Guide talk:Resisting technological domestic abuse

Nothing to hide, but nothing to show you either.
Latest comment: 1 year ago by 21x in topic Privacy vs Security
Jump to navigation Jump to search
edit·history·watch·refresh  To-do list for Guide:Resisting technological domestic abuse:

Draft -> Minimum viable guide tasks  Done

  • Complete basic article sections.  Done
    • Methods  Done
      • Stalkerware  Done
      • Connection monitoring/router  Done
      • Accounts hacking
    • Hidden cameras Not for now.
    • Tails  Done
    • Recovery  Done
  • Add media.  Done

Privacy vs Security[edit | edit source]

@Matttest Privacy and security are intertwined topics, and I do not think they can be meaningfully separated, especially in the context of this topic. The reason why this page talks about 2FA and passwords is because failing to do your due diligence and choosing weak passwords will have a material impact on user's privacy. How do you propose to educate the user about resisting technological domestic abuse without teaching the basics of security and thus enabling their resistance? 21x (talk) 11:44, 15 July 2022 (UTC)Reply[reply]

Basically IMO, security is just used by big corpos like Google to actively working against user’s privacy. Just of example, Passwords and 2FA, as what you have written in that linked section, 2FA needs your location, or other things like phone number that can be tracked and linked to a specific person - that’s good for security but bad for privacy. I think some sections related to security can be kept, for example password manager, which we focus on choosing/recommending a privacy-respecting password manager, but some sections like biometric is actually harming your privacy by requiring your fingerprint that may be tracked to a specific person. The articles related to security should be with some notes that sometimes, security can harm your privacy. Matttest (talk) 03:50, 16 July 2022 (UTC)Reply[reply]
We can simply guide the user toward privacy respecting security measures, like using TOTP or FOSS hardware such as Nitrokey and away from privacy compromising ones such as SMS OTP (which is also vulnerable to simswap attacks). You're right that companies can use bogus security claims to compromise privacy, like Twitter did, but usage of robust security is actually a boon to privacy.
But also, we need to be aware of PrivacyWiki:Guiding_Principles#Do_not_let_perfect_privacy_be_the_enemy_of_better_privacy. Some 2FA is better than none, even where it is not ideal. A domestic abuse victim cannot worry about their number being sold to shady marketers when using imperfect SMS 2FA may materially help them in defending from a technologically capable real life adversary.
And yeah, biometrics are problematic, this is why biometrics are so low on the linked page, and inability to change them is the mentioned as the second sentence in the linked section. 21x (talk) 10:20, 16 July 2022 (UTC)Reply[reply]