> Analogies aren't evidence, they're a tool for explanation, again by semantic definition.
Agreed, that's what I've been saying all along.
So then why did you use an analogy? Did you really think the sentences "Privacy is easily available" or "People only have to use privacy tools when they are doing something that they want to keep private" needed explanation? Perhaps I assumed you were using it as evidence when you weren't, but you have to admit that's a reasonable assumption given that the analogy is completely pointless otherwise.
> It's committing a no-true-scotsman to say that "privacy isn't as easily available as oxygen" when you change it to "true privacy is is really perfect privacy" when faced with HTTPs and OAuth.
Imperfect privacy isn't privacy. Either people are able to look at your data or they aren't. If people are able to look at your data, you don't have privacy. This isn't a complicated idea or a "no true scotsman" fallacy, it's the meaning of the word "privacy".
We have plenty of evidence showing that the NSA surveils data which is "protected" by HTTPS, ergo, HTTPS does not provide privacy. And the NSA isn't the only actor with this capability.
And OAuth doesn't provide privacy. It's not even the problem that OAuth tries to solve. OAuth provides authentication, which is an element of privacy, but it takes more than simply showing that a person is who they claim to be to provide privacy.
> All privacy & security tools are are imperfect, but most of us find the right level, rather than live in a faraday cage in our mother's basements (that's the point).
That's exactly not what happens. The average user simply is not informed enough to make an educated choice about what level of privacy they want and make choices to get that level of privacy. As a result, people don't find the right level of privacy. Closeted gay people get outed by their Facebook friend graph, pregnant teenagers have their pregnancies publicized by their targeted ads, celebrities have their nude photos leaked to the public, adultery website users and corporate employees have their information leaked, women are found by their jealous law enforcement exes misusing surveillance technologies. Only a fraction of these people actually knew what risk they were taking when they friended someone on Facebook, searched for goods on Amazon, texted a nude photo to a lover, put their credit card into a website, gave their info to their employers, or made a phone call.
Obviously living in a faraday cage in your mother's basement isn't the answer: that's a straw man argument.
The answer, in my opinion, is both social and technical. Socially, we need to get people to prioritize privacy and use privacy by default, we need people in power to respect and protect the right to privacy rather than actively taking it away from people. From the technical side, we need privacy tools that are faster, more secure, and easier to use, and we need decentralization so that violating people's privacy is no longer an option.
Agreed, that's what I've been saying all along.
So then why did you use an analogy? Did you really think the sentences "Privacy is easily available" or "People only have to use privacy tools when they are doing something that they want to keep private" needed explanation? Perhaps I assumed you were using it as evidence when you weren't, but you have to admit that's a reasonable assumption given that the analogy is completely pointless otherwise.
> It's committing a no-true-scotsman to say that "privacy isn't as easily available as oxygen" when you change it to "true privacy is is really perfect privacy" when faced with HTTPs and OAuth.
Imperfect privacy isn't privacy. Either people are able to look at your data or they aren't. If people are able to look at your data, you don't have privacy. This isn't a complicated idea or a "no true scotsman" fallacy, it's the meaning of the word "privacy".
We have plenty of evidence showing that the NSA surveils data which is "protected" by HTTPS, ergo, HTTPS does not provide privacy. And the NSA isn't the only actor with this capability.
And OAuth doesn't provide privacy. It's not even the problem that OAuth tries to solve. OAuth provides authentication, which is an element of privacy, but it takes more than simply showing that a person is who they claim to be to provide privacy.
> All privacy & security tools are are imperfect, but most of us find the right level, rather than live in a faraday cage in our mother's basements (that's the point).
That's exactly not what happens. The average user simply is not informed enough to make an educated choice about what level of privacy they want and make choices to get that level of privacy. As a result, people don't find the right level of privacy. Closeted gay people get outed by their Facebook friend graph, pregnant teenagers have their pregnancies publicized by their targeted ads, celebrities have their nude photos leaked to the public, adultery website users and corporate employees have their information leaked, women are found by their jealous law enforcement exes misusing surveillance technologies. Only a fraction of these people actually knew what risk they were taking when they friended someone on Facebook, searched for goods on Amazon, texted a nude photo to a lover, put their credit card into a website, gave their info to their employers, or made a phone call.
Obviously living in a faraday cage in your mother's basement isn't the answer: that's a straw man argument.
The answer, in my opinion, is both social and technical. Socially, we need to get people to prioritize privacy and use privacy by default, we need people in power to respect and protect the right to privacy rather than actively taking it away from people. From the technical side, we need privacy tools that are faster, more secure, and easier to use, and we need decentralization so that violating people's privacy is no longer an option.