8 PRIVACY & security MYTHS that need to die!
HTML-код
- Опубликовано: 24 июл 2024
- Try out Proton Mail, the secure email that protects your privacy: proton.me/mail/TheLinuxEXP
Get a PC that supports Linux perfectly: www.tuxedocomputers.com/en#
👏 SUPPORT THE CHANNEL:
Get access to a weekly podcast, vote on the next topics I cover, and get your name in the credits:
RUclips: www.youtube.com/@thelinuxexp/...
Patreon: / thelinuxexperiment
Liberapay: liberapay.com/TheLinuxExperim...
Or, you can donate whatever you want: paypal.me/thelinuxexp
👕 GET TLE MERCH
Support the channel AND get cool new gear: the-linux-experiment.creator-...
🎙️ LINUX AND OPEN SOURCE NEWS PODCAST:
Listen to the latest Linux and open source news, with more in depth coverage, and ad-free! podcast.thelinuxexp.com
🏆 FOLLOW ME ELSEWHERE:
Website: thelinuxexp.com
Mastodon: mastodon.social/web/@thelinuxEXP
Pixelfed: pixelfed.social/TLENick
PeerTube: tilvids.com/c/thelinuxexperim...
Discord: / discord
#privacy #security #mythbusting
00:00 Intro
00:27 Security = Privacy
01:51 Sponsor: Private and secure email with Proton Mail
02:52 Telemetry is evil
05:18 Tor is a honeypot
06:52 Big Companies are more secure
08:58 Incognito mode is private
09:55 VPNs are the only tool you need
11:02 Privacy is impossible
12:07 I have nothing to hide
13:27 Always research yourself
14:09 Sponsor: Get a PC made to run Linux
Security = privacy
This one is obviously not true. Security and privacy aren't linked in any way. The general best practice is to find the services you need that have a good reputation for security, and among these services, try and find one that is private enough for your needs.
Telemetry is always bad
This is simply not true. Telemetry isn't always bad. The image we have of telemetry is that of Windows or macOS, but there are plenty of other ways to do telemetry.
In itself telemetry is a very useful thing: it lets projects or companies identify what is important, what they should fix first. It doesn't mean this data is used to profile you, or being sold to anyone.
If the company or project is something you trust, and that has no current business in data collection, or advertising, then it's probably not a problem.
Tor is an NSA honeypot
TOR is regularly accused of being a honeypot for the NSA. Something that is completely false, as far as anyone knows**
Yes, TOR is based on code developed by the US Navy. Funding for Tor also came from the US government, mostly. The code, however, is open source, and audited.
Is Tor entirely safe? Of course not. It's not a silver bullet, nothing is, and it can be vulnerable to man in the middle attacks or to specific types of monitoring, but it's not an NSA project that's designed to trap you.
Big companies are more secure
This statement is debatable. It's true in some cases. A recent report shows that smaller firms are 3 times more likely to be attacked than big businesses. 60% of cyberattacks seem to target smaller companies. But that's likelihood to be attacked, not necessarily successful attacks.
What is also true is that not all big tech companies are very good on the security front. So, while yes, bigger companies can be more secure than smaller ones, it's not a one size fits all thing, and what you need to look for is what kind of security the company you're interested in for a specific service or app has put in place.
Incognito mode is private
It isn't. What incognito mode does, is make you private locally, on your device, as it doesn't store data on what you've visited, your credentials, and the like.
Incognito mode doesn't, however, prevent websites from tracking you, or fingerprinting you.
VPNs are the only privacy tool you need
VPNs aren't a magical thing that instantly makes you private. Using a VPN will change your IP address and make you harder to track online, that's true. They're a good tool, but you need to make sure that the company that provides the VPN service doesn't log everything you do, and doesn't give these logs to various other actors. If you log into a service or website while using a VPN, it still knows it's you, obviously.
Privacy is impossible
This one has to be the most nefarious myth ever. Privacy is NOT impossible. It's not easy, but it's not impossible. Generally, this statement just betrays a lack of motivation. It will never be 100% perfect, but you can limit immensely what is known or collected about you.
I have nothing to hide
This is complete bogus. First, if you think you have nothing to hide, you're wrong. Everyone has something that might not be illegal, but might be deemed immoral or unacceptable by someone else.
Second, you might feel this way now, but circumstances change, and the data collected about you doesn't go away. By leaving all these tidbits of data stored everywhere, you're basically giving ammunition to the future. - Наука
Try out Proton Mail, the secure email that protects your privacy: proton.me/mail/TheLinuxEXP
im using it already! its awesome, simple and clean with no ads.
