I can't decide if it would be easier to convince people of the benefit of extra steps/slow internet/privacy protections, or to reflexively engage their skepticism/critical thinking muscles upon hearing Save-The-Children-and-Stop-The-Terrorists rhetoric.
As it stands, it seems most people (of a certain race and class, anyway) feel more threatened by vague stories of child abductors in white vans at WalMart[1,2] or terrorists (c. 2000's generally) than being randomly victimized by our j̶u̶s̶t̶i̶c̶e̶ legal system.
Nothing to hide, nothing to fear, as they say. Abstract thought and generalization are hard, I guess.
Tor doesn’t deliver any of those things. It’s a tool developed for spies that is mostly used to facilitate grifts and move contraband.
I’m not worried about clowns in white vans or terrorists. If you want protection from the government, you need to advocate for protection under the law. Journalists, NGO workers, etc have to figure out how to manage risk and may need to self-censor to avoid those risks. Tor won’t protect you if you irritate MBS.
There is active targeted surveillance by a nation state. Tor is not going to help you. No crypto or tech alone will help you, you’ll need to develop extreme opsec practices to stand even a remote chance against a well funded and well equipped adversary focusing on targeting you.
Then there is passive mass surveillance, i.e. the presidential surveillance program, which Tor/VPNs/HTTPS etc will absolutely help with.
Tor/VPNs/HTTPS is a pretty broad spectrum of protections. Everyone on the web now pretty much uses HTTPS all the time. Most people don't use a VPN but I imagine most HN users do or at least know how. Very few people use Tor. What benefits do VPNs bring over just HTTPS? What benefits does Tor bring over VPNs? And do any of these actually solve anything if you continue to use Google, Meta or similar services?
If a few people collude to secure moderator positions at different sites and each gains access to IP logs (or someone just bruteforces/exploits the site and dumps logs), anybody can be outed across those sites-- the adversary has effectively compromised the server and can map page accesses directly to your IP.
They don't break HTTPS, they break the weaker link-- the trust of the server owner.
The next step is gaining access to the VPN provider's logs (they don't keep any, right? Right?). They all keep logs. Even if they say they don't, assume they do. Nobody is held accountable for lying about it.
Again, not breaking HTTPS, but breaking the weaker link-- an unscrupulous VPN owner already exploiting the trust of you, the customer.
Tor is the only "safe" way to be anonymous, but even that is dead through fingerprinting, gatekeeping and forced Javascript enabling.
I'm not sure what deliverables you're referring to, but if it's not useful for shielding one's identity from prosecutors/persecutors, why would spies, grifters, traffickers, terrorists, child abusers, and puppy-kickers make such extensive use of it?
If the actual police and not counter-intelligence agencies were actually intercepting all traffic, use of tor would automatically attract attention to you.
"reflexively engage their skepticism/critical thinking muscles upon hearing Save-The-Children-and-Stop-The-Terrorists rhetoric"
Not part of human nature. Save the children/Rethoric is embedded. Reflexive thinking has variying energy requirements and for most requires external kickstart, when possible at all
Forcing tor in all new network adapters is more feasible, which is saying much.
> Not part of human nature. Save the children/Rethoric is embedded.
This is ahistorical. Childrens' rights are a late-19th Century creation. We have become child worshipers, we are not naturally child worshipers.
There's a quasi-Christian doctrine that states that children are born virtually unstained, and that being unstained makes you more deserving of life. As you grow older, you are stained by the demands of the world, which makes you less deserving of life. However, the idea that a child's life is more important than an adult's life would seem moronic to people much before the 20th Century. It just takes 6 years to make a 5 year-old. It takes 51 years to make a 50 year-old. 5 year olds know almost nothing, and need to be taken care of. Every 50 year-old has a bunch of knowledge that can't be recovered, and generally can take care of themselves.
You know we used to send them into the mines... and we used to value them because of how deeply they could get their little hands into factory machinery.
I got out of academic fingerprinting research when I realized I was on the wrong side of the discussion. I’ve just never seen or heard of privacy violations that particularly bothered me.
I too have never experienced a violation of privacy which had a significant observable impact on my life. You and I have been fortunate in this respect.
Some people are literally targeted for harassment and murder because of some aspect of their identity, journalism, or activism. This isn't a hypothetical.
Tl;Dr the dissident Khashoggi was infected with NSO malware before he was murdered by the Saudi government. That's a pretty clear violation of privacy in service of something I would guess you disagree with.
This story isn't an anomaly, I think if you looked into this further you would find innumerable privacy violations which bother you.
If you would like to elaborate, or if there's an article you think I should read (or podcast, video, etc), then I'm listening. I'm open to feedback but this is too vague for me to do much with.
