Thursday, June 2, 2022

Noting to hide means you have nothing to fear?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

"I have nothing to hide so I have nothing to fear." is something often said by those ignorant of how the world works when topics like encryption or mass surveillance come up. This statement bothers me on a deep level because of how incorrect it is, how dangerous it is to everyone including themselves, and how often people believe it when they hear it. It's dead wrong, allow me to explain why. For this I will over simplify slightly.

I've been using a system called OpenPGP for email and file encryption and signing to ensure confidentiality and integrity of my communications. The system works about as well as can be expected considering all the functions that it handles and all the difficulties of making it work across any medium. The main issue with my system is that if I am the only one in the group who uses OpenPGP, then it's as if I am not using it at all. I understand that not everyone cares about their security enough to do anything about it... but I feel it is time we collectively move on from the lazy state we are in and start to take responsibility for our own security.

First issue with this idea is that you do actually have things that you want to keep private... even if you do not realize it. Would you want everyone, or even just any one person to personally rifle through your entire history? Every page you have visited, every click/tap you made, every single word you wrote to anyone (including the embarrassing rant you wrote and deleted that you do not agree with anymore), and the entire contents of every device you own? Most people would cringe at the idea since we all have data we would rather not become public record... and yet, this is almost what happens to your data every day.

You may agree with your government today, you may think that anyone who wants to keep data secret is "hiding something"... as if privacy itself were a crime. I do not agree however. In order to have freedom, you must first have privacy, you must be free to be yourself in private without being on display for anyone. Or would you prefer to live in a house made entirely of glass (including bathrooms and bedrooms)? You also have to remember that governments (especially democratically elected ones) tend to change politics quite frequently... next election you may not be so eager to hand over all your personal data to them.

 Your data is valuable, using just the data on a single device a person owns, I could piece together the vast majority of any person's life... with scary precision. I am one, single, individual man, I have only good intentions, and I do not have the funding of a large company or government... If I can track down someone based on a few files, imagine how much more effective someone that has government resources can do...

If someone is able to observe all your internet traffic, emails, messages, social media private messages, etc. then they can build a really accurate picture of who you are and anything else they want to know about you... including who you *ahem* had relations with last night.

You do have something to hide. You may not think you care if a faceless government is passively harvesting your data... but that is only because you do not know precisely how personal that data really is. You should not feel bad about having things you want kept private... we all have things we prefer to keep confidential, this is part of why we have things like doctor-patient confidentiality, or doors on bathrooms and bedrooms. Even if by "nothing to hide" you mean that you are not in violation of the law, well, you are in violation of at least one law today... there are so many laws that you don't know about that you have violated several without realizing it... several times per day. And even if you somehow managed to memorize the entirety of your nation's law and managed to never violate any of them... you still have things to fear. Data about you is often used by criminals to steal your identity, or blackmail you. And what a government might do, whether by mistake or by choice is even more damaging than anything a cyber crook can dream up.

I do not wish to stir your fears. I merely grow tired of the statement "I have nothing to hide so I have nothing to fear" because it's false on both the "I have nothing to hide..." part and the "...so I have nothing to fear" because you do have things to fear even if you had "nothing to hide" and you do have things to hide just like every other human on this planet. When you hear this statement, it is usually someone who is either very ignorant of what really happens in the real world and in cyberspace, or this person is super lazy and prefers to bury their head in the proverbial sand rather than take the tiny amount of time and effort to become more private. I hear this statement all the time from people when the topic of why I am using OpenPGP comes up. A scary number of people do not realize how much of their life is available to anyone to snoop through... even if they are not Google or Amazon... and then they assume that anyone using encryption must be "hiding something". I would like to remind them that literally every good website these days uses encryption that is remarkably similar to OpenPGP in order to secure the channel between them and the website.
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQTdEHZzdRj88+sPHs2DGTsp04R9UwUCY9YEFQAKCRCDGTsp04R9
U+9sAP9hrrq+CNH2pHW+c+gqeAgpMJ6KDe4G0AU/dEGWaFRJIwD9Ff9TMv1ZhQnw
CvR/nHM/i2XNxS7TtRgUd+EsGi8qQQw=
=5WFZ
-----END PGP SIGNATURE-----


Latest Post

Steam on Linux Mint Cinnamon

Most viewed