Privacy is not just about Facebook (2/3)
Part 2: Threat models
We discussed in part 1 how it seems important to limit the amount of information we disseminate online (it gives out too much about you), and reduce the number of people that can potentially see it - if you can't trust them.
Let's see in practice how it works.
Case study # 1 : the lone tv-show addict
You should check your local legislation : watching stuff on streaming sites (be it using Kodi or not) is most probably illegal. And you know it! It may be improbable or painless in your country, but of course, you'd prefer not to get cought.
To lower the chances you want to:
1) make it harder to obtain a name and address from your IP address
(a little bit of extra paperwork might do it)
2) minimize the number of intermediaries/companies in position to inspect/filter your network packets or even suspect you're doing it!
You should also realize that by using grey-area services and sites (you know..), you kind of tag yourself as a target. Pirated material is traditionnally served with viruses and malware in it. Who are you gonna complain to?
It may be the website, or a banner running on it, that will try to exploit a flaw of your browser and take control of your computer. Or maybe you downloaded a program (e.g. an addon) and blindnessly ran it yourself, incidently launching something else you didn't want - at all. At this point things can go real bad (e.g. lose files, money, time, reputation, ...).
In summary, you need at least some basic security.
Is it worth the risk? If your goal is to merely consume and stay comfortable, you should consider paying for it. But if you're ready, as a counterpart, to put some effort into learning a few techie things - potentially the hard way - go pirate!
Finally, is it OK not to pay for it? The things is that when the artwork is good enough, people want the authors/producers to make more of it, often badly enough to pay for it. There should be a way to organize that fairly, without relying on law enforcement. Be sure to support those who deserve it, though.
Case study #2: the family guy
Protecting the loved ones is a thougher challenge, mainly because the attack surface becomes much larger and because the error of one may impact all the others.
One good strategy to manage that is segmentation. As a not too techical example, the Guest WiFi network available on many Internet routers, is an easy way to achieve that: put all the dangerous devices on that network, without the password to the main wifi. And do all the pr0n/streaming stuff there (preferably on an old disposable laptop). The point is to confine potential attacks to devices that cannot possibly reach your work/banking/serious stuff over the home network.
This can get more sophisticated with switches and firewalls - and complicated. Asking a friend or a professional might be worth it - if it's not cheap, ask another.
Basic Security for all of your devices is also of course a good idea (althought the above segmentation strategy might let you some liberty on that regard - still a bad idea).
As you probably figured out already : what was not put into a connected computer has greater chances to remain private. Talk about it.
As a final note, you might also need to pay attention to your many digital footprints (e.g. browser history), in order preserve the peace of the household.
Case study 3 : the anarchist
Thought police is not just a fiction, you can read about it in history books too - in most countries. Propaganda techniques are reaching new peak levels of efficiency (with the Internet, audience targeting, a/b testing, etc.).
So you may want to stay out of the system and keep low profile as much as possible. Maybe you need not just privacy but some kind of anonymity or untracability in order to preserve your life or freedom.
If you rather plan on impunity for doing something bad : forget it, it's probably too hard to make it safe enough, and not worth it. Law enforcement finally learned how to use computers - including against you.
In either case there is no easy solution, you will have to educate yourself seriously and train.
Practical defensive solutions (including some sponsors) will be presented soon in the third part.