Just came up with my father again.
He blames me that mother forgot her phone’s and Google password because I recommended against it being a word.
I mentioned encryption, “not necessary unless you’re doing something illegal”.
When mentioning lack of privacy with targeted advertisements, he said that he actually really likes them, because he bought a couple of things he wanted for years.
I don’t really have good arguments.
2 big things for me.
First is that everyone, and I mean absolutely everyone has something they want to hide. People assume “I’m not a violent person or a criminal” except yes you are, and you’ve done something. A great example is everyone in the US speeds, absolutely everyone. Does that mean you want every office to know every instance of you speeding if you get pulled over? So, yes everyone has something they’d rather not say.
Second is more of an example of you should be allowed to go places without everyone knowing. The example was about 5 years ago police used location data to find a person who broke into someone’s home. Problem is that the location data they used returned one person who happened to be on that street around the same time. They were riding their bike down the street. To the police they had the person there, they had proof, it was good enough. Except it wasn’t, and he obviously wasn’t the person they were looking for. Location data put him there though, and sold him out. So maybe not the best thing for whoever to know exactly where you are at any given time.
As for encryption, ask him for his porn history. If he gets upset, just say “why it’s not illegal”
but, I agree with the other person. If you’re dad is like mine and countless others, you’re not fighting against him but propaganda. If that’s the case, you aren’t going to win this. The only winning is turning off the source.
I wouldn’t say everyone speeds as not everyone even drives. The biggest thing for me is that even if you don’t have something you’re ashamed of it could still be something you could be targeted for, like political views, disability or gender identity etc.
If I was to answer that type of argument, I would consider those:
- why do you close the door of the bathroom when you use it?
- Can I watch you fuck?
- Show me your last income declaration
- Give me your credit card
- Why do you wear clothing?
- Why do you lock the door of the house?
but I tend to ignore people using the “I have nothing to hide” argument
Also: why does your wife, mom, daughter close the bathroom door? Do you watch your mom or daughter fuck?
That persons opinion of privacy would affect other people too.
I just be direct.
The people making this argument have already built an implicit stage in their mind where they’re talking about when authority is trying to investigate you for being “one of the bad ones.”
They’re not “counting” personal privacy in this context like modesty and personal private space.
I just say “Because when the long arc of history swings the other way like it has for thousands of years, do you want your scary, blue-haired antifa boogymen to have the power to investigate you and your personal life and habits?”
If it’s a male conservative, you can have great success with “So if someone says they need to check your hard drive for every image and video you’ve ever looked at, you’re fine with that? I know a guy who can immediately restore every file you’ve ever deleted.”
Sometimes they turn white.
“arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” -Edward Snowden
I posted the following somewhere else recently:
“nothing to hide”
Secrecy and privacy are two different things.
Secrecy is hiding something you don’t want anyone to know because it’s “Bad/illegal”.
Privacy is acknowledging that it’s none of ANYONE’S business where you put gas in your car, what route you drive home, what brand of underwear you buy, what kind of music you listen to, your eating habits, etc…
The more you are ok with data being collected, the more data they will try to collect until finally your life isn’t yours anymore.
You don’t close the bathroom door because you’re doing something illegal, you close the bathroom door because it’s none of anyone’s business and you aren’t interested in being watched.
Our personal data is valuable and holds power over us. Unfortunately it’s only been recent decades that this concept REALLY started to sink in and unfortunately big corporations figured it out a little quicker than we did
I’m reminded of a story I heard about a woman in South America (I don’t remember the country.) Her best friend attended a protest one year. She makes a post on Facebook about supporting her best friend. A few years pass, and the government started becoming more and more authoritarian. Finally, she gets a visit from the police, asking about her ties to her best friend, and is threatened with arrest unless she can prove she’s not tied to the protest as well.
I’m probably getting some details wrong, but it’s a thought that stuck with me. She didn’t have anything to hide at the time. But things change, and you can’t always predict what you’ll have wish you had kept private before.
“Why do you shit with the door closed? What are you doing there, drugs?”
Surprised I didn’t see this quote yet:
“Ultimately, arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” ― Edward Snowden
“I need privacy not because my actions are questionable, but because your judgement and intentions are.”
While targeted advertisements may be nice because it’s only showing you things that they think that you’ll want/need/like, the other side of surveillance based advertising is surveillance pricing.
Surveillance pricing analyzes massive troves of your personal information to predict the price you would be willing to pay for an item—and charge you accordingly. Retailers can charge a higher price when it thinks you can afford to spend more—on payday, for example. Or when you need something the most, such as in an emergency.
https://www.eff.org/deeplinks/2024/08/fight-surveillance-pricing-we-need-privacy-first
“If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.”
