It seems sad that in 2022 it still needs explaining what privacy is
and why its a good thing.
I don't wish to knock this great project, but I'm growing weary of
reading what seem to be almost obligatory structures;
1) Initial platitude about how smartphones are ubiquitous,
inevitable, inescapable centres of existence without which humans
would die within seconds.
2) Tragic self-mocking account of how we're all idiots without
self-control who can't work these things, but remain utterly
dependent on technology we have no clue about.
3) Confusing, terrifying litany of all the evil-doers, hackers,
cybercriminals, corporations, agencies, and other bad guys f-king us
over, while trying not to sound paranoid and hopeless.
4) Optional apologetics justifying unconscionable shitshow of (3) on
the basis of convenience and getting stuff for free.
5) (Point at which most normies stop reading) Solution involving
jaibreaking, firmware updates, running a private VPS server,
building your own DNS network and soldering in some new chips using
dangerous solvents, X-Rays and a x100 bench microscope.
6) Shrugging summary about how this "probably isn't for everyone".
> It seems sad that in 2022 it still needs explaining what privacy is and why its a good thing.
Because for most people privacy on the internet isn't important. They either don't care it's being abused ("I've got nothing to hide"), or are OK with paying the price of giving it away in exchange for the services they get, and think are entitled to, for free.
This has many reasons, and a major one IMO is that we didn't build privacy-focused tools from the beginning. The web was built with a consumerism model where the user is only meant to browse it. When corporations grew larger based on a very lucrative market and adtech was born, there was no going back. Now, privacy-focused individuals are desperately trying to educate people and reverse the trend, governments are attempting to catch up and fight it, but that train's not stopping anytime soon.
The sad part is that majority of people won't even be interested in this article, let alone use the tools it suggests.
As for the tools themselves, as someone who's been using a de-Googled phone for years now, I'd never use any of these. It's great that they're FOSS and request no permissions, but the fact they're built by the same team and market being "privacy-friendly" as their main selling point just feels off to me. There are similar alternatives already on F-Droid and I'd rather use apps from different developers, in case someone goes rogue I don't lose all my eggs, so to speak.
> Because for most people privacy on the internet isn't important.
This is untrue and the only place I see people claiming it's true (ironically) is here on HN. Privacy is intentionally made as difficult as possible when using anything where control could conceivably be centralized. These services are also made crucial through the elimination of others that are more privacy-respecting. In the case of the internet, this is inevitable because internet business don't have to make a profit, and they destroy the previous businesses that did.
I don't meet anyone who doesn't want privacy as the default. It's weird to even have to say that when Snapchat is winning among the generations that get most accused of being comfortable with this corporate and government-imposed lack of privacy.
This is a nuanced view where there are specific privacy features I care about in some circumstances. But I don't really care about the strong privacy against corporates or government that some do.
This view is informed by my migration from being strongly privacy focused in the 1990s and a subsequent careful analysis of actual harm.
Also I'd note that Snapchat is a great example of this. Privacy for things I care about but little from corporate advertising or governments.
> I don't meet anyone who doesn't want privacy as the default.
We're both speaking from experience. You can't claim that my experience is untrue, just as I can't claim that yours is.
Most people I've spoken to--particularly outside of HN--in the baby boomer and generation X demographics, and even some millennials, have expressed what I said above. Practically speaking, almost anyone who is not technically savvy certainly wouldn't be concerned about protecting their online privacy, since the internet (or "Facebook") is just a tool they use to stay in touch and keep (mis)informed.
As more and more people come online their first exposure to the internet will be via these services. The failure of web developers has been not building privacy-focused tools from the beginning, and not educating people about what they're sacrificing by using "free" services. We can work on the latter, but the former will always be an uphill battle, as the momentum of adtech has taken over the web.
> Snapchat is winning among the generations that get most accused of being comfortable with this corporate and government-imposed lack of privacy
What makes you think Snapchat respects users' privacy? Snap is an opaque corporation, running a profitable ad-based business, like most tech giants.
I'd reckon that most Snapchat users don't use it because they think it's private, but because it has the content they're interested in. This is the same demographic obsessed with TikTok after all.
