Slashdot Mirror
How to Convince Non-IT Friends that Privacy Matters?
mmtux writes:
"As technology becomes more advanced, I am increasingly worried about privacy in all aspects of my life. Unfortunately, whenever I attempt to discuss the matter with my friends, they show little understanding and write me off as a hyper-neurotic IT student. They say they simply don't care that the data they share on social networks may be accessible by others, that some laws passed by governments today might be privacy-infringing and dangerous, or that they shouldn't use on-line banking without a virus scanner and a firewall. Have you ever attempted to discuss data security and privacy concerns with a friend who isn't tech-savvy? How do you convince the average modern user that they should think about their privacy and the privacy of others when turning on their computer?"
You may be conflating too many issues. There's a huge difference between warning people about info-stealing malware and saying "zomg ur real name is online!" Remember that most people still have the attitude that they have nothing to hide and so nothing to fear.
I say focus on the most critical issues, like not clicking stupid links, using IE, or falling prey to phishers. Nobody wants his bank account emptied.
Seriously... Google them. Or somebody else at random. Show them how much information about them is already out there, and how easy it is to find. That'll convince them pretty quickly that they need to safeguard their information.
If you believe everything you read, you'd better not read. - Japanese proverb
A lot of people are pretty self-righteous and tend to remark snidely "Why do you need privacy if you've got nothing to hide?" What are you supposed to say to someone that seems pretty opposed to privacy... they don't even care about your privacy much less their own. Now that 'terrorism' is a buzzword, people are even demonizing those who even bring up privacy as a concern.
Twinstiq, game news
for most people all you will do is alienate them from you if you lecture them.
it's like warning a girl that her new boyfriend is an @sshole.
tell her once, but after that she just has to learn on her own.
most people just don't care until it bites them.
Email. Everyone uses it. Or some variation of it, such as SMS for the younger crowd.
Point out to your non-IT friends that sending an "email" is NOT like sending a "letter". It is like sending a "postcard". Any number of people you might not know can see the entire contents of your message along the way -- plus they can keep a copy of each and every one of those messages forever.
To take the analogy further, if they really want their "email" to be in an "envelope", use encryption!
@HbFyo0$k8 tH!$
Don't be helpful, be available.
If your friends want your expertise they will come to you and ask. If you offer it unasked-for, they will probably never ask and will go to someone else.
Probably better to talk to them about your other mutual interests. That way you get to keep your friends...
You ask a good question...
No one really wants to be 'that guy' in the circle of friends. You know, the one that's always soapboxing about some sort of social injustice, evil corporations, or whatever. However, that's more or less what you need to do, because people MUST understand what is at stake when our rights to privacy are taken away.
Now, you can help your friends understand how their privacy is seriously at risk without being an asshole. It just takes time, and perseverance. I have alot of friends who have very uninformed political opinions. It's rude to just lecture them every time the subject comes up, but there's nothing wrong with speaking the truth to your friends in a palatable, positive way.
The more you mention issues of privacy, and the more well-informed YOU are about the issue, the more it will create top of mind awareness for them. In time, they will see your point. They will encounter a loss of privacy in their own lives, and because you were such a well informed friend, they will have the ability to make the mental connection. You really are doing them a favor.
Thank you Dave Raggett
How do you convince the average modern user that they should think about their privacy and the privacy of others when turning on their computer?
If they won't listen, they may need to learn the hard way, when they lose money or friends from being free with their personal information. I remember my first year in college, I knew a couple of my fellow freshmen who learned to lock their dorm room doors when their stuff was stolen. They learned the expensive way not to trust everyone.
Accentuate the positive, don't waste your mod points on the negative.
If you want to convince people then you have to provide examples that they can relate to.
I suggest you gather up a number of different examples (as no single one will appeal to everyone). Once you have some you can provide your IT lite friends with relevant examples that they can relate to.
Wardish
Ward
. Silence! Be thankful thy species is unpalatable! .
You're a complete asshole who is missing the point, yet some idiot mod will see your low userID number and automatically mod you up.
We'd have that real anonynimity still, if people gave a damn about it and valued it instead of pissing it away for the sake of convenience. And no, this is not how humans have always lived. For most of human history, it used to be that knowing very much about somebody was a difficult and expensive undertaking, as you would have had to actually physically observe them and follow them around and investigate them. It was something you did not do without a reason. Electronic transactions plus modern databases mean that this has become far easier and therefore more widespread. A few companies have more market control and a few governments have more power, but the average individual has nothing good to show for this. That is the problem, and you are in denial.
