Visualizing Privacy and Trust in the Digital Age

We live in a complicated world.  The rapid advancement of electronics and computerized tools is matched only by our reliance on them.  These tools bring with them faster and (in theory) more secure methods of communication.  One of the problems I often find when speaking with the average person about protecting one’s privacy is their ability to visualize what it is they’re being told.  I wish to attempt to bridge the gap between a complicated topic and you, the reader.

When taking the deep dive into concepts such as communication protocols and cryptography, it can be easy to get confused and lost in the maze of terms and specifications thrown around by others.  I find that in order to get your footing on the topic, it is important to take a step back and understand communications in a more abstract way.  Once someone can do so, they can make connections which they were not able to previously.  

One useful way to accomplish this is considering a similar concept that’s been around that is more tangible.  I’m certainly not the first person to propose the idea, but I find the analogy of sending a letter to be fitting.  In the “old days”, when you wanted to send someone information, you would do it by sending a physical, paper letter.  A letter has a few different parts.  It has a message, typically on a piece of paper inside an envelope.  It also has the envelope itself.  The basic function of the message is to contain information intended for a given recipient.  The envelope is mainly intended to shield the letter from eyes other than that recipient, as well as contain some necessary information to allow the letter to arrive safely at its destination.

When the letter is (I keep wanting to say was…) originally sent, it was sealed (so that the envelope couldn’t be opened without it becoming obvious that it had been).  It was then handed off to a mail carrier who would take it to one or more sorting facilities or distribution centers, until a carrier closer to the addressee would finally deliver it.

What is important to think about in this example (and it’ll make sense why I’m breaking this down shortly), is that sending data electronically has similar points through its journey where it is out of your control.  The difference being that a digital packet of data is transferred so quickly that it can seem more like magic than that it is traveling along a specified route.

This route IS understandable, and I’m going to attempt to explain (again, in abstract terms) how it works.  When you send some digital information from a computer or other internet connected device, it is packaged up in different ways depending on the method you send it (SMS, Email, Instant Message, etc).  Imagine these differences being comparable to mailing a letter versus mailing a postcard for example.  In the example above, it was a mail carrier handling your communication – and here it is servers, local networks, firewalls, and ISPs handling and delivering things down the chain.

Each of these stops along the route is a potential point of interception.  When we talk about security, we’re talking about the ability of the “envelope” or communication standard’s encryption methods to properly protect the data being sent.  When we talk about privacy, we get into such things as trust – a question to ask yourself when analyzing your data’s security is, “can each point in that route one that can be trusted to relay my data without it being compromised or read by an unintended third party?”

If for example, you are sending someone an email using a public Wi-Fi connection, many of these points of interception are higher risk, because the network is not one in which you are in control.  Naturally, things in your control you are more apt to trust.  One reason I spend so much time researching and discussing tools like a VPN, is because such a tool can help you to send that letter of yours in a proverbial lockbox.  That is to say, the method in which you contain and seal your message is much stronger (in theory) than a potential adversary at any of the points of interception ability to break.

Hopefully this helps visualize something that might otherwise be complicated in a more simple way using an example that by itself is easier to understand.  This is one of the reasons I so highly stress company ethics and am quick to distrust a company that is inconsistent with their own terms, or participates in questionable partnerships – if you can’t trust a company to be straightforward with company policies and responsible operation, how can you trust them with the points of interception that you’re placing in their care?

(Note that the purpose of all of this is to explain some basics, but I should mention that of course no one tool for security is perfect, and complete trust should never be put into a tool you rely on for privacy and security.  A determined and sophisticated adversary will use many methods to attempt to compromise your communications, but as always, layering your security and being smart are a good start.)

