Anytime someone on this subreddit asks how to respond to people who say they have nothing to hide, there’s always someone who will suggest “give me all your passwords.” That is so condescending it’s like I can feel their smug sense of self-satisfaction through my screen. Someone is saying “I have nothing to hide” and your response is essentially “yes you do, you’re just too stupid to realize it.” That will never change anyone’s mind.

Instead of trying to convince someone they have something to hide, explain how they have plenty to lose.

Most people would agree it’s a bad idea to post their Social Security Number on Facebook. Many people would also agree it’s a bad idea to post their bank account information on Facebook. Is this because their SSN or bank info is shameful? No, it’s because that person is worried about identity theft or having their bank account emptied out. These pieces of information are private because there is a potential for loss. Even a person with “nothing to hide” can have their identity stolen.

What about your home address? Is it safe to post that online? Some people might think that’s fine, others might be worried their home could be broken into. This is because privacy isn’t an on/off switch. It’s a sliding scale of how much you’re willing to share with the world and how much you’re willing to risk that information being used against you.

This means not everyone has to match your threat model. If you’re trying to convince someone they should care about privacy, that doesn’t mean they’re required to care about it to the same extent that you do. When someone says “I have nothing to hide” what they mean is “I have nothing I’m ashamed of.” All you’re trying to do is convince them that all information has value, rather than thinking only shameful information has value and must be kept private. Hell, you can even agree with them, they do have nothing to hide (good for them!) but that doesn’t mean they have nothing to lose. Having nothing to hide has nothing to do with whether privacy matters.

  • TheImpressiveX
    link
    fedilink
    arrow-up
    8
    arrow-down
    1
    ·
    3 years ago

    This is really interesting, never thought of it this way. Thanks for sharing!

  • nutomicA
    link
    fedilink
    arrow-up
    2
    ·
    3 years ago

    Arent you shifting the issue away from privacy and to security in this way?

    • Ephera
      link
      fedilink
      arrow-up
      5
      arrow-down
      1
      ·
      3 years ago

      Personally, I would count privacy as just one aspecy of security. You use security to protect your privacy, e.g. from spyware, and you use privacy measures to strengthen your security, e.g. from identity theft, spear phishing etc…

      Trying to separate the two feels like it was perpetrated by Google, Facebook et al. At least they benefit from it when security absolutionists ignore privacy and when Google Chrome is called a “secure” browser, even though it leaks your information across half the globe.

        • Ephera
          link
          fedilink
          arrow-up
          2
          ·
          3 years ago

          The problem with that definition is that security protects more than just privacy. The areas are usually described as: Confidentiality
          Integrity
          Availability

          Privacy is a subset of confidentiality. Non-privacy-related confidentiality is e.g. that secrets of some organisation don’t get leaked.

          Integrity means that data should not be modifiable by outside parties. So, when you send your bank transfer request, you don’t want someone to be able to change the receiver of that transfer.

          And Availability means that you can (reliably) access some service or e.g. that your device continues to boot.

      • Tux
        link
        fedilink
        arrow-up
        1
        ·
        3 years ago

        Yea sometimes privacy means better security.

    • ksynwa
      link
      fedilink
      arrow-up
      3
      ·
      3 years ago

      I think you are correct. Instead of asking for password, it’s better to ask them to show you their browsing history.