@[email protected] wanted to know, should you expect privacy in public places?

Before I answer that, I would like to give my genuine thanks to everyone who responded in my previous post where I asked you for some controversial privacy topics. You did not disappoint, and I'm glad I will be able to cover them!

This question is a bit complex, depending on how you ask it. The answer also largely depends on what you believe. If you believe that privacy is a fundamental right, then privacy should be expected no matter where you go. If the question is "Can you expect privacy..." versus "Should there be privacy...", the answer changes dramatically.

Is there currently privacy in public spaces?

In many places, there is little to no privacy when you walk out the door. With Ring doorbells latching on to every home like a parasite, or security cameras clinging to the ceiling of every store you walk inside, surveillance is everywhere. This section won't cover whether or not surveillance is moral/ethical/justified, but either way surveillance infringes on privacy. Even with no surveillance cameras, Sarah-from-down-the-street is always on a video call with her bestie.

Saying "privacy in public" is a bit of an oxymoron, since no matter what you will always give up a little privacy the moment you walk out the door. Things you do privately in the bathroom are simply not allowed in public places.

Should there be more privacy in public spaces?

Now may be a good time to clear up a common misconception. What is privacy? Privacy does not mean obscuring every detail of your life. Privacy is the ability or choice to share or hide information about yourself. That is why surveillance cameras infringe on privacy: You have no control over what they record, who has access to those recordings, and what those recordings will be used for.

That sort of answers the question, too. If you believe privacy is a fundamental right, then there should be an expectation of privacy in public spaces, and so a reform needs to happen.

What are the real effects of privacy in public spaces?

People act differently when they know they are being surveilled. See the Panopticon for an experiment about that. It has negative effects, whether people realize or not.

@[email protected] told a story that I particularly love:

"Just last week, my partner and I were on a long hike. No one was around us so to loosen our muscles we started dancing like goofballs on the trail only to look up and find a drone hovering in the shadows recording us. I was embarrassed, but my partner is a very private person and was really upset. [...]"

When they expected to be in a secluded, private space, they freely expressed themselves. The moment they realized that someone had been watching, they became embarrassed or upset, like a switch had flipped. That is the real affect surveillance has on us. We express ourselves less freely, we conform to rules without question out of fear. Surveillance becomes a form of oppression on a wide scale.

I even have my own anecdote. I once took a trip to a small town. When I got there, I subconsciously looked around for security cameras. I do that to gauge how much privacy I currently have. I then noticed that I couldn't see any obvious security cameras. I stopped and looked around harder. The town had not a single security camera in sight. I have almost no way to describe the sense of calm and relaxation that washed over me. It felt like someone giving you a massage after being stressed all week, or finally being honest with everyone about a secret you've been keeping. It was such a nice feeling to walk around a town privately.

Why do we have surveillance?

The main justification for these surveillance measures is to prevent crime. It makes sense intuitively, if you have an eye on every corner you can catch any criminal easily. However, it ignores one massive flaw: criminals will always find a way to do things privately. If you make privacy illegal, it doesn't change anything, because criminals won't follow the law anyways.

I have my own quote about this, that I love very much: “Unjust laws only burden the just, as the lawless will not heed them.” Removing privacy only hurts the people who will follow and abide by the rules. You're removing the privacy of the good people, while the criminals will program "illegal" software to achieve privacy. Giving privacy to everyone means that, yes, it makes criminals' jobs easier, but it means we can shift to actually solving the problems that cause the crimes in the first place. "The best way to conquer bad ideas is with better ideas, not by suppressing ideas." - Naomi Brockwell

"The optimal crime rate is not zero. We can't burn down the entire world just to stop somebody from stealing a pack of gum. The cost is too high. There is a percentage of crime that is going to exist. It's not ideal, but it is optimal." - Nick We need privacy for a free society. Surveillance is not the answer for fighting crime. There are ways to combat crime without infringing on privacy.

Is blurring your house on the map unreasonable?

This question is another one brought up by @[email protected]. Blurring your house is a way to achieve some privacy, and in that scope, it is good to do. However, as @[email protected] points out, it could cause someone to do the opposite and start looking closer into why your house is blurred. That's called the Streisand effect.

Site note: I find it hilarious why the Streisand effect is named how it is. The story goes that Barbra Streisand tried to hide her place of residence by suppressing a photograph that had made it to the public. That, of course, had the opposite effect, drawing more attention to the photograph and her residence. Then, even more attention was drawn, because the Streisand effect got named after her and the very same image is now plastered on Wikipedia.

