I think that giving names to things is helpful for both empowering and de-clawing ideas. George Orwell explored this in his infamous novel 1984, where he talked about how The Party attempted to remove any language that could potentially be used to inspire or conspire for revolt. Giving identity to thoughts is powerful. For example, being able to identify “I have depression” now means you know what the problem is and you can start working toward fixing it – be it medication, therapy, lifestyle changes, or some combination. By the same token, giving names can also be an easy way to remove power from something. This is typically done in the form of a “thought-terminating cliché.” For example, calling someone a conspiracy theorist is shorthand for “if that guy says anything weird just ignore him. He’s crazy.” It removes the onus of critical thinking and evaluation of one's claims if they make you uncomfortable or challenge your existing beliefs.

This is an example of a “logical fallacy.” You’ve probably heard the term, and almost certainly seen quite a few of them in action. A common one in the world of politics is “whataboutism.” Ex: “The president sucks.” “Yeah, well so did the last one/other guy.” Another common one is called “ad hominem,” which is when you attack the person rather than the argument. “I think Signal is secure.” “Yeah well you’re not a cybersecurity expert.” (Hold that thought, we’ll come back to it.) One more common one: the strawman argument. It’s when you misrepresent the claim to make it easier to attack. For example, “I think everyone has a right to privacy.” “So you think we shouldn’t investigate pedophiles and drug dealers?”

Lately I’ve been seeing one particular logical fallacy make the rounds in the privacy community: the “Anecdotal” fallacy. A common version of these I've seen a lot in my life is “My grandma drank Diet Pepsi every single day for 40 years and developed cancer, therefore aspartame must cause cancer despite numerous scientific studies finding no correlation.” I also see a touch of “Personal Incredulity,” aka “I can’t imagine a situation in which a computer might literally explode, therefore if you said yours did I assume you’re lying.”

Lately in the privacy community, I’ve been seeing these pop up a lot in regards to features and the attempts of various products and services to cater to the mainstream. For example, this past week during a discussion about smart TVs, a couple popular ones popped up a few times: “I don’t even watch Netflix, why do they make smart TVs at all?” or “Is it really that hard to hook up a laptop to a TV with HDMI?” (This one also assumes you own both a laptop and a smart TV, and I can think of lots of situations where that may not be the case.) Another one in a different discussion said “why does Signal need stickers? I’ve never met anyone who uses stickers.” Even Henry and I were guilty of this one when Signal announced their integration with MobileCoin: “I have never used a messenger to send payments to friends or family. I’ve always used Paypal or Venmo or whatever.” Just because I’ve never done it doesn’t mean that nobody has and that this is a terrible idea on that merit alone.

I think this is an unhealthy thought pattern that the community needs to break out of. It’s very damaging in many ways when we project our values, cultural norms, or thought processes onto others. This is how we end up inadvertently becoming extremists. Some common “privacy extremist” thoughts I see frequently are things like “if you aren’t willing to switch to Linux, give up on having a private machine” or “if you aren’t willing to delete Facebook, you’ll never truly be private so you may as well just give up” or “if you have a phone, you have no privacy. End of story.”

Some time ago, I wrote two closely related blogs called “One Size Does Not Fit All” and “The Privacy Myth: Binary vs Spectrum.” The basic premise of these two blogs is that what’s right for you isn’t necessarily right for everyone for a variety of reasons and that it’s possible to have more or less privacy without having total or no privacy. In fact, I would argue that’s healthier for both newbies and veterans to frame their privacy journey in this context, though admittedly this mentality can be a double edged sword. For newbies, some may find it a relief to learn that you can never truly be “done.” When there’s a definite, objective, universal finish line, there’s pressure to get to that finish line, but when the finish line is subjective and varies from person to person, then who are you to tell me that I haven’t done enough? For veterans – particularly those who enjoy the challenge of this stuff – that means there’s always more to learn and more to do. Of course, as I said, it can also be a curse: it can feel overwhelming knowing that you’re never really done, or it can be used an excuse to not do more when you should.

