How to Convince Non-IT Friends that Privacy Matters?

mmtux writes: "As technology becomes more advanced, I am increasingly worried about privacy in all aspects of my life. Unfortunately, whenever I attempt to discuss the matter with my friends, they show little understanding and write me off as a hyper-neurotic IT student. They say they simply don't care that the data they share on social networks may be accessible by others, that some laws passed by governments today might be privacy-infringing and dangerous, or that they shouldn't use on-line banking without a virus scanner and a firewall. Have you ever attempted to discuss data security and privacy concerns with a friend who isn't tech-savvy? How do you convince the average modern user that they should think about their privacy and the privacy of others when turning on their computer?"

Access Control

[Dolohov]

I generally remind them that privacy is not just from the government, but is a matter of having some control over who knows what about your life. You may not be ashamed about your partying, for example, but that doesn't mean that you want employers or parents to know too much about it -- definitely not to find out about it without you having the excuse to explain that you're careful and responsible. Political beliefs are also important, whether to avoid arguments with family members who disagree, or to avoid reprisals from a boss whose political persuasions are opposite yours ("If he has enough money to donate to that campaign, clearly he doesn't need a raise!"), or even from a government whose views you oppose.

And there are lots of personal details we're not ashamed of that we nevertheless would like to not be public. Vacation plans ought to be private from stalkers, ex-girlfriends, that really annoying friend from college who lives one town over from the hotel, etc. My sex life is nothing to be ashamed of, but nobody but my partner has any right to know about it.

Ultimately, privacy is not about secrecy, it's about personal sovereignty: who gets to say what people have what information about my life?

Re:Well, the following approaches are hit or miss.

[betterunixthanunix]

"Food for thought: when we get all riled up about privacy, are we any better than the crazies who rail about pedophiles on the internet and make it seem like there are bogeymen around every corner?"

No, because in the case of privacy, people are constantly trying to pry into each other's business. Speaking personally, I have had it confirmed at least once that an email sent to me had been maliciously faked in order to manipulate me, and I have had some circumstantial evidence that someone was reading email conversations I had with someone else. I've been approached by people who know that I am a programmer, and want to know if I could "hack into" someone else' email account so that they could read through it. This stuff isn't about the boogeyman government, it is about ordinary people who actually do have no respect for the privacy of others.

Here's another angle to consider: sometimes, a message is easily misinterpreted when read by an uninformed party. When I was in Junior High School, I was once accused of plotting to blow up the school because of a note I had written to a friend, which had been misread by a teacher who found it after class. It isn't so uncommon. There are a dozen different situations like this, where some message is ambiguous and should only be read by someone who is fully informed on the context.

Conflating too many Issues

[Protonk]

In this case we are talking about 2-3 different things:

First, the problem of formerly private information that your friends have willingly made public, either because of convienience (information given to a website that they use for shopping) or on a social networking website.

Second, the private information that they are unwittingly making public, or leaving themselves at risk of making it public.

Third, that governments may be helping themselves to information thought to be private.

The first is a cultural difference, the third is out of your control, and the second is the really important one. You aren't going to win the debate on the first one. We've seen this debate before, on anonymity for BBS users, later on the rise of cookies. On one side were the forces of good, arguing that these changes were very real invasions of privacy and made your computer do things you didn't know it was doing and wouldn't want it to do if you did know. On the other side was convenience. It sucks to have to log in to slashdot every time I open a new browser window. It's kind of nice that Amazon can make recommendations to me. Cookies let that happen and the public debate, for what it was worth was won pretty handily. Now, that doesn't mean that companies started using cookies as an outgrowth of the democratic will of internet users. It just means that the level of outrage was muted over cookies enough for image conscious companies to get by with using them.

the same thing is going on w/ facebook/myspace/etc. The tables may turn on them (and will probably turn on facebook soonish), but for now we like the fact that others can see our name/face/job/school more than we dislike that these things are no longer private. Part of that outlook comes from the fact that we are limited in imagination. We see facebook one screen at a time. We can't look at people who aren't in our group (I think, haven't used it in a while). It takes a non-trivial amount of time to look through information. Consequently, we see that as the ONLY way to grab data from facebook. We don't connect (or at least the non-IT ppl) the fact that someone broke down anon/aggregate survey data from aol and netflix to get private information automatically. We don't think about scraping programs that read sites like myspace/facebook and correlate names and zipcodes with other sources of inoformation on the web.