Man, it would be excellent if YT added the ability to hide user comments.
@@darthkielbasa ...so we could hide yours.
@draingangofficialthere a company and have to by law
@draingangofficial Because a company that doesn't will not be a company for long! And idiots that promote and suggest others break the law are more likely to get a visit from the authorities for being a good candidate to be willing to break the law themselves! So you didn't learn a thing from the video, now did you sewer rat!
The best counter to the "I have nothing to hide" people is to ask if you can have their phone for a moment
the best counter to "can I have your phone for a moment" is yeah, sure
That's the easiest counter
A better counter is asking if you trust your government to always have the same morals as you. The second you tell your government you're gay/muslim/christian/trans/a communist/a neonazi/a meat eater/whatever is the moment that some future government that hates that is going to know that and, worst case scenario, kill you
m.ruclips.net/video/CINVwWHlzTY/видео.html
@@WohaoG then you take their phone, open their messages, start screenshotting everything and sending it to you
If they complain, ask if they really don't have nothing to hide
“Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say.”
― Edward Snowden
I prefer to ask them for banking info, SSN, username + passwords and so forth. Hopefully they realize how much damage could be done at some point.
Here's a big one: Tech companies say you should give up freedom for security. Or privacy for safety. Yes, just like how they claim that drm chip in your inkjet cartrige is for "security"
Well, a good response is: "If I am not free to be in total control of my security and instead hand it to a company with hundreds of employees, partners and servers that may be vulnerable, then how is that security" and "If I do not reveal my private information to anyone all willy nilly, then how can you call it safe when you not only collect it without my consent, but even sell it to anyone willing to pay for it, who can use it against me any way they choose?
Anyone falling for and believing that shit, is a complete moron, and anyone spewing it as an argument is a con artist trying to profit off of gullible fools, plain and simple.
privacy is safety
It's literally in the name "Digital Rights Management" chip. It's entire purpose is to ensure you are complying with whatever companies service you are using so they can protect their IP and make $$$.
Though i guess this is a form of security, it just doesn't benefit the consumer. If you were a company with IP that took you years to make would you not want to protect it? And before you even say it... Yes, they do go over board sometimes.
@@HarryBallsOnYa345 IP shouldn't exist in the digital age.
@@roundabout-host how so? if you created something would you not want, at least, the recognition and, at most, fair compensation for your creations?
Or what if your IP gives you the ability to even begin to compete in a market. Are you just going to give that to your competitor?
Privacy often comes at the price of convenience and sadly when it comes to tech, people are more reluctant to give up convenience.
Signal. Very small lack in convenience. Huge boost in privacy. Brave (Firefox). Same. uBlock Origin. Just way better internet experience hands down. Many FOSS apps. Just better. No ads. Feature rich. There are many examples like this.
Most people know very little about electronic devices, they're just happy to see it working.
BTW, 65% of cell phone owners are addicted to their device.
Then again, understand what addiction is ain't as easy as getting a cell phone to work.
I subscribed to you and now I request Linux ASMR.
@@christianbeuschel1297 The first step towards privacy is educating yourself like you said. Educating yourself about the software you must choose or the hardware you should buy to get more privacy.
But even just educating yourself about privacy requires you to be willing to put in the effort to learn, which quite frankly most people aren't willing to do.
Most people don't ask themselves how their computers or smartphones work, how the software they use might hurt them or what alternatives there are.
We are Linux enthusiasts or users, we are more involved learning about the hardware or software we use, how it works and what it does, but it's definitely not the norm for all people.
@@danpodjed3114 Hahaha, maybe one day, who knows 👀
If a FOSS project asks me for telemetry first (not enable it by default) I say yes. If FOSS project enables telemetry by default and doesn't ask me, I disable it when I notice it and never enable it again. Ask for consent, that's all I want.
Yeah opt in is always better
AND it should say upfront what exactly it is collecting.
@@TheLinuxEXP
I don't like telemetry either but one main goal of the telemetry is to know what the majority of the users uses.
if the telemetry is off by default and the users have to go turn it on
most users wouldn't turn it on
and those who enable the telemetry are the minority of the users who are really passionate about the projects
this really defeats the purpose of having a telemetry in the first place which is to know what most users use and improve them
wheares an opt out telemetry will what the majority of the users use
and for people who really don't like the telemetry (like me), we can go and turn it off
@@jiasheanleong7918 Sadly telemetry these days is also tied to advertising and user profiling, so it's better if they ask you instead. of course, not every company or developer will be 100% transparent on their telemetry, but at least we know which ones to trust.