How to Loosen the Noose of Anti-Privacy Tech Companies

Recently, companies like Facebook and Google have been seeing an increase in scrutiny.  Such companies thrive on the ability to collect and sell their users’ data, and fear the spotlight being shined on them – as it poses a risk to their operations.  At this point, enough light has been shined that anyone paying attention with half a sense of privacy turn 180 degrees from them and run the other direction.  The point of me writing this isn’t to list off the countless ways that these companies abuse their users (I hesitate to say customers), but rather to explain how YOU can help influence change in the technological landscape, at least in time.

Read more

So You Want to Take Back Your Privacy

Written January 22, 2019

Many of you may not be aware of this That One Privacy Site’s origin.  For those who aren’t: a few years ago I got serious about my privacy and while moving away from proprietary software and services, I started moving towards using FOSS ones (VPNs being a large and trouble-infested corner of this realm).  Through my own search for answers where privacy was concerned, I did a lot of research, specifically in the realm of VPNs.  I decided to share my results to help others, and what resulted was the start of a snowball.

Read more

The Next Big Step(s) for That One Privacy Site

Written Dec 6, 2018
A few years ago, my desire for privacy grew and I started trying to change my digital habits. During this transformation, I discovered the need to opt out of unlawful mass surveillance using such tools as encryption, including a VPN. As is my personality, I wanted to thoroughly research the technology and the market before I made my selection on a service. At the time, I made a chart in Google Spreadsheets as I started my search, which over the next two years, spiraled into multiple full blown comparison charts and guides, today. If the feedback and attention the project has gotten means anything, many others have been able to use these tools as they have started down their same rigorous path of research.

Read more

A Belated April Fools Day Joke: SIMPs for Safety

Some Background: I originally wrote the below blog post intending to use it as an April Fools Day Joke.  When I showed it to a couple of people to read it early, I got feedback that it would be too subtle and could go over the heads of people who would then react badly.  Rather than making it more heavy handed and absurd to avoid this (and therefore ruin the tone I was going for), I decided to forego it all and go with a joke Twitter Poll, insead.  I still wanted to use it and hopefully put a smile on people’s faces, so I’m posting it today, a day after April Fools.  Enjoy!

Read more

PayPal is a Kafkaesque Nightmare

“Hey, TOPG, what the heck?  You’ve been off the radar for a couple of months, when’s the next review?”  Quick version – “Life has been hectic (in part due to what you’ll read below)” and “hopefully in the next couple of weeks”.

Read more

ProtonVPN Review

Disclaimer: The below review is my opinion, which I will try to provide as many examples for and as much evidence as possible to support.  Readers can learn more about how I conduct my reviews, my methodology, etc – here.  More information on review badges here.

This review’s roll was #3 (at the time of the roll, ProtonVPN)

Read more

TunnelBear Review

Disclaimer: The below review is my opinion, which I will try to provide as many examples for and as much evidence as possible to support.  Readers can learn more about how I conduct my reviews, my methodology, etc – here.  More information on review badges here.

This review’s roll was #10 (at the time of the roll, TunnelBear)

Read more

Mullvad Review

Disclaimer: The below review is my opinion, which I will try to provide as many examples for and as much evidence as possible to support.  Readers can learn more about how I conduct my reviews, my methodology, etc – here.  More information on review badges here.

This is the first VPN review in which I’ve let my Patreon supporters choose the service I will be taking a look at.  For those who are unaware, patrons supporting That One Privacy Site at the $5/month level or higher are able to nominate a service in between reviews that use open-to-all nominations.  Normally this would still involve a random selection, but as I currently only have one patron at this tier, their nomination wins by default, lucky them!

Read more

OpenSSL 1.1.1 Audit Fundraising

Updated Apr 26, 2018

Around this time last year, I helped the OSTIF spread the word about a fundraiser for an audit of OpenVPN, a critical tool for our privacy.  This year, they are going above and beyond the scope of last year’s successful drive, and are now beginning to fundraise to audit an even MORE fundamental software toolkit – affecting not just our VPNs – but almost everything that uses encryption online – OpenSSL.

Read more