Slashdot Log In
How to Convince Non-IT Friends that Privacy Matters?
Journal written by mmtux (1240828) and posted by
Soulskill
on Sun Feb 17, 2008 12:28 PM
from the you-can-trust-the-internet dept.
from the you-can-trust-the-internet dept.
mmtux writes:
"As technology becomes more advanced, I am increasingly worried about privacy in all aspects of my life. Unfortunately, whenever I attempt to discuss the matter with my friends, they show little understanding and write me off as a hyper-neurotic IT student. They say they simply don't care that the data they share on social networks may be accessible by others, that some laws passed by governments today might be privacy-infringing and dangerous, or that they shouldn't use on-line banking without a virus scanner and a firewall. Have you ever attempted to discuss data security and privacy concerns with a friend who isn't tech-savvy? How do you convince the average modern user that they should think about their privacy and the privacy of others when turning on their computer?"
Related Stories
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Easy (Score:4, Funny)
How to convice a non-Christian that Christ matters (Score:5, Insightful)
Talk to a dentist. You'll hear a whole lot about how important it is to floss your teeth for 15 minutes a day. A fitness nut will tell you how you need to exercise an hour and a half a day. The house painter told me I should wash the house once every 3 months to preserve the paint. A mechanic friend told me to check my car's oil every week. etc etc.
Most people just don't have the time/energy to do everything they're told so they ignore most advise.
Parent
Re:How to convice a non-Christian that Christ matt (Score:5, Funny)
Parent
Re:How to convice a non-Christian that Christ matt (Score:5, Insightful)
I would interpret that to mean that you need to choose your advice carefully. The best thing my dental hygienist ever said to me was, 'Floss while you're watching TV.' It was a perfectly simple and eminently practical piece of advice, and made me a flosser for the first time in my life.
<obShamelessSelfPromotion>I've been writing a series of columns about the issue of online privacy in a local weekly newspaper. Living as I do in a developing nation, I need to put things as simply as possible. Here are the last three:
Parent
No! That won't work (Score:5, Funny)
Oh, btw I've also been using the same passwords for 16 years.
Parent
Re:No! That won't work (Score:5, Funny)
Oh, btw I've also been using the same passwords for 16 years.
Parent
The nuclear option (Score:5, Funny)
rj
the general rule... (Score:5, Insightful)
If your friends want your expertise they will come to you and ask. If you offer it unasked-for, they will probably never ask and will go to someone else.
Probably better to talk to them about your other mutual interests. That way you get to keep your friends...
Parent
Re:the general rule... (Score:5, Insightful)
On the other hand, when you see someone unknowingly driving toward a cliff, you don't wait until they ask for your advice to tell them. The submitter here is trying to help them about a problem that they seem not to have really grasped. I have had the same conversation as the OP with people. I can usually get it past the stage of treating it seriously, but come up against the wall of "there's nothing I can do" or simply that it appears to require effort to protect against.
It's something I'm still working on.
Parent
Re:the general rule... (Score:4, Insightful)
Fuck that.
It's not OK, it's never been OK, and it shouldn't be OK any more.
How do we get non-IT workers to care about privacy? We don't. We watch them pay the price for not caring. We watch them get their credit wrecked, lose their homes, get driven into homelessness. Then we buy their houses from the bank at fifty cents on the dollar.
When enough of those retards figure out that it's a problem, and they should do something about it to avoid losing their homes like the guy next door, they might come to us and ask for help. At which point we charge them an arm and a leg for our services, or tell them to go out and figure the stuff out like we did. (Look at that schmuck with his SS number all over tv advertising his service. All they do is call the credit agencies every three months to renew a lock on new credit applications. Everyone is capable of doing it, but they're lazy. So he's cashing in on their laziness. Capitalism at its finest.) The information is all available, you just have to look for it.
Stupidity should be painful; ignorance should be expensive. If they want to learn, good for them; if they don't, fuck em.
Think I'm exaggerating? Five years ago I bought a house. I could have gotten one of those oh-so-tempting ARM loans and had a lower payment for the last five years. I got a 30-year fixed rate loan. My payment will never go up. It will always be the same unless I choose to change it (with a refinance or some such.) My house was more expensive than it would have been otherwise, because all these retards said "HURR LOW PAYMENT RIGHT NOW HURR" and demand went up, driving prices up. Now, all these morons are losing their houses, because they didn't read their contracts. All they saw was a $900 payment on a $250,000 house and their eyes glazed over. So, people are losing their homes, prices are falling because supply is up and money is harder to borrow, which makes MY house worth less!