@@jiasheanleong7918 Well the best compromise is one that is on by default and is opt out, but gives you the opportunity to turn it off during the setup process.
It's not about what's worth hiding, it's about what's worth protecting
What citizens call "hiding" corporations call "trade secrets"
@@HarryBallsOnYa345KFC anyone?
"Why do you care about privacy if you have nothing to hide?"
The presence of a rug does not imply that it is being used to sweep things under.
You forgot another one
People saying that if you don't use VPN, others can see what you're browsing and steal your credentials. They forget the existence of SSL, and VPN's tries to make it sound like were in the HTTP-Only era where a MITM attack could compromise your computer, while completely failing to mention HTTPS
True!
Tailscale adds dopamine at least
@@senritsujumpsuit6021 True, Tailscale is dope
On the other hand, it would not be the first time that a malicious Actor can get ahold of a trusted SSL certificate, but a additional VPN would probably *not* help in such a case either if someone is explicitly targeted.
I guess, if a site isn't HSTS preloaded (or loaded before by the user, which sent an HSTS header), the first request _is made with HTTP._ Though, you would require a valid certificate. I know someone who manually added their ISP as a certificate authority, which could allow the ISP to respond with the fake certificate (even with HSTS) so that's also a risk point. Enabling HTTPS-Only mode in browsers should protect against browser traffic being intercepted. For other network traffic, you would need a VPN.
Telemetry isn't always bad, but not knowing what they're doing with your data means should should never trust it.
especially when we KNOW that they are selling the data to advertisers, and good if it ends there
yeah you definitily shouldent shouldent
One thing that people forget is that the Internet for the most part is a public place. Therefore as in any public place, you only have as much privacy as you create for yourself. If you want more privacy, go get it.
exactly..no need to pay VPN’s to sell your data for you if you keep your and companies sensitive data off the grid (snail mail important documents is always safer than the internet)
the presentation about "I have nothing to hide" is probably the most important one you've made on this channel, and delivered in a crystal clear fashion. You nailed it completely. We cannot trust the political systems we've all grown up with - the world is changing, and this wondrous technology we've created is being used against us by repressive regimes. There are entire sections of American political parties - well, one - that have no discernible difference to the Taliban, except for the language they speak.
I have a full video about the topic, that I’ve made a while back! Glad you agree :)
I was in a play once that had been quite popular, got great reviews, was counted by some as being among the most important theatrical productions. Just a few laters while discussing the play with someone and asking if there was any chance of a restage they said there were things in that show which would not pass the new censorship rules which had come into effect. Rules which were getting people monitored and in some cases arrested. The terms of acceptable and illegal can indeed change overnight. And lest someone thinks "It can't happen where I live", I saw how quickly things changed in The United States after September, 2001 and how readily people accepted those changes by recitiing, "Freedom isn't free."
@@WaterShowsProd I think you mean 2001
@@mamajozsi Whoops. Indeed. That was a typo. Thanks.
Uh hello based deparment?
Even if the company collecting your "telemetry" is not malicious, there's still a chance they might get hacked. And as you pointed out, even so called "anonymized" data might assist in fingerprinting you. Telemetry might not be inherently "evil", but often it is still riskier than most companies want you to believe.
Yes! This is exactly right.
The issue with telemetry is that it can be used to fingerprint devices on an ISP level. Your phone and laptop are likely making the same unique combination of telemetry requests everytime they connect to a network.
I have EVERYTHING to hide!
Well hiding stuff in terms of privacy is close to dead.
What you can do however is a different approach, rather than trying to hide the data, you flood it, and flood it with contradicting data.
Basically, your real date becomes indistinguishable from the garbage you left behind and its value drops, and cost of filtering increases.
This is the tactic I have been employing with Google and they are really struggling with the profile for me as a result, when I check their ads, they are all over the place and irrelevant.
Agree totally! We need scripts that do that for us...😁
There used to be a Chrome extension that did this.
I get why some people could feel like privacy is just not possible now a days, it's getting harder and harder to achieve any measure of it and more and more major companies are starting to go the way of Google where they're going from being software companies to being data brokers who offer free software in exchange for the right to sell your data.
