Try out Proton Mail, the secure email that protects your privacy: proton.me/mail/TheLinuxEXP

The best counter to the "I have nothing to hide" people is to ask if you can have their phone for a moment

Here's a big one: Tech companies say you should give up freedom for security. Or privacy for safety. Yes, just like how they claim that drm chip in your inkjet cartrige is for "security"

Privacy often comes at the price of convenience and sadly when it comes to tech, people are more reluctant to give up convenience.

It's not about what's worth hiding, it's about what's worth protecting

If a FOSS project asks me for telemetry first (not enable it by default) I say yes. If FOSS project enables telemetry by default and doesn't ask me, I disable it when I notice it and never enable it again. Ask for consent, that's all I want.

"Why do you care about privacy if you have nothing to hide?" The presence of a rug does not imply that it is being used to sweep things under.

Telemetry isn't always bad, but not knowing what they're doing with your data means should should never trust it.

You forgot another one People saying that if you don't use VPN, others can see what you're browsing and steal your credentials. They forget the existence of SSL, and VPN's tries to make it sound like were in the HTTP-Only era where a MITM attack could compromise your computer, while completely failing to mention HTTPS

One thing that people forget is that the Internet for the most part is a public place. Therefore as in any public place, you only have as much privacy as you create for yourself. If you want more privacy, go get it.

Even if the company collecting your "telemetry" is not malicious, there's still a chance they might get hacked. And as you pointed out, even so called "anonymized" data might assist in fingerprinting you. Telemetry might not be inherently "evil", but often it is still riskier than most companies want you to believe.

the presentation about "I have nothing to hide" is probably the most important one you've made on this channel, and delivered in a crystal clear fashion. You nailed it completely. We cannot trust the political systems we've all grown up with - the world is changing, and this wondrous technology we've created is being used against us by repressive regimes. There are entire sections of American political parties - well, one - that have no discernible difference to the Taliban, except for the language they speak.

I have EVERYTHING to hide!

The issue with telemetry is that it can be used to fingerprint devices on an ISP level. Your phone and laptop are likely making the same unique combination of telemetry requests everytime they connect to a network.

Well hiding stuff in terms of privacy is close to dead. What you can do however is a different approach, rather than trying to hide the data, you flood it, and flood it with contradicting data. Basically, your real date becomes indistinguishable from the garbage you left behind and its value drops, and cost of filtering increases. This is the tactic I have been employing with Google and they are really struggling with the profile for me as a result, when I check their ads, they are all over the place and irrelevant.

"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." - Benjamin Franklin

I get why some people could feel like privacy is just not possible now a days, it's getting harder and harder to achieve any measure of it and more and more major companies are starting to go the way of Google where they're going from being software companies to being data brokers who offer free software in exchange for the right to sell your data.

Using Proton's package has felt like a breath of fresh air. I can just pick it up and use it anywhere (although I still code my calendar markings and encrypt sensitive data before uploading). How cloud services could have been from the start without surveillance capitalism taking over. I still self-host my business and personal projects, but it's a huge load off my mind to have someone else take care of everyday stuff. 🙏🏻

if i were EVER to develop some sort of telemetry into an app, i'd always make sure it's verifiably "blind" statistics. i'd make sure it never stores individual records of your system (and never personal info) unless you choose to. the relevant statistics are always just updated homogeneously.

I'm fine with telemetry as long as it doesn't contain any personal data. When I installed my Linux distro of choice it asked me if I wanted to send a telemetry report of just what physical hardware I was using and nothing else. It really does help developers.

I think that fedora would use my private data to calculate my head size so that they can sell me custom advertising for hats!

Another thing about VPNs is, your IP is just one part of your digital fingerprint. Companies like Facebook and Google have long claimed to be able to finger print someone who is using someone else's computer based on things like - how they move the mouse, - where you scroll to on the page, - how long you take to click a link - which websites you just visited, and in what order (as long as they have trackers on those sites too, which normally they do) - your typing cadence - vocabulary - and lots of other stuff (they use literally hundreds of data points) You can tell (somewhat) how good Google is at finger printing you based on how recaptcha treats you when you aren't logged in to Google in that browser. They use their fingerprinting as part of recaptcha. Generally, if it just less you through right away, you can be sure they finger printed you. If it doesn't though, that doesn't mean they didn't... It might mean they want you to help train their image recognition, and remember you being a decent source of ground truth.

The thing is, at least here in the states, they can't arrest you for something you did a year ago, which was legal a year ago, but is now illegal now. You'd have to do it while it was illegal for it to be a problem. Otherwise, good video.

This was well put together and desperately needed to be said. We can never have enough good videos like these that debunk these myths! For the "I have nothing to hide" argument, it's not just governments and laws changing that you need to be concerned about. People have lost their jobs over what they have said or done online even if what they did was perfectly legal. Sometimes a social media post from years ago can come back and haunt you so while you did nothing legally wrong, it can still negatively affect you later.

