January 7th, 2016

Hard Stare

The big choice: privacy or convenience [tech blog post, by me]

So a regular long-term member of one of the Ubuntu lists is saying that they don't trust Google to respect their privacy. This from someone who runs Opera 12 (on Ubuntu with Unity) because they had not noticed it had been updated... for three years.

I realise that I could have put this better, but...

As is my wont, I offered one of my favourite quotes:

Scott McNeally, CEO and co-founder of Sun Microsystems, said it best.

He was put on a panel on internet security and privacy, about 20y ago.

Eventually, they asked the silent McNeally to say something.

He replied:

"You have no privacy on the Internet. Get over it."

He was right then and he's right now. It's a public place. It's what it's for. Communication, sharing. Deal with it.

Run current software, follow best-practice guidelines from the like of SwiftOnSecurity on Twitter, but don't be obsessive about it, because it is totally pointless.

You CANNOT keep everything you do private and secure and also use the 21st century's greatest communications tool.

So you choose. Use the Internet, and stop panicking, or get off it and stay off it.

Your choice.

Modern OSes and apps do "phone home" about what you're doing, yes, sure.

This does not make them spyware.

http://www.zdnet.com/article/revealed-the-crucial-detail-that-windows-10-privacy-critics-are-missing/?tag=nl.e539&s_cid=e539&ttag=e539&ftag=TRE17cfd61

You want better software? You want things that are more reliable, more helpful, more informative?

Yes?

Then stop complaining and get on with life.

No? You want something secure, private, that you can trust, that you know will not report anything to anyone?

Then go flash some open-source firmware onto an old Thinkpad and run OpenBSD on it.

There are ways of doing this, but they are hard, they are a lot more work, and you will have a significantly degraded experience with a lot of very handy facilities lost.

That is the price of privacy.

And, listen, I am sorry if this is not what you want to hear, but if you are not technically literate enough to notice that you're running a browser that has been out of date for 3 years, then I think that you are not currently capable of running a really secure environment. I am not being gratuitously rude here! I am merely pointing out facts that others will be too nervous to do.

You cannot run a mass-market OS like Windows 10, Mac OS X or Ubuntu with Unity and have a totally secure private computer.

You can't. End of. It's over. These are not privacy-oriented platforms.

They do exist. Look at OpenBSD. Look at Qubes OS.

But they are hard work and need immense technical skill -- more than I have, for instance, after doing this stuff for a living for nearly 30y. And even then, you get a much poorer experience, like a faster 1980s computer or something.

As it is, after being on my CIX address for 25 years and my Gmail address for 12, all my email goes through Gmail now -- the old address, the Hotmail and Yahoo spamtraps, all of them. I get all my email, contacts and diary, all in one place, on my Mac and on both my Linux laptops and on both my Android and Blackberry smartphones. It's wonderful. Convenient, friendly, powerful, free, cross-platform and based on FOSS and compatible with FOSS tools.

But it means I must trust Google to store everything.

I am willing to pay that price, for such powerful tools for no money.

I am a trained Microsoft Exchange admin. I could do similar with Office 365, but I've used it, and it's less cross-platform, it's less reliable, it's slower, the native client tools are vastly inferior and it costs money.

Nothing much else could do this unless I hosted my own, which I am technically competent to do but would involve a huge amount of work, spending money and still trusting my hosting provider.

You have a simple choice. Power and convenience and ease, or, learning a lot more tech skills and privacy but also inconvenience, loss of flexibility and capability and simplicity.

You run a closed-source commercial browser on what [another poster] correctly points out is the least-private Linux distro that there is.

You have already made the choice.

So please, stop complaining about it. You chose. You are free to change your mind, but if you do, off to OpenBSD you go. Better start learning shell script and building from source.