Anytime someone on this subreddit asks how to respond to people who say they have nothing to hide, there’s always someone who will suggest “give me all your passwords.” That is so condescending it’s like I can feel their smug sense of self-satisfaction through my screen. Someone is saying “I have nothing to hide” and your response is essentially “yes you do, you’re just too stupid to realize it.” That will never change anyone’s mind.
Instead of trying to convince someone they have something to hide, explain how they have plenty to lose.
Most people would agree it’s a bad idea to post their Social Security Number on Facebook. Many people would also agree it’s a bad idea to post their bank account information on Facebook. Is this because their SSN or bank info is shameful? No, it’s because that person is worried about identity theft or having their bank account emptied out. These pieces of information are private because there is a potential for loss. Even a person with “nothing to hide” can have their identity stolen.
What about your home address? Is it safe to post that online? Some people might think that’s fine, others might be worried their home could be broken into. This is because privacy isn’t an on/off switch. It’s a sliding scale of how much you’re willing to share with the world and how much you’re willing to risk that information being used against you.
This means not everyone has to match your threat model. If you’re trying to convince someone they should care about privacy, that doesn’t mean they’re required to care about it to the same extent that you do. When someone says “I have nothing to hide” what they mean is “I have nothing I’m ashamed of.” All you’re trying to do is convince them that all information has value, rather than thinking only shameful information has value and must be kept private. Hell, you can even agree with them, they do have nothing to hide (good for them!) but that doesn’t mean they have nothing to lose. Having nothing to hide has nothing to do with whether privacy matters.
This is really interesting, never thought of it this way. Thanks for sharing!
My mind has been blown
deleted by creator
Arent you shifting the issue away from privacy and to security in this way?
Personally, I would count privacy as just one aspecy of security. You use security to protect your privacy, e.g. from spyware, and you use privacy measures to strengthen your security, e.g. from identity theft, spear phishing etc…
Trying to separate the two feels like it was perpetrated by Google, Facebook et al. At least they benefit from it when security absolutionists ignore privacy and when Google Chrome is called a “secure” browser, even though it leaks your information across half the globe.
deleted by creator
The problem with that definition is that security protects more than just privacy. The areas are usually described as: Confidentiality
Integrity
AvailabilityPrivacy is a subset of confidentiality. Non-privacy-related confidentiality is e.g. that secrets of some organisation don’t get leaked.
Integrity means that data should not be modifiable by outside parties. So, when you send your bank transfer request, you don’t want someone to be able to change the receiver of that transfer.
And Availability means that you can (reliably) access some service or e.g. that your device continues to boot.
Yea sometimes privacy means better security.
I think you are correct. Instead of asking for password, it’s better to ask them to show you their browsing history.