Ah! The praivaci! (and selfhosting).
I have always been an advocate of privacy, especially when it comes to the data issue. I know that for some, privacy is not important, and please send me the URL / application, username and password of your home banking system. After all, you don't give a damn about privacy, right? Or do you have something to hide?
That said, I'm starting to find it irritating the proliferation of people (mainly people who want to make money with the new privacy site and / or want to make the new privacy codacons to live on) reading a couple of things about some opensource software and if they come out saying that "this software will give you a lot of privacy", "this site does not steal your data", "here we have End-2-End encryption", and they start peddling grandma's advice on how is praivacy done.
The problem is that these are political entities, or entities that are aligned with a certain political line, and are made by "loaned IT", that is, people who have NEVER built any infrastructure, and think that existing infrastructures are made with the same components as your home network.
And their advice is given in the same vein: “apple looks after privacy”. Seriously? Your phone is connected to a national telephone network, and you think that if Apple puts the chip on you then your data will not go out there? And don't tell me that "but telco only has your metadata, not the data":
There are several problems that these people escape.
Security and Privacy are actually two things to choose from. That's right. If delinquents enter your home at night, the first thing you would hope is for the police to break into your apartment and arrest them instantly. Right.
But, implicitly, you're asking the police to know who's in your apartment.
If you are walking down the street and a guy is following you with the obvious intention of harassing you, you would like the wheel to come immediately, stop him and take him away.
But you are saying that the steering wheel should know where you are and what is happening to you in order to intervene.
But if I tell you that Alexa listens to you while you are at home, you are shocked that your privacy is compromised, even if you would like the police to know what happens in your house in case the plumber has a fit and attacks you.
And if I tell you that thanks to your google phone you always know where you are, you talk about Big Brother, while hoping that if you were to be attacked, it would be nice for the steering wheel to arrive WHILE the Aggression takes place, if not earlier.
I'm sorry, but first you have to choose between security and privacy. Few saws: if the police stopped criminals as soon as they entered your house tomorrow, you would be careful not to complain that the police saw them through your Alexa.
Not only do you have to choose between security and privacy, but YOU have to do it yourself. Not the state. Not the EU. YOU really have to take care of it.
During the last German electoral debate Armin Laschet said on TV that to prevent crime even better, he will put even more cameras in places where the risk for women increases. Nobody said a word. All the women nodded, including Baerbock. CHOICE MADE.
But it's the wrong choice.
Another underestimated problem is that the word privacy indicates that it is a private matter. Private means one thing: it is not you as a community who deal with it, and therefore it is not a POLITICAL problem per se.
If you are an opponent of the Chinese regime and you live in China, you have VERY different privacy concerns than I have writing this blog. If, on the other hand, you are an opponent of the Chinese regime but you live near my house, the privacy problem is perimeter, because you have to worry about the regime's henchmen instead, not so much about being discredited by a system that can close your bank account. , delete from the anmagraph, etc.
If you are a demure person you may have trouble being photographed in the shower. But not if you are Bella Hadid:
And if you are Valentina Nappi you still have LESS privacy issues:
So where do we put the bar? Who has privacy concerns, and which ones?
The real problem is that the loss of privacy is a threat. But a threat has different effects in different situations and for different people. Valentina Nappi and my neighbor have VERY different privacy concerns. If Valentina Nappi lived in Kabul today she would have HUGE privacy issues. (And killing.)
Bella Hadid herself, assuming she takes a shower using underwear, would have SERIOUS problems if, by placing a camera in her hotel, I took a photo identical to that. This is the REAL point: it depends on consent.
But "it depends on consent" means that it is a personal matter, and that it is a relational matter. I'll give you an example of the implications.
If I am looking for something (image, link) for this site, I go to Yandex. Because'? Because I don't want google to know what I was looking for to find these images. And since the Russian authorities NEVER respond to foreign requests to trace an IP, the discussion is closed.
But an opponent of Putin not only does not have this certainty: he does not have the same PROBLEM: he has the problem of not letting anyone know that he is in a certain hotel, in order not to have his underwear poisoned. Not only will he NOT use yandex, but he will not use a smartphone either.
However, Navalny had no privacy concerns when German intelligence examined his blood, atom by atom. Yet they are PII doctors, the most reserved ones.
Moral: the problem of privacy is not a monadic problem. It's not a "Here's a pound of privacy" issue. It is a problem of "privacy versus WHO", not "privacy versus WHAT". I could be very calm if the Chinese regime has my personal data, because I know that the Chinese regime will certainly not send the police into my house here in Germany, while I might NOT agree if my neighbor had them.