Using Proton's package has felt like a breath of fresh air. I can just pick it up and use it anywhere (although I still code my calendar markings and encrypt sensitive data before uploading). How cloud services could have been from the start without surveillance capitalism taking over.
I still self-host my business and personal projects, but it's a huge load off my mind to have someone else take care of everyday stuff. 🙏🏻
If it weren't for the data collection, surveillance and what ever else not in the best interest of the user, then the cloud wouldn't even exist! That's what storage is and has been used for since the the earliest days of computing, and at the time it first was being advertised, data storage capacity was high enough to not have to worry, and cheep enough to always have enough, and the opposite was a major selling point, as was having your data everywhere and anywhere, so in countries that have no data protection regulations, which nearly every cloud provider has server farms in! I wonder why? They were correct in that they would protect your data from evil hackers, and thieves, but not one ever wrote in their EULA it was secure from what they (the ones selling it) have in store for it!
In reading contracts, it's always important to consider what they don't say, and not take what they do say to mean anything more than exactly what they say, and not one iota less, or more.
if i were EVER to develop some sort of telemetry into an app, i'd always make sure it's verifiably "blind" statistics. i'd make sure it never stores individual records of your system (and never personal info) unless you choose to. the relevant statistics are always just updated homogeneously.
Just anonymizing everything should be a good first step. As an end user tho, personally I'll never trust any telemetry system not because I don't trust any of the organizations but because things can change and even if I'd trust the data in the hands of an org I feel I can trust now, they can change over time and become an organization I don't trust; Like Mozilla for an example.
@@MegalomaniakaalWhat happened with Mozilla ?
@@lpolarisl219 Way too many screw ups over the decades to list them all, tbh.
I'm fine with telemetry as long as it doesn't contain any personal data. When I installed my Linux distro of choice it asked me if I wanted to send a telemetry report of just what physical hardware I was using and nothing else. It really does help developers.
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." - Benjamin Franklin
This was well put together and desperately needed to be said. We can never have enough good videos like these that debunk these myths!
For the "I have nothing to hide" argument, it's not just governments and laws changing that you need to be concerned about. People have lost their jobs over what they have said or done online even if what they did was perfectly legal. Sometimes a social media post from years ago can come back and haunt you so while you did nothing legally wrong, it can still negatively affect you later.
Another thing about VPNs is, your IP is just one part of your digital fingerprint. Companies like Facebook and Google have long claimed to be able to finger print someone who is using someone else's computer based on things like
- how they move the mouse,
- where you scroll to on the page,
- how long you take to click a link
- which websites you just visited, and in what order (as long as they have trackers on those sites too, which normally they do)
- your typing cadence
- vocabulary
- and lots of other stuff (they use literally hundreds of data points)
You can tell (somewhat) how good Google is at finger printing you based on how recaptcha treats you when you aren't logged in to Google in that browser. They use their fingerprinting as part of recaptcha. Generally, if it just less you through right away, you can be sure they finger printed you. If it doesn't though, that doesn't mean they didn't... It might mean they want you to help train their image recognition, and remember you being a decent source of ground truth.
So its a dictatorship against all privacy basically
I think that fedora would use my private data to calculate my head size so that they can sell me custom advertising for hats!
The thing is, at least here in the states, they can't arrest you for something you did a year ago, which was legal a year ago, but is now illegal now. You'd have to do it while it was illegal for it to be a problem.
Otherwise, good video.
so, just the one law got changed? not the law that allows them to prosecute for past deeds?
I believe that's the case for most countries, but it doesn't account for cancel culture, and other kinds of... unofficial persecution
@@mks-hGood point.
@@allryledup Well that would require a constitutional change for that to even happen in the first place, which is much harder to do. If that did get changed, though, then yeah, there would be more of a problem.
You can be fired from a job or removed from a seat you were elected to because a comment you made in 2014 and is now considered sexist or racist or anything resurfaces now.
The infamous "You say that you care about privacy and yet you own a smartphone LOL.".
Privacy isn't about having something to hide. Most people prefer to poop in private. They aren't doing anything wrong it's just not something they want to share with the world.
Also the police at least in the US have a bad habit of seeing evidence where there is none. There's a great video called something like "Don't talk to the police" that explains the details of why sharing everything with the police is a bad idea even if you genuinely have nothing to hide
Lol it sucks but yea, don't talk to them.
The classic "Everything you say can and will be used against you"
Big Companies can also get complacent when it comes to security.
They may start to think "We're too big to be hacked"
If privacy is unachievable, they wouldn't be trying so hard to have us believe it.
