On Privacy and control. My tech setup
12 points by toidiu
12 points by toidiu
Cloudflare is my current employer.
I mean no ill will towards you, but this is dreadfully ironic. Those of us who care about privacy must support ourselves by working for a company whose business is [checks notes] MitM-ing the entire Web.
That said, the post is interesting, and made me aware of a few tools, like Baikal, that I didn't know about before. Thanks!
I agree, it's very ironic indeed.
This post (surprisingly) neglects to mention the benefits/downsides as Cloudflare as a registrar. The benefit is their domains are at-cost -- not just vaguely cheap. Of course, some other registrars will sell domains at a loss to bring you in, so it's only really a better deal if you've got a domain for more than a year... and the downside is that you are locked into using Cloudflare as your DNS provider for any domain leased through them, meaning more information to get sucked up by the one big American company hosting 20% of the web.
"I don't need to care about privacy because I have nothing to hide" is trivially disproved:
Humans arrive at conclusions about other humans based on information. Sometimes these conclusions are incorrect because humans aren't perfect at reasoning and this happens more often with some kinds of information.
Therefore, it's perfectly rational to hide/not-disclose/obscure some information to lessen the chance that others take action based on faulty conclusions.
I've always answered that argument with: "even if you have nothing to hide now, it's possible that your opinions are not liked by your future government". With certain extremisms rising everywhere what constituted a problem is constantly shifting.
While this comes up for me less and less nowadays (not sure if people know me by now, or there are less people around me who don't appreciate privacy, etc.), but, i tend to respond with the following question:
Again, I've needed to pose this question less and less recently...My hope is that i'm either helping friends appreciate things to improve their lives, or unconsciously surrounding myself with people who are aware of privacy rights.
Ty for reading!
I do think the argument, "... nothing to hide...", is used less these days but I feel it was more common maybe 3-5 year ago. This post came out of a conversation I was having with a friend. Even though the friend is very smart and aware, they simply havn't spent as much time thinking about this stuff.
So I was hoping to document some of my thoughts, share it with a broader audience and also document what tool I use.. because it can be very exhausting and daunting to start from sctatch.
As of 2025, we now have enough examples of extremely targeted phishing attacks using public data. The more attackers know about a target, the more they can build a false sense of trust.
Knowing who is a maintainer of what packages leads to spam that is believable. https://arstechnica.com/security/2025/09/software-packages-with-more-than-2-billion-weekly-downloads-hit-in-supply-chain-attack/
In my own personal experience, I get emails all the time for services I don’t use because it’s spam. But the ones for my real services using my real name and email, with specific details about my account becomes tricky.
Then think of all the security questions that are based on facts, like whenever I get a background check asking for my previous addresses. If everything were public, this would be too easy.
Shared secrets build trust, so it’s good to keep lots of things secret.
Typo guy here: "best interst", "Messanging"