Are we under attack?

As someone who’s generally quite vocally criticizing privacy projects, I want to give some perspective. There are no bad products, only badly communicated threat models. You can have a messaging app that leaks all messages to your government, and if it’s honest and open upfront about that, then it’s not exactly an issue. It’s also ok to be a novice or to have a business model, even around the data if you manage to anonymize it in reasonable way on user’s end. But you need to again be upfront and open about that. Transparency will invite people to share their expertise and help you grow. The first step needs to be a stern warning that the company or developer is doing something dangerous out of ignorance. If they can take that in and fix the mistakes, that is a massive boost to their project. But every once in a while you run into projects that have no intention of walking the talk. You see projects like Telegram that attack WhatsApp to try to grab as many users as they can, lie by omission about the security and just try to get the network effects to kick in. It was never about creating the best product, or even adequate product. It was about hoarding users so that nobody can leave because it’s too difficult to get everyone to leave with you. You see these products claim there is no marketing, when in reality there’s massive grass roots marketing masquerading as fanboys. All projects deserve the benefit of the doubt at first, but some projects have been around long enough for veterans to know it’s snake oil. A newcomer might feel it’s not warranted, when it really is. So it’s a good idea to check the track record before judging those doing the judging. I’m not a defeatist, nor do I expect perfect security from any project. The UX/convenience is still often a trade-off with privacy. Ingenious privacy-by-design can create wonderful features nobody thought even possible. My favorite example being Signal’s managed v2 group chats where the server doesn’t get to control group. But again it boils down to communicating the threat model. Every business wants to grow and they are hard pressed to upsell their products because the competition is. But that’s not valid excuse. Tools are made for a purpose, and you don’t always need the best one. But you always need to know the tool is good enough. When you’re open about the limitations I feel you have respect for your users and that makes me a return customer. Do the opposite and I’ll call you out as snake oil. There definitely is some push for apathy like the famous quote from Scott McNealy: “Privacy is dead. Get over it.” But these are just noise, and privacy community goes brr regardless. Arguing over it is pointless. Those pushing the message have vested interest to push the message so you’re not convincing them. Don’t try to convince the people sitting on the fence, make something for them. Wrt. attacking projects: That’s intentional. True security withstands any scrutiny, and we need people who want to make a name for themselves for picking this stuff apart, and calling out snake oil when they find it. That way users learn to detect crappy products, and makers of those crappy products face pressure to improve their products. I should also point out that almost any project can in principle restore their reputation, but humans are often fallible and the CEOs double down because it’s a job security and/or ego thing for them. It’s up to them to show humility. You might get better results by offering them a route that let’s them save face, but if the motivation is anything but pure, they won’t seize the opportunity. I’ll also point that privacy software usually revolves around applied cryptography. Not always: you can have just FOSS tool that stores data in plaintext on your own device and it’s fine. Tool that relies heavily on cryptography isn’t something that should be your first big project. I say this of course as someone whose first bigger project relied heavily on cryptography, and as someone who to the surprise of absolutely no one, got it terribly wrong at first. I got called out, and I felt immense shame. What I got right was I blamed myself and took a course on the topic and started reading the literature. That was 12 years ago. I now know enough to know what I’m doing (protocol design) and I know enough to know I don’t know nearly enough to do anything lower level (like implement even existing ciphers). What doesn’t get said often enough is that new projects should start as research prototypes that in their GitHub readme explicitly forbid use of the code in production, until it has received some attention and feedback. That’s definitely something that would draw positive attention. Here’s a password hashing function with provable memory hardness by a world famous professional cryptographer, Dan Boneh. Balloon Hashing | Stanford Applied Crypto Group It’s been in “do not use in production” state for 10 years now. There’s NO shame in saying you need to work on your project more before you can say it’s safe to use. I get that people need to get paid to buy pizza to not starve to death so that they can make privacy tools. It’s difficult. But you can release projects as incomplete, just, again, be upfront about it. The roadmap and delivering on promises is better marketing than security claims that turn out to be bogus.