> Because for most people privacy on the internet isn't important. They either don't care it's being abused ("I've got nothing to hide"), or are OK with paying the price of giving it away in exchange for the services they get, and think are entitled to, for free.
The fact that "privacy" doesn't mean the same thing for all people isn't helping. Privacy fundamentalist use the same rhetoric and fundamentalism as Stallman does, where they use a definition of "privacy" which is disconnected from what most people are worried about when talking about "privacy".
Counting clicks on a button in an app (privacy fundamentalists: "spying") is far from concerning for most people while uploading their private messages, leaking their private pictures or having their coworkers read their messages is concerning. For an example of that, consider that in another comment thread on HN, the networkers were vehemently defending their right to reading anything and everything on "their" networks while still demanding privacy from their phones.
And as long as the definition of "privacy" is abused to harvest clicks and outrage, meaningful progress can't be made.
> Counting clicks on a button in an app (privacy fundamentalists: "spying") is far from concerning for most people while uploading their private messages, leaking their private pictures or having their coworkers read their messages is concerning.
People aren't concerned about "clicks on a button" because they don't know what that means. It's never just "clicks". That's the problem with privacy. Everyone understands why it's bad when their coworkers can read their private messages, but nobody knows that because of the data they've given up but "don't care about" they got turned down from the last job or apartment they applied for, they're paying more for the exact same items than their neighbor while shopping online, companies are telling them their polices are one thing while others are getting better terms, they wait longer on hold when they call for tech support, or that it's why their health insurance bill went up again.
If people saw all the ways the data they gave up was being used to exploit them at every opportunity they'd care a whole lot more about what "privacy fundamentalists" consider spying, but unless the consequences are immediate and right in their faces they can continue to be manipulated without being aware.
Yup, well said. And it's not like there are no alternatives. Even for "normies" there is /e/ OS (now Murena) where you can buy a ready made private (or at least mostly degoogled) phone. And for "techies" there is LineageOS, GrapheneOS,... maybe even Linux.
End-to-end encryption will make a big difference as people choose applications that offer a great experience while protecting their data from 3rd parties. WhatsApp, Signal, and Apple are all making big pushes in this area and working to inform people about why it is important for their privacy. When I explain e2ee to people and how it is used in my own app for contact info sharing, they immediately get it and want it as a feature.
One of these is not like the others. I have a hard time trusting Meta's and Apple's claims about privacy, including E2EE. They're both billion-dollar corporations with a history of deceiving marketing practices and data leaks. Meta's business model in particular is based on advertising and abusing users' privacy. Why should we trust WhatsApp has their users' best interests in mind, when the company that runs it makes a profit from exploiting user data? To say that it's a conflict of interest would be an understatement.
Good luck with your app, but please don't recommend Meta and Apple products to users concerned with privacy.
Meta and Apple can both be sued or fined heavily if they are misrepresenting their use of e2ee. Signal has maybe 100 million users, but WhatsApp and Apple account for over 2 billion. They've done more to improve security in the text messaging space than any other group. Maybe they are doing it because they don't want data leaks any more than you do, or they sense the trend towards respecting user's privacy and want to at least appear to care. In any case, we should encourage this adoption of end-to-end encryption and support it where it makes sense.
> Because for most people privacy on the internet isn't important
That's changing. There's a movement online to get people weaned off big tech and surveillance capitalism. The thing about privacy online is that it's hard to measure, since many opt out of telemetry so you can't easily gauge just how many people have opted out of big tech & surveillance. I imagine the number is exponentially rising as each year passes.
Now I don't expect everyone to be fully private in 10 years, and you'll always get freeloaders exchanging personal data for something free. That's just a fact of life. You have to think of this in terms of 'radioactive waste'. They say data is 'the new oil' but it's really the new radioactive waste!
> There's a movement online to get people weaned off big tech and surveillance capitalism.
This is a niche movement at best, ironically mostly followed by people who are already concerned about privacy. I doubt they manage to convince many others into joining them and abandoning big tech. My own attempts at doing so have mostly been met with a few responses: "I have nothing to hide", "It's too inconvenient to switch", "I just use it for X and don't spend a lot of time on it", or "I don't care".
