I’m deeply concerned about the future, everyone I know is using non-free software and firmware, and relying on SaaS like ChatGPT. These companies are collecting and storing our thoughts and personal data, and I suspect they’re sharing it with agencies like the NSA. Our cell phones track our every move, listen to our conversations, and record our activities. Google probably logs our search history forever, and Windows can access all of our files. Non-free firmware and the Intel Management Engine can even spy on us, capturing our screen activity and keystrokes. Cameras watch everywhere you move. It’s a daunting battle to fight, and it’s disheartening to see that even when we try to discuss these issues, many people are quick to dismiss our concerns. What are your thoughts on mass surviellence?

  • simon@slrpnk.net
    link
    fedilink
    arrow-up
    8
    ·
    6 days ago

    If I try to do the threat modeling, I guess I’m seeing three levels:

    1. Intelligence agencies. They probably have access to all possible data about you. Don’t make them your enemy. Hopefully they never turn evil in your country.
    2. Large technology companies. They make the infrastructure like phone operating systems, stuff that you can’t get around on the modern internet like Cloudflare, etc. They can be affected a little bit with legislation like the GDPR but only to a matter of degrees. But at least they have reasonably good security so you don’t fully lose control of your data. The worst thing they will do to you is to try to convince you to buy stuff, which isn’t all that bad.
    3. Smaller or non -tech companies that just are not competent enough to keep your data secure. They will use dependencies that spy on you, like Google Analytics or android app creation frameworks that inject location tracking. An online pharmacy that is using Facebook scripts and thus shares all your medical purchases with Facebook or elsewhere. A lot of this would be illegal but it is hard to find out and enforce the law about, and it’s like a whack a mole game. It’s hard to know where your data goes and it is probably being sold to whoever wants to pay. For example, local police buying location data from data brokers (worth double checking but I think this actually happens). Since there is no limit to who can access the data, this is more worrying. But for these things, you kind of have the big tech companies on your side. Browsers and phones tend to have built in tracker blocking these days. And you yourself can choose to be careful about what software you run from this category.

    My point is that we should be clear about why we are concerned about the future. Who is the threat and how could they use your data against you? Breaking it down and pointing to a clear harm will help people around you understand why you are concerned.

    • MajorHavoc@programming.dev
      link
      fedilink
      arrow-up
      2
      ·
      6 days ago

      You make some great points.

      For anyone having trouble wrapping their head around doing this analysis for themselves, I’ll share mine:

      1. I seriously doubt my personal operational security (OpSec) has kept my own federal government out of my business. I might be one of the few people who could have a chance, but I’m not interested in spending my energy that way.

      I like to think my OpSec has kept foreign governments out of my affairs, but I’m honestly not sure. I know my government’s rules, because I read my local laws. There’s a lot of governments whose rules-of-engagement I don’t even know what are, and I’m confident that some of my “someone could probably” conspiracy theories are science fact somewhere in the world. Guessing which/how/when is a lot harder, than just suspecting/assuming I’ve missed something.

      1. I’m confident that my OpSec is good enough that large corporations know that I exist, but are confused about me. I like it that way because I’m 90% sure they’re colluding to keep my salary lower, and that pisses me off. Thankfully big corporations aren’t motivated to do much more than make it inconvenient for me to evade their net.

      2. I’m less confident about smaller businesses, honestly. Like anyone, I use a local dentist and barber. I didn’t choose my dentist or barber for their Cybersecurity practices.