Collection of Thoughts and Works
on a wide variety of topics

Introduction to Privacy and Security

Mike Gioia wrote this on June 10th, 2018 in Privacy
Privacy is the balance between our control over the information we share and our awareness of what information is shared and with whom.

We maintain various realms of privacy as we live our lives — we have a personal life, a public life, a social life, etc. Information can move between these realms, or Spheres (as we'll visualize it later). The balance between the information we share through these realms and our awareness of the information that leaks between realms can be thought of as the Privacy Spectrum: "good" or "strong" privacy on one end, and "bad" or "weak" privacy on the other.

If you have tight control over which information is shared to the various channels in your life, and if you have a strong comfort that the information is staying within its channel(s) (i.e. not leaking), then you are maintaining the privacy of your information well. If, say, some info that you thought was private to only you and your spouse is in fact public to your friends and family, then that is poor privacy: there is a big gap between what is being shared and your awareness of what is being shared. Privacy, in this sense, can be thought of as the art of maintaining this balance.

How can we protect our information from leaking? How can we ensure that our information stays where we want it to?

Security is the art of protecting access to information from unauthorized entities.

Using the previous example, you've now added a password and confirmed that the data, private to you and your wife, is no longer leaking to your friends and family. However, you have a family member who has figured out your password and is now accessing the information without you knowing. This is "bad" or "weak" security and in this case, it's because your password is weak. Your security could be "hardened" by increasing the length and strength of your password and by logging access attempts to your private data. With the latter, if you left your password weak, you could still see that someone (not you) was logging in every night. Even keeping an audit log increases security, since it can show where your weak points are.

It's important to notice the word "art" used to describe both of these terms. Privacy and security are an art and not a science. You're never finished and they're both always evolving. There are always things to learn and new technologies that change previous assumptions. Please observe the following truths:

  1. There is no such thing as perfect privacy or perfect security
  2. You should always think of privacy and security as a "spectrum"
  3. There always exist tradeoffs between privacy/security and convenience

You will understand privacy and security better if you understand these three truths. The final point is very important to note: "tradeoffs" are what we encounter in the real world. They are what differ from the theoretical world. People make tradeoffs every day in every area of privacy and security in their lives. It was too much work to use a password manager, so you just remembered a the same password for everything. It was too much work to change the locks when you moved to your new apartment, so you just left them on the front door. This can go on and on and it's fun to think about all the little security holes in our lives. Pondering about and gaining awareness into these security holes is how you become a better practitioner, and how you can increase your own personal privacy and security. Thinking internally about what information we feel comfortable sharing and with whom increases our thoughtfulness and allows us to live more confident lives. You will invariably know more about yourself by doing these exercises.

The next topic covers the six different spheres, or realms, of our lives, and how we maintain our privacy throughout them. You will see that strong privacy and security are the direct result of maintaining a tight balance between our personal desires and what we experience in reality. Good privacy is knowing exactly how much information you want to share with the different people or groups in your life, and having it stay that way! Good security is knowing as much about your weaknesses as possible, and mitigating or eliminating as much of that risk as possible.

Start thinking about these different spheres in your own life, and what they mean to you:

  1. Personal
  2. Private
  3. Family
  4. Social
  5. Professional
  6. Public

Topics

Contributors

Mike Gioia
mikegioia.com
Chief Architect at TeachBoost. FOSS and digital privacy enthusiast. Environmentalist.