I wanted to share this as a reminder to the privacy community. It makes a number of good points and I share some of my thoughts at the end.
This week I was reintroduced to a phrase I’m coming to love as I interact with the privacy community: “don’t let perfection be the enemy of good enough.” If you recommend Signal to someone for it’s security, someone else will complain that Signal uses phone numbers and AWS as a backbone. If you recommend Session, someone will complain that it’s not audited. If you recommend Matrix, someone will complain about the metadata collected, and if you recommend XMPP someone will complain about, well, something I’m sure.
About a month ago, I went off on someone because they tried to argue that MySudo is a “joke.” I readily agreed with them that MySudo is not open source and is not end-to-end encrypted (unless talking to other MySudo users), and therefore I wouldn’t recommend it for seriously sensitive communication, but I proudly promote the app as a way to have a wide array of both VoIP numbers and capabilities (such as email and SMS) readily available for a low price. This is great for not using your SIM number and for compartmentalizing your life. The person replied to me by saying that a better solution is to buy multiple phones in cash with multiple SIMs and use them as needed. I quickly pointed out that this solution is ridiculous because 1) it’s expensive, 2) it’s not user friendly, and 3) by turning the phones on and off as needed, you’re already creating a pattern that can be tracked back to you.
The fact is, anything can be hacked or traced. You can ask literally any privacy expert out there and they’ll agree with me. If you cause enough trouble, someone with enough resources will find you. It’s only a matter of time. This is one of the reasons I repeat over and over on my site that I’m not trying to teach you how to do illegal things. That’s not just a disclaimer to cover my butt, it’s because you will get caught. The goal of privacy and security – for the average person – is to find the right balance between protection and convenience. I mentioned in another blog post that if you make your security defense too difficult, you’ll simply never use it, so you have to find the balance between solutions that aren’t ideal but will be used against no solutions and solutions that are so hardcore you’ll never use them, thereby defeating the purpose.
Which brings us back to my first paragraph. The fact of the matter is, no solution is ideal. ProtonMail explicitly says on their website that if you’re leaking Snowden-level secrets, you probably shouldn’t be using email at all (he certainly didn’t). If you’re planning a revolution, you probably shouldn’t be using Signal even if it does have top-level security. You should be getting together in person. Anyone who claims to be perfectly secure or anonymous is – point blank – full of shit and you should run from them like Jason Voorhees. You shouldn’t rely on these electronic means which will someday become insecure, and for all we know might be already. State technology tends to be roughly a decade ahead of the public sector, so you should assume that the government can read everything you do.
For most of us, that’s okay. For most of us, the government is not interested in our selfies, bad puns, dinner plans, Starbucks orders, and the fact that we’re running fifteen minutes late. However, the fact that we can’t have perfect communication doesn’t mean we should throw the baby out with the bath water. “Signal requires a phone number and is based in the US and uses Amazon for infrastructure.” Those are all perfectly valid complaints depending on your threat model and what you’re communicating. When my partner gives me her debit card and asks me to pick up her medication at the pharmacy while I’m out, I would rather use than Signal than SMS to ask what the PIN is or to verify that I’m not missing any the medications that are ready. Just because Signal isn’t perfect doesn’t mean that I don’t use it. I wish she would use something a little more decentralized like Matrix or XMPP, but I’m not going to let perfection be the enemy of good enough. For us, for that situation, Signal is good enough.
Of course, it goes without saying that we also shouldn’t let good enough be the enemy of great. Many people fail at their dreams in life not because they fail, but because they say “eh, good enough” without striving for more. Someone who wants a penthouse gets a corner office and says “good enough. I have it better than most and I should just be grateful.” We should be grateful that we have hyper-secure options like Signal, decentralized options like XMPP, free options like Matrix, or metadata-resistant options like Session.
But we shouldn’t stop there. We should demand better. As with privacy and security itself, it’s a fine line. We shouldn’t forgo the pursuit of perfection because these products are good enough, but at the same time we should respect that these products do give us a huge service, often at little or no cost to us, and often at a massive labor and cost to the developers, who can range from a single person in their bedroom to a medium-sized company struggling to keep the lights on. We should also respect that different companies make different products aimed at different people. For example, ProtonMail started with the vision of making encrypted email easily accessible to the masses. They admit that they are not perfect because perfection would run counter to that mission – that is, it would make encryption not user-friendly and therefore not easily accessible to the masses. Just as my own site often chooses not to post certain information because it falls outside my target audience, many popular services are popular for a reason: they’re choosing to make the trade-off between security and convenience. It’s better to give a lot of people a moderate level of protection than to give a few people hardcore protection and alienate everyone else. At least, I think so.
I want to end by saying that you are always welcome to go the extra mile. I encourage “normies” to use various programs and settings to lock down the telemetry on their computers and give themselves a little more privacy and security, whether that’s Windows or Mac. But I don’t see that as a reason that I shouldn’t use Linux. Just because other people are content with “good enough” doesn’t mean that you aren’t allowed to go the extra mile. And yes, people should be making that decision with education and awareness, knowing the risks and benefits. But the answer there, in my opinion, is not to force people to use difficult solutions, but rather to educate them on why those difficult solutions are better. Forcing someone to do something they don’t want to for their own good will only lead to resistance and eventually abandonment of the proposed solutions, but education will lead to good decisions being made willingly and stuck with. At least, that’s my two cents.
Regardless, please stop letting perfect be the enemy of adequate, and remember that not everyone has the same threat model. Respect each other.
There's a lot of great points made here but I'd like to highlight two of them.
The person replied to me by saying that a better solution is to buy multiple phones in cash with multiple SIMs and use them as needed. I quickly pointed out that this solution is ridiculous because 1) it’s expensive, 2) it’s not user friendly, and 3) by turning the phones on and off as needed, you’re already creating a pattern that can be tracked back to you.
This is seen a lot on enthusiast forums and communities. Someone will recommend something that is great but not technically the "best" option. In this example, sure, buying multiple phones and SIMs is on paper more private but it's not practical for 99.9% of society. It's not always about the theoretical best; it's about what's practical to build habits around.
When someone is using Facebook Messenger and Snapchat to talk to their friends, asking them to invest hundreds of dollars and drastically change their habits and routine is doing nothing more than setting them up for failure and turning them off to privacy in general because they think everything has to be that challenging if they want to enjoy any semblence of privacy.
This brings me to the second part.
if you make your security defense too difficult, you’ll simply never use it
Every once in a while someone will ask how I've been so successful at moving my friends and family to a more private lifestyle and this is it. I made the transition easy.
Educating someone new about Signal or ProtonMail is significantly easier than explaining self hosting, federation, and servers while watching their eyes glaze over and disinterest set in. I can have someone texting and video chatting reliably with me in under 2 minutes from start to finish by downloading Threema and have 98.5% of the privacy you get from self hosting your own server. It's one thing to know about the extreme side of privacy but it's another to understand which tools to use and recommend depending on who the user is.
Mom? She's probably not spinning up her own server at any point in her life. Your savvy computer science buddy? Much likelier to entertain the idea. Remember, know your audience.
Want to join the discussion? Check out this post, and others, over at the CupWire subreddit and leave a comment.