True but I believe the main message is _TOTAL_ privacy which is impossible for anyone willing to live in a society.
The hardest part about privacy... is honestly when it comes to messaging apps, you kinda have to convince the people on the other end to also switch to something else, if you want to switch xD
6:06 anonymous MYTHS: Tor is not the only tool that will make you anonymous. There's i2p which more secure, anonymous, and more optimize for hidden service than Tor.
“Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say.”
― Edward Snowden
- Edward Snowden, the guy who was happy to receive passport of Russia, the country that's literally 1984
@@mks-h Their president is certainly a hell of a lot better than what we have.
@@dragonballjiujitsu if you're a dumb fascist with no self respect, and who needs a king (tsar) instead of a president - sure, he's just for you
I don't really like this statement. I mean, it sounds cool and edgy but i don't think it really changes anyone's mind if your goal is to make them care about privacy.
i guess more accurate analogy is
"why should I hire a lawyer when I'm a suspect if I've done nothing wrong"
As an apolitical person who doesn't care about my online privacy, I really don't have anything to say
Let's just pretend that people who say "I have nothing to hide" are government agents that work together with the pigeons.
The only way to be sure is to ask for all their credentials (address, since, etc.). They have nothing to hide, right?
Ah yes, having blind delusions
The Tor and VPN statements really are reversed. The cleverness of Tor is that if one of the three nodes your computer picks from the 10K or so in total is secure, you are at least somewhat anonymous in all cases. If a VPN is bad / compromised / whatever, you have no anonymity. It trust one party 100%, or trusting that at least part of the 10K or so Tor nodes run by many different individuals and organizations are not compromised.
The problem with Tor and VPN is that your Browser and OS has a unique fingerprint. Therefore, when it comes down to it, it's best to use a fresh VM and adjust settings like language, time, etc. Whereby this is of course more difficult to track with Tor than with a VPN. How trustworthy a VPN is depends strongly on the respective service. For example, there is Perfect Privacy or OVPN. The cheaper or even free the service is, the more careful you should be about what you use it for.
@@Hammersmash3dFace Just look at HTTP2 fingerprinting. I am not seeing anybody talk about it and it's a pain to circumvent. I have disabled HTTP2 due to the problem. It's also how crimeflare and akamai detect a discrepancy between your actual and projected system fingerprint.
HTTP2 fingerprinting is enabled on the TOR browser, Brave and other privacy browsers too.
First of all, thank you for your informative and entertaining videos! I want to object to your estimation that TOR is secure from the NSA or any other organization that has a complete or nearly complete overview of all connections begin made. TOR is vulnerable to a timing-based analysis of network traffic. It is my understanding that the NSA does indeed have such an overview here in the US. Additionally, I have heard that the NSA also manages many TOR exit nodes. So my advice is: be careful with TOR and don't assume that your communications are private.
Just as an addition - incognito/private browsing in practice is not *that* useless at protecting your privacy. Considering the amount of free trials you can circumvent by just turning on private browsing, companies are not that good at actually telling it’s you (even if it is not impossible).
A lot of people appear to me to be defeatist regarding privacy because they just don't know how to protect themselves. It's immature to be sure but I get it. The sad part about it is once a person has committed to the defeatist attitude they rarely change their stance and never without resistance.
It doesn't help that the "scene" is also full of know-it-all's who know how to regurgitate "facts" they read online but they don't possess an adequate understanding of the technology or systems involved... but they are loud and they have fanboys which will defend them at every turn, even when they are very wrong.
It's not too hard, but it's also not easy. The biggest change one needs to make is a mental shift. Don't ask what they will do with your data, ask what they could do with it. The safest way to protect your data is to never send it in the first place. If you're going to send data, poison it. Break those data sets, make them worthless.
Incognito mode does at least make tracking less useful as its mostly only got your IP address, windows size and browser/OS identification to go on, since it has its own temporary cookies that get wiped when you leave the mode. This is apparent in how often CAPTCHAs will appear due to no historical evidence that you are not a bot.
The rule of thumb I have is if you can't disable telemetry then it's probably bad.
Not all telemetry is bad on its own but most of the time if the dev gives you the option and continually respects what you put (looking at windows just ignoring or turning it back on after disabling) then it's probably ok.
A chromebook which is still getting security updates, in guest mode, is pretty secure, but not private. A Windows XP machine that is offline, is pretty private, but definitely not secure. I guess if someone can break your security, they will do away with your privacy too, if they choose to. So there's that link, at least.