> The thing about privacy online is that it's hard to measure, since many opt out of telemetry
Hah, right :) I think we can track it by simply seeing how the user bases compare between big tech and privacy-focused services. So far the numbers are several orders of magnitude apart, it's pointless to even compare them. There are many reasons for this, and I hope things keep improving, but I doubt we'll even make a dent in 10 years.
No, really you are wrong. I am watching this closely and if you have
not noticed the tectonic political shift going on you're living on
Mars. Just the other day the US signed with 60 other signatory nations
on a bill specifically set to burn down widespread privacy violations.
And the US is tepid compared to a groundswell in Europe.
> It seems sad that in 2022 it still needs explaining what privacy is and why its a good thing.
It should be about as sad as the fact that addition and subtraction still need to be explained. People are still being born.
> I don't wish to knock this great project, but I'm growing weary of reading what seem to be almost obligatory structures;
If this is your first time reading something like this, you need the obligatory structure. If you already know everything, it's not for you. If it's complicated and normies can't do it, that can't be helped, it's what we have. If you are a normie looking for privacy and see that it looks unintelligibly difficult, that's educational. You might be upset by that fact, and therefore support and amplify criticisms of the current regimes, software that simplifies the process, and/or legislation to protect people.
> It should be about as sad as the fact that addition and subtraction still need to be explained. People are still being born.
This is the key. And privacy, the lack thereof, and what to do about it - is significantly harder to grok in 2022 than your standard education coursework.
Any material that attempts to educate and empower users on this subject should be encouraged.
Markets change when consumers demand it. Until consumers know what to demand and why they should demand it, change will not happen.
Not long ago, smart homes were reserved for tinkerers and tech savvy types. Now, almost anyone can set up some smart bulbs and such.
Staying private is in that earlier stage. Every product or movement that became accessible to the masses started out as an inaccessible or impractical hobby of a few.
> If this is your first time reading something like this, you need the
obligatory structure.
I used to think the same way, and started out writing all my
educational pieces in the vernacular structure... with great patience
and sensitivity to the idea that maybe some people are ambivalent
about privacy.
Over the years I've come to revise that.
We create mythologies in the hacker community. Amongst the many
caricatures we conjure up are "Mom", "Gran" and someones "Little
brother". These hopeless half-wits will set a computer on fire as soon
as touch it. The reality is that todays "Granny" was head of social
informatics at IBM in the 1960s. Todays "Mom" is ferociously aware of
protecting her children, eschews 'nanny cams' and gets irate at the
school for posting the class photo on Facebook.
We need to revise our stereotypes and should seriously ask; who are
these imaginary people who are "reading this for the first time"?
Part of the reason I think we create these mythological half-wits is
that it gives us a simple explanation as to why the uptake of dignity
respecting technology is slow. The reality is that it's actively
impeded, but we're not quite ready to fully take that on-board and
point at the culprits.
Part of the solution I think is to adopt more direct speech, to stop
treading on eggshells around privacy and start going in hard with a
more mature understanding of where people are in 2022 with respect to
their threat models around different technologies. Regular people get
that the horsemen of the infopocalypse are bogus, that their phones
are fundamentally insecure, and they want change.
> If it's complicated and normies [1] can't do it, that can't be
helped
We do need to up the game in so many places, as you say, education and
UI are still paramount.
> You might be upset by that fact, and therefore support and amplify
criticisms of the current regimes, software that simplifies the
process, and/or legislation to protect people.
You raise a really important issue. There's a lot of hostility towards
advocates of rights respecting technology. I always assumed that came,
at least here in forums like HN, from those directly involved in
advertising and surveillance activities who see their livelihood
threatened. But now I think there's more to it. I get about eighty
percent very positive sentiment toward my Digital Vegan book, ten
percent justifiably critical, but there's ten percent who are
disproportionately angered and indignant.
I think the psychology is really complex and involves a kind of
defensive rationalisation, learned helplessness, Stockholm syndrome
and some sunk-cost bias. Some will vigorously shout down opponents in
defending their right to be spied on and abused. Something's amiss
there.
This project does not seem to contain any of the six points raised. Instead it is simply an introduction to open source apps for smartphones under the moniker that they are privacy-friendly. (For Android check out the NetGuard and PCAPdroid apps. I have not seen anything like them for iOS.)
