Privacy and Security

Note — I’ll broadly focus on the digital/cyber side of privacy and security.

I always believed a secure system is equal to privacy respecting system. After Bryan Lunduke uploaded this and this video, they got me thinking that privacy and security are inherently two different terms. Privacy partially overlaps with security, but they many-a-times exist independently.

First let’s go over textbook definitions of the terms.

Privacy is the ability of an individual or group to seclude themselves or information about themselves, thereby express themselves selectively.

— Wikipedia¹

and

Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes.

— Cisco²

In my terms, privacy means when one’s personal data is not seen, used or harvested without permission. Person is fully in control how his data is handled and it’s visibility. Security is when the software supporting a service is secure and no third party can break in. All known vulnerabilities are fixed and active mitigation against any intrusion attempts are taken. Some example of private services are Disroot, Snopyta amongst others. Google is example of secure system. Services like Disroot don’t have an active security team monitoring their services so many a times vulnerabilities slips through (these services are less likely of getting attack to less ROI in compared to big services like Google which inherently gives them protection). Opinions vary but this is what I think. Sometimes they overlap too, like in case of ProtonMail but it’s less often.

Recently, I was telling a friend about the dangers of using APKs from untrusted sources of unknown origins. Into the conversation, he asked me what security practices should he follow. I advised him to get apps from Play Store only and put his trust in Google Play Security team. Though in the back of my mind, during the conversation, I had that from privacy context, non in their sane mind would recommend Google services.

PS: Another takeaway from the discussion was the question of threat models. Maybe I’ll write about that some other day.