I consider myself to have a reasonable technical knowledge (e.g. I've just written a telnet client from scratch in c++) and I don't use a virus scanner when online banking or at any other time; they're a complete waste of space.
Perhaps you should reserve this opening statement for something less preposterously moronic than "For most of human history, it used to be that knowing very much about somebody was a difficult and expensive undertaking, as you would have had to actually physically observe them and follow them around and investigate them."
Before the rise of large cities and mass transportation, it was an expensive luxury to live in a way where you *didn't* know the intimate details of your neighbors' lives. You didn't have to follow them around -- there was no place for them to go!
What I'm listening to now on Pandora...
Today you are lucky to be able to lose yourself anywhere, be able to have a private conversation in any convenient location. Most of the time you will be caught on tape at least coming and going. This loss of privacy is accepted for obvious reasons.
So, when asked about privacy I wonder what they are talking about. Is it the people who put every detail of their lives on Facebook, then whine when those details are exploited? Is it those people who use the services of google, like gmail, with no worry that such mail may be used for profit? Or the people who send unencrypted email? Or the identity thieve issue, which is not so much a technology issue, as a going through people's garbage issue.
Basically privacy is a compromise. To get people hyper-concerned about privacy, they have to give up some luxuries they have become accustomed to. For people who will support torture to prevent a 1 in 10,000 million chance they might die in a terrorist attack, it seems like a deal that is unlikely to be closed.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
Talk to a dentist. You'll hear a whole lot about how important it is to floss your teeth for 15 minutes a day. A fitness nut will tell you how you need to exercise an hour and a half a day. The house painter told me I should wash the house once every 3 months to preserve the paint. A mechanic friend told me to check my car's oil every week. etc etc.
Most people just don't have the time/energy to do everything they're told so they ignore most advise.
Engineering is the art of compromise.
The critical issues is forcing ethical behavior on government and companies. Even the most jaded big dumb company employee will admit that filtering the trivial details of their lives it's a waste of money. Most will also realize that such violations make it difficult for people to fight back against other violations. Domestic spying is already against the law. Anyone making use of public resources, such as ISPs using public spectrum or servitude, should be forced to obey the same privacy laws as government. It's not their network and it's not their data, it's yours and no one else has any business filtering and storing it.
Suppose the GM Ralph Nader investigation had found something nasty. US cars would not have airbags and a whole host of other public safety initiatives could have been crushed by ruining Nader before he got anywhere.
Companies today have much better ability to spy than they did forty years ago. Most people run non free software that gives it's owners the ability to read everything on your hard drive and their newest OS indexes and reports the contents. ISPs have been given the "right" to filter and read all of your email, though they have always had the ability. Government had demanded the ability to ask for any of that email and browsing on demand. You purchasing is indexed and sold to the highest bidder. Cell phones report your location and newer ones can record your conversations and filter them for key words while turned "off" and useless to the owner. There is very little the rich and the powerful can not find out about average people.
Yet all of that spy power is useless when it comes to real threats. Criminals can and to take countermeasures. All domestic spying is good for is harassing honest political and economic competition. That's nothing anyone wants to pay for.
Friends don't help friends install M$ junk.
Sometimes it's not even "for the sake of convenience" - many of us, especially prolific bloggers, enjoy sharing our ideas, identity, and intimate details of our lives as a form of self-expression. Not only are we not trying to obscure information, we're broadcasting things to the world that would cause previous generations to blush, and are eager to continue to push those boundaries. The type of strong privacy some people advocate is an alien concept to us.
Knowing where I am, who I'm with, what I'm doing, what I think about that, etc. is something that I don't mind the general public knowing most of the time. Being contactable for all that time via IM/phone/whatever is generally kosher too (although of course I'd rather not be contacted by marketers for any of this - would like advertisements and marketing banned).
I realise that not everyone is part of this new "open subculture", and that the deep privacy advocates certainly exist in fair numbers, but I'm not alone.
For every problem, there is at least one solution that is simple, neat, and wrong.
I agree. There's a whole generation growing up knowing everyhing about their peers. This is not bad at all.. and in many ways is much more healthy than the insular 'omg he knows where I shop!' mentality of the older generation.