If privacy is unachievable, they wouldn't be trying so hard to have us believe it.

The infamous "You say that you care about privacy and yet you own a smartphone LOL.".

Big Companies can also get complacent when it comes to security. They may start to think "We're too big to be hacked"

The hardest part about privacy... is honestly when it comes to messaging apps, you kinda have to convince the people on the other end to also switch to something else, if you want to switch xD

Privacy isn't about having something to hide. Most people prefer to poop in private. They aren't doing anything wrong it's just not something they want to share with the world. Also the police at least in the US have a bad habit of seeing evidence where there is none. There's a great video called something like "Don't talk to the police" that explains the details of why sharing everything with the police is a bad idea even if you genuinely have nothing to hide

6:06 anonymous MYTHS: Tor is not the only tool that will make you anonymous. There's i2p which more secure, anonymous, and more optimize for hidden service than Tor.

“Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say.” ― Edward Snowden

Let's just pretend that people who say "I have nothing to hide" are government agents that work together with the pigeons.

A chromebook which is still getting security updates, in guest mode, is pretty secure, but not private. A Windows XP machine that is offline, is pretty private, but definitely not secure. I guess if someone can break your security, they will do away with your privacy too, if they choose to. So there's that link, at least.

Just as an addition - incognito/private browsing in practice is not *that* useless at protecting your privacy. Considering the amount of free trials you can circumvent by just turning on private browsing, companies are not that good at actually telling it’s you (even if it is not impossible).

The Tor and VPN statements really are reversed. The cleverness of Tor is that if one of the three nodes your computer picks from the 10K or so in total is secure, you are at least somewhat anonymous in all cases. If a VPN is bad / compromised / whatever, you have no anonymity. It trust one party 100%, or trusting that at least part of the 10K or so Tor nodes run by many different individuals and organizations are not compromised.

First of all, thank you for your informative and entertaining videos! I want to object to your estimation that TOR is secure from the NSA or any other organization that has a complete or nearly complete overview of all connections begin made. TOR is vulnerable to a timing-based analysis of network traffic. It is my understanding that the NSA does indeed have such an overview here in the US. Additionally, I have heard that the NSA also manages many TOR exit nodes. So my advice is: be careful with TOR and don't assume that your communications are private.

Incognito mode does at least make tracking less useful as its mostly only got your IP address, windows size and browser/OS identification to go on, since it has its own temporary cookies that get wiped when you leave the mode. This is apparent in how often CAPTCHAs will appear due to no historical evidence that you are not a bot.

Incognito mode is only useful for asking dumb questions that I'm ashamed to look up

A lot of people appear to me to be defeatist regarding privacy because they just don't know how to protect themselves. It's immature to be sure but I get it. The sad part about it is once a person has committed to the defeatist attitude they rarely change their stance and never without resistance. It doesn't help that the "scene" is also full of know-it-all's who know how to regurgitate "facts" they read online but they don't possess an adequate understanding of the technology or systems involved... but they are loud and they have fanboys which will defend them at every turn, even when they are very wrong. It's not too hard, but it's also not easy. The biggest change one needs to make is a mental shift. Don't ask what they will do with your data, ask what they could do with it. The safest way to protect your data is to never send it in the first place. If you're going to send data, poison it. Break those data sets, make them worthless.

The rule of thumb I have is if you can't disable telemetry then it's probably bad. Not all telemetry is bad on its own but most of the time if the dev gives you the option and continually respects what you put (looking at windows just ignoring or turning it back on after disabling) then it's probably ok.

I nearly thought we weren't getting a sponsor today and I was legit getting sad lol

Google Drive has a great security feature- they just "accidentally" delete your data.

About Tor, from what I've heard, the problem is not the code, but that many relays are allegedly hosted by government institutions and are keeping logs. If the same institution (say, NSA) controls both your entry node and exit node in a connection, it doesn't matter how many legit/clean intermediaries you are going through - they can relatively reliably correlate the timings for packets "I got a request from device A for X" at the entry, with the "I got a request for X from relay K" packets at the exit node. And this only gets more reliable if more of your relays are controlled by the same institution or one that they have some data sharing agreement with.

Tor was open sourced for the same reason the some encryption system were open sourced by the government, they also needed privacy and what better privacy than to blend in with the masses. That's why'd be counterproductive to put a backdoor in it, you'd only need one disgruntled agent to leak it and your whole organization privacy setup is bust.

for the point "i have nothing to hide" i must say at least if some bad guy steals your identity via the data the person spreads around - the thing will change quickly

~ 10:00 - To be fair, most tech-oriented YTers sponsored by VPN companies now only promote bypassing geo-restrictions on content and adding some security when accessing http-using sites over public WiFi hotspots.

