✨ Feature Suggestion | Split the recommendations for regular and privacy concious users #880
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#880
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Description:
Suggested @BurungHantu1605 at https://github.com/privacytoolsIO/privacytools.io/issues/779#issuecomment-481921674
I've moved my reply from that thread to here where it's relevant:
@BurungHantu1605
Both kinds of users are equally entitled to avoiding mass surveillance. The difference likely motivating your comment for the separation is that they are unequal in technical competency. It should be addressed in a careful way.
Some categories could serve both groups with the same recommendations, others not. The separation may be a necessary evil in some categories, but should be avoided when possible because all such cases would entail normies getting a reduced privilege to avoid mass surveillance.
The problem with introducing this split for every single category is that it would create a counter-productive temptation for PTIO to let feature richness needlessly undermine privacy. For example, specifically in the context of #779, neither advanced users nor simple users need to give up as much privacy as Signal requires. But a "simple user endorsement" could easily become so relaxed that Signal would be endorsed despite other user-friendly options that avoid mass surveillance to a greater extent.
communication tools are special - more complex in this case
Most of the categories do not deal with p2p communication. But the IM and voice categories have an extra complexity: nerds need to communicate with non-nerds. How can I talk to my mom if she is getting different advice? Will I have to say "mom, sorry I don't call home as much anymore, but @BurungHantu1605 recommends incompatible tools for us"?
This touches on the viral privacy abuse problem (1.vii). Walled-gardens are totally structured to conquer the market of normal non-expert masses, not nerds. So privacy becomes marginalized and nerds get isolated. IOW, when it comes to communication tools, a split endorsement (if not done carefully enough) could support viral privacy abuse.
PTIO could become a filter bubble
Another possible problem with splitting the whole page and all categories is that users with a misplaced low confidence will be guided away from challenges that improve them, or simply tools that they actually can handle without issue, because the better options won't even be in sight (depending on how it's done).
nerds are hard to cater for
Is it even worth it to try to make recommendations to highly advanced nerds? When nerds work securely, configuration becomes as relevant as the tool. One tool may be better than another out of the box in one circumstance, but the lesser tool is better if you sandbox it in a firejail and isolate the uplink to a tor middlebox, perhaps compile it with different options for a specific use-case, etc.. Is PTIO up to the task of making a competition out of complex installations and configurations?
Signal is a disaster out of the box, but maybe someone would travel to Czech for a burner phone, compile the code, use a special ungoogled ROM, etc, purely to get notifications from the Haven app. It's hard to give general advice to advanced users with specific needs.
possible approach
If a particular endorsement is a tool that is not user-friendly, it could be tagged as such as a warning to simple users, and we could take care to ensure that every category has at least one user-friendly endorsement. I suggest an icon of a big brain for the advanced tools, because those on the fence about what they can handle may be encouraged to try the big-brain tool. And yet if they can't handle it in the end they won't be frustrated with PTIO b/c they were sufficiently warned about what they were getting into.
I think the solution is to start with a few paragraphs of summing up the basics, and than continue onwards into details. Like well written articles should always do.
Privacytools.io should always provide a little more info than a user was looking for. Privacytools.io also has a job of educating people; pushing them to learn more, understand privacy related criteria more in dept. That is perhaps the greatest service privacytools.io is providing.
So in my option splitting it out might create a bubble, and prevent people from raisning their knowledge about privacy considerations.
Also please don't label your own tickets as high priority, slitting the hole website in two doesn't look to me like something we would want to rush, if we would even want it at all.
Why not provide a good/better/best tiered system for recommendations?
Good would be solutions such as Signal, Brave, Protonmail, Startpage - all multi-platform alternatives which vastly increase privacy over the usual suspects without increasing complexity or cost. So long as they are framed as being improvements but not perfect, they should suffice to help newcomers without putting off those with more knowledge.
Better might be Firefox + ghacks+/12bytes, LineageOS, Debian, Email with catchall etc. All further improvements but requiring investments in knowledge, maintenance and/or money. Still imperfect but worthwhile.
Best probably needs a lot of context around threat models. Here we would find Tor, Qubes, GrapheneOS, Self hosted services, Briar.
Many of the issues here are ideological, with privacy advocates/experts not wishing to recommend what they see as and what may in fact be flawed tools and approaches. This is admirable, but as a user on the matrix chat is fond of saying, sometime it is important not to let the perfect be the enemy of the good.
