On privacy and control
"I don't need to care about privacy because I have nothing to hide." is an argument that I have heard countless times. I found this argument difficult to counter in the past, yet deep-down I knew the reasoning was flawed.
The problem is that the word "privacy" is dialuted and mean different things to different people. Instead of "privacy" we really should be talking about "control". Framed in this context, we can more concretely talk about why it's important to protect your digital identity.
For me privacy is not the primary driver, because like you mentioned, it doesn't make sense for the common folk and doesn't actually fall into people's threat model (journalists on the other hand should care). I am personally motivated by the notion of "control". Can someone else meditate how I experience the world and what information I consume? Whether that is censoring, influencing how much time I have to spend watching ads or which ads I am allowed to watch. Can they influence how I vote? Watch the talk In Defense of Privacy for a more on this.
Many of the convenient tools we use today (email, messaging, social media, password manager) are essential for daily life but they also yield control over to organizations (Google, Facebook, Amazon) that don't necessarily have our best interst in mind [1][2].
My setup
Questioning how "incentives align" is a really good litmus test for most things.
Most of the following recommendations are based on my own threat model and comfort level. There will always be a compromise between effort and easy. It's best to pick what fits your lifestyle.
Password manager
Use a password manager! I use GNU pass because I don't want to hand over my passwords to a 3rd party. I typically only use the password manager from my laptop and don't access passwords from my phone (I consider this a better security practice). I have been meaning to try out passage. I would also recommend Bitwarden for those who want a better UI experience.
... continue reading