I don't care if your stupidity only affects YOU. I start caring when it affects ME. People who suffer identity theft because they were idiots regarding IT security only hurt themselves. Why should people who understand voluntarily help these people if it's clear they won't help themselves? EVERYONE is capable of understanding the concept of a secure connection, of not putting your personal information on the equivalent of the front page of a newspaper. If they don't want to understand it, fuck them.
Parent
Re:the general rule... (Score:5, Funny)
Parent
Re:the general rule... (Score:5, Insightful)
Parent
Re:the general rule... (Score:5, Insightful)
Parent
Re:The nuclear option (Score:5, Funny)
Parent
Wireless (Score:5, Interesting)
A friend loves his wireless laptop. We encrypted router communication at both homes. Explaining why encryption is needed led to an explanation of the dangers of handling financial transactions while wandering NYC -- that any open router could record everything including passwords and perform man-in-the-middle attacks to bypass SSL. Anybody willing to capture his information could; expecting those people not to use the information maliciously seems silly.
Once those dangers were understood, my friend was eager to hear about more insidious problems such as government policies (telecommunication recording), other insecure devices (iPhone), and deliberately open websites (Facebook).
Parent
Re:Wireless (Score:5, Informative)
It's that sort of misinformation that makes it hard to take valid privacy concerns seriously. How exactly would a router bypass SSL?
You could spoof DNS to redirect all requests to your own HTTP server, and you could dynamically fetch pages from the far end to convincingly fake the remote website. And while you could generate SSL certificates on-the-fly to make it HTTPS, those certificates could only be signed by a certificate authority you control, which is not one that's particularly likely to be present in the target's list of trusted authorities.
It's almost like the people designing SSL thought that the entire route between the two communicating hosts might be insecure -- including the first-hop router -- and therefore provided verifiable, end-to-end encryption and authentication that did not rely (at least at communications time) on resources beyond what is stored or can be generated on those hosts.
Beyond that, any authentication and encryption technologies that would commonly be considered secure by knowledgeable users -- SSH, Kerberos, most VPNs, etc. -- can provide similar guarantees. They all provide verifiably-secure authentication from any endpoint, even if the entire route is hostile, and even if the endpoints have bad DNS, untruthful routes, or totally fake traffic.
It's worth time teach someone the difference between HTTP and HTTPS, but pretending that SSL only works over trusted routers is counter-productive at best; if people feel there's no safe way they can use in the Internet they'll either give up on the Internet or give up on safety.
Parent
Re:Wireless (Score:5, Insightful)
If only we could actually trust the browsers...
Parent
Different meanings of "privacy" (Score:5, Insightful)
I say focus on the most critical issues, like not clicking stupid links, using IE, or falling prey to phishers. Nobody wants his bank account emptied.
Re:Different meanings of "privacy" (Score:5, Insightful)
His friends are probably likening this constant warning and paranoia to "drugs are bad" and "if you do that, your going to hell". I'm not surprised that it is having much the same effects- people not caring about what the crazies tell them.
Parent
Re:Different meanings of "privacy" (Score:5, Insightful)
For instance, my mom told me she didn't understand what the big deal was about the government listening in to our conversations because "the terrorists want to kill us." She has nothing to hide, and I understand that, so I framed it in a way that matters to her. Basically, I told her why the FISA laws were enacted to begin with (history lesson). The massive corruption that was possible if this information got into the wrong hands and how it harms society. It took time, and we ended up talking about a lot of things, but I was able to explain it to her in a way she understood and she could agree with. The end result was that not only did she learn why certain laws were import and why they were enacted, but she also could make a personal connection with them eg. they mattered to her instead of being some abstract concept.
Fear is not a proper tool for education. You're living in a country where only about 20% of college graduates can find Iraq, Israel, and Saudi Arabia on a map of the globe (in the middle of a war). Most people lack even basic information on any given issue partly due to our educational system (government likes stupid people) and partly due to lack of time (busy people shop instead of voting or educating themselves). Give them the information in a format they can understand. If they become fearful because someone could empty their bank accounts, tell them what to do in a rational, calm manner that will keep them safe. That way they know you're not trying to persuade them (and you shouldn't be). You're trying to education them.
Parent
Simple! (Score:5, Funny)
Btw, don't forget to post the links to us.
http://www.justfuckinggoogleit.com/ (Score:5, Insightful)
Re:http://www.justfuckinggoogleit.com/ (Score:5, Funny)
"Hey, what's a pretty girl like yourself doing on a google results page like this?"
