The point is that the more private you make something the less ability you have to audit its integrity. If sending a 3rd party a list of hashes is a privacy problem, then security is what takes a hit in order to preserve privacy. That’s not an “extreme case”, it’s what’s being discussed in the essay and in this thread.
Similar examples include DNS over TLS vs DNS filtering for content security, and client certs for mutual TLS vs exposing personal information in said cert, and secure neighbor discovery, and IPv6 (can’t have a global IP because someone might track it), the list goes on.
I’m not saying we should pursue security at all costs or privacy at all costs, far from it. I am saying exactly that there’s a balance between the two and moreover that the balancing point may be different for individual people which leads to arguments like we’re seeing here between people who calibrate more on the security end vs people who prefer extreme privacy. And in my experience people very often conflate the two, which makes it hard to have a productive discussion.
Finally, I’d venture to say that the privacy push of late is having impacts on the ability to deploy strong identity because much of the privacy wave lacks the nuance to distinguish between entities you trust and hence with which it’s okay to maintain a stable secure identity, and those that aren’t. Instead the trend lately has been remove stable identifiers (e.g. Apple’s move to fake mac addresses and GDPR’s IPs are PII) and conceal everything no matter what (TLS 1.3 and DoT/DoH although props to Mozilla for making it possible to configure at the network level via DNs).
Similar examples include DNS over TLS vs DNS filtering for content security, and client certs for mutual TLS vs exposing personal information in said cert, and secure neighbor discovery, and IPv6 (can’t have a global IP because someone might track it), the list goes on.
I’m not saying we should pursue security at all costs or privacy at all costs, far from it. I am saying exactly that there’s a balance between the two and moreover that the balancing point may be different for individual people which leads to arguments like we’re seeing here between people who calibrate more on the security end vs people who prefer extreme privacy. And in my experience people very often conflate the two, which makes it hard to have a productive discussion.
Finally, I’d venture to say that the privacy push of late is having impacts on the ability to deploy strong identity because much of the privacy wave lacks the nuance to distinguish between entities you trust and hence with which it’s okay to maintain a stable secure identity, and those that aren’t. Instead the trend lately has been remove stable identifiers (e.g. Apple’s move to fake mac addresses and GDPR’s IPs are PII) and conceal everything no matter what (TLS 1.3 and DoT/DoH although props to Mozilla for making it possible to configure at the network level via DNs).