Potentially related is #896 about having a /summary page with a nice top3-oriented overview aimed at readership that does not have a lot of time to spend. Should the /summary also be squarely aimed at endusers that want increased privacy without much cost&complexity? Possibly yes, though to me these are slightly different things (being short on time does not mean being short on expertise and tech-savvy-ness needed to manage the complex tools).
(ghacks.js)
(selfhost)
(or librem5)
No, to me that is the wrong approach. For starters, briar is not even listed on privacyToolsIO at all (and I don't think it is TheBest either), nor is grapheneOS (though it is proposed at least now), ditto for librem5 which I added (since it is not yet launched). People that use signalapp with all the bells and whistles are going to be getting close to the 'best' privacy in some sense... but this requires a significant amount of work because you have to combine it with acquiring a phone-num not linked to financials/identity, some kind of container-crypto like samsungKnox or lineageOS secondary-system-profiles, non-default addressbook app & vkeyb, and a bunch of off-by-default settings and optional high-security stuff. Even when you go through all that setup-hassle though, it is still signalapp and thus fairly easy to use and well-vetted and so on.
To me, that is the primary differentiator: hassle invested, and privacy ROI therefrom. Services which don't provide a significant amount of privacy, relative to other available options in the segment, should simply not be listed on privacyToolsIO at all. Services which in theory provide a significant amount of privacy, but are not well-vetted (because they are too new and/or too unknown), should also just not be listed until they are "reasonably" field-vetted... and this differs by category, an OS or a browser needs more field-vetting than a calendar-sync or a note-taking app does.
sans TorNetwork
+noscript
+multi VPN(!)
+3 addons
+6 addons
+ghacks+orbot
+noscript
+orbot
w/cell num
+defaults
w/2ndary num
+disappear
w/anon'd num
+max'd out
+expiring w/
blank subjects
+neomutt
+osx
+debian
+tails
+tweaks
(or samsungKnox)
+tweaks
(or /e/)
sans playStore
(or librem5)
Yes :-) The question is, how do we square what the listing present, with the various types of threat-models and privacy-purist viewpoints, while not accidentally making the webpages so dense with eye-glazing info that everyday endusers tune out?
Fully agree. I think we can go far, if we have a portion of the site which concentrates on "here are some low-hassle tools you can put to use immediately" and then a bit deeper in we provide some details pros-n-cons which clue people in on advanced tools that come with higher hassle (and require a higher degree of tech-wizardry to install/use/etc).
@five-c-d Just to make it clear, we should absolutly NOT under ANY circumstance recommend people to use a VPN with tor, it gives a false sense of security, and can harm users.
We should probablyI have gone ahead and split the discussion about tor+vpn versus vpn+tor versus just plain tor, away from the discussion about recommendation-listing-splitting :-)some links on torBrowser with VPN usage
Some people recommend it... including VPN providers ;-) Some people definitely don't.
Tor doesn't specifically say that VPNs are a terrible idea, just that, the purpose of the VPN is distinct from Tor's purpose (whether you use a VPN boils down to whether you trust your ISP/dataplan more or less than you trust the vpn-provider). https://2019.www.torproject.org/docs/faq.html.en#IsTorLikeAVPN
@blacklight447-ptio ... however, if you feel like asking your Tor contacts, I'd be happy to learn I'm mistaken and VPN+Tor as well as Tor+VPN are never ever helpful. Or if you already know the rationale, could explain it to me, though preferably in another discussion-thread about "should TorBrowser and VPNs both be recommended by privacyToolsIO listings"
But yeah, that is specifically why I put torBrowser+multiVpn in the triple-wizards-of-skill-and-hassle category: because unless you are very clear on exactly what you are doing, and willing to go through a huge amount of r&d + setup testing, that is a bad thing to attempt. And some people are ideologically against such combos, for want of a better term to describe the stance that "under no circumstances combine the two technologies".
For the same sort of rationale, I similarly would not recommend command-line Mutt and self-hosting your own MTA to anybody not willing to undergo a gigantic amount of pain and suffering, to actually get their mail through to normal SMTP endusers like gmail/outlook/etc. Same deal with ungoogledChromium, there are no official builds, so if you want to use it, you really need to hand-compile, which is three-wizards of hassle for sure. GrapheneOS requires that you buy a Pixel at the moment, or hand-compile self-audit. Getting a truly anonymized telco-num is extremely difficult for use with signalapp, etc. GHacks-user.js should not be applied by random endusers that don't know what they are doing, and so on.
