New #blog post: Two types of privacy. I define and compare the terms “Tracking reduction” and “Tracking avoidance”.


When qualifying privacy recommendations with context, I think we should go further than describing threat models: we should acknowledge different types of privacy. “Privacy” means different things to different people. Even a single person may use the word “privacy” differently depending on their situation. Understanding a user’s unique situation(s), including their threat models, can inform us when we select the best of approach. How do we choose between reducing a footprint’s spread and size?

Feedback welcome, now matter how insignificant.




A couple of ideas. I think these two kinds of privacy already have a name. Privacy is when you don't want everyone to know. Secrecy is when you don't want anyone to know. I forget where I read this.

Identification and revealing.
Sometimes we don't want an adversary to know who we are. Sometimes we don't mind them knowing who we are, but we want to keep a specific datum about us hidden. Sometimes we want to stop adversaries from cooperating and putting both things together.

@Seirdy Ah yes, just one more thing. Regarding machine translation, what about systems like Bergamot? Those certainly would seem to respect one form of privacy, since a third party is not appraised that we have visited a site and its contents. However, can the site detect Bergamot was used? In principle, with highly intrusive techniques, I suspect it can; in practice I think it's unlikely.

@modulux was this a reply to this post or my post on stylometric fingerprinting? For the latter, I covered Bergamot's reference implementation.

@Seirdy No, to this post regarding your note that machine translation, accessibility, etc, may require people to do privacy-unsafe things.

@modulux Ah. Firefox Translate comes to mind. The problem is that it alters the page in a fingerprintable way.

You could copy-paste the page contents elsewhere for translation, but you'd lose the semantic HTML which does impact a good translation implementation

@Seirdy Aha, so even off-line translaiton with something like Firefox Translate is detectable then.

@modulux Anything that injects content or moves elements around is detectable, especially if its exact results are repeatable.
Sign in to participate in the conversation

The original server operated by the Mastodon gGmbH non-profit