Privacy and security

Continuing from A serious suggestion for Fedora contributors passionate about privacy - #40

On a separate note, I think it is also important to separate privacy and security.

While there is overlap, there are many things which increase security while decreasing privacy and vice-versa.

EDIT: To be totally clear, this was comment made in reference to another discussion. I wasn’t intending to start a debate on the difference between privacy and security.


Maybe I just lack imagination, but what would you consider an example where one has to trade privacy in the name of security?

Well, authorization often depends on authentication — often, that actions are taken by a real individual. This may include real name, phone number, location, and even biometrics. I’m not sure offhand where that might apply at the Fedora OS level, but it’s certainly a concern with software supply chain.

Anything that exposes identity as part of increasing security. For example:

  • Multi-factor authentication using your phone number
  • A VPN technology that leverages a fixed endpoint or IP address
  • Something that scans your applications for vulnerabilities by submitting data to a centralized service
1 Like

The terms sometimes get used interchangeably and differently depending on context, but it really sounds more like a discussion about anonymity vs security rather than privacy vs security.

1 Like

In the context of the internet, I would argue that anonymity is a critical component of privacy. I don’t see how you could separate them.

You added this one so my initial reply is a bit out of sync, but the above quoted is an example of an implementation choice to send information to a centralized service rather than a technical requirement to provide said security.

I am not sure about that. What about the situation in which you can’t make use of the service unless you send the data such as some of the AI-based scanners?

That is an implementation choice the service is choosing to make, whatever their underlying motivation(s).

But that is irrelevant to the user of that service. The user has a choice. Either use the more advanced service(decreasing privacy) or don’t use it(decreasing security).

If you send me your contacts and your emails I can better provide phishing protection to you, but that’s hardly the only way such a service can be provided.

There can be situations(and are) where “a service” can increase security if it is provided more information or uses resources that are not otherwise available which decreases privacy.

While you could make an argument that there are other competing services that don’t require it, that doesn’t mean the effectiveness of those services is equal. As an individual, I also may not have access to them.

Again, it was just an example, there are countless more.

That being said, I think we are driving the conversation down a rat hole at this point.

If you’re going to make an assertion even going so far as to claim there are countless examples, don’t be surprised or annoyed if someone asks for a concrete example of one.

For me they go hand in hand and come down to this: if I think I’m being monitored, I can’t be myself. One of the reasons I left Microsoft Windows was because I had this constant feeling of being watched, this feeling that every mouse click, every keypress, was being recorded, analyzed, and data extracted from it to be used against me in the form of ads and other invasive practices.

I know in the IT world, security and privacy do overlap, and are different things, but for me, that’s what it comes down to: do I feel secure and safe enough to be myself on my machine, or do I have to walk on eggshells lest I catch the attention of my overseers?