This is entirely different to government/corporate interference/monitoring which *is* a debate that society needs to have. To try to conflate the issues is to make yourself out to seem to be a complete nutter.
Once, we had a society where everything was known to everybody. That society was called the small town, and the result was oppression by groupthink as a measure of excellence, wielded against those who deviated from the norm, and where gossip and slander were social weapons of choice. Is that any better? Perhaps compared to a heavily rigged oligarchy, but that's not saying much.
Better is this: keep public decisions and the processes leading to the decisions public (except when doing so would break privacy), and then keep the rest private, except by choice of the participants.
The problem with complete public disclosure is not that your actions might be damning so much that it is that it can be cleverly twisted into something of the sort, and that these distortions very easily attain a life of their own.
The operative phrase here:"most of the time". We are not discussing selective privacy here. We are not talking about something you have voluntarily posted on your blog. We are talking about information you have explicitly not made public and may very well not want others to use against you. This is not information you chose to share. This is information someone else has chosen to collect/use/share without your knowledge or consent. Please bear this in mind when talking about your "open subculture" and the people who you believe are not in it!
Sorry, but both halves of this are wrong. One, you have no idea what life in a village is like, and two, when everyone you know knows everything about you that you don't go to elaborate lengths to conceal, it's irrelevant that there aren't millions of other people for them to know about as well.
(It's relevant for other discussions we could have; it's certainly not relevant to the original AC's view of the world.)
What I'm listening to now on Pandora...
I'm often floored at how much information people post on Facebook, Myspace, etc. I'm one of those weirdos that uses a screen name for everything and only a few people in the world know who I really am from my screen name.
I use decent passwords, and keep info that could be used to harm me to a minimum. I don't put a message up on Facebook saying how excited I am to have just bought a $750,000 new house and $37,500 new car or and here is my address and the key is under the doormat.
This was my boss's and her children's attitude prior to my employment. I'm the IT guy so of course I ended up fixing their PC when it got riddled with spyware/virii/worms/etc. When they asked me what those programs did I put the fear of God into them. I had them so scared they were on the phone changing bank passwords, switching from using "1132" as a password to something 16 digits long, deleting more private info off of places like Facebook etc.
Yes I stretched the truth about the dangers of the apps they had managed to be infected with but they are a hell of a lot better now. They shred mail and those fracking "you've been pre-approved!" credit offers.
They didn't get burned but I made them think like they narrowly dodged a bullet and they are better for it.
Speaking of SSL, I updated the SSL certificate for a site we host recently, only to soon thereafter get a complaint from the customer that it wasn't valid. Turned out he had one of those silly Thawte Seals on his site, which needs updated for the new certificate as well. I pointed out to both him and our web developer that those are a really bad idea because they train people to be susceptible to phishing. All I'd have to do is get someone to go to a typosquatted domain, or even even a non-ssl site that looks right with a gif image of that seal (and I could even have it linked to something that looked like it validated the cert like the real seals do). Our web developer commented "it's something my grandmother can understand" and my comment was "your grandmother is exactly the person most at risk from that sort of thing". Trusting content to validate itself is an incredibly stupid idea --- only the browser can do the validation, and people need to be trained to the browser's indicators, not the content.
If only we could actually trust the browsers...
This assumes that your users are savvy enough to understand that SSL does not prove the identity of the third party. For example, it would be possible to make an SSL gateway which proxies the traffic between both endpoints. This would have the effect of producing an SSL certificate error on the client(because they're not signed by a trusted CA), but with the average Joe just getting an error(to which they would presumably click accept/allow) and seeing that:
They would probably enter their info in it anyway. This approach can also work anywhere public computers are used, with the added bonus that the computer could have the fake root CA approved, thus presenting no SSL certificate error at all.
There are ongoing research projects for mutual authentication(ie. you know that you're sending your data to a non-fake website and the bank knows that they're getting data from you and not a third party pretending to be you), such as ones involving Elliptic Curve Cryptography(ECC) over HTTP.
Jean-Francois Im's blog
I assume you also get an hour of exercise per day, eat no more than X grams of saturated fats every day, don't eat any trans fat or HFCS, eat a good 25g of fiber every day, floss your teeth twice a day and go to the dentist every few months, rotate your mattress on time, etc etc etc? If not, maybe you should stop to admire how pretty your glass house is before you pick up that rock...