Parent
Re:http://www.justfuckinggoogleit.com/ (Score:5, Funny)
Parent
Some are actually opposed to privacy (Score:5, Insightful)
Re:Some are actually opposed to privacy (Score:5, Insightful)
I do have many things to hide. Everyone does. Those things aren't necessarily bad.
Parent
Re:Some are actually opposed to privacy (Score:5, Interesting)
Ask them if such cameras can be fed straight to their insurance companies. Most people will write off things about random strangers, 1984 style government stuff, etc, as paranoid. If you can get them in the "It could raise you insurance rates..." angle, though, they listen much more often.
Direct financial motivation usually works better than theoretical effects...
Parent
Re:Some are actually opposed to privacy (Score:5, Insightful)
I actually ended up using the cameras in your bathroom-angle with a local right-wing politician who was pro-CCTV everywhere and his reply was that he didn't have any problem with it since he trusted the government wouldn't want to look at him or anyone else going to the bathroom unless they were suspected of criminal activity. He seemed to be very suspicious of me being pro-privacy (suspicious as in "What is it you want to hide? are you some kind of a drug dealer?"), I guess some people just don't get it until they or someone they love get locked up for "exhibiting behavioural patterns indicating intent to commit a crime" or something like that...
/Mikael
Parent
Re:Some are actually opposed to privacy (Score:5, Informative)
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=998565 [ssrn.com]
Parent
Re:Some are actually opposed to privacy (Score:5, Interesting)
I was sued in federal court for violating someone's right to privacy (06-cv-01164, D. Minn). I posted their photo on my website, and they sued to get it removed and get damages. I represented myself, had a trial Nov. 5th, and the verdict was issued last Friday. I won. Yes, I demonize the person who sued me over his exaggerated privacy concerns, which led to a baseless federal lawsuit that tried to quash my free speech rights. Their exaggerated privacy concerns were not harmless.
I've posted about this litigation on Slashdot before, but the verdict is in now so here's the URL again: Gregerson v. Vilana [cgstock.com]
The plus side of sharing private info on the web: I got to know my wife only after seeing her photo on her geocities page, scoping her out to see what the stranger [cgstock.com] from the other side of the world, who emailed me asking for a .pdf file, looked like (her formal writing style made her seem middle-aged, but her photo showed she was actually much younger, and we started corresponding).
I posted my own medical information online 10 years ago, which has since helped other patients. I posted info about my late brother's illness, also to help other patients, which it seems to have done. If you reply to this post and attack me over my health problems, or my deceased brother's illness, I don't think that exposes me as a bad person -- it exposes you as a jerk. If you won't hire me because of these things, I -- me, personally -- am OK with that.
Parent
Re:Some are actually opposed to privacy (Score:5, Interesting)
Before WW2 the European Jews used the same argument that anyone was allowed to know they were Jewish when they allowed the registration of their religion. They were (sort of) right then, but we all know what happened in WW2, where the nazis made 'good' use of this registration.
You do not know who will use your data for what purposes. I read once that for every proposed law, before accepting it, one should imagine what his worst enemy would be able to do with it if he (the enemy) got the power. Wise words, in my opinion.
Parent
not much really (Score:5, Insightful)
it's like warning a girl that her new boyfriend is an @sshole.
tell her once, but after that she just has to learn on her own.
most people just don't care until it bites them.
Re:not much really (Score:5, Funny)
rj
Parent
Re:not much really (Score:5, Informative)
Watch someone else pee on the fence. Point, laugh, never do it yourself.
Parent
identity theft (Score:5, Funny)
As a true friend, the best thing you can do to encourage friends to take privacy seriously is steal their credit card info, buy yourself lots of nice things, steal some deeds and sell their house and cars. Sell their personal info to advertising companies, and send any material that documents your friends doing some suspicious or potentially illegal activity to the local authorities.
a few years later when they get out of jail and get their financial life back together, they won't take privacy for granted ever again.
Of course, there is no reason to let your friends know that it was you, who so lovingly taught them this valuable life lesson.
Start with the most obvious and ubiquitous (Score:5, Insightful)
Email. Everyone uses it. Or some variation of it, such as SMS for the younger crowd.
Point out to your non-IT friends that sending an "email" is NOT like sending a "letter". It is like sending a "postcard". Any number of people you might not know can see the entire contents of your message along the way -- plus they can keep a copy of each and every one of those messages forever.
To take the analogy further, if they really want their "email" to be in an "envelope", use encryption!
I don't (Score:4, Interesting)
And to Captain Splendid and his friends, who will surely once more come along asking why I don't publish my home address and phone number here so he can come stare at me, it's because in the presence of rampant hypocracy that thrives untroubled by the transparency I hope to see one day, singling myself out makes me vulnerable in a way that systematic transparency would not. There is a difference between negotiating a unilateral disarming, which is how I view this effort, and throwing down your guns first and getting shot in the head, which is what you're suggesting I should do.