Edit == Re: below, suggest opening a new thread then, to fix privacyTools.io wording
Where we can discuss in full (edit: see #914 please), since I don't read the link you are pointing to, as saying what you are saying. It is far more cautious in tone methinks, though basically aligned with your stance.
But I don't think you just have a disagreement with me, you also disagree with the VPN category existing, in the prioritized first-on-the-list placement it is given.
Right now, privacyToolsIO recommends TorBrowser at top choice in the browser-listings ... and does not recommend addons (which are explicitly listed as "for firefox" though I believe there is an effort to also make them mention "or brave" as well). But the very top category on the privacyToolsIO site is VPNs, and you think that using a Tor+VPN connection ... because the webserver or their CDN/balancer refuses Tor connections ... or using VPN+Tor ... because a restrictive router/firewall/ISP/something blocks Tor or deprioritizes Tor traffic or whatever ... is inferior to using traffic-obfuscation plugins and/or hidden guards and/or just getting more people to use Tor so that such things are no longer feasible for the network-operators and website-operators.
I agree that Tor+VPN does not increase anonymity, and VPN+Tor only increases anonymity in rare circumstances (where the ISP is less trustworthy than the VPN provider). But sometimes those things are necessary to achieve connectivity as opposed to 100% lack of connectivity. Similarly, some things just don't work over TorNetwork, in particular, quasi-realtime VoIP cryptocalling is just not very plausible with the jitter/latency of Tor. (Watching 720p videos is possible because of buffering that overcomes the latency and not because TorNetwork latency is incredibly improved in the past few years, is my understanding.)
And then of course, there are all the places that block Tor, and thus, fail to work with Tor. Endusers that don't mind learning all about meek bridges and traffic-obfuscators, can possibly work around all sorts of things. But unless there is a zero-jitter plugin that lets UDP packets go through TorNetwork, there are definitely things that just flat out cannot be made to work with Tor no matter how advanced the endusers happen to be, is my further understanding. Which means, for connectivity-reasons, aka stuff-working-at-all-reasons, endusers of TorBrowser and Orbot need to be familiar with what to do when Tor fails to work.
In some cases, that is to just not do whatever they were about to do: work around the problem, of Tor not working, but just Not Doing whatever they were attempting. But in most cases, the enduser can work around the problem by using VPN+Tor, or by using Tor+VPN, or if that is not suitable, by using Firefox with their VPN app.
If they have never installed a VPN app, and don't have any idea how VPN apps might or might not function (i.e. that they do not provide strong anonymity guarantees but do improve privacy), then the fallback when Tor fails to work is either firefox+nothing, or just NotDoing the thing being attempted whatsoever. Most endusers are going to prefer having more fallbacks than those two options.
(edit: nevermind see #914 )
Please open a new github-issue,or a pull-request to get something added to the https://www.privacytools.io/classic/#vpn section, saying "never use TorNetwork (including Whonix/Tails/Subgraph/TorBrowser/Orbot/etc in combination with any VPN provider" or whatever verbiage you think is needed. But I'm respectfully going to say that I don't expect that sentence will be added, at least, not it that strong-form with Never at the front. It would improve the site to have it say something about whether combining Tor-related tools with VPN-providers is a good idea or not, and for that matter, whether using TorBrowser with addons of any sort is a good idea or not. Right now this is left up to the imaginations and preconceptions of the readership, and obviously, we don't all imagine the same things are dangerous-vs-HelpfulSometimes :-)It is says that one can use it in case someone cannot connect to Tor, but it should absolutly not be used for increasing anonymity, it does not help, it only slows down the users connection, and even if we give it as an option(which we shouldn't) it should only be presented as a way to connect to Tor where bridges don't work. Adviceing To use a VPN with Tor is a dangerous idea and should not be done. https://forum.privacytools.io/t/why-you-should-not-use-a-vpn-with-tor/182
(This is a person who works daily with paul syverson at the naval research lab, one of the original designers of the Tor network.)
It may not indeed be the best place to discuss indeed, but I see it as my duty to stop dangerous thoughts like this dead in its tracks before someone thinks its a good idea, it does not give anonymity benifits, and should not be used.
