In the maze of thoughts ... Blessing and curse of privacy for everyone.

Privacy is a word you’ve definitely heard if you ever stepped into any online space. Hell, you should be familiar with it in your day to day life unless you literally live in a house made of fully transparent glass and shout everything (and I mean absolutely everything) into the city/country-wide radio. Especially in online space it’s something that’s often been brutally abused in favour of actors of not-so-great kind. But at the same time, it’s a necessity to protect those who needed the most; the very victims of the aforementioned abusers. So what to do? Is this another case of K. Popper’s “Paradox of Tolerance” of Socrates’ “Absolute freedom being the highest form of tyranny”? Well, let’s ponder on it for a bit and give some food for thought for your own conclusions.

A bit of background: Online privacy rotting from the inside

At the time of writing, there have been quite some already on-going waves in privacy space and the most recent one involved one of the possibly most trusted VPN providers, Mullvad. What happened? Well, people found out that one of the owners has been financially supporting a party of, let’s say some really nasty people. The kind that would’ve been trialed in Nuremberg in 1945. This of course basically kicked any and all trust people had in Mullvad in the teeth so hard that all of them fell out while the very nasty people are now drowning in champagne and having whatever kind of orgies they indulge in (something you’d probably never want to be part of otherwise we wouldn’t be having this conversation).

Privacy and general infosec space being a bit rotten sadly isn’t anything new in this regard. I’m sure everyone who reads this knows Brave; the browser, not the movie. A browser who has been at the forefront of privacy-conscious tools and one of the vanguards of adblocking. But then you look a little under the hood and what do you find? The ad-blocking is replaced by injecting their own ads (which you, the user, can’t control so you’re basically switching one bad thing for another bad thing), crypto currency stuff and as a cherry on top, the CEO isn’t an exactly savoury person either (folks at Mozilla know).

Want another privacy company going tits up because of a bit too fashy CEO? Look no further than Proton. Yup, the “Apple of online privacy” (not in the good sense) has had a bit of rocky ride. Let’s be honest, their crypto wallet was already a bit of a warning sign but at the same time they were considering turning it into a general use wallet as well over time so you could give it a pass. But with Proton Scribe (the AI-assisted writing), the warning sign got bright and the CEO praising the current US mad house (“administration” — I need bigger quotes). Add to that a further dive into AI space and well, that’s one privacy company burying their trust and desecrating its grave.

Social media tools aren’t safe from this either. Ever heard about Nostr? Decentralised, no easily identifiable IDs, same protocol as Mastodon … sounds like a perfect combination, right? Well, if you ever had the unfortunate experience of seeing someone from Nostr space under your Mastodon posts, you know how “nice” the network is. Even just the rare occurrences I had make the old 4chan look like fairy tale land. But then you look at who helped to found and promotes Nostr and a lot of this starts to make sense. Want a hint? It’s the same person who made Twitter and Bluesky a thing.

All of the above might make you think that privacy is being used for malicious intent. And believe me that this sentiment is very much alive among the people everywhere and it’s this very thing that fuels some of, if not all of the absolutely useless and insanely harmful surveillance laws. Because they fail to stop the perpetrators and sometimes actually protect them by giving them the tool to remove their opponents. Because while privacy can be abused it’s also absolutely necessary to protect the very victims.

Privacy as a shield

Let’s put ourselves into a perspective of someone who’s a victim of abuse. I get a feeling that many won’t even have to imagine this because you likely experienced some of it. What would you give to have a tool that can be perfectly confidential? You’d be thrilled to have a way to voice your pain in a without a risk of things becoming worse or being revealed by an another bad actor helping your abuser.

Now set yourself into a position of a journalist who needs to report on something super sensitive. They’re absolutely dependent on such mechanisms to a point where revelation may be fatal to them and those they hold dear.

These people need to have tools that are trustworthy and confidential, built and maintained by people who follow the same mission and uphold their goals without compromise. By compromise being absolutely equal in treatment of any potentially bad faith actor. I emphasise the bad faith because there are definitely those whose underlying philosophy may be noble but their use of it is more akin to a hammer to stifle their opponents rather than a principle to mentor them and others with a similar train of thought.

Privacy as a cloak

Now let’s look into the dark side of privacy. Because the bad actors also want to make sure their communication and actions stay confidential. But this time the motivation isn’t noble. They need to hide from those who could throw the proverbial wrench in their malicious plans. Not to mention, if no other third party can see what they’re doing, how can you prove their malice? I’m not saying you can’t. And you’d be surprised how insultingly silly their mistakes can be. But in a world of total privacy, you would lose this connection which is often quite direct and could sometimes be THE key to putting these in their place.

Does that warrant removing the privacy veil in an interest of security? No, it doesn’t because …

Privacy is a human right

And that means it applies to everybody, regardless of their motives. For human rights to be upheld, they must be absolutely universal. They are one of the very few things where there is no nuance; either everyone has them or nobody has them if they can be arbitrarily taken away. So yes, the worst kind of person has the same level of rights as a kid suffering the worst kind of abuse.

What does this mean for those who are in the position of providing privacy-defending tools and services. That they cannot be held accountable for the communication that passes through their infrastructure or who uses their tools. Doing this kind of vetting would impede the premise of privacy being a human right and thus create a class of people whose rights are higher than others. Not to mention it would undermine the principle of privacy itself. How can something be private if the third party can see into it? Third party being the service provider. You can say that rights can be temporarily revoked if violated or bent in a way that’s unacceptable. At this point we’re reaching the “who watches the watcher” kind of situation which sadly infinitely recursive. Or if we apply a bit of computational theory, this problem would fall into the set of problems complementary to “Halting Problem” — problems which cause the computing machine to “stop” the computation in correct way (end of program, infinite clearly defined loop or abnormal termination). Infinite recursion is neither of the correct terminations.

However, there’s something you can keep an eye on and if you’re in a position of a provider of such services or tools. You can AND should check who supports your activities. Because by doing so you create a foundation for trust that you build up with wider community of your users. And if you betray that trust, you harm not only yourself on human level you also hurt your service which is probably your livelihood. And trust once broken is extremely difficult to rebuild. Can it be done? Yes. But that depends on how severe your betrayal is (looking at you Mullvad) and how bad your track record is. Repeated betrayal will destroy any trust completely (looking at you, Proton). You might want to say “isn’t that denying them the human right to privacy”? If that thought came to your mind, let me steer you back a little: you’re not denying them the service (that would in fact be a violation of said right), you refuse their direct support or endorsement.

R.R.A.