Exactly. People often don't get that Chrome OS or Android are actually very secure. They are both tightly integrated with the device firmware and have a very locked down boot process. Does that mean you have better privacy? No. Chrome OS still sends data to Google and Android often has manufacturer's bloatware and Google Play Services. Many people also just believe Linux is secure and don't take steps themselves, like enabling encryption, using secure boot, not using and locking root, using a firewall, enabling SELinux or AppArmor, etc.
Incognito mode is only useful for asking dumb questions that I'm ashamed to look up
I nearly thought we weren't getting a sponsor today and I was legit getting sad lol
Hahaha
About Tor, from what I've heard, the problem is not the code, but that many relays are allegedly hosted by government institutions and are keeping logs.
If the same institution (say, NSA) controls both your entry node and exit node in a connection, it doesn't matter how many legit/clean intermediaries you are going through - they can relatively reliably correlate the timings for packets "I got a request from device A for X" at the entry, with the "I got a request for X from relay K" packets at the exit node.
And this only gets more reliable if more of your relays are controlled by the same institution or one that they have some data sharing agreement with.
for the point "i have nothing to hide" i must say at least if some bad guy steals your identity via the data the person spreads around - the thing will change quickly
Google Drive has a great security feature- they just "accidentally" delete your data.
Tor was open sourced for the same reason the some encryption system were open sourced by the government, they also needed privacy and what better privacy than to blend in with the masses. That's why'd be counterproductive to put a backdoor in it, you'd only need one disgruntled agent to leak it and your whole organization privacy setup is bust.
Really good points and one I'm thankful you made.
It's easy to succumb to the non stop push to coerce you into a convinient lifestye and give up on what are your rights. That option though always has a price. Just look at where we are now ;)
9:25 Your a little bit wrong. An important thing to remember is a new Private/incognito session starts with no cookies, so that does help your online privacy.
Giving big tech the telemetry data is akin to giving access to a room on the promise of renovation, but getting precious things stolen instead.
6:30 it was my understanding that the fears that Tor was a NSA Honeypot because of speculation that they were aquiring nodes through various means, not that they had any backdoors built into the sourcecode. While I'm not familiar enough with how the community makes such speculations on how many nodes the NSA has control over, mathematically there is a critical mass point where it's possible to deanomonize the network because they control a certain percentage of the nodes.
I believe it's specifically about entry and exit nodes (although I don't know for certain if those are special, or just picked from the total pool of nodes), if they can analyze traffic in and out, the hops in-between are less valuable.
Additionally, if the network attracts people with nefarious goals, while few "normal" people use it, then the agencies are more likely to run into the bad actors by monitoring the network.
@@thorbear I'm pretty sure the entry/exit nodes are an opt-out feature, the only difference being that they can send/accept traffic from outside the Tor network. I'm by no means an expert on how it works, and don't have first hand experience because I haven't developed the privacy habits to actually make the network's anonymity useful if I were to change browsers.
13:58 Just to give a taint: a company that is doing awesome right now, could be bought tomorrow
I HAVE BODIES TO HIDE
Privacy? What's that?
I'm old enough to remember that my first phone number not only had my name attached to it,
That number, my name and MY address was published in a book that was handed out for FREEEEEEEE and
hung next to coin phones out in the wild.
About the "nothing to hide" argument, you can make a sort of adjusted Miranda warning about it:
"You have the right to privacy. Anything you do online can be used against you in the future."
06:52, biggest answer to this myth is Google vs Proton.
You say that if the company doesn't have a marketing use for your data, telemetry is fine. I'd just like to point out that Google didn't use your data for marketing in the beginning, and as you pointed out, once your data is out there, you can't take it back.
i still remember when i sharing some info about phishing to my friend, then he asked "which VPN can protect me from this?", then i told him "none of them"
Why is Safing's Portmaster link included in the description but not Tuxedo's?
Failed at a copy / paste, it’s fixed!
Greetings, A query, what program do you use to edit word or excel. I used wps office but I don't like it very much, thanks.
~ 10:00 - To be fair, most tech-oriented YTers sponsored by VPN companies now only promote bypassing geo-restrictions on content and adding some security when accessing http-using sites over public WiFi hotspots.