Cardinal Richelieu
Compare it to free speech. Saying you don’t need privacy because you have nothing to hide is like saying you don’t need free speech because you have nothing to say. Eventually, through no fault of your own, there will come a time when you have something worth saying or hiding, and you will regret having surrendered your right to do so.
Another way to put it is: I don’t need privacy because my judgment and intentions are shady, but because the authorities’ judgment and intentions are, or one day will be. Allowing the authorities to invade your privacy and suppress your speech diminishes your ability to hold them accountable.
I’m going to be real. I was part way through an explanation before I deleted it. What you are dealing with sounds like a situation where you simply won’t win by using logic. To continue to labor under the presumption that a good and logical reasoning will have an effect is just going to stress you out and achieve nothing.
Google password because I recommended against it being a word.
IT nerds help me out here, but I’ve been under the impression that the best defense against brute force attacks is a very long password, and the idea of sprinkling in special characters or numbers is outdated. Something like “iwenttothestoreandboughtabirthdaycake” is a more secure password than “$6jds_*WghP6”.
edit: Also the mantra to never write down any passwords is more of a workplace piece of advice. I personally think, and this would probably be helpful for older people, that writing down passwords in a notebook which is kept secure in their home is pretty safe. Short of a home invasion, that notebook is safe, and having it can encourage them to diversify their passwords on different accounts. So, if you are going to keep at the issue, taking an angle of using something they are more comfortable with like a paper notebook is going to be accepted more easily than trying to sell them on a password manager or something.
It doesn’t even have to be that long. 12-16 characters and it’ll be infeasible to brute-force for the foreseeable future. But unless you’re talking a high-value target like government, military, or executive suite at a company, no one bothers to brute-force anyway because there’s easier ways to gain access.
The biggest issue with password security is reuse and sharing. The most secure password in the world doesn’t mean a damn thing if you use the same email/password combination across a hundred different websites, because all it takes is for just one of them to suffer a leak and now your credentials are in a dump with millions of others that can be bought for a song and a dance.
This is why it’s imperative to use 2FA for your most important accounts, because it can mean the difference between an attacker getting access and hitting an error page and trying the next poor fucker’s credentials instead.
But also, no one wants to try to remember a hundred different unique passwords so it’s also a good idea to use a password manager. Chrome and Firefox both have them built-in (note that Firefox stores passwords unencrypted on disk unless you set a master password!), but there’s also services like OnePass or Bitwarden that have stronger guarantees.
While being aware that leaking passwords and reusing them is a major risk, I was just asking about the construction of the password as it relates to being attacked directly.
But also, no one wants to try to remember a hundred different unique passwords so it’s also a good idea to use a password manager.
Absolutely. I recommended the notebook approach only because I think people of a certain mindset would be more open to it than a password manager, even if it isn’t as elegant of a solution. At the end of the day it still diversifies passwords. I’m vividly picturing my mom throwing a fit any time a doctor or other office wants her to fill out a form on a tablet instead of paper.
Bitwarden sold keys recently. Chrome and firefox are the same product now and neither should be allowed to hold anything important.
If you can’t get keepass going, I second pen and paper.
Bitwarden sold keys recently.
Source?
Chrome and firefox are the same product now and neither should be allowed to hold anything important.
Source?
Is there something that would perhaps also work on Android? Also, how do you move the passwords from password manager into the fields? My problem with clipboard is that anything can read it. Of course, that means there has to be something to exfiltrate the data, but 1 problem is better than 2.
Most of those password managers are also available on android, and automatically clear the clipboard after 30 seconds.
But that’s a bit like plugging a leak when the tanks empty. If they managed to get a tool onto your device to read the clipboard, what else is there to get? They’ll almost certainly have a key logger installed as well, if not a full backdoor.
And that’s assuming they’ll even go through the effort of installing anything and not just using ransomware to brick your device.
The first thing about security is knowing who you’re defending against, and you’re not defending against targeted attacks by nation states (if you as an individual are, you’ve already lost). Your main adversary is spray-and-pray “script kiddies”, maybe the occasional private actor.
Clearing the clipboard also makes it less likely that you’ll accidentally paste your password in a text box somewhere when you meant to tap “Copy” and missed.
I was thinking of Android, and whatever some apps may be doing. They should already be pretty limited in what they can do, so it might be forced to just read the clipboard from time to time and hope you don’t notice (android now shows pop-up when something reads clipboard).