Warning: Apple/Nintendo fangirl. Likes her electronics cute & cuddly. May be rabid.
I think you may misunderstand a few things. I am a fanatical "private folk type", so I will attempt to speak as one to you.
What you are saying about information not being owned is not entirely accurate. Some information can clearly be "owned". If you have your ear up to a doorway and are eavesdropping on 2 people having a "private" conversation, was that information ever intended for you? Are you correct in disseminating the information to others? Clearly not.
So privacy is important. So is anonymity. They both have important places in our society. For those that choose to be free with information regarding them personally and their actions with others, that is a personal decision. It is neither right, nor wrong. We all are desirous at some point of sharing information with other people, as that is a human quality. What I would find wrong, is one person making that decision for another, or even making a judgment about it.
As for your example about circles of friends and events, I would actually propose that those people are being unreasonable. The fact is that the vast majority of information out there is "owned" in a partnership if you will. If I am at a party with a dozen other guests, I cannot reasonably expect all of them to make my presence, or any of my actions, private from all outside parties. If there was a picture taken of me, I agreed to be in that photograph. So even though I am a privacy "freak" if you will, I do recognize that my actions with others, and especially in public, cannot always be private, and that I certainly do not "own" 100% of it. That would be presumptive and arrogant.
Your examples about advertisements fall under a different area of "privacy". There is a difference between wanting your own thoughts, feelings, actions, property, etc. private and wishing for peaceful enjoyment of your own personal space. So it is not so much "privacy" as it is "give me my space". Kind of like being at the beach in public, but not wanting to be bothered by a traveling salesman wanting to sell you a vacuum.
Now when it comes to advertisements that are targeting you based on personal information and information collected from other companies, even I would say you have little recourse. When you engage in a business transaction with another company, I feel that they have just as much right to the "information" present in this mutual transaction as you do. There are reasonable expectations of what is done with that, and even contracts that outline the specific terms of its use. So I would say it is Caveat Emptor. You need to know the business that you are dealing with, just as you should know the individuals that you are dealing with.
I am not sure the original poster was intending to force his, or my, level of privacy on everyone. I think what he was asking was how best to explain the possible benefits of privacy, and the consequences of not having it.
I personally, will turn off my music when rolling down my windows on my car. That is how private of a person I am. I can go into detail, about just how private, but at its extreme I obfuscate information present in government databases with outright lies. That is a personal decision, and I do not believe everyone needs to be like me.
What I am concerned about with Privacy, and Anonymity, which the two are often confused, is that there may not be a choice. I think the pendulum has swung the other way, and that people are not getting the privacy they expect, or even understand. So although you may want to live out in the open free, with no boundaries on the information ever present, ever flowing around you, that is a choice you have made. I would hope you not think me oppressive or wrong, that I desire the exact opposite for myself.
So I think the real goal of the poster was to attempt to explain to people that they are not receiving the privacy that they are choosing.
Not to mention traffic, such as email, that isn't SSL encrypted. Fact: Most users have one password for everything they do. Fact: GMail stores every email you've ever gotten unless you explicitly delete it. Even if people are smart and keep more than one password, how many "Forgot my password" emails do you suspect the average user has in their inbox/archive? Simply checking your email over an unsecured wireless network can compromise you.
Jesus loves me, he loves me a bunch, because he always puts Jiffy in my lunch.
> How exactly would a router bypass SSL?
You do a MitM attack and hope that they ignore the certificate warning because they don't know what the hell it means and it won't let them get to their bank unless they click okay.
Seriously, we have something that does this very attack on SSL at work for some reason. It only happens when not logged in, so it may just be trying to give me the proxy login page. I'm not too sure. I've never accepted the bogus certificate to find out.
Does privacy matter? The poster presumes it does, but somehow is unable to think of any reasons. If privacy REALLY mattered to him, he could think of reasons why it mattered and then tell them.
What I think is that the poster is one of those people who latch onto an idea without ever fully realising why. Instead of just flapping out that privacy is important and then wondering why nobody seems to "get it" is useless. First ask yourselve why YOUR privacy is so damned important, then you will have the answer you can tell to others.