At 0:52, I assumed he was talking about Proton Mail. But a minute later, he does a sponsor read for Proton Mail 😂
😂😂lol right..... Wooooosh
Bro watching RUclips Without Sponsor Block 💀
@@jonawa1573 ehh, I consider it pretty unnecessary. Just fast forward the sponsorship.
protonmail can be sapina'd by the swiss government and europool to i believe. unless you're hosting your own email it cannot be private, nor was email made to be private. the issue with hosting an email is how much management you have to do on it, how easy it is to open yourself up to attacks and all. it tends to be a very extreme threat model. tutanota would probably be the most private and secure email service
They can there was just a thing about it awhile back.. Also there are a few "popular" people who have had their protonmail accounts shut down by the company and they won't reply lol it's sketch
@@comosaycomosah yeah exactly, it used to be better but then the swiss police noticed criminals using it lol
@@iamnama999 yea that's how it goes with alot of privacy services... It's better than nothing but still pretty meh
If you're really concerned about email privacy, then encrypt before sending using PGP/GnuPG. This doesn't encrypt headers, unfortunately, so third-parties could still be able to see the subject line and who you're communicating with (so make the subject bland!) but it's about the most bullet-proof way to prevent third-party access to the email body, assuming you can trust your correspondents' PGP public keys.
@@dfs-comedy that's some really useful info! thank you!!
Having security doesn't necessarily mean you have privacy, but having privacy usually rhymes with having security:
how can you get one of your passwords leaked if the password you use to decrypt your data is only present on your device and nowhere else, like on the servers of the company you're using the services, how can you be located and targeted by malicious actors like an online stalker if you hide your IP with a VPN, how can you get blackmailed if your operating system doesn't constantly leak information about itself that can be intercepted or your messaging apps send only encrypted messages.
All of those things are generally used and advertised as a way to increase privacy but at the same time, even without wanting it, it also increases security.
Might be a strange question, but which browser is that at 6:53? I would like to have my firefox look and feel like that, with the tabs below the headerbar and the control buttons in it.
Firefox, but with an adwaita theme! Look for « Firefox gnome adwaita chrome css » online and you should find it on GitHub!
@@TheLinuxEXP Oh heck yeah. Thank you so much Nick!
There's a saying where I live: "Even if I have nothing to hide, that doesn't mean I like to be searched". It applies for any situation. For example if the police stops you on the street, you're doing nothing wrong but you won't like them to just look around your things, your car, yourself. Or if your'e at school and a teacher asks to look inside your bag. Or if your'e at work and suddenly people from HR just come and want to look inside your drawers or your computer.
Remember that folder you left on the bottom of the drawer that was due like a year ago? well, that's what they'll find. But you had nothing to hide. Or maybe that snack your'e not suppose to have while in your station; or that cellphone you shouldn't have at school; or that controversial book you're reading but don't want anyone to know about... Or that photo of your ex you still carry around... Yes, it's not illegal, it's not bad, it's nothing that would really impact your life, but you still won't like to be searched.
Man, your videos are getting crazy good. There is so much work that you put on the content and the words are spot on. I hope you keep this energy for a good amount of time
The best counter to “I have nothing to hide” is “Yeah, I know”
Nick, I love your french Accent. You speak very, very well english but your "a lot" is so iconic! You got me back into Linux again and since then I often watch your content, it is just this great! Keep doing it your way :)
VPN company has to comply
to local law, as any other company. and this law often requires it to log user data and provide it to police and such
More accurate: A lot of TOR nodes are honeypots.
I decided up on install of the Fedora KDE spin to set telemetry to level 1 (with 0 being off and 4 being the most). Even opt out telemetry can be good if designed private and transperant what is collected. I do support Fedoras opt-out telemetry. It needs refinement but I still support it.
returning the internet into the hands of public workers instead of the privatized industry it is now would benefit us greatly too.
govt employees would be better? are you trolling with dollar store bait?
It just feels weird to know that whenever I look up some random information some algorithm somewhere is going to use it to change what I see on Google searches, YT recommendations, and background ads. And people are paying to give that information to eachother without me seeing a cent of it.
incognito mode doesn't share the cookies of your normal browsing mode, so technically it is more secure
Talking about privacy. Today I woke up and saw my entire RUclips feed gone for the message telling me to turn on my watch history that I can't pass by.
You are NEVER completely secure online. No matter if you use tore, VPN, on a burner Linux laptop/flash drive on someone else's wifi. As a matter of fact the more of these things you do the more likely you are to attract the attention of various alphabet agencies. Against a scrip kiddy or basic search you might be ok.