Privacy is a DUAL issue: WHO has my data? But not only that… it's even more complicated.
Consequently, Yandex and Google can collect the same data, BUT I prefer Yandex to have it because… for several reasons, including the fact that Google can better match it with other data it has, while Yandex cannot.
Then you will say: but for this you sign a release, place by place, site by site, and you are informed of the use of your data.
No. I am informed that my data is being passed on to THIRD PARTIES. But I am not told WHO. If you tell my neighbor that her nude photos could be sold to third parties, an account if "third party" is her new boyfriend from Hamburg (to whom she sends them herself), and an account if it is a pinco ballino any. Who the hell are these "third parties"?
And even remaining in the context of institutions and companies, I have no problem if my data on electricity consumption are shared with the StadtWerke, and also with E.On, and perhaps with 15 other companies of the German electricity grid. While I have problems if they are given to Amazon. But both are presented as "third parties" (German: aliens).
But in one case I help the network to be stable, in the second I get advertisements for low consumption electronics everywhere.
Then you will tell me that this is the case because I can "opt-out". Bales. Do you think I can photograph my neighbor in the shower as long as I allow her to "opt-out"? And don't take the issue of consent out of me: when you arrive on a website and READ the privacy policy, your IP is already tracked . So you already have the picture of the neighbor. From that moment on, all you offer is the opt-out.
All those popups that pop up when you go to websites DO NOT defend you: FIRST the server logs your data, THEN (with the popup) asks you if you want to opt-out. So ok, my neighbor walks into my house, asks to go to the bathroom, there is a camera, and only when she comes out I say “dear Gwen, can I keep your photos? You can opt-out if you want ”.
But it gets worse. Let's also assume that the neighbor has signed a document (or clicked on a form) where she says that GIAMMAI, her evil Italian neighbor will see her precious fur.
Ok.
Two years ago we met in a spa. And as you know, in German sauna spas you go naked. And as you know, they don't distinguish between males and females: all together. But she had forbidden me to see her august fur. Should I run away? Does she have to escape? Should we call the police? And why does the same data have different treatments, even with the same data owner, data processor, etc.? Because we are in the sauna, of course, you will say. So do I have the right to look at the photos I took of her in the shower at home, as long as I do it in the sauna?
Answer: the practice of privacy is personal, relational and arbitrary . Completely arbitrary. Or it's just useless bureaucracy.
Having established this, when we talk about data and privacy we are NOT talking about protecting ourselves against specific behaviors, and not even against data retention, but we are talking about doing so so that the processing of data can adapt to our ARBITRARY CHOICES.
And that's not all.
There is no "protonmail that respects your privacy". Except that this happened:
Gareth Corfield 
but even if it were true that Protonmail does NOT keep the IP, protonmail cannot respect your privacy for the simple reason that the data IS NOT UNDER YOUR ARBITRARY CONTROL.
My privacy is something that no written contract, or no rational rule (or system of rational rules) can describe: the only way to have my personal, arbitrary and relational idea of privacy respected is that the data is ALWAYS under my control.
And this is how Gwen controls the privacy of her fur: since it is always in HER hands, she can apply ANY rule, however irrational, illogical, inconsistent, inconsistent, at HER ARBITRATION. Wise woman, the Gwen; not for nothing was he already a teenager when I was born: we are not talking about "Gwen the gray", but about "Gwen the white". Let the Ballrog puppet it to her.
And that's why I shouldn't photograph Nappi under her skirt. Because regardless, Valentina "La castana" is in CONTROL of her data. If, on the other hand, I followed the concept of release, which decides whether or not I can have her hair, I would also be authorized to photograph her under her skirt, since she certainly authorized me (along with millions of others) to observe her rectum.
Since she owns her own right and keeps it in her infrastructure (as hopefully it is), then she maintains the right to the arbitrariness of her choices.
But this, in IT terms, means that privacy is possible as such ONLY because both Gwen la Bianca and Valentina la Castana “self-host” their hair. The data lies in their infrastructure. And that's why you can no longer see the fur of Mia Khalifa, a colleague of Nappi; he arbitrarily chose to quit. But she only succeeds because the hair, at least the recently grown one, is under her control, in her infrastructure.
