mirimir

Excellect! It's the most cogent analysis that I've seen from him. Damn, what a fucking hero!

A few comments, however ...

> ... we had to go to the dark side to be able to confront the threat posed by bad guys. We had to adopt their methods for ourselves.

He's using "we" there in reference to the government. But it can also be read with "we" as you and me, and "bad guys" as the government ;) But then, I claim a broad "right to be left alone", one that doesn't concede any state monopoly on power.

> ... you can’t opt out of governmental mass surveillance that watches everybody in the world without regard to any suspicious criminal activity or any kind of wrong doing.

Well, sure you can ... as he goes on to explain ...

> You would need to act like a spy to pursue a career in a field like journalism because you are always being watched.

... and ...

> Instead of changing your phone to change your persona — divorcing your journalist phone from your personal phone — you can use the systems that are surrounding us all of the time to move between personas.

Right! Compartmentalization is for sure the way to go. There are numerous personas like Mirimir. Maybe I make it too distinctive. But I have no meatspace identity that goes on like Mirimir does. And Mirimir, ve has lots of vis personas. So hey, let's create a tangled morass of overlapping personas ;)

dcposch

> ve has lots of vis personas

Are those typos?

You touched on the cyperpunk fantasy: using multiple online identities, all kept carefully separate from each other and from your real identity. (There's an excellent short story called True Names that explores this idea.)

For the majority of ordinary, nontechnical people, there are lots of simpler solutions.

* Use cash. In Berlin, many ordinary people have an awareness of and distaste for government surveillance. People remember East Germany. One result is that lots of people will just pay for everything in cash. In most other western countries, the norm is to leave an electronic trail of every single shop you visit.

* Use Signal or WhatsApp. WhatsApp rolled out strong end to end encryption to a billion people--most of whom have no idea what a "key" is and only the faintest sense of what "encryption" means.

The lesson I take from those projects is that whenever we can ship transparent, easy to use encryption that our users dont have to worry about, its a massive win.

If your app allows users to talk to each other privately, consider adding E2E encryption. It's the future.

If your app has some kind of cloud backup, like a password manager or a photo app, make sure that it's encrypted with a key that you don't have access to.

E2E comes with product tradeoffs. You may have to charge your users money, because you cant target ads against data you cant access. You'll need to make an installed app rather than a webapp. But its worth it -- and I think someday, hopefully soon, users will demand it.

1stop

You can't E2E with a web app?

losteric
To some degree yes, for example you could use something like https://github.com/openpgpjs/openpgpjs to encrypt from one customer to another across even your own infrastructure, but (afaik) the browser VM is an incredibly insecure platform to run a "secure" application.