Unfortunately, blurring your house on the map doesn't provide much privacy, since the organization who photographed it still has a clear picture of it. It doesn't stop the surveillance. It's not unreasonable to blur it, though. You should still want privacy against the Streisand effect. The best solution would be a quiet legal take down of the images altogether.

I have another story to go along with this. I got a job, and it was later revealed in conversation to me and my coworkers that our boss likes to look up everybody's address on Google Street View. Everyone was uncomfortable with that, but our boss saw no issue with it. This is a legitimate case where blurring your house is a good idea. Sure, people may try to ask you why it's blurred, or try to look up pictures on other sites like housing retail, but it still prevents (frankly, creepy) bosses from snooping at your home.

Conclusion

Privacy is a fundamental part of our lives, and surveillance infringes on that. We should all do our part to gain what privacy we can, because every bit of privacy you gain now is freedom you will have in the future. This was a lot of fun to write, and I thank @[email protected] and all of you for your suggestions. I will continue to tackle each of the topics asked in the previous post one by one.

Thank you for reading!

\- The 8232 Project

>We Need New Troops > >You might remember a few months ago I interviewed Phil Zimmermann, the creator of PGP, which became the most widely used email encryption software in the world. > >Phil and I spoke about the war against privacy in the early '90s. When Phil published his PGP code as free, open-source software, he wanted to help people protect their privacy. For this, the U.S. government investigated him for three years, claiming he was effectively trafficking munitions. > >Phil fought the government alongside a group of hackers and cryptographers known as the Cypherpunks, who stood firm in their belief that privacy is a fundamental human right. Phil laid out this argument in his essay titled Why I Wrote PGP, where he explained that without the ability to communicate privately, democracies slide into autocracies: > >> “The need for protecting our right to a private conversation has never been stronger. ... Ordinary citizens and grassroots political opposition groups need to protect themselves against these emerging autocracies as best as they can. If an autocracy inherits or builds a pervasive surveillance infrastructure, it becomes nearly impossible for political opposition to organize, as we can see in China. Secure communication is necessary for grassroots political opposition in those societies. … >> >>PGP is good for preserving democracy. If privacy is outlawed, only outlaws will have privacy.” > >These early battles, known as the First Crypto Wars (where "crypto" is short for cryptography), were won, and individuals were once again able to exercise their right to privacy in the digital age: > >>“It has been a long struggle, but we have finally won, at least on the export control front in the US. Now we must continue our efforts to deploy strong crypto, to blunt the effects increasing surveillance efforts on the Internet by various governments. And we still need to entrench our right to use it domestically over the objections of the FBI. PGP empowers people to take their privacy into their own hands. There has been a growing social need for it. That's why I wrote it.” > >This essay was written in 1999, and while the battle may have seemed won-and-done at the time, we have since found that it’s ongoing. > >Today, there is a massive assault on privacy, with hidden code in our apps tracking our activities, governments skirting checks and balances by purchasing vast amounts of data from brokers, and the normalization of surveillance creating a dangerous complacency around the loss of privacy. > >Phil Zimmermann has since realized: > >>“We are going to need fresh troops.” > >Learning From Battles of the Past > >We won’t win unless we inspire others to join our cause. During the First Crypto Wars, people were galvanized by rallying cries from pioneers like Phil Zimmermann and manifestos written by Cypherpunks like Tim May and Eric Hughes. > >I can’t possibly expect to reach their standards, but I have tried my hand at writing a manifesto. My hope is that it might contribute, in some small way, to encouraging people to join us. > >I have also soft-launched a new institute—a nonprofit dedicated to helping people maintain their freedom and dignity in the digital age. I haven’t officially announced it yet (you’ll hear more in the coming months), but our board of advisors is packed with inspiring Cypherpunks who fought these early privacy battles, including Phil Zimmermann himself. > >This manifesto may seem intense in a world where surveillance has become normalized. But we need to shift the Overton Window back to a place where individuals are empowered in their own lives. As Phil said in his essay, “There’s nothing wrong with asserting your privacy.” > >Here it is. Tell me what you think. > >The Priv/Acc Manifesto > >A new force is rising in the digital age, a force to reclaim what has been quietly stolen: privacy. > >We are the Privacy Accelerationists—driven by a simple conviction that privacy is not optional, but essential for personal freedom. Surveillance capitalism, government overreach, and the culture of data extraction corrode our ability to live freely, think independently, and interact with trust. > >The future of privacy is no longer something that can be delayed, debated, or dissected. It must be accelerated—now. The pace of intrusion is relentless; our response must be swifter still. The tools to protect privacy—encryption, decentralized networks, and privacy-enhancing technologies—already exist. But only decisive action can ensure these tools are put into the hands of billions. > >We are not radicals for desiring privacy, but because we understand that privacy is power—liberation in a world that seeks to control us. Privacy is rebellion. In a society where thoughts, desires, and behaviors are commodified for control, privacy becomes the means by which we reclaim our lives and identities. > >The systems of surveillance—corporate, governmental, and societal—are intertwined, feeding off each other in a symbiotic cycle. But as history shows, even the most entrenched systems are vulnerable to revolution. Cryptography is that revolution. Anonymous transactions, encrypted communications, decentralized data: these are not just theoretical tools but the foundations of a new era. > >Governments and corporations will attempt to stop us, justifying endless data collection with claims of “efficiency” or “security.” They will argue privacy is unnecessary in a world where transparency is a virtue. They will say, "If you have nothing to hide, you have nothing to fear." > >We reject these premises entirely. Privacy is not about hiding—it’s about choice. The choice of what to reveal, to whom, and when. Without privacy, there is no autonomy; without autonomy, there is no freedom. The acceleration of privacy technology is our only path forward. >We do not oppose technology—we champion it. Our fight is against the hijacking of technology to strip away privacy and autonomy. We assert our right to navigate the digital world without the oppressive gaze of surveillance. By embracing technology as a tool for empowerment, we can restore control over personal information to where it belongs—with the individual. This is our moral imperative, our stand for a future where freedom and technology coexist. > >The systems of control thrive on complacency and apathy. We are here to disrupt that cycle. We will accelerate the adoption of privacy-enhancing technologies—not as a slow reform, but as a revolution. Code is our weapon, and knowledge our shield. We build not for governments or corporations, but for people. > >Privacy is the cornerstone of an open society in the digital age. To build that society, we will work with cryptographers, developers, activists, and everyday users. We will create networks that resist censorship, tools that ensure anonymity, and communities that defend privacy at all costs. > >We will not wait for permission. We will not apologize for defending our right to exist unobserved. We are not products. We are not data points. We are free individuals. > >Join us, or stand aside. Privacy will not wait. > >Onward. > >Privacc.org