The problem I have reading criticisms of anyone else's interest in computer privacy is that in general most but not all people these days who are using their ability to program computers as a paying job are somehow reliant on the sustenance and/or growth of online advertising or other money-raising strategies that depend on surveillance of people's computer use, or simply people's continued computer ignorance. In the case that the critic has any connection to this type of "work", there is, IMHO, a conflict-of-interest/bias to consider. Needless to say, "normies" generally have neither the time nor inclination to pen such criticisms let alone read them.
It is remarkable how developers commenting on HN are so willing to speak on behalf of "normies". One can see this practice not only in this thread but routinely, on nearly every privacy-related discussion on HN. If normies were given a vote how would they exercise it. When iOS users were given the choice to block apps from tracking them, what choice did they make. Facebook lost 20% of its market value as a result of Apple giving people that choice. It's too easy to manipulate choice and then pontificate about what they do or do not want. This is the game "tech" companies play.
In any event, I think the six points lead to the following conclusion: we need to have (more) laws that regulate online advertising and the privacy-invasive practices used to support it. If computer surveillance shenanigans employed by "tech" companies were sufficiently regulated, it would bring a swift end to the type of "web content" described by the six points.
> in general most but not all people these days who are using their
ability to program computers as a paying job are somehow reliant on
the sustenance and/or growth of online advertising or other
money-raising strategies that depend on surveillance of people's
computer use,
In my book I address precisely this. What I found in my research is
that this is a driver in the privacy crisis, but it's a distorted
account.
The software industry is enormous. The vast majority of it still
delivers traditional value. In automotive, medical, military, civic
infrastructure and commodities, space, pharmaceuticals, agriculture,
education and much, much more - the majority of working programmers
build benevolent utility for a fair days pay without compromising
their morals.
The disease is in the smartphone/web ecosystem (I am simply
paraphrasing it's creator Sir Tim Berners Lee), and we should not
confuse that with the wider project of computing in general.
What is called "Silicon Valley" (The Californian Ethos) in the
vernacular, is an aberration. Its culture is disproportionately
supposed to operate throughout "tech". Part of this operation, and
power, is indeed rooted in it's mythology, and the projection of its
ideals, that there is "no alternative" and that the grotesque
exploitation of other peoples private lives is somehow a natural,
evolutionary condition of networked digital technology. It's
insistence that "this is how we pay for free" is victim blaming.
> or simply people's continued computer ignorance.
Yes, but there's more to it than you surmise. The ignorance has
overtaken the creators and investors as much as the users ("consumers
in a marketplace"). We were long ago swamped in the complexity and
uncontrollable churn of our own creations. Not to realise this is to
set up a Machiavellian "us and them" schism, to put too much blame on
ourselves and users as exploiters and victims respectively. The way
out of this to admit that we don't have the first f-king clue what
we're doing with technology and haven't for almost 30 years. The tech
revolution has never had a telos, and is mostly the product of bored
mathematicians creating solutions looking for problems.
To escape that spiral we need a new revolution of digital literacy.
Digital Literacy 1.0 was all about discovering what amazing things
computers are, and what they can do. Having now explored many the
dangerous things computers shouldn't do, Digital Literacy 2.0 will be
about figuring out what we really want them for, and why.
> It is remarkable how developers commenting on HN are so willing to
speak on behalf of "normies".
Absolutely. I'm sorry that I too fall into that, and using that
word. The arrogance is astonishing. Many of us are still stuck in a
down-talking mansplaining way of seeing the world and have a good dose
of "saviour complex".
> If normies were given a vote how would they exercise it?
The problem I am alluding to in my original (sardonic but hopefully
not disparaging to TFA) comment is that right now it's not fair to
even invoke the concept of choice. The greatest triumph of SV tech
this past couple decades has been creating the illusion of
unprecedented choice while stymying it and boiling down the market to
a handful of near monopolies. These contradictions run deep. It's
there in the distance between Apple's 1984 SuperBowl Ad, and its bid
to introduce mandatory client-side content scanning almost 40 years
later.
> laws that regulate online advertising and the privacy-invasive
practices used to support it.