Alright. I'm not gunnuh buy that without a citation. You have no obligation to provide me with one, but finding one on my own is going to be at the bottom of my priorities.
"Not long after the Saudi journalist was killed at the Saudi consulate in Istanbul, the CIA assessed with high confidence that MBS had personally ordered the killing, but intelligence officials never spoke publicly or presented evidence."
How many journalists get their deaths investigated at all, let alone laid at the door of a...whatever you want to call their government, and what it is to the US'.
Sure, I considered similar notions, but I edited them out because they didn't seem compatible with assuming good faith (and made it a lot easier to not include swipes).
No one is obliged to change your mind (indeed, you are the only person who can possibly do that [the comment was later edited from 'change' to 'open', which I think is more reasonable]), and seeing as you more or less did argue for this position, I don't think you should complain.
That's your view of human rights...? Well okay, I guess you and I will never see eye to eye.
> You suggest I “look into it further” as if I didn’t just say I was a privacy researcher.
I was responding to your statement, not your credentials. I don't say this to insult you, only to explain because you seem to want an explanation, but your statement was ignorant and lacking nuance. (Your statement, not you personally.)
Would be nice if I could respond to all of you in one place, because y’all are more or less saying the same thing.
In don’t appreciate the personal attacks on my character. It’s really a testament to my point, though. The internet is private enough that you feel comfortable commenting fighting words from behind a keyboard. Hypocrites the lot of you.
It’s perfectly reasonable to say that I have no moral commitment to improving the online privacy situation in light of your given example. State actors in Saudi Arabia are so far removed from a typical citizen that they’re completely irrelevant to the discussion.
Can you please not post in the flamewar style to HN? It sounds like you have a lot of experience in this area and have substantive points to make, but you've been making them in an inflammatory way that is guaranteed to worsen the discussion. We're trying to go in the opposite direction here.
> The internet is private enough that you feel comfortable commenting fighting words from behind a keyboard.
With respect, nothing said by maxbond in this thread is what I would consider to be fighting words. If someone was talking face-to-face to me and dismissed human rights violations in Saudi Arabia by saying "f** around and find out", I'd feel extremely comfortable saying to them, "if that's your view of human rights we might not be able to see eye to eye."
Privacy violations in the US itself leading to human rights violations and attacks from the government are common. Since you are a privacy researcher, you should be aware of this stuff already. I don't want to insult you by suggesting you're not. However, if I assume you are aware of how online tracking has been used in the US proper to target marginalized groups, prosecute cross-state abortions, and dox and harass activists -- then the only conclusion I can draw is that you're aware of it and don't think it changes anything about your position.
In which case, if that's your view of human rights we might not ever be able to see eye to eye on this.
If you peruse down the flagged comment nearby you’ll see maxbond backhandedly agree that I only care about myself. I’m not one to punch people in the face, but that’s grounds to be punched in the face in any bar.
That being said, it’s perfectly reasonable not to see eye to eye regarding privacy, which is effectively what I said that started this entire thread. I personally don’t think that online privacy is the front on which discussions about abortion legislation should take place. Even Google, manufacturing Chromium, takes privacy into account to a reasonable extent [0], and I personally feel that it is enough.
[0] For example, if your machine has more than 16Gb of RAM, Chromium only reports 16 because there’s no browser application that needs to know you have more than 16, and it would instantly make your device fingerprint unique.
If your first instinct upon hearing that you're self-centered is to maim the other person, you might be proving their point.
Kashoggi was a US citizen lured to his death by a foreign regime -- not seeing eye to eye on privacy is one thing but imo it's strange to hand wave the incident away because the average person is unlikely to end up in the exact same situation. People are stalked by their employers, exes, strangers, etc every day -- deep privacy absolutely can be valuable to the average person.
> Since when has someone’s internet browsing been affected by a stalker?
I'm sorry, but you are (were) a privacy researcher though. You should know already that internet browsing can be influenced by and can contribute to stalking/doxing attempts.
You seem to react negatively when directed towards research topics above, so I'm not sure how to respond to this in a way that you won't find insulting. I have to again assume that you were a privacy researcher. If so, you should already understand that browser surveillance is absolutely possible without malware or hardware access -- at the government level, and at the corporate level, and even sometimes at the individual level.
So I'm at a loss about how you would (I assume mistakenly) make such an obviously false claim.
Once again straight up incorrect, I am not talking about ISPs. You can track browsing and use browsing to help with stalking/doxing without ever getting an ISP involved. Quite frankly, I'm not sure what to conclude from this other than that you may not know as much about how modern Internet tracking works as you think you do.
> I’m not one to punch people in the face, but that’s grounds to be punched in the face in any bar.