Perhaps the biggest problem with a toxic mentality based on anecdotal and/or personally incredulous fallacies is that you run a high risk of accidental gatekeeping. For example, suppose you consider Session to the best encrypted messenger out there, but maybe someone else doesn’t like it because it can’t make calls. If you’re a person who never really does voice or video calls – and you suffer from the “personal incredulity” fallacy – you run the risk of gatekeeping someone else. “Why would you need to make phone calls? Who talks on the phone these days. It’s 2021, just text them.” It ignores the myriad of perfectly valid reasons that a person may want to call instead: emergency, too much to type on a phone, etc. “Well I’ve never met anyone who used GIFs in a messenger so why did Signal have to implement that?” I’ve met a lot of people who love to use GIFs, including myself.

Now it is worth noting that not all fallacies are bad. Above I used the example that a person who’s not a cybersecurity expert may still endorse Signal. This is another topic, perhaps one I’ll write on if enough people want: how to examine a claim. When someone makes a claim – for example: “the moon is made of green cheese” – there are a variety of factors to examine that basically boil down to two categories: the claim itself and the person making it. When examining the person making it, you need to look for qualifications, interests (such as being on payroll), and track record. While it could be considered an “ad honinem” attack to point out that a person making a claim is not qualified, that doesn’t necessarily make it wrong. If I make the claim that I think Signal is a secure messenger based on my own opinion or “expertise,” you’re not wrong to point out that I have absolutely no background in cryptography. But if I make the claim that I think Signal is secure because numerous other actual security experts have vetted it and even the CIA and Cellebrite have been unable to crack it (according to Vault 7), then you attacking me distracts from the point and serves no purpose other than to show yourself to be a jerk who doesn’t take criticism very well. Not all logical fallacies are always wrong or immediately mean that you’re losing the argument. For example, the “slippery slope” argument is technically a logical fallacy, but it is one that has been proven true in many situations time and time again. Is it really wrong to cite that as a concern in some situations?

I hope this blog has raised some awareness. The privacy community is often a skeptical one, and I think that’s healthy. To quote the popular TV show Person of Interest: “only the paranoid survive.” We live in a world where companies lie to our faces, governments break their own laws, and the information they collect is used for far more nefarious and unethical purposes than just trying to sway us into shopping at one fast food chain instead of another. It’s healthy to question the best way to protect ourselves against these invasions. But we have to be careful not to become insular and out of touch lest we become the pop culture depiction of a youth pastor – arguably right, definitely well meaning, but impossible to connect with on a human level and unable to be taken seriously. In fact, not to get too far off topic, but I know from personal experience that the Christian church has a habit of alienating "non-believers" by using their own lingo, phrases, and slang that isolates the "in" group from the "outsiders." This is a very dangerous practice in any social circle, particularly one who is attempting to proselytize to others.

Privacy is a human right, one that is only just starting to be taken seriously in the mainstream. If we’re ever going to reach more people we have to accept that this can often be a slow, scary, and sometimes difficult journey. Giving up the Facebook account you’ve had for 15 years is a lot like breaking up with a long term partner (albeit an abusive one). For many people that dramatic change is akin to staring into the unknown abyss. What comes next? Will I ever find love (or that dopamine hit of validation from a viral tweet) again? It’s been in my life for so long, what will I do without it? It sounds ridiculous to us because we’ve been through it and come out the other side, but for the uninitiated it feels much like a child losing their first tooth: messy, scary, and extreme. Don’t make the mistake of assuming that just because you’re already past it or because you didn’t share those feelings that everyone is in the same boat. I come from a broken family, so the idea of cutting out a toxic member of my immediate family for my own sake is about as difficult a decision as what socks to wear, but I still respect that some people crave the connection of a close, healthy family and might be scared or hesitant to cut that tie, even if it’s the right thing to do. There are 8.5 billion people in the world. Widen your perspective, welcome the curious – even if they ask really stupid questions – and be patient. They’re not your enemy. Big Tech doesn’t need any help tending the gate.