I am against regulation as a rule. If we're going to have it I see
mandated interoperability and a legal support for radical consumer
choice as a better way. The most powerful choice people may still have
is non-participation.
Within f-droid, though they're also on google store I assume, I can recommend Simple Mobile Tools. Just one Slovakian dev but the apps can replace various stock and non-stock apps and work fantastic. The names are a bit generic though, like Simple Gallery or Simple File Manager.
They're powerful enough for me, and simple enough that I install them for my mom and grandma (grandpa can't read, dad chose the dark side), and my brother apparently also discovered them independently. Few months ago I figured I should take stock of how many of these apps we use together and did a donation for us collectively. One benefit for family members is that now they don't have to get used to a new interface if they get a new phone, so they're less locked into one brand. Android UI always changes and just gets worse imo, and unfortunately you need the stock camera for good quality pictures, but at least things like their gallery always looks the same.
A curious question: why caring about app privacy when the ecosystem they live in is designed to milk data? We do want only big&powerful being able to eavesdrop privacy but not countless of smaller actors?
It might sound sterile polemics but it's not, I'm really curious how techies can talk about privacy on Android, iOS etc. My sole opinion there is just avoid using them.
I was looking for your comment, but this line equating the two highlights a constant ambiguity in HN comments re: the threat model. Cut and paste from another of my comments on the subject:
If the subject threat model here is (1) defending against companies stealing and selling my data then Google should be called out. If the (2) state level agencies spying on you through these companies then you can add Apple to the call out.
I see this happen often and I think every conversation should be clearly grounded in the threat model that is being addressed.
There are also people working on privacy friendly mobile OSs, like GrapheneOS, CalyxOS, or DivestOS. Simply not using Android or iOS, is a big ask for a lot of people. Reducing tracking by using a privacy friendly OS and downloading privacy respecting apps, is a way to reduce tracking while still maintaining most of the convenience of a mobile device.
> We do want only big&powerful being able to eavesdrop privacy but not countless of smaller actors?
We don't. And that's why there are efforts to create operating systems that are do not track users. Unfortunately those efforts are not well funded.
Again, we don't want big companies to track us and collect our data, but your questions sounds more like "since big companies collect our data, why should we put an effort to prevent everyone else from doing it?" I apologize if I am misreading what you're saying, but we have to do this one thing since the alternative is available, and once an alternative OS is here, we can switch to it as well.
No need to apologize :-) but you miss a real-world part: we do have some open-platform, even if NOT open hardware desktops, we do not have anything easy to buy at a reasonable price for mobile.
I own a Pine64 phone, it's nice to play as it was the old OpenMoko, but it's not much usable as a daily driver suggestible to generic users, including those who can use GNU/Linux desktop normally as simple users. That's the biggest issue and it's a similar systemic issue described above: we can't have really Free software if it need non-free systems to run, so we can't have free OSes if they demand non-free hw + fw crap.
Since desktops so far are at least manageable I generally suggest to run to save them, pushing desktop computing again and simply say mobile world so far is just a prison. This way perhaps since actually we need desktops to work in 99% of the cases we would been able to have them in the future, as "free" as today...
Good initiative, but might be better idea to provide less apps with similar functionality and concentrate on one that actually works. I'm still searching for a decent privacy respecting (no internet, no sync, no google account required) app for simple reminders and notes, but neither of Secuso apps worked, mainly reminders in "To-Do-List" were not working at all.
If anyone has made a simple reminder/note app, similar to ones you'd find on smartphone pre-installed - please share. No idea how many apps I already tested, and each one has some annoying issues. I just need a simple Google Keep clone without sync, location features.
If your version of Android supports it, consider installing any app from the Play Store and disabling its internet access. I did that for Google keyboard since it's the only way to get proper swipe-typing.
I've been using their QR scanner and had no idea it was part of a brisket initiative.
I think by having apps for so many use cases they may have better luck picking up enough users. I for one will be checking out the rest of their work based on that experience with the barcode scanner.
There's also something to be said for many small programs that do one thing well. See also the "Simple" suite of apps, which seem to have a similar philosophy.