Re:I don't (Score:5, Insightful)
Better is this: keep public decisions and the processes leading to the decisions public (except when doing so would break privacy), and then keep the rest private, except by choice of the participants.
The problem with complete public disclosure is not that your actions might be damning so much that it is that it can be cleverly twisted into something of the sort, and that these distortions very easily attain a life of their own.
Parent
Access Control (Score:5, Interesting)
And there are lots of personal details we're not ashamed of that we nevertheless would like to not be public. Vacation plans ought to be private from stalkers, ex-girlfriends, that really annoying friend from college who lives one town over from the hotel, etc. My sex life is nothing to be ashamed of, but nobody but my partner has any right to know about it.
Ultimately, privacy is not about secrecy, it's about personal sovereignty: who gets to say what people have what information about my life?
Lot's of hard work (Score:5, Insightful)
No one really wants to be 'that guy' in the circle of friends. You know, the one that's always soapboxing about some sort of social injustice, evil corporations, or whatever. However, that's more or less what you need to do, because people MUST understand what is at stake when our rights to privacy are taken away.
Now, you can help your friends understand how their privacy is seriously at risk without being an asshole. It just takes time, and perseverance. I have alot of friends who have very uninformed political opinions. It's rude to just lecture them every time the subject comes up, but there's nothing wrong with speaking the truth to your friends in a palatable, positive way.
The more you mention issues of privacy, and the more well-informed YOU are about the issue, the more it will create top of mind awareness for them. In time, they will see your point. They will encounter a loss of privacy in their own lives, and because you were such a well informed friend, they will have the ability to make the mental connection. You really are doing them a favor.
Conflating too many Issues (Score:5, Interesting)
First, the problem of formerly private information that your friends have willingly made public, either because of convienience (information given to a website that they use for shopping) or on a social networking website.
Second, the private information that they are unwittingly making public, or leaving themselves at risk of making it public.
Third, that governments may be helping themselves to information thought to be private.
The first is a cultural difference, the third is out of your control, and the second is the really important one. You aren't going to win the debate on the first one. We've seen this debate before, on anonymity for BBS users, later on the rise of cookies. On one side were the forces of good, arguing that these changes were very real invasions of privacy and made your computer do things you didn't know it was doing and wouldn't want it to do if you did know. On the other side was convenience. It sucks to have to log in to slashdot every time I open a new browser window. It's kind of nice that Amazon can make recommendations to me. Cookies let that happen and the public debate, for what it was worth was won pretty handily. Now, that doesn't mean that companies started using cookies as an outgrowth of the democratic will of internet users. It just means that the level of outrage was muted over cookies enough for image conscious companies to get by with using them.
the same thing is going on w/ facebook/myspace/etc. The tables may turn on them (and will probably turn on facebook soonish), but for now we like the fact that others can see our name/face/job/school more than we dislike that these things are no longer private. Part of that outlook comes from the fact that we are limited in imagination. We see facebook one screen at a time. We can't look at people who aren't in our group (I think, haven't used it in a while). It takes a non-trivial amount of time to look through information. Consequently, we see that as the ONLY way to grab data from facebook. We don't connect (or at least the non-IT ppl) the fact that someone broke down anon/aggregate survey data from aol and netflix to get private information automatically. We don't think about scraping programs that read sites like myspace/facebook and correlate names and zipcodes with other sources of inoformation on the web.
The last part of this failure of imagination is that there is a cost to privacy. If I want my personal information to be private wholly from facebook, I can't be on facebook. Relatively speaking, that is a large cost. There is no 'maximum privacy' level for facebook where you can post pics of you and your friends and make comments and it won't be recorded somewhere. That product doesn't exist.
Ok. I won't touch on the third point because that is a flame war waiting to happen. Needless to say, it is out of your direct control.
The second point. My advice is be direct when the situation calls for it, but don't bother when it doesn't. If you are out at a baseball game, don't strike up a conversation like "Gee bob, I noticed that your password for your computer is 1 2 3 4 5 and that you sure do have an awful lot of sensitive info on there. Don't you think that you ought to change that?".
And then just tell them to get a mac. If they aren't security conscious enough to get a virus scanner while running windows then they really should be using an OS that does everything for them.
A bit of misinformation helps sometimes (Score:4, Insightful)
I use decent passwords, and keep info that could be used to harm me to a minimum. I don't put a message up on Facebook saying how excited I am to have just bought a $750,000 new house and $37,500 new car or and here is my address and the key is under the doormat.
