" to a USB stick and somewhere on the cloud. These are encrypted. If I lose my USB stick, whoever finds it is going to see a bunch of gibberish they cannot open and a few songs they are free to listen to. Whoever plays on the cloud, be it an employee of the cloud organization or some hacker, again, all they'll find is a bunch of gibberish they cannot open. I have to have that information so secured, because that's not only common sense, but is a legal requirement.

Do recall, as I've posted before, that I used to do technical security consulting for the federal government. I am very familiar with what they can accomplish and am intimately familiar with what a business or a government agency or department is required to do to safeguard the information in their custody. Luckily, or unluckily, depending upon one's perspective, I have to think about information security on a daily basis. My interest in the topic isn't paranoia; I understand how it can seem that way. I simply take it seriously because it can be fairly difficult to do correctly and I have seen way too many security breaches simply because people have no idea what they're doing. The days of simply slapping a padlock on a filing cabinet and thus being Protected "B" compliant are long over.
 
Just because you have nothing to hide doesn't mean you want everyone in your business. People are absolutely insane.
 
Originally Posted by hatt
Just because you have nothing to hide doesn't mean you want everyone in your business. People are absolutely insane.


What business are you in - that needs total prIvacy? If such business does exist, then why are you trying to broadcast it on the world-wide web?

Seriously! Either go live under a rock, or join the real world. You can't hide anymore on the internet and only goofs keep trying. Governments are reducing privavcy matters everywhere, in regards to this. We are relying on the internet more & more every year. Revenue is important for existence of the internet. Part of the revenue avenue is a form of spy-search to obtain this existence.

If you don't like it, then stay off the internet. Lastly, every week click on the ads here. Otherwise Helen may be forced to close this place down without monetary relief. You want total privacy here, yet you don't have any $25 or $50 contribution next to your screen name here.

Do one or the other. Please don't turn into one of those goof's.
 
Last edited:
Remember, though, the point is that it's not a dichotomy. Many people simply want privacy. Some people need it by virtue of their work. Some aren't even "people" at all but organizations, including government entities and financial organizations. The ability to file your taxes online doesn't mean you must surrender your privacy and have the revenue service post your return for everyone to see. They have to use best security practices to safeguard your information. The same goes for your credit card company and bank. It's not that you must have your statements stored on servers unsafely or you must get them physically mailed to you. They are required to safeguard that information, and if a hacker gets access to their database, even the credit card users who get statements mailed and pay by cheque won't be safe.

It's never a "one or the other" dichotomy.
 
Originally Posted by Triple_Se7en
Originally Posted by hatt
Just because you have nothing to hide doesn't mean you want everyone in your business. People are absolutely insane.


What business are you in - that needs total prIvacy? If such business does exist, then why are you trying to broadcast it on the world-wide web?

Seriously! Either go live under a rock, or join the real world. You can't hide anymore on the internet and only goofs keep trying. Governments are reducing privavcy matters everywhere, in regards to this. We are relying on the internet more & more every year. Revenue is important for existence of the internet. Part of the revenue avenue is a form of spy-search to obtain this existence.

If you don't like it, then stay off the internet. Lastly, every week click on the ads here. Otherwise Helen may be forced to close this place down without monetary relief. You want total privacy here, yet you don't have any $25 or $50 contribution next to your screen name here.

Do one or the other. Please don't turn into one of those goof's.

Your post makes absolutely no sense. I'm in the real estate biz so I'm all over the internet. What does that have to do with my private life that I don't want broadcast?
 
What's in your private life of web-surfing, that you're scared to broadcast?
C'mon, fess-up and give us the juicy details. But if it's rated XXX and it may be, then share it with your home-buying clients instead.
 
Originally Posted by Triple_Se7en
What's in your private life of web-surfing, that you're scared to broadcast?
C'mon, fess-up and give us the juicy details. But if it's rated XXX and it may be, then share it with your home-buying clients instead.

Post your browser history for the last year. I'll be waiting.
 
Originally Posted by hatt
Just because you have nothing to hide doesn't mean you want everyone in your business. People are absolutely insane.


Yup, it amazes me how willing people are to let companies prostitute the private information of their families, including their own children so they can get out of paying for stuff..

They let these massive corporations (google ect) make MASSIVE profits off of this information, selling your kids and family information to the highest bidders in the world all because your too cheap for pay for stuff.

For gods sake, they even know how your mind and that of your family works better then you do, they can actually figure out what "triggers" in your brain to buy certain products and you have no clue they do, stupid, stupid, stupid. Wait till they map out how you vote in elections, without you knowing why.
 
Last edited:
Can't believe this thread...........triggers my brain to nonsensical.
 
Last edited:
Status
Not open for further replies.
Back
Top