Near and Far Privacy
A lot of computer-savvy folks find it crazy that people don't care about privacy enough to do something as simple as install an AdBlock or switch their browser from Google to DuckDuckGo. And a large subset of these folk find it even crazier that they themselves don't do these simple things.
But in my experience, people care a lot about privacy – just not the kind of privacy these applications provide.
- When you see people use Snapchat because they have faith that their messages will disappear, that counts as a privacy concern.
- When you see people say “Can we do this over the phone?” because part of them worries the difficult conversation that will ensue might catch them in poor lighting and they don't want text screenshots floating around their circles, that counts as a privacy concern.
- When you see people run alternate Facebook accounts so that they can post memes without their boss seeing, that counts as a privacy concern.
Of course, these kinds of things generalize:
- When you see people prefer platforms with disappearing messages and features that notify you when the other person has screenshotted their phone, that counts as a privacy concern.
- When you see people prefer audio and video formats to text formats because audio and video don't come with a baked-in
Ctrl+C, Ctrl+Vcommand, that counts as a privacy concern.
- When you see people use alts because they don't want some parts of their social group to see their messages, that counts as a privacy concern.
In my experience, these kinds of privacy concerns, which I'll call near privacy[^459d], don't get brought up in cybersecurity circles in proportion to how much the average end user actually worries about them.
And with good reason – they feel different to grapple with than questions about SHA-256 and Heartbleed. They're not so easily reified into the world of mathematics, where bright minds can tinker with them in an unreasonably effective way. To me, they feel much more like design problems, all focused around the central theme of “How do we make sure this person can speak their mind, without fear of it being brought up against them later?”
Ironically, I don't really care about these features myself. The privacy part of my privacy-first blogging platform is a distant third to me after its cheap monthly cost and its minimal design. But I do think it's helpful to have this conceptual handle in your mental arsenal.
[^459d]: The name for this comes from picturing social connections as a connected graph. Most of us are, on average, friends-of-friends-of-friends-of-friends-of-friends of whatever J. Random Hacker we imagine wants to steal our data in the abstract. You can consider that far privacy, because you're more than, oh, about 3 degrees removed from the person in question. Near privacy is about protecting sensitive details from friends, and to a lesser extent friends-of-friends, and sometimes even friends-of-friends-of-friends.