Do you know the axolotl? They’re an adorable aquatic salamander. One character in a later season of Bojack Horseman was an axolotl. They’re pretty cute. But the other day, I learned something amazing: axolotls evolve. You see, an axolotl is – to put it very unscientifically – an unevolved salamander. I could be wrong about that, it’s actually very difficult to find more information on this subject (in plain English, at least), but from what I can figure out axolotls are a type of amphibian that never quite made the transition from water-based-sometimes-land-explorer to land-based-sometimes-water-explorer (think like how tadpoles evolve into frogs). But this is not a hard and fast rule. For reasons that science doesn’t quite fully understand (but of course, has some guesses on), some axolotls do eventually complete their growth and become “morphed,” or fully grown.

Axolotl

Evolution is a fact of life. Even if you don’t believe that humans evolved from a common primate ancestor, we still see it. In addition to “evolutions” like caterpillars into butterflies, we see plants evolve through selective breeding. We've seen butterflies evolve from white to black to survive during the Industrial Revolution (source). We saw lizards evolve in just a few decades after being introduced to a new environment (source). And humans themselves are evolving, too, as we speak (source).

Change can be a good thing. As we go through life, we change emotionally and mentally. We learn how to communicate better, we learn that Christopher Columbus didn’t discover America, we learn that Google isn’t just some altruistic company trying to bring us a powerful search engine and free email. And those of us who embrace this change evolve: we change our behaviors, our words, our thought patterns. This is something I believe we should carry on forever into our adult lives, but sadly many of us don’t. Many of us adopt a certain viewpoint, usually about something political, then refuse to challenge it, take in new information, or evolve in any way. This can pose risks in many areas of our lives, but as this is a privacy blog, let me focus specifically on that one.

When I first read Michael Bazzell’s book The Privacy & Security Desktop Reference (no longer in print, now replaced with Extreme Privacy), I remember reading about a lot of advanced techniques, things like using Yubikeys, getting a home in a trust or LLC, and switching to a de-Googled/Appled phone. At the time, I remember thinking “wow, I’ll probably never do those, those are way too advanced for me.” But fast forward a few years and suddenly some of things got real appealing – Linux routers, VPNs on the whole network, fake names on my utilities, and just this year I was able to finally get my hands on and mess around with a PinePhone for the first time.

A lack of flexibility and willingness to change in the privacy and security communities can lead to several negative outcomes from the start: the first and most likely is that a person sees all the changes they have to make and ends up never acting. It’s simply too daunting. The second and third outcomes are that people set the bar too low or too high. They either say “well, I can’t do all that, but I can at least use a VPN and switch to Firefox so I will,” or they say “well, I’ll do everything at once” and then burn out. Do you know why most New Year’s Resolutions fail? Because people try to do too much at once. They’re gonna quit drinking, run every day, eat healthy, and find love (that last one is a terrible resolution, by the way). Instead, if people break those goals up into pieces – I’m gonna cut back on drinking month by month til I quit or I’m gonna quit drinking in January then take up running in February – the goals become much more sustainable. But we can’t do that unless we’re willing to admit that change is a thing. We can’t do the “baby steps” approach unless we admit that it’s okay to do some things today and other things tomorrow.

You may be thinking that option three is the most desirable here, but it leads to a problem: outside change. In 2013, Lavabit encrypted email service shut down. In 2020, popular (and powerful) privacy plugin uMatrix stopped being actively developed and supported. In 2021, encrypted messenger Wickr sold to Amazon and ExpressVPN sold to malware company Kape Technologies. The person who goes straight to the maximum without knowing the value of evolving with the times will eventually find themselves using products that are outdated, vulnerable, or compromised. CS Lewis - famous Christian author - once said that a man can't make God less real by refusing to admit it than he can make the sun less bright by writing the word "darkness" over and over. This is true of evolution: you can ignore it and keep using the same outdated tools, but the landscape around you has changed all the same. You can either admit it and evolve to, or stick your head in the sand and be left behind and ultimately compromised.

CS Lewis

I’ve written many articles about being patient with newcomers. Privacy and security can be daunting. There’s a lot to learn, a lot to change and fix, and a lot to do. To some extent, this subject concerns those newcomers: as I’ve said before many times, there’s no shame in a person taking baby steps. It’s okay for a person to make small changes today but not delete Facebook until tomorrow. But the idea of evolving as a privacy advocate goes far beyond just being patient with newbies. It applies to us veterans, too. It’s about our brand loyalties. I mentioned in my last post how brand loyalties are bad for pretty much everyone except the brands. They’re also bad for our security and privacy. My college English teacher introduced me to the phrase “kill your darlings.” In other words, don’t get so attached to your work that you aren’t willing to make the necessary changes to make it go from good to great. Maybe you like a certain part of the paper, but the paper would be better without it, or worded differently. You can’t be afraid to let that part go in the pursuit of making the paper better. This is true of privacy. I am a Signal fan, I’ve been very open about that, but I was among the many to criticize their MobileCoin integration. I’m a ProtonVPN user, but I also admit that IVPN has better security and Mullvad has better anonymity. Proton is far from a perfect service. You can’t be rigid and unwilling to evolve. I’m eagerly awaiting the day Session introduces video and voice calls so I can move over to them from Signal for my daily usage. We have to be willing and ready to know when a service is no longer fit for use – whether that’s because it changed or our situations changed – and be ready and willing to move on when that happens. We must always be ready and willing to evolve, whether that’s because we’re a newbie taking the next baby step, or because we found a way to do just a little bit better in our protection.