Are they? So, as far as I know, I’m nobody. There are no 3 letter agencies after me, and I am not engaged in any illegal activities as far as I know. I am just an internet user who has fun with technology.
With all of that in mind, years ago I used to believe that some of this internet privacy and security stuff was less applicable to me and I should just use whatever technology worked well, because I didn’t need to worry. Even if the government builds an infrastructure to record all messages like Snowden said, why is that a problem if I do nothing wrong?
But after some years of approaching the problem that way, I began to find myself in situations where I saw myself being used to worsen the lives of people around me, or as an agent of change where the change wasn’t good and I wasn’t informed of what was happening unless I spent a lot of time self-analyzing. And for me, the end result conclusion, is that whatever government entities created those surveillance systems to try to keep people save failed abhorrently at their jobs. Because they allowed the same corporations who were probably contracted to build their stuff, to then go and use similar principles to build similar data collection tools for the purpose of increasing profits and powering machine learning on the people, we now live in this horrible world spiraling towards a future where nobody can agree on anything and we are all crazy about this or that, even though none of it is what really matters. And after society falls apart because of all that, the circle will be complete, indicating that whoever originally started doing data collection under the guise of national security actually led to the end of the nation, because of the limits of their intuition.
And that’s just my country, who knows if it’s the same in other parts of the world. But as a result, don’t we all have the same threat model? Even someone who is no one should probably still try to be as offline or as anonymous or as private as the worst criminal, because we don’t want to become AI-used instruments of destruction for our society and our family and our friends!
So, isn’t the difference just what people know? Let’s say you are doing some things that keep you more secure than what I am doing. That doesn’t happen because your threats are different, does it? I would imagine it happens because you know more about how to secure your well-being and the integrity of your mind.
And, when it comes to using people as instruments/weapons against their loved ones, one of the primary companies with sufficient AI tech to use people like that for the last few years, as far as I could tell, was Google itself. It seems like if Microsoft can get enough money to get enough development to become the next Google in that way, they probably will, so obviously Google is not the only offender of this kind. But they are certainly one of the biggest.
And as such, isn’t the simple idea that “Firefox opens a connection to XYZ when its process starts and closes the connection when it ends, and keeps the connection live for the entire duration of the use of Firefox,” as an idea, something ludicrously important that anyone using Firefox would want to know? Why talk about hosting solutions and whether Google is bad, or talk about whether or which user IP address is leaked, instead of this simple reality that Firefox is giving someone online the timestamp-able metadata for a log of the entire duration of its use? The fact that it is Google is bad, but if it was not Google, it would still be bad. If link “the standards” and say that “the standards” say it should be like this, and therefore it shall, what about if the standards are dumb?
If somebody told me that “the standards” say that mobile handsets should not allow the user to have root access, nor to install applications other than from Google Play, and that therefore PureOS Phosh should not be allowed to exist because it didn’t follow “the standards,” then we would just know that “the standards” were obviously compromised. I would still want to use my Librem 5 in such a case.
Maybe this is a call to action that someone should build or invent an ideal solution? As an example, if I want to use my Librem 5 as a libre solution to as much as I can control, but then connect to
slack.com for my job, it’s useful for me to enable the Notifications feature from Slack so that when my work pings me, my phone buzzes. But why does this interaction need to involve a third party server that isn’t me, and isn’t slack?
So, getting back to my original point, I don’t really feel like this is a “threat model” thing. It seems like we should all want our devices to leak as little additional information to third parties as possible, unilaterally, and there is an information leak to a third party here that as of yet I do not understand the rationale for. And I would think this would apply to all users.