But don't just take a position and then look for arguments to convince others. That works for a debating club where you are given a topic, not for persuading people to do something you care about.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
The point is, not everyone wants to be so open as you have chosen to be and they should not be forced to do so. That is all. To disagree with me on this subject means that either a) you think that everyone does want to be as open are you are, or b) you think that people who don't want to be so open should be forced to do so anyway. The point is, what you want for your own life and whether or not you can understand why somebody wants something different is completely irrelevant, and the attitude of "what's good enough for me should be good enough for everybody" hints at a certain arrogance, especially when you think this is about whether or not information can be owned. It's not necessary for information to be owned to respect when people want to be left alone and to recognize their right to make that choice.
Personally, I have yet to ever receive a single benefit of any kind from a stranger who knew (or thought they knew) anything about me that I did not personally disclose to them. If you feel that this has benefitted you, then goody for you; I for one feel fulfilled in my life without the recognition and admiration of a bunch of complete strangers, most of whom I will never meet, and I really question the motives of someone who thinks they need that kind of attention. Personally, I think there's something unhealthy about it, and most people I have met who needed the admiration of strangers were terrified of real, personal intimacy due to various insecurities (most were children of divorce). If you don't have this need for attention from strangers, then you gain nothing from having everyone know your business and now it will either accomplish nothing or will make it much easier for someone with ill intent to cause damage. I consider it unwise for me to do something that has no chance of benefitting me and does have a chance of harming me. Simple.
"Proprietary" is a mischaracterization really, as I never claimed information could be owned in the same sense that you can own a car. That some of your friends feel that way is great; don't lump me with them because our beliefs sound superficially similar. This isn't isolated information for the sake of truth; it's about my life (which most certainly is mine) and whether random people have a legitimate claim to it. That the claim in question is informational in nature is irrelevant to this idea; on the same basis and for the same reasons, I would oppose anyone who thought they could help themselves to my time or my labor against my will (that's the key here) as well.
What I am saying is really a simple thing. If I want you to know something about me, I will tell you. If you don't like that I haven't told you something about me and you take it upon yourself to pry into my business against my will (again that's the key here), then I'm going to treat you like any other intruder and within the limits of the law, I am going to find a way to stop you. Consider it from the opposite viewpoint: if someone wants you to leave them alone and stay out of their affairs, as evidenced by the fact that either t
It is a miracle that curiosity survives formal education. - Einstein
I would interpret that to mean that you need to choose your advice carefully. The best thing my dental hygienist ever said to me was, 'Floss while you're watching TV.' It was a perfectly simple and eminently practical piece of advice, and made me a flosser for the first time in my life.
<obShamelessSelfPromotion>I've been writing a series of columns about the issue of online privacy in a local weekly newspaper. Living as I do in a developing nation, I need to put things as simply as possible. Here are the last three:
Crumb's Corollary: Never bring a knife to a bun fight.
As an example, https://slashdot.org/ has SSL. A typosquatter registers https://slasdot.org/ with SSL as well. Since they are both signed, browsers will automatically trust the certificate without letting the user that he encountered the slasdot.org certificate for the first time.
While the IE7 phishing filter can snag the latter site, it's merely a reactive defence rather than automatically treating new SSL certificates as "new". You don't need an alert box to pop-up, all that's needed is a method of switching a yellow-background address bar to/from a green-background address bar on a per-certificate basis. You could even do the same to non-SSL sites as well on per-DNS/IP/Subnet basis.
The hardest trick about informing the non technologically minded about the risks and the things that they should 'not do' and the few bits of software they should install (which they can get for free and only need to install once), is not to scare them of using the Internet. Generally I find helping them install the security software (firewall, antivirus, antispyware software and of course a few firefox add-ons) and providing a simple explanation about what the software does and combining it with the warnings about what they should not do, helps to balance things out.
Add to that a warning about the vagaries of M$ software, and a quick introduction to the salient parts of M$'s non-warranty warranty 'er' eula, and why it is much better to use a non-M$ product when connecting to the internet or when attempting to secure that connection.
Chaos - everything, everywhere, everywhen
Thing is though that they are paranoid for all the wrong reasons. Mostly fearmongering out of various news outlets about THE DANGERS!!! OF THE INTARWEB!!! (okay okay... exaggerated but hey).
Fact remains that they might be paranoid about privacy on facebook and so on, but due to their misdirected paranoia, they're also the sheep that will gladly vote for a bill to just monitor everyone and make sure that their precious offspring won't lose their privacy, conveniently forgetting that big brother watching you equates to the same thing.
But at least seemingly Big Brother has a nice hat, so that makes it okay...
There is no sig...