Password managers on Android (and frankly all platforms) actually try to avoid using the clipboard. They prefer the auto-fill service, which is intended for applications just like this. Unfortunately this isn’t working in all cases, but you can also set your password manager as a keyboard (temporarily), so it can directly input a selected username/password without anyone else seeing it.
Examples where I know this is the case are open source keepass options (Keepass2Android, KeepassDX). But I’d assume bitwarden and the like also work this way.
Keypass has apps which supposedly support autofill (I’ve never bothered with setting them up because I hate using a phone), but it might go through the clipboard. You can also set it to clear the clipboard so its at least not just sitting there indefinitely.
As far as I know, the thing is that randomly chosen words will be more secure because there’s simply too many words. However, sentences will be more predictable. And a single word will give quick access to someone with a sufficient wordlist.
Honestly, I don’t remember what exactly my recommendation was, just that I recommended against something quite simple (common word), and that she shouldn’t tell me or anyone else what it is.
Edit: but I am not a professional, so don’t use me for advice.
The difference for random Vs chosen sentences is when brute forcing a password (short of a few common or predictable sentences) the attack works by trying out combinations of different words randomly (if they’re even that advanced in the first place instead of using characters). That means any sentences you come up with, based on 3 things in the room, are so unpredictable that it doesn’t matter that they aren’t truly random.
You can also change the space characters. Use - then _ then + and repeat:
Instead of
iwentshoppingformilklastsaturdayuse can usei-went_shopping+for-milk_last+saturday. The amount of variables are just too high for it to truly matter.Now all you need to deal with is the banking login being so poorly designed it only allows a max of 8 characters or BS like that, in which case you’ve lost before you even started.
in which case you’ve lost before you even started.
And once I came across even better limitation. “Only English characters and numbers are permitted. Passwords are case-insensitive.”
OK, the last one wasn’t actually mentioned, but I just found out the case didn’t matter either.Yikes, you just know those are stored in a file called
passwords-donotsteal.txt…The fourth largest bank in America, Wells Fargo, has cases insensitive passwords
Word based passwords are (typically) not more secure, but they’re easier to remember than random text, which makes them more secure than the lesser alternative, but not more than the better alternative: just as long, but fully random text stored and generated by a password manager. You’re right that substituting text with numbers or symbols is bad, those are easily cracked. But fully random text with symbols and numbers is the best.
Why? Badly remembered passwords are often reused and written down, sometimes even on the computer itself, in emails, chat software, text files. And any password created by a person inherently will fall victim to shortcuts, as humans are often just not as creative as you might hope, there’s patterns. Common words might be used, too little words might be used. With a dictionary attack that checks common words, the entropy of such passwords can become drastically smaller to the point they can be cracked very quickly, and you have to be aware of that constantly when using words. Using uncommon words or more difficult words can prevent that, but that’s typically not what people do, when “password123” is the best they come up with otherwise.
A notebook at home would suffice, but it’s not great for the same reason as word based passwords. A password manager can create passwords that are guaranteed to be entropically complex passwords that can’t be cracked basically ever. There’s no guessing, no shortcuts to take, no human laziness to slip in and curse the password to easy cracking. And it does so uniquely for every login you have. That’s essentially unbeatable.
A notebook at home would suffice, but it’s not great for the same reason as word based passwords.
I’m aware. I’ve explained it elsewhere, but having dealt with irrationally tech adverse older people myself, I’ve learned sometimes decent solutions they’ll actually use are better than great ones they’ll resist. I’ve found that any new software, like a password manager, no matter how user friendly and logical is treated with suspicion and disdain.
I gotcha, yeah then it’s probably better for them. As other people in the thread explained, it should save them from most crackers that just give up if the password isn’t cracked easily.
For my parents I save their passwords into my password manager whenever I set stuff up for them after learning the hard way several times.
Ask them to share the usernames and passwords to all their bank accounts. If they refuse to, just turn the nothing to hide logic back on them.
Ask them to unlock their phone and give it to me. If they have nothing to hide from me, then they truly have nothing to hide from anyone since I probably dont hold power over them (nor do I care to).
If they say yes, I show them that im going through their photos, location history, browsing history, texts, emails, all the usual suspects for surveilance. If they’re ok with all of that, then by God they truly have nothing to hide.
If they say no, I ask them why. Try to let them find the answer for themselves.
Most just refuse, which is a good reminder to them that everyone has some secrets to keep. Even if they’re completely innocuous.
I think this is why the privacy argument has never worked on me. I have just let whoever go through my phone cause what’s the worst that’s gonna happen? You see my 100k+ unread emails that are pretty much all spam that doesn’t get filtered, my porn tabs, and texts to my gf about Sonic the Hedgehog? I only have a password on my phone cause when I didn’t it somehow pocket dialed the police and they came to me at work annoyed that I wasted their time.