Which is not like "putting it in the cloud": this is what Valentina Nappi does when she puts her hair on a paid site. It is very different than keeping the fur in your underwear. And in fact, Nappi is also aware that the hair she has put on the cloud will go to "third parties" that she does NOT know about. Would it be different if Nappi made its own mini-datacenter at home and managed it yourself? I don't know what computer skills he has, but in theory he would have more control over it. She could also be just a camgirl, and she would have even more control. (Initially) I say "in theory" because a screenshot is always possible, but in theory an ad hoc steganography would be possible, which would write the name of the person on the photo. is seeing at the time of viewing. In that case, Nappi would have more control. And so on. Moral?
WHO DOES NOT CONTROL INFRASTRUCTURE DOES NOT CONTROL PRIVACY. NO CONTRACT, AND NO LAW, WILL EVER COVER THE ENTIRE ARBITRARITY OF DECISIONS ON PRIVATE DATA: IT IS TOO LARGE A SPECTRUM OF DECISIONS.
There is no "protonmail respects privacy". There is no "duckduckgo does not spy on you". There is no privacy without infrastructure control. And that's why you've never seen White Gwen's fur.
So the question I can ask myself is: does my infrastructure respect privacy? My privacy, for sure. You may be the best hacker in the world, but the data I have NOT collected cannot be stolen. I didn't collect them. And I don't even collect one.
Then I can say that yes, my personal selfhosting infrastructure respects privacy, just because it fits PERFECTLY to the arbitrariness of my decisions about it.
Arbitrariness that CANNOT be traced by ANY legislation and by NO technical precaution. Protonmail, they say, has servers under a granite mountain in Switzerland and has Swiss law protecting you. Aha. Too bad that a French guy was arrested when the Swiss police asked them for their IP address, and "they" were the Swiss judiciary. What is arbitrariness?
The correct definition of privacy is:
"I have the control it takes to be able to apply ANY ARBITRARY policy on my personal data, and also to decide which are personal and which are not, depending on who can use them, according to a PERSONAL and ARBITRARY logic".
And this happens under ONLY ONE condition: selfhosting. I'm not saying it's enough: I'm saying it's NECESSARY.
Obviously now there will be a whole series of people saying "selfhosting, okay, but how do we deal with the accessing accher?" Because it's true: I don't have a set of Juniper security appliances followed by a set of Cisco SAs, followed by… etc, to protect the data, like google would.
I'm apparently weaker.
But they are only individually.
The problem of mass espionage.
When Snowden revealed to the world what the techs already knew, which was the existence of countless government backdoors in software, the problem was not that the US police could or could not intercept ONE person. That can do it, and it can do it at any time because it is guaranteed by law (at least, if you live in the US).
The problem was the SCALE of the problem. That is, billions of people were recorded and spied on continuously and in real time, to the point that Intel sold almost 20% of all the CPUs it produced to the NSA. (I think the situation is unchanged).
Now, let's try to imagine a world in which your home router is a little more "plump" and contains a nice NextCloud, with an external interchangeable disk for data, and a federated social network (Mastodon, Pleroma, etc) and an e-mail server, and something like XMPP / Prosody. The biggest model of Raspberry Pi succeeds, the one with 8GB of RAM.
Could NSA have your data anyway? Well, of course, there will always be some vulnerability to exploit.
But….
Well…. must attack a dozen million home routers in Italy alone, then as many in France, Germany, etc., and must take everything there is, but it can ONLY take what is there, that is what I I decided to put in and keep us. Apart from that this would IMMEDIATELY get the attention of the ISP, that you see a peak average on the upload exploding, the problem is that it could ONLY read what is there.
(and I don't want to address the deniability problem here: in a personal cloud you are in a condition of deniability in any remote "withdrawal". The only way to lose it is for the police to come at five in the morning to seize everything).
And leaving or not leaving a file on my cloud is MY choice. If I don't put in a data, there is no data. If I put in 450GB of porn, he has to download all of it just to make sure that file doesn't actually contain anything else. And in any case, he could not download what I removed yesterday (and I don't think he would have the trouble of re-downloading EVERYTHING every day, otherwise he would have to re-download the folder with the porn too, otherwise it would become a safe place to hide things).
Moral: in a hypothetical world where EVERYONE is selfhosting, (perhaps simply because CPEs (routers / modems) are more capable, NSA can still pierce your cloud using the best technologies. But it can't do it on BIG masses. of routers, and in any case it would get ONLY what you put on it.While using central solutions, you don't really know what is being collected: it depends on how good they are at sniffing traffic.
Selfhosting, that is, in addition to giving you the POWER to put what you want on your cloud and delete it if you like (you can also change disk with an empty one and destroy the old one if you want), also makes data collection very complicated. MASS.