This was my boss's and her children's attitude prior to my employment. I'm the IT guy so of course I ended up fixing their PC when it got riddled with spyware/virii/worms/etc. When they asked me what those programs did I put the fear of God into them. I had them so scared they were on the phone changing bank passwords, switching from using "1132" as a password to something 16 digits long, deleting more private info off of places like Facebook etc.
Yes I stretched the truth about the dangers of the apps they had managed to be infected with but they are a hell of a lot better now. They shred mail and those fracking "you've been pre-approved!" credit offers.
They didn't get burned but I made them think like they narrowly dodged a bullet and they are better for it.
Loaded question? (Score:4, Insightful)
Does privacy matter? The poster presumes it does, but somehow is unable to think of any reasons. If privacy REALLY mattered to him, he could think of reasons why it mattered and then tell them.
What I think is that the poster is one of those people who latch onto an idea without ever fully realising why. Instead of just flapping out that privacy is important and then wondering why nobody seems to "get it" is useless. First ask yourselve why YOUR privacy is so damned important, then you will have the answer you can tell to others.
But don't just take a position and then look for arguments to convince others. That works for a debating club where you are given a topic, not for persuading people to do something you care about.
Re:Simple answer... (Score:4, Insightful)
We'd have that real anonynimity still, if people gave a damn about it and valued it instead of pissing it away for the sake of convenience. And no, this is not how humans have always lived. For most of human history, it used to be that knowing very much about somebody was a difficult and expensive undertaking, as you would have had to actually physically observe them and follow them around and investigate them. It was something you did not do without a reason. Electronic transactions plus modern databases mean that this has become far easier and therefore more widespread. A few companies have more market control and a few governments have more power, but the average individual has nothing good to show for this. That is the problem, and you are in denial.
Parent
Re:Simple answer... (Score:4, Insightful)
Perhaps you should reserve this opening statement for something less preposterously moronic than "For most of human history, it used to be that knowing very much about somebody was a difficult and expensive undertaking, as you would have had to actually physically observe them and follow them around and investigate them."
Before the rise of large cities and mass transportation, it was an expensive luxury to live in a way where you *didn't* know the intimate details of your neighbors' lives. You didn't have to follow them around -- there was no place for them to go!
Parent
Re:Simple answer... (Score:4, Insightful)
Knowing where I am, who I'm with, what I'm doing, what I think about that, etc. is something that I don't mind the general public knowing most of the time. Being contactable for all that time via IM/phone/whatever is generally kosher too (although of course I'd rather not be contacted by marketers for any of this - would like advertisements and marketing banned).
I realise that not everyone is part of this new "open subculture", and that the deep privacy advocates certainly exist in fair numbers, but I'm not alone.
Parent
Re:Simple answer... (Score:4, Interesting)
Not to quibble, but before censuses and technology humans were generally anonymous up until the 1870s (varying country by country). Sure you knew your neighbors, but it wasn't quite hard to move to another town and change your name or publish works anonymously without a good way to track you. Many great works were actually published anonymously over the centuries that were often critiques of the powers that be or society in times when their life or limb was threatened.
The internet has provided some persons a way to speak out since anonymity has been repressed by the powers that being during the 20th century in many totalitarian governments.
Secondly, it isn't far fetched that someone given what you buy at a grocery store could target you in someway or another. They wouldn't do it on an individual basis but imagine if a "pro-dolphin" group saw that you were buying tuna from a questionable company and then targeted you by exposing you name on a list on their website.
Parent
Re:Well, the following approaches are hit or miss. (Score:5, Interesting)
No, because in the case of privacy, people are constantly trying to pry into each other's business. Speaking personally, I have had it confirmed at least once that an email sent to me had been maliciously faked in order to manipulate me, and I have had some circumstantial evidence that someone was reading email conversations I had with someone else. I've been approached by people who know that I am a programmer, and want to know if I could "hack into" someone else' email account so that they could read through it. This stuff isn't about the boogeyman government, it is about ordinary people who actually do have no respect for the privacy of others.
Here's another angle to consider: sometimes, a message is easily misinterpreted when read by an uninformed party. When I was in Junior High School, I was once accused of plotting to blow up the school because of a note I had written to a friend, which had been misread by a teacher who found it after class. It isn't so uncommon. There are a dozen different situations like this, where some message is ambiguous and should only be read by someone who is fully informed on the context.
Parent
There's no better way...to lose friends (Score:5, Interesting)
Parent
Re:very simply (Score:4, Funny)
~~~
Parent