Granted that was an older phone, but I ain’t ever risking that one again.
That’s why you ask for things like PIN numbers or bank passwords. Things people are constantly being told not to share.
I mean mine are the same things I’ve used for everything. My PIN is the same 4 numbers I’ve used for everything that asks for a 4 digit code dating back to when the PS2 would ask for one when watching movies. My bank password is the same except with an extra number copied cause they wanted a 5 digit code on the app (I think for the website it’s also just the same password I’ve been using since I made my first ever website account on RuneScape).
If you’re wanting details like routing numbers or whatever, can’t really help you there. Every time I’ve been asked for that info I go to the bank and get it, put it in whatever asked for it, then throw the paper away. Someone could probably dig in my trashcan or the trash of the carwash I go to and steal the small amount of money I have, but I don’t really care.
OK, now give your phone and wallet access to anyone on the net.
Including the government, that other government, Kim Jong Un, a pimply broke teeneager in some failed ex-soviet state who doesn’t extradite to your place, Mike the Pervert (not allowed within 100m from any other living or recently deceased human by a court order), Mario NotAMobstero and Ranjin who works for $2.50/h in a scam call center.
Not really sure how to give them my phone when they’re nowhere near me. If they came up and asked, I probably would tbh.
You do realise it is not about the physical phone, but what you do / have on it? That’s why I said access, and on the net.
My physical device is worth what, $50 with the half dead battery and all the scratches.
My bank and savings account is worth quite a bit more, and my non-felon status, citizenship of a (for now) democratic country and my private and professional reputation are as well.
See mine isn’t worth all that much. I have barely anything in my bank account and I’m pretty sure all of my account info for so many sites have been posted somewhere. My work offered one of those privacy services for free and within a week or 2 I was told they found stuff on the “dark web” or whatever. I’ve been told that for years and nothing ever comes of it cause what do I got worth taking?
I don’t know about you, but:
-
I have some money. Not much, but I’d like to keep it, because food and rent is kind of required.
-
I don’t have a criminal record, and I would hate it if someone used my identity to commit crimes. At the very least, doors and lawyers are expensive.
-
Figure out how to simulate and scam me and a few million other dudes like me, and you have pretty good chances of getting elected here. That stuff is happening in all major elections now, and the results are, well, I assume you read the news.
-
I would really hate it if you send my detailed porn habits to my boss and my grandma. At the very least my boss would think I’m an idiot and don’t deserve a job working with computers and expensive machines.
Bonus argument:
I’ve been told that for years and nothing ever comes of it cause what do I got worth taking?
I’ve known people who drive without a seatbelt for years, and they haven’t died yet.
I got a feeling if either of my bosses saw my porn history, they wouldn’t really care. It’s ultra vanilla cause I’m boring like that and it doesn’t affect my ability to pull around cow carcusses. And if you’re gonna tell me to just show them, I’d get fired for having my phone anywhere near them. The place is ULTRA strict about having no phones anywhere near the work floor. Only allowed in the locker room and break room. I have seen people get fired on the spot for taking a quick 1 second peek at their phone when they had nothing to do at that second.
The other stuff is still just things that don’t bug me. Like I said, I have basically no money and could honestly care less about getting hauled off to prison for something. I guess I just never really valued my life all that much. I value it enough to keep living (despite what my thoughts keep telling me), but not much beyond that. Helps that nobody depends on me for anything.
-
If they’re ok with all of that, then by God they truly have nothing to hide.
Now start deleting everything or maybe sending some texts
That’s not making an argument for privacy, that’s being a jerk.
Yes it is, luckily I was joking, but having a bad password, technically that can happen
Give me the man and I will give you the case against him is a saying that was popularized in the Soviet Union and in Poland in the period of the People’s Republic of Poland, attributed to the Stalinist jurist Andrey Vyshinsky,[2][5]: 200 [6] or the Soviet secret police chief Lavrentiy Beria.[3][4] It refers to the miscarriage of justice in the form of the abuse of power by the jurists, who could find any defendant guilty of “something”, if they so desired
You can find just about anyone guilty of something if you have access to everything they do/say
When mentioning lack of privacy with targeted advertisements, he said that he actually really likes them, because he bought a couple of things he wanted for years.
“It’s ok that we’re being spied, it lets people better take my money on stuff I wanted anyway”
Richelieu had them beat by 400 years:
“If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.”
Cardinal Richelieu
Everyone’s got something to hide.
For example, I like to keep my credit card number secret from criminals.
