Today I Learned extreme privacy

I cam across the term "extreme privacy," and I wanted to dig further.

First, if you're unfamiliar with the classic terminology, you may find this other post helpful, as it explains the difference between privacy, anonymity, and secrecy, for example:

Some common terms for privacy

jmau111 Apr 21 2 min read

#privacy #security #anonymity

Indeed, privacy is not anonymity. It's the right of individuals to not disclose some information publicly.

However, people sometimes describe "extreme privacy" as the ability to "disappear," which I find a bit confusing.

Are privacy-focused solutions sufficient?

Browsers like Firefox and search engine like DuckDuckGo can be a good start, but the recent DuckDuckGo controversy and the fact that Firefox uses Google as default search engine has discouraged many users.

DuckDuckGo has been advertising itself as a privacy-first service and even provides a web browser for iOS and Android, but Zach Edwards, a security researcher, has revealed a hidden protocol/agreement between DuckDuckGo and Microsoft:

This agreement allows Microsoft to track users through the privacy-focused browser! When the user clicks on an ad link, Microsoft can get the IP address.

Ouch!

Source: Zack Edwards

It's never enough!

Many people might be discouraged, as it's like there's no way to not being tracked in the end. There are some ways, but it does not come without trade-offs.

Again, remember privacy is not anonymity, so if you absolutely want to disappear, maybe install Tails and use Tor hidden services, but forget about entertaining platforms and speed. That would be what they call "extreme privacy."

As I don't like extremist approaches, I would not use that term at all. Indeed, it depends on your threat model: what are you doing online? who's gonna try to track you?

"Extreme" is a pejorative term that suggests some shift between the privacy measures and the real needs. In other words, some may consider you're taking way too much precautions, while nobody cares about what you do.

This reaction is also understandable. However, in my experience, disappearing is really complicated, perhaps impossible in some cases, so it's not about that. Privacy is a right, and if you don't want to be tracked, then it should not be possible to circumvent your protections or force your consent.

As long as it continues, people will be skeptical.

Some credible Alternatives

Vivaldi does a decent job, to me, but don't forget to tweak its configuration. Even if it prioritizes robust privacy by default, disabling the "remember passwords" feature is probably a good idea.

If you're looking for a good search engine, Startpage looks promising!

The main difficulty with privacy is there's no all-in-one solution, so you need to find and combine several tools, hence the time and efforts. Although, I would be wary if some product pretends to handle everything for me.

What can I do as a developer?

Privacy is not incompatible with the job. Although, some companies might be afraid by the term and think it could hurt the business somehow, as they need to track users and collect emails (among other sensitive data).

If the business consists of collecting data and re-selling them to data brokers, then yes, it's not compatible. However, in this case you're messing with the law (e.g., GDPR) or circumventing it, and it's not a sustainable model.

Such bad practices are constantly under attack, and it won't stop.

Privacy is better for the entire ecosystem, not just the end users. No trust, no gain!

So, as a developer:

• secure your pipelines
• anonymize data whenever you can
• have a good security hygiene
• only ask strictly necessary permissions (don't force user consent)

Some might say it's not your job to check if the company is transparent with its users, but you have some responsibility, and maybe your boss is not aware of the problem and could use your recommendations.

These are not extreme measures, and the regulations are going to get tougher in the next years, so jeopardizing users' privacy might not even be economically profitable.

Wrap up

While I understand the need for nice slogans, I don't like the term "extreme privacy," as it just means your threat model is wrong, to me.