I'm deeply concerned about the future, everyone I know is using non-free software and firmware, and relying on SaaS like ChatGPT. These companies are collecting and storing our thoughts and personal data, and I suspect they're sharing it with agencies like the NSA. Our cell phones track our every move, listen to our conversations, and record our activities. Google probably logs our search history forever, and Windows can access all of our files. Non-free firmware and the Intel Management Engine can even spy on us, capturing our screen activity and keystrokes. Cameras watch everywhere you move. It's a daunting battle to fight, and it's disheartening to see that even when we try to discuss these issues, many people are quick to dismiss our concerns. What are your thoughts on mass surviellence?
It's a daunting battle to fight, and it's disheartening to see that even when we try to discuss these issues, many people are quick to dismiss our concerns.
You said it all.
Whether we like Richard Stallman or not, we cannot deny that it started (in part) with the "I don't care" and the denigration of free software.
Education systems around the world have failed to promote free software as an IT basis and vigilance against proprietary software lobbies.
My opinion is that after being conditioned by their environment most people have already given up on their privacy, so mass surveillance does not bother them that much...
I'm . . . against it? Is this a trick question? But just in case it isn't: don't buy products with cameras and microphones and network connectivity built into them.
Also keep your online life completely separate from your real life. That means NO personal info on line. At all.
If I try to do the threat modeling, I guess I'm seeing three levels:
Intelligence agencies. They probably have access to all possible data about you. Don't make them your enemy. Hopefully they never turn evil in your country.
Large technology companies. They make the infrastructure like phone operating systems, stuff that you can't get around on the modern internet like Cloudflare, etc. They can be affected a little bit with legislation like the GDPR but only to a matter of degrees. But at least they have reasonably good security so you don't fully lose control of your data. The worst thing they will do to you is to try to convince you to buy stuff, which isn't all that bad.
Smaller or non -tech companies that just are not competent enough to keep your data secure. They will use dependencies that spy on you, like Google Analytics or android app creation frameworks that inject location tracking. An online pharmacy that is using Facebook scripts and thus shares all your medical purchases with Facebook or elsewhere. A lot of this would be illegal but it is hard to find out and enforce the law about, and it's like a whack a mole game. It's hard to know where your data goes and it is probably being sold to whoever wants to pay. For example, local police buying location data from data brokers (worth double checking but I think this actually happens). Since there is no limit to who can access the data, this is more worrying. But for these things, you kind of have the big tech companies on your side. Browsers and phones tend to have built in tracker blocking these days. And you yourself can choose to be careful about what software you run from this category.
My point is that we should be clear about why we are concerned about the future. Who is the threat and how could they use your data against you? Breaking it down and pointing to a clear harm will help people around you understand why you are concerned.
For anyone having trouble wrapping their head around doing this analysis for themselves, I'll share mine:
I seriously doubt my personal operational security (OpSec) has kept my own federal government out of my business. I might be one of the few people who could have a chance, but I'm not interested in spending my energy that way.
I like to think my OpSec has kept foreign governments out of my affairs, but I'm honestly not sure. I know my government's rules, because I read my local laws. There's a lot of governments whose rules-of-engagement I don't even know what are, and I'm confident that some of my "someone could probably" conspiracy theories are science fact somewhere in the world. Guessing which/how/when is a lot harder, than just suspecting/assuming I've missed something.
I'm confident that my OpSec is good enough that large corporations know that I exist, but are confused about me. I like it that way because I'm 90% sure they're colluding to keep my salary lower, and that pisses me off. Thankfully big corporations aren't motivated to do much more than make it inconvenient for me to evade their net.
I'm less confident about smaller businesses, honestly. Like anyone, I use a local dentist and barber. I didn't choose my dentist or barber for their Cybersecurity practices.
But honestly? Low on the totem pole. Even with Trumpy governments.
Things like engagement optimized social media warping people's minds for profit, the internet outside of apps dying before our eyes, Sam Altman/OpenAI trying to squelch open source generative models so we're dependent on their Earth burning plans, blatant, open collusion with the govt, everything turning into echo chambers... There are just too many disasters for me to even worry about the government spying on me.
If I lived in China or Russia, the story would be different. I know, I know. But even now, I'm confident I can given the U.S. president the middle finger in my country, but I'd really be more scared for my life in more authoritarian strongman regions.
First: Mass Surveillance is possible without computing technology. The Stasi secret police in the DDR or secret police of the Soviet Union and North Korea demonstrate this. Normal citizens where secret spies that reported their family members or "friends" activity. In your wording of your text I notice you are mostly concerned with computational surveillance with modern technology, why not expand this to other human based surveillance systems?
Now to the computing aspects: Standardization
Whatever is possible with technology will be implemented by someone, even if it was meant as a temporary test it might become permanent apparatus for surveillance.
A good example of that is the http protocol which through its faulty design allows some surveillance: cookies, user-Agent headers, IP-Addresses, Domain name systems. Someone in the surveilance agency of China understood http stack and its vulnerabilities, otherwise there would be no great chinese firewall that can block all foreign traffic 🏰🏯🏰.
No one wants to go away from http, eventhough it enables chinese mass surveillance, because it became a convenient standard. This is why it became permanent, even though more private systems are possible (onion/i2p sites), very few use them. Lazy Convenience > Privacy.
I kinda just accepted that it exists. Governments literally have hardware-level backdoors in most consumer computers (Intel ME, AMD PSP, etc). There isn't really anything you can do about that if you don't want to cut off yourself from society. I will still pick low-hanging fruit of course, but most of my "opsec" effort is focused on not giving corporations any data
Use FOSS on non-intel hardware and use tor. Your physical life is just gonna be kind of tracked because if you live in a walkable city, you're on camera the whole time you're out and modern cars phone home EVERYTHING if you don't live in a walkable city. I guess you can buy a 1997 Honda Accord to get around that but on an infinite timeframe the cost of maintaining a pre-panopticon vehicle will only go up...
I'm from the Netherlands, near Germany. Mass surveillance feels incredibly scary. And it comes with major risk if anyone with the wrong intentions ever gets to power. Like what happened in Germany last century, we don't want that happening while everyone is being tracked.
Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say