The Problems and Headaches of Digital Privacy.I created this for educational purposes, to store my thoughts on digital privacy flaws in case I forget them. - NCryptsion (Founder)
In any case, this focuses on the concept of digital privacy flaws. It explains why digital privacy cannot be perfected, no matter what. It also explains why it primarily revolves around trust, not just transparency, authenticity, integrity, competence, accountability and reputation.
We need to trust people and feel confident about them to feel strong. It's like an invisible connection that makes us feel good and confident on someone. Once trust is broken, it's really hard to fix. That's why trust is so important.
It's the center of all the "sub-principles". Can you trust the transparency? Authenticity? Integrity? Competence? Accountability and Reputation? I'm not saying everything cannot be trusted, it's just even zero-trust policy cannot be fully trusted. Whatever.
Transparency is another key factor in building trust. It means making your operations, models, changes and so on available to everyone as much as possible.
Authenticity means being genuine and honest in how you present yourself. When people sense that you are real not pretending or hiding behind a false-self, they are more likely to trust you. It builds a connection that feels natural rather than forced. Strongly connected to transparency.
Integrity is about doing the right thing, even when no one is watching. It reflects a strong alignment between your values and your actions. When people see consistency between what you say and what you do, trust deepens.
Competence shows that you have the skills and knowledge to deliver on your promises. Trust isn't just about good intentions people need to believe you are capable of achieving what you claim.
Accountability means taking responsibility for your actions, especially when things go wrong. Admitting mistakes and making efforts to fix them demonstrates maturity and reliability, which strengthens trust over time.
Reputation is the overall perception others have of you based on past actions and experiences. A strong, positive track record makes it easier for people to trust you even before direct interaction.
Most "privacy-focused" services offered by organizations depend on trust, even open-source ones. And yes that's transparency. But how'd that happen? What do you mean? It's open-source, so how could there be any foul play? Yeah, that's totally doable.
Just because their service is open-source doesn't mean they can't sneak in some malicious code during production or on the hosting service. That way, they don't have to update their GitHub, assuming the project is directly connected.
As far as I know, there is no solid solution to these problems. Even if there were, it would eventually have a flaw, and the cycle would continue (based on my research). For example, I used to think that opening my services database to everyone would be a good idea.
I mean, they're all encrypted, so what could go wrong? Then I realized that I could just send the unencrypted data before it's encrypted by modifying the production code. Literally there are just so many flaws. It's a fucking headache. I wonder if it's possible to implement a truly foolproof zero-knowledge with truly transparency service.
There are just too many factors to foolproof digital privacy. There are just too many questions to answer and verify. Do we trust the services they use to make the service functional or in production? Do we really have to trust their team? Do we have confidence in the libraries they've used? Do we really think they'll be able to keep it together moving forward? And it just keeps going.
Even if you've got all the other factors that build trust down like integrity and authenticity. The flaw can still overshadow them. But yes taking all of them at heart makes people trust in you, and your reputation strengthen a lot, and solidify it. But in short, everything is just basically "trust me bro."
- What if you implement a feature in your service where anyone can view it's files live (restricted to confidential keys)? What if everything is a hoax or spoofed? What if everything it's showing is a clone with the non-malicious code and not the actual live files? This is why trust matters.