Also don' t you think its really, really naive to think that if an adversary is powerfull enough to defeat tor, a network with over 6000 relays, which has under gone enormous amounts of research and developement, with the whole world looking at its code and implementation, would be stopped by a VPN provider?
What do you think would happen? "yes we have finally beaten Tor, now lets see his ip address.... BLAST its a VPN provider, our evil plan is spoiled!" thats just not realistic and gives a huge false sense of security.
As an edit to to editted comment above, I don't see a reason to discuss it further sinc it is already an esthablished fact that tor should not be used together when we have bridges. Further more, I am writing a text on how tor works and how it relates to vpns, wheter this should be post on a blog or on the main website will be discussed later. My point here is that any attempts to encourage user to use a vpn should be shutdown as fast as possible as it can really harm users.
btw another link:https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN
offtopic side-discussion: Tor better than all VPNs?
That is your position, yes :-) But it is NOT what privacyToolsIO listings, actually say. They list, very first thing after the intro, VPNs.
TorBrowser, and other TorNetwork tools, are waaaay down the /classic portion of the page.
Right. And my point is that, privacyToolsIO encourages VPN usage. Prominently! (edit: nevermind I went ahead and did it for you == https://github.com/privacytoolsIO/privacytools.io/issues/914 )
So you should open a discussion, not say you consider it closed and pointless to discuss further. Please open it somewhere else rather thanhere in the thread, about whether to split off recommendations for everyday endusers, and recommendations for extra-privacy-conscious endusers. And maybe, versus super-duper uber-privacy-conscious folks.The side-topic is pretty pertinent, in some sense, to this thread, however. Everyday endusers will not put up with TorBrowser, because they want a browser that works 99.999% of the time like BraveBrowser, or 99.99% of the time like Firefox, and they don't think 99.9% of the time is reliable enough. Everyday endusers are not going to be using TorNetwork, for hardly anything, because it is too much hassle for them. What everyday endusers will use, though, is protonVPN ... because it doesn't cost them anything, they can still make signalapp cryptocalls even when using the VPN (something almost impossible to make work via TorNetwork unless they are willing to use async voiceNotes rather than quasi-realtime VoIP because of the jitter-problem). Can everyday endusers be taught to use meek bridges that aren't baked into Tor, at gunpoint? Yes-in-theory. If their threat model does NOT include actual guns pointed at their heads, however, then the answer is probably no-in-practice.
VPNs that don't require payment of any fees, are hassle=🧙. Nice boost versus doing nothing. Using the TorBrowser where you can, and using VPN whenever you are not using TorBrowser or another TorNetwork piece of software, is hassle=🧙🧙. Figuring out in your head, on the fly, the exact consequences of using Tor+VPN, or of using VPN+Tor, or of using VPN1+VPN2+Tor, or bridge+Tor, or VPN+bridge+Tor, or various other exotic combinations such as where you travel to a public wifi location but access it with a pringles-can wardriving antenna from afar to help anonymize your location... that kind of stuff is very firmly in the zone I call hassle=🧙🧙🧙.
If you tell everyday endusers "oh just use Tor for everything and never login to something with your legal name or buy anything with a credit-card just get a fake ID and use only Monero and tumbled bitcoin from now on" they are going to suddenly LOL rather than suddenly BTC. Then they will go back to using Chrome and Windows10, whilst shaking their heads. We need good recommendations for people just beginning to realize they might value privacy, people that have never heard of Tor yet.
@five-c-d You can use tor browser safely and login, tor browser gives every site its own circuit and seperated state. Also you VASTLY under estimating the current capabilties of the tor network, latency is only about 3 seconds these days. And I have been able to watch 1080p videos on it on frequent basis. So to recommend the heavily limited free protonvpn servers over tor for speed reason, is rather stupid.
In my opinion, we should shove the VPN all the way down, and a big section explaining about how Tor works, how it helps you, and why I should generally be preffered over a VPN. Regarding "figuring out" of Tor its simple: use Tor browser normally. Doesn't it work? Use a bridge with the included instructions which are simpel and easy to follow. A lot easier to follow then the ENORMOUS rabbit hole, that is known as the VPN provider industry.
We make it a lot easier with tor browser: no plugins to install or manage, no about prefrences to manage, no VPN subscription to buy and account to manage. Everything is done for you.
I think we can close this.
The site has moved on to having a criteria, and listing the best options which have reasonable user experience and privacy expectations. There's no point in recommending unusable or alpha-quality products.