Skip to content

Privacy Basics

Why care about privacy?

If you have nothing to hide, you have nothing to fear. Amarite?

Obfuscation

Obfuscation is the name of the game. Play dumb to outsmart the smart. Make yourself the decoy. Picture this: A crypto wallet with two passwords. The first reveals a modest $7,438 in Monero. When thieves come knocking, they think they’ve obtained your stash (assuming you don’t live in something nicer than a McMansion). They leave happy, you act sad. Then when they leave, you log into your other password with $142,000 in crypto and order a pizza.

You want to blend in, right? Operate like a nesting doll. So, for your everyday online activities, you use a static VPN – like a consistent digital disguise for routine tasks like torrenting (rembember, you aren’t dumb, just playing dumb). Do this as much as possible, until your government or corporate entities swallow your liberties. But when privacy is paramount, you disappear into the crowd. A shared VPN, your own VPS, or even the anonymity of Tor become your cloaks, ensuring your sensitive activities remain shrouded from prying eyes.

“Appear weak when you are strong, and strong when you are weak.” -Sun Tzu

Open-source

Open-source software is not inherently more private or secure than proprietary software. It is in all likelihoods less secure because a corporation has more to lose and more resources to ensure proper code. But it is about trust. To place trust in something is to awknowledge you are admitting in risk and uncertainty.1 A trustless system, in which you do not have to put your trust in a third party, is ideal. But it’s not practical. It is practically impossible to make any system completely trustless2. We are social creatures, taking part in inherently social activities requiring at least one other party (whether reading a forum post or sending a message). The complex software we use is built upon even more complex software, built upon libraries, built upon complex hardware, connected through complex protocols.

We can get something close. Something decentralized with no central authority, and most importantly, verifiable. That’s the key. Verifiability. Open-source means transparency. The ability to validate the authenticity of what we are working with to ensure it has not been tampered with or ill-designed. Confidence in what we are using. Yet we are only placing our trust in another party. Even a very advanced programmer is not going to verify that a complex piece of open-source software is doing what it says it will do. It’s just not feasible to try to undertake the task of translating how the code was assembled. So we place our trust in peer-review and third party testing. Of course, this itself can be bad operations security.34 You naturally believe that because there are more eyes on the code, the level of scrutiny rises in a linear fashion, when that may not always be the case.5 Alternatively, we may have an information cascade, in which you, the reader, views this paragraph and because it aligns with countless other pro-privacy paragraphs you have read, believe it to be close to infallible.

With proprietary, closed-source software, we can’t peer review or audit the software in depth. When we utilize one of the most trusted VPN services, Mullvad, we still lack access to their infrastructure, live operations, and live server.

Anonymity

Do not confuse privacy with anonymity. Services like privacy.com offer some privacy from various corporations and sellers, but not the official ledger-keepers (a.k.a. banking and credit card companies it must operate under), not from privacy.com itself, and not from the government. As you may have gleaned from the open-source section above, true anonymity is little more than a fiction once you are online. But you can get close, as these future guides will show you. And privacy from non-governmental or major corporate entities is much more attainable.

  1. Primavera De Filippi, Morshed Mannan, Wessel Reijers, Blockchain as a confidence machine: The problem of trust & challenges of governance, Technology in Society, Volume 62, page 3, (2020), https://doi.org/10.1016/j.techsoc.2020.101284

  2. Rebecca M. Bratspies, Cryptocurrency and the Myth of the Trustless Transaction, 25 Michigan Technology Law Review 1 (2018). 

  3. https://securityawareness.usalearning.gov/opsec/story.html

  4. https://www.dcma.mil/News/Article-View/Article/3265139/the-opsec-cycle-explained/

  5. Larry Seltzer, Did open source matter for Heartbleed? (April 14, 2014), https://www.zdnet.com/article/did-open-source-matter-for-heartbleed/