✨ Feature Suggestion | What are security, privacy and anonymity? How are they different? #1760

Closed
opened 2020-03-05 01:25:38 +00:00 by Zenithium · 9 comments
Zenithium commented 2020-03-05 01:25:38 +00:00 (Migrated from github.com)

Description

Differences between security, privacy and anonymity should be explained somewhere on the site, possibly on the homepage near the top. Preferably there would be brief and simple examples of each that convey the differences alongside the definitions.

## Description Differences between security, privacy and anonymity should be explained somewhere on the site, possibly on the homepage near the top. Preferably there would be brief and simple examples of each that convey the differences alongside the definitions.
5a384507-18ce-417c-bb55-d4dfcc8883fe commented 2020-03-05 02:20:44 +00:00 (Migrated from github.com)

I am against it, or at least not on the home page, and I can't think anywhere else where it could fit, maybe just a little mention on some section if necessary (I can't think of one), or the wiki.

I am against it, or at least not on the home page, and I can't think anywhere else where it could fit, maybe just a little mention on some section if necessary (I can't think of one), or the wiki.
GintokiHub commented 2020-03-11 05:04:13 +00:00 (Migrated from github.com)

wiki page wouldn't hurt right?

wiki page wouldn't hurt right?
Thorin-Oakenpants commented 2020-03-11 08:08:35 +00:00 (Migrated from github.com)

FWIW:

I often give lectures/talks to various groups about privacy, and the first thing I do is explain the differences between the three - and I like to draw a venn diagram and get the class interacted, giving examples of what happens with various apps, or websites etc.

I have done a lot of these talks, and the simplest way I found for any of my audiences to understand is the following: in theory (not one is saying anything is foolproof: e.g the secret admirer might leave his DNA on the valentines card - this is just a simplification)

Anonymity

  • The sender and/or recipient's real ID is unknown
  • example: physical world: a secret admirer sending a valentines day card
  • example: internet: the ip (or fp/opsec) footprints cannot lead back to the poster: e.g. Tor

Privacy

  • The contents of the message can only be seen/heard by the intended recipient(s)
  • example: real world: quiet/whispered conversation between two people in the middle of Siberia
  • example: internet: a signal message is end-to-end encrypted and only the recipient & sender can read the contents

Security (in the context of privacy/anonymity)

  • The parties involved are who they say they are
  • example: real world: something unique and verifiable such as a passport / fingerprints. Old timey or ancient stuff like royal seals/signets
  • example: internet: certs etc

All of these overlap, and you can have anonymity but not privacy, or security but not privacy, or privacy but not anonymity, etc. And the sweet spot is when you get all three - see exhibit A: the Venn diagram ... and queue the class/audience giving examples of how they use the internet

... and that's when all the exceptions/flaws start to show up: e.g. MitM encrypted messages - i.e not end-to-end, cert reliability, or how do you know the recipient hasn't been compromised, etc.

But once I explain the simple differences between privacy, anonymity, security as above - everyone suddenly clicks and they all get it, which makes the subsequent discussions so much easier. It's never failed (and some of the people in these classes are really not internet savvy / knowledable at all - but they still get it).

Just my 2cents if you feel like doing anything and approaching it this way

FWIW: I often give lectures/talks to various groups about privacy, and the first thing I do is explain the differences between the three - and I like to draw a venn diagram and get the class interacted, giving examples of what happens with various apps, or websites etc. I have done a lot of these talks, and the simplest way I found for any of my audiences to understand is the following: in theory (not one is saying anything is foolproof: e.g the secret admirer might leave his DNA on the valentines card - this is just a simplification) **Anonymity** - The sender and/or recipient's real ID is unknown - example: physical world: a secret admirer sending a valentines day card - example: internet: the ip (or fp/opsec) footprints cannot lead back to the poster: e.g. Tor **Privacy** - The contents of the message can only be seen/heard by the intended recipient(s) - example: real world: quiet/whispered conversation between two people in the middle of Siberia - example: internet: a signal message is end-to-end encrypted and only the recipient & sender can read the contents **Security** (in the context of privacy/anonymity) - The parties involved are who they say they are - example: real world: something unique and verifiable such as a passport / fingerprints. Old timey or ancient stuff like royal seals/signets - example: internet: certs etc All of these overlap, and you can have anonymity but not privacy, or security but not privacy, or privacy but not anonymity, etc. And the sweet spot is when you get all three - see exhibit A: the Venn diagram ... and queue the class/audience giving examples of how they use the internet ... and that's when all the exceptions/flaws start to show up: e.g. MitM encrypted messages - i.e not end-to-end, cert reliability, or how do you know the recipient hasn't been compromised, etc. But once I explain the simple differences between privacy, anonymity, security as above - everyone suddenly clicks and **they all get it**, which makes the subsequent discussions so much easier. It's never failed (and some of the people in these classes are *really* not internet savvy / knowledable at all - but they still get it). Just my 2cents if you feel like doing anything and approaching it this way
dngray commented 2020-03-26 17:10:50 +00:00 (Migrated from github.com)

I believe this would also close https://github.com/privacytoolsIO/privacytools.io/issues/297 or at least could be coupled with on the same page.

I believe this would also close https://github.com/privacytoolsIO/privacytools.io/issues/297 or at least could be coupled with on the same page.
dngray commented 2020-03-26 17:22:09 +00:00 (Migrated from github.com)

Going to assign you @blacklight447-ptio as I believe this could be integrated with

Closes: https://github.com/privacytoolsIO/privacytools.io/issues/297

Going to assign you @blacklight447-ptio as I believe this could be integrated with Closes: https://github.com/privacytoolsIO/privacytools.io/issues/297
lrq3000 commented 2020-04-09 11:24:18 +00:00 (Migrated from github.com)

I agree, it's important to give some definition for the interested reader because knowing the difference is very crucial for the user to assess what software corresponds to their needs. The explanation doesn't need to be very deep in details (at least not on PTIO), but use links to redirect users who want more than just the big idea. I agree a Venn diagram can be a good way to summarize.

I agree, it's important to give some definition for the interested reader because knowing the difference is very crucial for the user to assess what software corresponds to their needs. The explanation doesn't need to be very deep in details (at least not on PTIO), but use links to redirect users who want more than just the big idea. I agree a Venn diagram can be a good way to summarize.
dngray commented 2020-04-09 13:31:45 +00:00 (Migrated from github.com)

I've been having a think about this, and I think it might be more appropriate as a blog post.

I've been having a think about this, and I think it might be more appropriate as a blog post.
freddy-m commented 2021-02-23 10:37:54 +00:00 (Migrated from github.com)
[What are security, privacy, and anonymity?](https://blog.privacytools.io/privacy-security-anonymity/)
tjhietala commented 2021-03-12 18:56:56 +00:00 (Migrated from github.com)

What is referred to as "privacy" here is usually called "confidentiality": https://en.wikipedia.org/wiki/Information_security#Confidentiality

Privacy is a broader concept which is not so easily defined.

What is referred to as "privacy" here is usually called "confidentiality": https://en.wikipedia.org/wiki/Information_security#Confidentiality Privacy is a broader concept which is not so easily defined.
This repo is archived. You cannot comment on issues.
No Milestone
No Assignees
1 Participants
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: privacyguides/privacytools.io#1760
No description provided.