9:25 Your a little bit wrong. An important thing to remember is a new Private/incognito session starts with no cookies, so that does help your online privacy.

Giving big tech the telemetry data is akin to giving access to a room on the promise of renovation, but getting precious things stolen instead.

06:52, biggest answer to this myth is Google vs Proton.

protonmail can be sapina'd by the swiss government and europool to i believe. unless you're hosting your own email it cannot be private, nor was email made to be private. the issue with hosting an email is how much management you have to do on it, how easy it is to open yourself up to attacks and all. it tends to be a very extreme threat model. tutanota would probably be the most private and secure email service

You say that if the company doesn't have a marketing use for your data, telemetry is fine. I'd just like to point out that Google didn't use your data for marketing in the beginning, and as you pointed out, once your data is out there, you can't take it back.

6:30 it was my understanding that the fears that Tor was a NSA Honeypot because of speculation that they were aquiring nodes through various means, not that they had any backdoors built into the sourcecode. While I'm not familiar enough with how the community makes such speculations on how many nodes the NSA has control over, mathematically there is a critical mass point where it's possible to deanomonize the network because they control a certain percentage of the nodes.

About the "nothing to hide" argument, you can make a sort of adjusted Miranda warning about it: "You have the right to privacy. Anything you do online can be used against you in the future."

13:58 Just to give a taint: a company that is doing awesome right now, could be bought tomorrow

The "This VPN secures your bank details" BS advertising shits me to tears - TLS is what secures your bank details...

Really good points and one I'm thankful you made. It's easy to succumb to the non stop push to coerce you into a convinient lifestye and give up on what are your rights. That option though always has a price. Just look at where we are now ;)

Privacy? What's that? I'm old enough to remember that my first phone number not only had my name attached to it, That number, my name and MY address was published in a book that was handed out for FREEEEEEEE and hung next to coin phones out in the wild.

Having security doesn't necessarily mean you have privacy, but having privacy usually rhymes with having security: how can you get one of your passwords leaked if the password you use to decrypt your data is only present on your device and nowhere else, like on the servers of the company you're using the services, how can you be located and targeted by malicious actors like an online stalker if you hide your IP with a VPN, how can you get blackmailed if your operating system doesn't constantly leak information about itself that can be intercepted or your messaging apps send only encrypted messages. All of those things are generally used and advertised as a way to increase privacy but at the same time, even without wanting it, it also increases security.

At 0:52, I assumed he was talking about Proton Mail. But a minute later, he does a sponsor read for Proton Mail 😂

Why is Safing's Portmaster link included in the description but not Tuxedo's?

I HAVE BODIES TO HIDE

i still remember when i sharing some info about phishing to my friend, then he asked "which VPN can protect me from this?", then i told him "none of them"

returning the internet into the hands of public workers instead of the privatized industry it is now would benefit us greatly too.

You are NEVER completely secure online. No matter if you use tore, VPN, on a burner Linux laptop/flash drive on someone else's wifi. As a matter of fact the more of these things you do the more likely you are to attract the attention of various alphabet agencies. Against a scrip kiddy or basic search you might be ok.

VPN company has to comply to local law, as any other company. and this law often requires it to log user data and provide it to police and such

There's a saying where I live: "Even if I have nothing to hide, that doesn't mean I like to be searched". It applies for any situation. For example if the police stops you on the street, you're doing nothing wrong but you won't like them to just look around your things, your car, yourself. Or if your'e at school and a teacher asks to look inside your bag. Or if your'e at work and suddenly people from HR just come and want to look inside your drawers or your computer. Remember that folder you left on the bottom of the drawer that was due like a year ago? well, that's what they'll find. But you had nothing to hide. Or maybe that snack your'e not suppose to have while in your station; or that cellphone you shouldn't have at school; or that controversial book you're reading but don't want anyone to know about... Or that photo of your ex you still carry around... Yes, it's not illegal, it's not bad, it's nothing that would really impact your life, but you still won't like to be searched.

incognito mode doesn't share the cookies of your normal browsing mode, so technically it is more secure

It just feels weird to know that whenever I look up some random information some algorithm somewhere is going to use it to change what I see on Google searches, YT recommendations, and background ads. And people are paying to give that information to eachother without me seeing a cent of it.

Speaking about privacy, I am surprised that no one raised an issue about having the name of every patreon/supporter listed at the end of each video. 🧐

Man, your videos are getting crazy good. There is so much work that you put on the content and the words are spot on. I hope you keep this energy for a good amount of time

Okay, so "telemetry" is the reason we get damn "youtube shorts" instead of fixing the relative dates in the video details. Apparently, people enjoy when they are shown unfitting vertical videos, restricted by 1 minute, cannot rewind, cannot control the sound volume and so on.