My home architecture is mixed, it contains X86_64, ARM32, ARM64, and now also a nice RISC-V and my CPE uses MIPS. Surely each of these processors will have its own way of attacking the pipeline and branch prediction and all, but let's talk about a "tailored" attack. Don't do it in MASS.
If selfhosting does NOT offer you an "enterprise level" protection against a "tailored" attack, that is targeted against your infrastructure, it is however an (almost) insurmountable difficulty if it is a question of scaling the collection TO COLLECTION LEVELS MASS.
We keep dreaming: everyone wants to self-host but not everyone is competent. Then companies arrive that sell you a box with your personal cloud inside: you connect it to the router and go, you have everything. Nice, huh?
Now, for NSA, it's about penetrating every brand of “box”, from the homemade ones from the geek to the ones for sale, and discover that it has to download the same 450GB of porn from everyone. And it only gets what users want to put on it. Maybe just the porn. But if you don't download it steganographing in porn becomes the new way to get out of control, and so they HAVE to download and review it. Unfeasible.
And they have to do it again every day. Impossible to hide from ISPs.
Moral:
THE PRIVACY CAN BE DECLINED AS PERSONAL PRIVACY OR MASS PRIVACY. WHEN IT COMES TO PROTECT AGAINST> MASS SURVEILLANCE <, THE CONTROL OF THE PERSONAL INFRASTRUCTURE IS> POTENTIALLY <SUFFICIENT.
And this is the most important conclusion. If you want to be safe against a "tailored" attack, as a "common" user it is best NOT to keep things on computers that are networked or reachable. So the opponent of the Chinese government must ALWAYS stay in the bell.
But to hide the common citizen from MASS surveillance, selfhosting is tremendously effective.
Who doesn't want selfhosting, among the "privacy hoplites"?
Let's imagine we are an "anarchist / Leninist / whatever social center", the classic Popular Front situation in Judea. You spend your life rebelling (apparently) against "surveillance capitalism". In practice, they are associations kept alive by the Ministry of the Interior, knowing full well that every hothead sooner or later will make a leap, and file them all. But let's imagine that you really were an "anarchist / Leninist / whatever social center" and that the ministry had nothing to do with it.
What you should do is, for example, buy a raspberry, buy a box to make it cute, a small USB dongle for data, and sell your box to members after installing everything you need. Since not all members are experts, not one box each: one in ten is enough to offer an account to another nine. Let's say the most geek.
What would happen? Well, it would happen that not all subscribers would buy it, but since subscribers know each other, five or six people could make their own pod with Pleroma and split those 10,000 people (who are now on the single social center server) into something like 1000 pods. different. And as if that weren't enough, those pods don't keep logs.
Of course, it would be the geek on duty who buys the box, attaches it to the router, and at most (if the router is old and does not support UpNP) will have to configure the DDNS and port forwarding by hand. There is. Then he invites, say, ten friends he knows personally.
Eh, that's wrong. For the ideals of the "anarchist / Leninist / whatever social center" it would be PERFECT, but the ministry loses the ability to track 10,000 people in one fell swoop. If, on the other hand, we sell boxes to 1000 people, you have to enter all of them, and perhaps discover that they DO NOT keep the logs.
You can rest assured that, in this case, the "anarchist / Leninist / whatever social center" will say that it is much better to be 10,000 on a single server: the advice exactly reflects the ministry's need to get as many IPs as possible from a single server.
And it is for this reason that the Mastodon servers of the social centers reach, in the most extreme cases, 10,000 users. And that's why they do NOT do anything to push selfhosting.
Another case are those instances of 500,000 users that I see around. Heck, did you just say you're there to escape MASS surveillance, and then you build infrastructure that would release BIG MASSES of logs in case of leaks? Seriously?
It does not take long to understand that behind these large (and expensive) instances there is a donation campaign, even anonymous, and it does not surprise us if some donors ask to provide the logs from time to time: they are cute little people in uniform. . And NSA has a lot of budget.
And so they will do two things:
- if they write the software they will make it so difficult and expensive to deploy and maintain (see the Matrix / Signal case) that selfhosting cannot be done "in the box".
- if they limit themselves to maintaining the request, they will be careful not to finance themselves by selling "boxes" with "the easy request" inside, to spread the "Word".
and in this way they hinder selfhosting. As it happens, some "anonymous donors" will appreciate.
I hope I have explained. I know I was long-winded, but the subject in my opinion was better examined.
Who does NOT recommend selfhosting is not a "privacy hoplite" he thinks he is. He is just one who is trying to lure you onto his instance. Because the NSA and the interior ministries have a lot of budget, and the budget is nice.