Depends on your threat model, the degree of interest in you from states, the resources and competency of the states interested in you, etc… Also, I think privacy for privacy’s sake and without any real threat to which it’s responding to, is entirely fine and understandable. If nobody were interested in my data at all I’d still practise a reasonable level of privacy because I think it’s creepy for other people to know my business.

I haven’t been around these communities in a while, so I can’t really speak for /c/privacy as much as /r/privacy and other communities, but I’ve noticed far far far far too many posts which are blindly perfectionist, with no consideration of threat capabilities or their motivations. Privacy is futile without a realistic threat model, that’s how you get burned out solving non-problems and neglecting actual problems.

My threat model is largely just minimizing surveillance capitalism and avoiding basement-dweller neo-nazi stalkers from connecting any dots between my online personas and real life identity. Even for that, my measures are a bit excessive, but not to the point where I’m wasting much time or effort.

Daily reminder: “more private” and “more secure” are red flags. If you see or say these, without a very specific context, it’s the wrong attitude towards privacy and security. They’re not linear scales, they’re complex concepts. That’s why Tor Browser is excellent for my anonymity situation but atrociously insecure to anyone who is being personally targeted by malware (tl;dr monoculture ESR Firefox^[1]). That’s why Graphene is not automatically anti-privacy simply because it runs on a Google Pixel and Android-based OS. (Google is one of my main adversaries.) And I think this simplistic ‘broscience’ style of “[x] is better than [y], [z] is bad” discourse is harmful and leads people into ineffective approaches.

I rarely consider anything “too far” unless you’re doing something totally ineffective or duplicating effort, and not talking about redundancy. I think most people who say this are either the people who we need to be secure from or people who are ignorant to the threats. I’m not saying the same threats affect us all, but there’s always a possibility you could become a target through whistleblowing, protest, being attractive, pissing off a random stranger, etc. And usually by the time you are a target, it’s too late. Your information is already out there and it’s difficult to stop broadcasting more with all of the tracking systems in place all over.

It’s often not clinical paranoia that causes people to worry about security and/or privacy, primarily it’s a desire for a minimal amount of privacy, hiding from predators, and/or basic protection from fascist regimes of various strengths that have taken over most governments. Often keeping a little privacy also is the best way to prevent becoming a target in the first place.

It’s just a conscious approach to tech.

Like most things on the internet it’s a game of one-upsmanship. User X uses Firefox with Incognito. User Y say’s that isn’t good enough for his own inconsistent definition of “good enough.”
So User-Y suggests Firefox with 14 different add-ons and only browse through an immutable VM. But then user-z comes along and says that if you are using windows at all, you don’t really care about privacy, so you should be using Icefox on some obscure fork of ubuntu through an immutable VM, with a pi-hole.
Then user-w says well if you aren’t using a VPN none of this matters, so Obviously you need to rent an Alibaba cloud server hosted in China, that you only connect to through a privacy respecting VPN, and then you only browse through TOR.

And so on. By the time a user is asking about how to stop google ads, the only “serious” answer by the community involves using Packet over Ham-radio -> and spending thousands of dollars a month on 4 different cloud providers, rented through several shell companies set up in Switzerland, the Cayman Islands and China, while only typing in Esperanto using an ASCII-only font.

As long as everyone is having fun, I see no problem.

If you’re not having fun switching mail providers, researching Gecko forks, or being a part-time sysadmin for your Fairphone, you should probably stop doing those things.

I must be one of those. This shit is not okay, yall. Whole psychological profiles, humiliation tactics, and dystopian forms of control are right around the corner. Why would they keep Epstein alive when Palantir automated the job of the blackmail broker?

It’s the correct amount of paranoia. The issue is society has normalized completely not giving a shit about your own privacy to the point where any attempt at preserving it is seen as abnormal.

Yep, I made the mistake of telling my family I care about my privacy. The amount of times I’ve been told the nothing to hide argument is stupid.

Many times throughout my life, what would seem like a reasonably easy question to answer has changed dramatically.

30 years ago you could look at data collection and go there’s no way that they could store a meaningful amount of data about everyone.

20 years ago, you could look at data collection and go there’s no way they could have the contents of every phone call It’s just targeted it’s not a big deal

We are at a point now where everything you ever wrote or said could be thrown into a model with such unimaginable levels of lossy compression that they could simply ask it if you are the kind of person who is into whatever the future administration deems as unacceptable and deny you access to things. All you need is a fascist regime or a dictatorship installed and all of a sudden anything you ever did can be used as grounds to lock you up.

On a governmental budget, it wouldn’t even be that expensive and we’re just at the beginning of this.

We have seen that governments can change quickly. We know the data collection is affordable and can be permanent.

Certainly some people privacy-minded to the point of compulsion. But I can’t say that anyone is wrong to seek extreme levels of privacy based on trends and capabilities.

The “leave your cell phone at home and make sure somebody opens your apps and uses them” people aren’t anywhere near as crazy as they used to sound

Yeah. I think people can become obsessive over it. I also think there is a large group of users who gamify privacy and act as if its an mmo quest where they just need to collect the best tools to win instead of being responsible and understanding threat modelling.

A few weeks ago, I would have said 100%. I am needlessly careful.

I know I’m protecting against privacy threats that are technically possible, but unlikely. Preventing the tracking is just an interesting hobby, to me.

But earlier this month, we learned that Meta went “all-in” on what I consider some fucked up shit - running a mini localhost server to track the vanishingly few people who bother to block their tracking.

So now I guess I’m only about 30% sure I’m being needlessly careful.

I have been thinking about this a lot recently. I live a life where OPSEC is relevant. Its something that I have had to consider always, and has been for 2 decades. Even so, I wasn’t as concerned this whole time as I am these days. The fact is that technology is making it such that its no longer “im not a person of interest they wont spend resources on me” because data crunching is happening to such an extreme, on such a grand scale, that person of interest doesn’t even matter. Do you exist, yes. Do you have a digital foot print, yes you do. Even if you dont do a lot online. Your metrics are being captured and being inferenced, and systems are using predictive analysis to determine what you “may” do in a given situation. Depending on who controls those systems they may decide not to give you a chance to make that choice.

Ill I can say is that there are a large number of groups that want your data, for a lot of different reasons, and none of them are for your benefit. So, are you going to let them have it, or are you going to take steps to reign in the amount of info you leave about?

I dunno, considering that Facebook data has been used to go after people, we’ve got fascists using every method possible to target their current hated group, and police everywhere ignoring or bypassing due process by just buying data, I don’t think it all paranoid to think that privacy concerns are already huge, and could get worse

Of course some people go too far. I think a lot of folks on here grossly overestimate / overstate their threat model, but I think the discussions are good for the limited few who really do need to cover their asses.

Me personally, I hate the idea of companies bidding for my attention without my consent, so I try and make it as hard as possible for them to get it. This just so happens to overlap nicely with the goals of the privacy community much of the time.