This conversation is getting a little weird, but I feel like I should just kind of generally say, that would not be in any way an appropriate or reasonable reaction to being called self-centered. In general assault is not a reasonable reaction to insults period, but it's even less of a reasonable reaction to a passing insult that's as mild as "you only care about yourself."
Well, your discomfort makes it clear you’re not American poor. Verbal confrontations, even disagreements led along insults, are enough to get shot where I’m from. Obviously nothing about that is a good thing.
My point is that the internet is already an extremely private place. I started this in reply to someone proposing privacy evangelism in the wake of ignorant sheeple, and that’s stupid and insulting.
> Well, your discomfort makes it clear you’re not American poor. Verbal confrontations, even disagreements led along insults, are enough to get shot where I’m from.
Okay that is a very weird response.
I feel like I need to state that shooting someone over a verbal disagreement is obviously wrong and obviously would be inappropriate and would obviously reflect negatively on the moral standards and character of the person doing the shooting, and it would obviously be appropriate to view someone who was willing to shoot someone over a passing insult negatively or at the very least to say they may have some issues.
And I don't like the vague insinuation here that lower-income Americans are inherently violent or that crime/violence within lower-income communities is culturally motivated.
> My point is that the internet is already an extremely private place.
Saying that you don't see a set of privacy violations as relevant or worth caring about is a lot different than saying that the Internet is private. The Internet is not private and you're not denying in any of these threads that the privacy violations people are bringing up exist -- you're saying they don't matter and that the Internet is private enough. Be careful not to confuse your personal standards about how private the Internet should be with more neutral descriptions about what risks do or don't exist online.
> and that’s stupid and insulting.
Be careful, I've been told that's apparently fighting words ;)
You do seem to make a lot of casual assumptions for someone who gets offended by even just the implication that they might not be completely up-to-date on examples of privacy violations in the US, don't you? ;)
> Your comments about violence in America are generally naive.
I think I might be wasting my time at this point, but I feel the need to point out once again that older and elderly Americans don't just shoot each other over casual insults, and that would still be super-illegal and super-immoral and it would still be appropriate to morally condemn someone who felt like that was a normal thing even if they were 80.
There is not a way of phrasing this where "you think that I'm self-centered, well people have been killed for less" is a normal thing to say. That is not a normal thing for anybody to say even if they're in their 60s.
I'm sorry you feel I've attacked your character. That wasn't my intention. If I've misread or misjudged you, please do correct me, and I'll add a correction to each of the comments I've made in this thread. This offer does not expire, if you correct me tomorrow or next week or something I'll still get the comments fixed (at least, as long as I see it).
I'm genuinely sorry that you feel frustrated and insulted. Hope you have a good rest of your day.
I started getting a PhD in device fingerprinting and quit when it became apparent that my views were relatively far removed from most people in the field.
I’m trying to say that the current privacy situation is good enough. The status quo can’t be abused such that money can be made.
Does it cause you to feel any doubt that the vast majority of the professionals in that field disagree with that conclusion? I mean, you're saying that the majority of privacy researchers who are studying this topic view the current state of Internet privacy as a problem, and it's such a large majority that you felt like sticking around in the field would not be worth your time. Are all of those researchers wrong?
It was on completely ideological grounds that we differed. (Which is also against the HN rules to argue about.)
I was attracted to the industry effectively to verify authentication through device fingerprinting. Others, en masse, are drawn because they don’t like the current privacy situation. Can you imagine someone being attracted to marine biology that didn’t like fish?
It’s perfectly reasonable to say that, yes, I disagree with the majority of the field. In this instance, “I don’t like fish.”
The closest thing this entire thread has given as evidence of overfishing is that a journalist was killed for meddling in government affairs, which has nothing to do with overfishing.
Segments of the world with different ideological views represented by their governments.
If the behavior was blatantly unethical, which I don’t think it is, it would be illegal everywhere. Just because my opinion is different than the popular opinion doesn’t make it anti-vax. Grow up and open your mind.
The Cambridge Analytica scandal was prosecuted under the current privacy situation. My ire with the level-0 comment was in it stating that the current situation doesn’t work. Also downloading random apps off Facebook is hardly behavior that a privacy conscious person would take. Not to mention that the use of the data, unless I’m missing something, did no more than make people uncomfortable.
As it stands, it seems most people (of a certain race and class, anyway) feel more threatened by vague stories of child abductors in white vans at WalMart[1,2] or terrorists (c. 2000's generally) than being randomly victimized by our j̶u̶s̶t̶i̶c̶e̶ legal system.
Nothing to hide, nothing to fear, as they say. Abstract thought and generalization are hard, I guess.
[1] https://www.cnn.com/2019/12/04/tech/facebook-white-vans/inde...
[2] https://www.snopes.com/fact-check/white-van-facebook-hoax/