More accurate: A lot of TOR nodes are honeypots.

For anyone thinking of the CIA triangle in security of Confidentiality, Integrity, and Availability, then I must point out that confidentiality and privacy are still two different things. Confidentiality only deals with preventing information from getting into the hands of an unauthorized party. Privacy deals with who is authorized to have the information in the first place.

The best counter to “I have nothing to hide” is “Yeah, I know”

The big logical issue with the idea of tor being a honeypot is that the NSA themselves use it against their adversaries, and any backdoor they somehow got in could be used against them.

Nick, I love your french Accent. You speak very, very well english but your "a lot" is so iconic! You got me back into Linux again and since then I often watch your content, it is just this great! Keep doing it your way :)

Privacy doesn't exist in my country, China, and I'm pretty sure the government knows I'm using a proxy service to browse KZbin right now.

Talking about privacy. Today I woke up and saw my entire KZbin feed gone for the message telling me to turn on my watch history that I can't pass by.

At 4:18, i think you meant opt-in as good, and opt-out as bad... Its backwards in the video.

I decided up on install of the Fedora KDE spin to set telemetry to level 1 (with 0 being off and 4 being the most). Even opt out telemetry can be good if designed private and transperant what is collected. I do support Fedoras opt-out telemetry. It needs refinement but I still support it.

Might be a strange question, but which browser is that at 6:53? I would like to have my firefox look and feel like that, with the tabs below the headerbar and the control buttons in it.

I remember an Ed Snowden interview where he said you choose Security OR Privacy

Great video Nick. As always, no service is going to do everything for you. If it claims it does, there's something amiss. Real privacy and security takes a lot of effort on your own end.

Private browsing is used so you don't leave session cookies on public computers, period.

About VPN, it is a "must" to use any VPN (even free tire) if you use any Public WiFi.

For privacy check rob braxman too, surely hes sometimes a bit too strict but that is the only approach that could partially work

Thank you for your "i have nothing to hide" segment

During the part about VPN's you mentioned a "Tech Law"(?) channel with further, more technical insights. Which one do you mean there? Great Video btw!

I HAVE NOTHING TO HIDE nobody has written it yet, so I'll help you fulfil your prophecy

Greetings, A query, what program do you use to edit word or excel. I used wps office but I don't like it very much, thanks.

In your section on "telemetry", you mentioned several times "anonymized telemetry" but you failed to talk about when it is NOT anonymized and the fact that most of the time you cannot tell if someone using telemetry is or is not anonymizing it. I doubt that most are doing any kind of anonymization of the data. I just finished a book that had an entire section on how invasive the collection of Meta Data is and how it tells companies more than the contents of the actual data. Telemetry can be the same when used inappropriately by organizations. I always try and limit it, even at the cost of not providing developers some needed help in fixing their software bugs.

Never forget the option of storing stuff in encrypted form, too. If you encrypt first, then store, hackers and services are pretty unlikely to know more than a file name and if you're using a randomish name or cryptea with name scrambling on they're unlikely to get even that much.

Here is something. 25 years ago, I got picked up by a federal agent because I was on federal land, had a beer, and went to go get a burger. That isn't important. The important thing is when I sat down with an actual federal agent, and he asked me specific things that nobody else but I knew. Times places I out of my current area from years before. That's when I knew it didn't really matter what you think or how hard you try. Someone does know something..... over 20 years ago. It was also things that aren't criminal , aren't irregular, and have no relivence to anyone or anything at all. So good luck. I do care about security. Privacy is a myth. Especially in the digital age. Have a nice day 🤔

Living in a stable nation, I'm less worried about the government - it's the companies who will make my life miserable first. Banks, insurance, insurance, healthcare, you name it... if they don't like what they see and are allowed to act based on conjecture and algorithms alone, I could be in for extra fees and higher rates through no fault of my own. Just because the machine said so. 🤖

Am really paranoid when it comes to my privacy but it doesn't help when I do dumb stuff, it's not try went you get older you because wiser.

Yes privacy is our primary concern

I HAVE NOTHING TO HIDE.. Except what i do online....

I guess we have all searched once in our lifetime HOW TO MAKE A PLATYPUS FALL IN LOVE WI-

I would love if there was more telemetry that could simply be controlled by the user. I would love to be able to give the right data to tech support to prove I am not the one causing the issue I am experiencing.

Very good and balanced video - first time here - liked and sub'd. I have a question for a possible future video - adding a wifi router to an existing device? My wifi provider - like many - gives you a device which is basically crap - but you can't access it to change any settings, its locked. So... can you use a port to fit Another router, that you can configure, and use THAT as the main access, going into the stupid one? Slightly slower, yes, but, if the new router is sufficiantly better, worth it? Thats an open question to any answers....