Distinguishing Security from Privacy

[ReitzBytes]

I'm not sure what to put here but I feel we need to make a distinction.

[jonaharagon]

I think we should have a "what is privacy" type overview that distinguishes them but emphasizes that they typically go hand in hand. But yes they are very different.

[roranicus]

I would add anonymity to that list. Just start with the three basic definitions alongside examples.

[Mikaela]

On anonymity I like to link to Tor's trac: Remember: Modes of anonymity do not mix!

[4udr4n]

Could we potentially find or create some info-graphics or videos explaining the differences?

For example, some useful analogies I've seen include:

Privacy is like taking a colleague into a meeting room for a discussion, anyone else at your workplace could know where you both were and how long for, but would not know the content of the conversation. A more comedic example would be going into a changing room at clothing store. Anyone can see you, what you took in and how long you were in there, but won't catch a peak of your genitals or see how you look in that dress.

Anonymity is like overhearing someone talking behind a wall; You can't see them (and let's assume you can't recognise their voice) but you can hear every word. Or alternatively like spray-painting "Headmaster is a brony" on the school windows at night; Everyone will see the message, but they won't know who wrote it.

Security is essentially making sure that those models aren't easily altered. So running with our analogies: turning off the conference phone in the meeting room, locking the changing room door, making sure you're behind a big wall with razor-wire on top and wearing a balaclava while you're out to graffiti!

Takeaway is, privacy and anonymity are different, your threat model will dictate which you need, and security is required to protect either.

Should we also have a section about deniability? Ephemeral messaging, dual booting, encryption, hidden apps and panic buttons could feature.