Near and Far Privacy

A lot of computer-savvy folks find it crazy that people don't care about privacy enough to do something as simple as install an AdBlock or switch their browser from Google to DuckDuckGo. And a large subset of these folk find it even crazier that they themselves don't do these simple things.

But in my experience, people care a lot about privacy – just not the kind of privacy these applications provide.

Of course, these kinds of things generalize:

In my experience, these kinds of privacy concerns, which I'll call near privacy[^459d], don't get brought up in cybersecurity circles in proportion to how much the average end user actually worries about them.

And with good reason – they feel different to grapple with than questions about SHA-256 and Heartbleed. They're not so easily reified into the world of mathematics, where bright minds can tinker with them in an unreasonably effective way. To me, they feel much more like design problems, all focused around the central theme of “How do we make sure this person can speak their mind, without fear of it being brought up against them later?”

Ironically, I don't really care about these features myself. The privacy part of my privacy-first blogging platform is a distant third to me after its cheap monthly cost and its minimal design. But I do think it's helpful to have this conceptual handle in your mental arsenal.


[^459d]: The name for this comes from picturing social connections as a connected graph. Most of us are, on average, friends-of-friends-of-friends-of-friends-of-friends of whatever J. Random Hacker we imagine wants to steal our data in the abstract. You can consider that far privacy, because you're more than, oh, about 3 degrees removed from the person in question. Near privacy is about protecting sensitive details from friends, and to a lesser extent friends-of-friends, and sometimes even friends-of-friends-of-friends.