True. I was recently looking into secure boot and full disk encryption on my laptop and the documentations talked about how you could still be compromised by skilled and determined attackers that are willing to read RAM directly to move an SSD to another machine while powered. I am not really worried about that, but it does go to show how there's always some way you could be compromised.
The "This VPN secures your bank details" BS advertising shits me to tears - TLS is what secures your bank details...
Okay, so "telemetry" is the reason we get damn "youtube shorts" instead of fixing the relative dates in the video details. Apparently, people enjoy when they are shown unfitting vertical videos, restricted by 1 minute, cannot rewind, cannot control the sound volume and so on.
For anyone thinking of the CIA triangle in security of Confidentiality, Integrity, and Availability, then I must point out that confidentiality and privacy are still two different things. Confidentiality only deals with preventing information from getting into the hands of an unauthorized party. Privacy deals with who is authorized to have the information in the first place.
Great video Nick. As always, no service is going to do everything for you. If it claims it does, there's something amiss. Real privacy and security takes a lot of effort on your own end.
Thank you for your "i have nothing to hide" segment
The big logical issue with the idea of tor being a honeypot is that the NSA themselves use it against their adversaries, and any backdoor they somehow got in could be used against them.
At 4:18, i think you meant opt-in as good, and opt-out as bad... Its backwards in the video.
Haha yeah sorry!
Speaking about privacy, I am surprised that no one raised an issue about having the name of every patreon/supporter listed at the end of each video. 🧐
About VPN, it is a "must" to use any VPN (even free tire) if you use any Public WiFi.
I guess we have all searched once in our lifetime
HOW TO MAKE A PLATYPUS FALL IN LOVE WI-
Privacy doesn't exist in my country, China, and I'm pretty sure the government knows I'm using a proxy service to browse RUclips right now.
Am really paranoid when it comes to my privacy but it doesn't help when I do dumb stuff, it's not try went you get older you because wiser.
During the part about VPN's you mentioned a "Tech Law"(?) channel with further, more technical insights. Which one do you mean there?
Great Video btw!
Techlore :)
I remember an Ed Snowden interview where he said you choose Security OR Privacy
Caught me off guard with that Segway. That was Rush Limbaugh level IMO.
what a walker 🤣 as a british i loved this one about the boss 12:22
Hahaha typo for something less flattering 😂
Private browsing is used so you don't leave session cookies on public computers, period.
Very good and balanced video - first time here - liked and sub'd. I have a question for a possible future video - adding a wifi router to an existing device? My wifi provider - like many - gives you a device which is basically crap - but you can't access it to change any settings, its locked. So... can you use a port to fit Another router, that you can configure, and use THAT as the main access, going into the stupid one? Slightly slower, yes, but, if the new router is sufficiantly better, worth it? Thats an open question to any answers....
For privacy check rob braxman too, surely hes sometimes a bit too strict but that is the only approach that could partially work
he knows his stuff
I HAVE NOTHING TO HIDE..
Except what i do online....
Never forget the option of storing stuff in encrypted form, too. If you encrypt first, then store, hackers and services are pretty unlikely to know more than a file name and if you're using a randomish name or cryptea with name scrambling on they're unlikely to get even that much.
Living in a stable nation, I'm less worried about the government - it's the companies who will make my life miserable first. Banks, insurance, insurance, healthcare, you name it... if they don't like what they see and are allowed to act based on conjecture and algorithms alone, I could be in for extra fees and higher rates through no fault of my own. Just because the machine said so. 🤖
Yes privacy is our primary concern
I have nothing to hide from a corporation. I have things to hide from people I know. That's the key difference. Corporations are not people. I don't care if an algorithm is going over my data. I don't care if a bot looks at my nudes (if I even had them). I care if people do. And given the sheer volume of data the big corps go through, it's machines doing that work, not humans. There is indeed anonymity in numbers - the odds of anyone (human) focusing on you, personally, are astronomically small. So yeah, I really do not care. To them I'm not a person, I'm a statistic. Statistics don't need privacy. And if the "law changes", well... everyone would be fucked, pretty much, except the 1% of people who actually care about privacy. And guess what - 99% can never be fucked, if 99% of the people break a law, it will never be an enforceable law. So the argument of "you never know if what you're doing today won't come back to bite your ass in the future" doesn't apply to anyone who does things that the vast majority of people are doing because, again, the vast majority of people will never get fucked, that would be the end of the world.
I see that Golden Sun video on your homepage... very good taste ;)