I have a privacy friendly investment portfolio app with minimal permissions and without ads or third party tracking. But It's not open source so I guess not eligible.
is there a smartphone that runs a fully functional emulated/virtualized android? feels like that would be a good starting feature for a privacy friendly phone
Doesn't that require repeated resigning/reinstalling to keep the apps installed? I've heard some iOS users complain about the stupid workarounds they need to do to install apps from unofficial sources and I'm pretty sure there's more to it than just installing the app from your computer.
If you have a paid developer account you have to reinstall every year. If you’re using a free account I think you have to do it every week. Not great, but also not harder than connecting your phone and pressing the Run button in Xcode.
I have a Samsung phone, s10+. I've not tried this app yet, but I will.
However all apps I've tried so far got my steps wrong. I imagine because it's something that isn't documented by Samsung and they know exactly which values to use to calculate the steps and distance and speed.
So essentially you buy a product with the right sensors but there is no documentation for you on how to use those sensors to have near accurate conversion results if you're going to write software that uses those sensors.
> However all apps I've tried so far got my steps wrong.
FWIW, every pedometer (digital or not) ever created is "wrong" about the number of steps you take per day. What they do offer is a device- or app-relative measurement of roughly how many steps you take.
"Accurate pedometers are those with step-count errors less than 10%, high or low. […] The Colorado on the Move, Sportline 330 and 345, and Yamax Skeletone EM-180 were within acceptable high or low error limits of 10%. The Accusplit and Freestyle underestimated steps by 20% and 25%, respectively, and the Walk4Life, Omron, and Oregon Scientific overestimated steps by 20%, 30%, and 45%, respectively."
Microsoft aren't exactly known for privacy, given how much data they collect continuously from Windows users (e.g. details on every application you launch, hard-drive wide program sweeps, etc). Also with Github specifically they used everyone's code to fuel their machine learning product without asking permission.
Apps that are simple enough to be taken apart and studied, while complete enough to be practical tools in day-to-day tasks? Obviously you can just use them as they are (many people value minimalism), but there's also huge educational value for aspiring developers, or as testbeds for other experiments (can you be productive with only basic tools, how does it impact your social life, etc).
I think there's a huge gap between what e.g. suckless.org produces, and what's usable by ordinary people, and it would be of tremendous value to society if we could push back on unnecessary software complexity.
Android is a write off from a privacy perspective, it's already an inferior good. The only viable near term privacy product I could see for it would be a virtual machine platform for phones that lets you run multiple OS instances with identities on the bare metal. I think there is still opportunity to create premium privacy experiences on existing platforms and apps, but only because those platforms are established and privacy becomes an extra power, and I don't think there is as much growth in a replacement platform for "privacy centric twitter/FB/goog."
One startup idea I briefly pursued some years ago was developing privacy focused work-alikes for common utility apps, and what I sensed from it was after "flashlight," "calendar" and "QR code reader" apps are their own contained brand experiences. There is no messenger workalike, each game is itself the experience, and playing a clone is less satisfying, and there's a quality to apps that is as intrinsic and unique as a story that you can't just replicate.
The business model was to charge for privacy focused work-alikes of popular free utility apps as an effective luxury privacy brand for apps, but even this misunderstood luxury products (an area I had some experience with, in addition to security and privacy). Luxury goods represent stories of aspiration and belonging, where privacy is a reactionary value that needs a foundation of something valuable beneath or behind it to protect. It's a quality and a feature, but to succeed, it can't be the reason.
To be valuable, privacy needs to socially elevate the user, similar to how the whole apple brand experience does, and distinct from the way someone using Tor/Tails all the time would relate to the world. Privacy as a concept has acquired the vibe of an inferior good, something you want when you don't have power, and so it's not something used for elite signalling the way exclusivity was just 20 years ago.
In this sense, privacy must be attractive, which is a real magic sauce. To do that, what people mean when they say something is cool or sexy is that it is powerful. Together, it means that for a privacy centric tech to succeed, it must first be powerful. Blockchains and cryptocurrencies were technically powerful, but their bar to entry meant they were adopted by unpowerful people first, and are still percieved as an economic "inferior good." Power over things is just leverage, where desirable power is necessarily status over other people. There's a lot of opportunity to refine this still.
I don't wish to knock this great project, but I'm growing weary of reading what seem to be almost obligatory structures;