Two weeks ago, I made this post. The goal was simple: I wanted to dig into the details of Chromium and Firefox to see if the claims that Chromium is more secure than Firefox are true or not. You'll notice I also started turning that post into an update log, but only one update got released. There is a reason for that. Life suddenly got extremely busy for me, I could barely make time to continue researching. However, during that time, I spent a lot of time thinking about the issue. I tried breaking down the problem in a million different ways to find a way to simplify it and start from the ground up.

I came to a conclusion today, a realization. I have no way to put this gently: I cannot conclusively determine which one is more secure. This will upset many of you, and it upsets me too considering I maintain my own list of software that relies on only providing the most secure and private versions of some software. I need to explain why there cannot be a solid conclusion.

I managed to collect many sources to be used for the research. A lot of the information is parroting this article which, despite having many sources, fails to provide sources for some of the most crucial claims made there ("Fission in its current state is not as mature as Chromium's site isolation" has no source, for example). My favorite source is this Stanford paper which I think does a great job at tackling the problem. The problem I noticed is that a lot of privacy advice is given from an echo chamber.

Think about what privacy advice you like to give, and think about where you heard that. A YouTube video? Reddit? Lemmy? Naomi Brockwell gives a lot of advice that stems directly from Michael Bazzell's Extreme Privacy book, as I found out after reading it. Her videos about convincing people to use Signal are paraphrased passages from the book itself, which has a whole section about it. People touting Chromium as more secure than Firefox, or that the Play Store is a more secure option than F-Droid or Aurora Store, often get their information from GrapheneOS. I've never seen anyone research those in depth.

The point I'm trying to make is that a lot of privacy advice is circular reporting. I'm certain that if Michael Bazzell and GrapheneOS were to provide sources as to where they got their information (they rarely do, I checked) it would come to light that it boils down to a few real sources. GrapheneOS, no doubt, likely has inspected at least some part of the Firefox codebase, but Firefox is rapidly changing, so any sources that used to be true may not be true today.