The last part of this failure of imagination is that there is a cost to privacy. If I want my personal information to be private wholly from facebook, I can't be on facebook. Relatively speaking, that is a large cost. There is no 'maximum privacy' level for facebook where you can post pics of you and your friends and make comments and it won't be recorded somewhere. That product doesn't exist.

Ok. I won't touch on the third point because that is a flame war waiting to happen. Needless to say, it is out of your direct control.

The second point. My advice is be direct when the situation calls for it, but don't bother when it doesn't. If you are out at a baseball game, don't strike up a conversation like "Gee bob, I noticed that your password for your computer is 1 2 3 4 5 and that you sure do have an awful lot of sensitive info on there. Don't you think that you ought to change that?".


And then just tell them to get a mac. If they aren't security conscious enough to get a virus scanner while running windows then they really should be using an OS that does everything for them.

There's no better way...to lose friends

[betterunixthanunix]

Attacking your friend's accounts is a good way to lose your friends. Most people don't take very kindly to that sort of practical demonstration without first giving their permission.

Wireless

[solprovider]

Start by explaining a real-world current personal problem. (I do not crack so showing his bank balance is not possible.)

A friend loves his wireless laptop. We encrypted router communication at both homes. Explaining why encryption is needed led to an explanation of the dangers of handling financial transactions while wandering NYC -- that any open router could record everything including passwords and perform man-in-the-middle attacks to bypass SSL. Anybody willing to capture his information could; expecting those people not to use the information maliciously seems silly.

Once those dangers were understood, my friend was eager to hear about more insidious problems such as government policies (telecommunication recording), other insecure devices (iPhone), and deliberately open websites (Facebook).

Re:Some are actually opposed to privacy

[Christoph]

...people are even demonizing those who even bring up privacy as a concern.

I was sued in federal court for violating someone's right to privacy (06-cv-01164, D. Minn). I posted their photo on my website, and they sued to get it removed and get damages. I represented myself, had a trial Nov. 5th, and the verdict was issued last Friday. I won. Yes, I demonize the person who sued me over his exaggerated privacy concerns, which led to a baseless federal lawsuit that tried to quash my free speech rights. Their exaggerated privacy concerns were not harmless.

I've posted about this litigation on Slashdot before, but the verdict is in now so here's the URL again: Gregerson v. Vilana

The plus side of sharing private info on the web: I got to know my wife only after seeing her photo on her geocities page, scoping her out to see what the stranger from the other side of the world, who emailed me asking for a .pdf file, looked like (her formal writing style made her seem middle-aged, but her photo showed she was actually much younger, and we started corresponding).

I posted my own medical information online 10 years ago, which has since helped other patients. I posted info about my late brother's illness, also to help other patients, which it seems to have done. If you reply to this post and attack me over my health problems, or my deceased brother's illness, I don't think that exposes me as a bad person -- it exposes you as a jerk. If you won't hire me because of these things, I -- me, personally -- am OK with that.

Re:Some are actually opposed to privacy

[Endymion]

Even better:

Ask them if such cameras can be fed straight to their insurance companies. Most people will write off things about random strangers, 1984 style government stuff, etc, as paranoid. If you can get them in the "It could raise you insurance rates..." angle, though, they listen much more often.

Direct financial motivation usually works better than theoretical effects...

Re:Some are actually opposed to privacy

[Poingggg]

Against the "I have nothing to fear because I have nothing to hide"-like arguments I always say that you don't know what you would want to have kept hidden in, say, 10 or 20 years from now.

Before WW2 the European Jews used the same argument that anyone was allowed to know they were Jewish when they allowed the registration of their religion. They were (sort of) right then, but we all know what happened in WW2, where the nazis made 'good' use of this registration.

You do not know who will use your data for what purposes. I read once that for every proposed law, before accepting it, one should imagine what his worst enemy would be able to do with it if he (the enemy) got the power. Wise words, in my opinion.