Dear reader,
I have been part of different privacy communities for many years and have probably learned most of what I know about privacy from them. These communities and the knowledgeable people who actively engage in discussions about privacy provide important educational information that can be invaluable for people who otherwise wouldn’t know where to go.
However, I have also noticed that there comes regularly a time when I feel like leaving these communities altogether or start questioning why I’m even bothering to follow certain discussions. The core issue is the way people communicate, which often lacks kindness, leans towards black and white thinking, and refuses to hear alternative perspectives. Let me explain.
The hostile discussion culture
A hostile discussion culture has always been a part of the privacy community, where people fight with each other on social media platforms and privacy forums, creating divisiveness in the community. While this has mainly been an issue with individual people, even many privacy-focused companies have contributed to this with fights between each other.
Brave and Firefox have both attacked each other in the past, and the relationship between Proton and Tuta has appeared frosty for many years now, sometimes turning into public disputes. Another example is from 2024 when I posted a comment on the Techlore Forum, when I had noticed that a privacy-focused email service Skiff (that no longer exists after Notion acquisition) had released multiple blog posts about Proton that contained disinformation. The Skiff’s CEO himself even wrote two of the articles I highlighted, making the entire case a lot worse.
Right now on the Privacy Guides forum, people are fighting about the the topic of password managers. More specifically, if Privacy Guides should establish a strict open source policy for the category, which would consequentially remove 1Password from the recommendations. While the discussion started back in 2023, it has fired up again.
Here are some comments that exhibit the hostile discussion style and the low‑effort responses that decrease the quality of the discussion. These two comments sarcastically portray the arguments that some people have made in the thread. They add no real value to the discussion and only increase the hostility in the thread.
One person even stated the following, which especially highlights the communication style of some people in the community: “I’m going to keep this thread going until this gets approved.” While the topic itself is worth discussing, I don’t know why people feel the need to do it so combatively and sometimes in bad faith.
These comments are also interesting because last year, Privacy Guides introduced new rules regarding bad faith argumentation to limit that, but every week you can see new comments that should get removed but aren’t. Even reporting them may not help, as moderators make the final decision.
Recently, I reported a comment from the password manager thread that pretty clearly violated these guidelines, but a moderator decided otherwise. Here is another example of a comment that shows how hostility is a common way to communicate in the privacy community. Looking back at the discussion, my response wasn’t the best either, and I remember being annoyed while writing it. A better way of handling the situation would have been to report the comment and move on. Privacy Guides also suggests people do this in these situations.
But this example showcases again how a comment that is hostile can also feed more hostility in others and the cycle is ready. Clearly something needs to change, because right now, these rules regarding bad faith arguments are not enforced consistently, so the quality of the discussions isn’t as good as it could be, while some people could eventually get fed up and leave. By allowing these kinds of comments, there is also a risk that we get accustomed to the hostile communication style, and don’t see an issue when there clearly is one.
The tendency for black and white thinking
Possibly the best example of black and white thinking in the privacy community relates to browsers, where certain people repeat it as if it was their religion that Firefox and Firefox-based browsers are very insecure and you will essentially ask to get hacked if you even dare to download it on your phone. While I may have exaggerated the phrasing, it is actually not so far off from the actual discussions. It doesn’t make the situation any easier when certain entities in the privacy community repeat these claims that then get repeated by the community members. These comments appear almost every time people discuss Firefox, but are especially present in discussions regarding the Android version, which admittedly has some legitimate security concerns.
However, the problem is that there aren’t really any real-world examples of people getting compromised because they were using Firefox. This means that while Firefox should improve its security, most people with average threat models should not avoid using it just because of these concerns.
Recently, black and white thinking has also made it to the discussions regarding different AI tools, where many people seem to think that if you’re not running AI locally, you might as well not use it at all because anything else doesn’t provide enough privacy. Some people have even gone as far as claiming that some of these privacy-respecting AI tools, such as Proton’s Lumo, would have identical privacy to the mainstream AI tools, such as ChatGPT. In reality, Proton uses zero-access encryption to store the conversations, so that even Proton can’t access them after Lumo has processed the request. Yet, this seems to matter little to these people, for whom anything but perfect confidentiality is useless.
Privacy-focused search engines, such as DuckDuckGo, don’t cause a similar response, even though the privacy-risks seem identical. Proton’s new AI tool Lumo has especially been under fire recently, but there doesn’t really exist many providers that would provide superior privacy. If you’re not submitting personal information to these tools, and you use a more privacy-respecting service, the privacy risks aren’t as high as some people may want you to believe. Also, not everyone has enough power on their devices to run local models, even if that would be the best option privacy-wise.
A key problem is that some people in the privacy community seem to think that threat models are irrelevant when discussing certain privacy tools, and everyone should make the same decisions. A better way to approach these questions is by evaluating your own threat model and deciding whether it’s high enough to avoid specific privacy tools.
Rejecting alternative viewpoints as "ideological"
As someone with a background in the humanities, where ultimate objective truths are hard to come by, the privacy community can sometimes feel overly rigid, with only one proper way of doing something. Arguments that are not related to a product’s technical merits get regularly labeled as "ideological", that people shouldn’t discuss at all, and for many seem to represent an inferior way of thinking.
In reality, ideologies are of course everywhere, and claiming to exist outside of them while only making decisions that are based on some objective metrics is mostly amusing to me. By focusing on a product’s technical merits alone when choosing between different privacy tools, you are actually taking an ideological stance, even if you don’t think you are.
For example, by arguing that Brave’s CEO’s problematic views on LGBTQ people shouldn’t affect anyone’s browser decision, you’re in fact taking an ideological stance. In your view, only the product’s technical merits are worth discussing, while other perspectives are irrelevant. Here, you’re essentially arguing that human rights are not worth discussing in relation to privacy tools. But if we ask the LGBTQ community, they might think that this is definitely something that needs discussing.
Many in the privacy community might argue that whether you choose to use Brave has essentially no effect on LGBTQ people, since most people using it are not directly financing it. Also, Brendan Eich has apparently stayed away from similar donations since then. Yet, for many people, this could also be a matter of principle of not using a product whose CEO has donated to a cause to oppose their equal rights.
Overall, looking at a product purely from the security and privacy perspective is also an ideological decision that we should acknowledge. You could of course argue that as a privacy community it is justified to limit our perspective mostly to privacy and security. But even doing precisely that may not satisfy everyone if we also choose to defend the privacy rights of certain minority groups. In the end, it can even reduce our understanding of the world if we don’t listen to other people and their perspectives in the privacy community.
A call for action
We should all be more mindful of how we talk to each other in the privacy community. Ultimately, it should be a space where people can feel respected and heard, even if we may not agree with each other all the time. Those who are new to the topic of privacy could get intimidated by the culture of gatekeeping and strongly worded language that looks at things in a very black and white way, when in reality that is rarely needed. Even some of the leading figures in this space, who are more familiar with this culture, can get discouraged and lose the motivation for fighting for privacy when the community feels so hostile sometimes.
We shouldn’t bring the toxic social media discussing culture to the privacy communities. In this culture, the only things that seem to matter are coming up with the most clever and snarky ways of saying something, often intentionally distorting what the other person has said. I think people are tired of that, which has also been a reason for many to find these alternative communities and forums. Companies have their own role as well. Instead of fighting with each other, they should focus on bringing new solutions to combat emerging privacy threats while advocating against government and commercial mass surveillance.
I have a last request for you. Please try to bring more kindness to the privacy community instead of bringing hatred, cynicism, and negativity. We can all do better if we so choose. 🌔