FUTO Keyboard and GrayJay get recommended often because of Louis Rossmann, but HeliBoard and FreeTube (or NewPipe) were options long before those pieces of software. The reason the former became so recommended over the latter is simply because people used a popular figure, Louis Rossmann, as a primary source. It then became an echo chamber of recommendations and best practices.

That doesn't mean the claims of Chromium being more secure are false, but as a researcher it is very hard to credit something that doesn't provide any primary sources. In the eyes of a researcher, GrapheneOS's word holds just as much weight as a random internet user, without any proof. I see it play out like this: A source like GrapheneOS or Extreme Privacy makes a claim, secondary sources such as GrapheneOS users or Naomi Brockwell present this information without providing the sources, the general privacy community sees both, and begin giving the same recommendations on Reddit or Lemmy (sometimes with sources), and eventually the privacy community as a whole starts presenting that information, without any primary sources. Even if GrapheneOS, Extreme Privacy, or Louis Rossmann provided no research or direct comparisons, their word is taken without question and becomes the overarching recommendations in the privacy community. They each gained credibility in their own ways, but there should always be scrutiny when making a claim, no matter how credible.

The main reason why I cannot give a concrete conclusion is this: the focus on the article was to compare Chromium's Site Isolation to Firefox's implementation, however there are too many variables at play. Chromium may be more secure on one Linux distro than another. Debian is an example. Firefox supposedly has worse site isolation on Linux, but then how does Tails deal with that? It's based on Debian, so does that make it insecure for both browsers? Tor is based on Firefox ESR, which is an extended support release with less security, but Tor is also deemed a better option than Chromium browsers for anonymity. Isolating iframes doesn't really affect daily use, so is it really necessary to shame Firefox for that? Some variants of Firefox harden the browser for security, but some variants of Chromium (such as Brave Browser) try to enhance privacy. No matter what limits I set, how many operating systems or browser variants I set, there is no way to quantify which one is more secure.

"Is Chromium more secure? Yes, under XYZ conditions, with ABC variants, on IJK operating systems. Chromium variants XYZ are good for privacy, but ABC Firefox variants are better at privacy..." The article would be a mess. The idea for the article came because I was truly sick of the lack of true in-depth sources about the matter, and so I wanted to create that. I now realize it was a goal that is far too ambitious for me, or even a small group of people. Tor and Brave give different approaches to fingerprinting protection (blending in vs. randomizing), and there's no way to directly compare the two. The same goes for the security of each. There is no "Tails" for Chromium, but there is no "Vanadium" for Firefox. There's no one to one comparison for the code, because some of it is outside of the browser itself.

I regret making that initial post, because it set unrealistic expectations. It focused on a problem that can't tell the whole picture, and then promised to tell that whole picture. At a point, it comes down to threat model. Do you really need to squeeze out that extra privacy or security? Is someone going to go through that much effort? You know how to spot dark patterns, you know not to use privacy invasive platforms. Take a reality check. Both Chromium and Firefox are better than any proprietary alternatives, that's a fact. Don't bother trying to find the "perfect" Linux distro or browser for privacy and security, because you already don't use Windows. Privacy is a spectrum, and as long as you at least take some steps towards that, you've already done plenty.

Be careful next time you hear a software recommendation or a best practice. Be careful next time you recommend software or a best practice. Always think about where you heard that, and do your own research. There are some problems that are impossible or infeasible to solve, so just pick what you feel is best. I really am sorry that I wasn't able to provide what I promised, so instead I will leave a few of the sources I found helpful, just in case another ambitious person or group decides to research the matter. Not all of these sources are good, but it's a place to start:

GrapheneOS responded to my requests for a comment after this post was made, here: https://lemmy.ml/post/22142738

https://www.cvedetails.com/version-list/0/3264/1/

https://en.wikipedia.org/wiki/Site_isolation

https://madaidans-insecurities.github.io/firefox-chromium.html

https://news.ycombinator.com/item?id=38588557

https://seclab.stanford.edu/websec/chromium/chromium-security-architecture.pdf

https://grapheneos.org/usage#web-browsing

https://www.reddit.com/r/browsers/comments/17vy1v5/reasons_firefox_is_more_secure_than_chrome/

https://www.wilderssecurity.com/threads/security-chromium-versus-firefox.450867/

https://forums.freebsd.org/threads/why-im-switching-from-firefox-to-ungoogled-chromium.87878/