Thanks. This is actually really helpful. I looked it up to check as it I didn’t believe it. Unfortunately, I have no idea whether my brain accidentally or deliberately misspelled it so cannot guarantee that I will learn for next time I use the word. Thank you for your help though.

You are, of course, correct. Whilst my post is only semi-serious, I agree that if I seriously followed the line of thinking then the entire system becomes unusable pretty quickly.

As you can see, I am adapting my threat model to trust less and less structures as I go through the post. As such, it would only really be relevant in the event of a rapidly evolving adversary and probably not even then.

My threat model is nowhere near as tight as is suggested by the contents of the post. The post is more of a thought experiment to see how quickly you can “invent” threats to get to holding all data only on an offline hard drive in a cupboard somewhere. Lol

Exactly, but that just raises more issues. Which cabin? Where? How to stop people breaking into the cabin? Should it have a chimney to automatically incinerate the data device if anyone comes near? As people expect cabins to be in woods, would it be better if the cabin was outside the woods? And finally, is it easier just to trust Google with my data Lol

What I meant by my threat model not being the tightest was that if I want to read something on a site that requires javascript and cookies then I will just turn them back on temporarily rather than not read what I want just because of possible tracking.

I agree with your point about the web being almost unusable in parts without JavaScript. However, I find that a lot of sites have a lot of javascript-heavy pages at the front but simpler pages behind where you get to things you actually want to look at. Usually a site’s RSS feeds let you get directly to the simpler pages without using JavaScript.

Excellent post. I agree entirely.

There absolutely must be an elegant solution to the problem. However, in my opinion, the issue is that not enough people are interested in having the security you mention. Don’t the statistics say that over 50% of people don’t use a password manager, reuse passwords and those passwords are things like password123?

This apathy towards security presumably means that there is very little money in designing the elegant solution to the problems raised in your post and many of the brightest and best in the field will simply seek alternative employment in the online data collection and advertising field where all the money is.

As it stands, so many people have so little concern about online security or privacy that it seems to be slowing progress in both fields.

Thanks. Is Tor browser as effective if not used over tor? My tracking blocking is via a VPN that I trust and want to continue using so I wasn’t thinking of using tor. I think I read somewhere that using VPN over tor or tor over VPN somehow became less private (I’m not technical so this might not be right - maybe someone could explain it). I was going to use Mullvad as I believe it has many of the same qualities as Tor browser but is more focused on use with a VPN rather than Tor.

Thanks for this. It is very helpful. To be honest, I had forgotten about Exodus.

I think it needs camera and microphone in case you want to take photos and video and save directly to an encryted volume. That is not in my use case so I will just deny those permissions.

Thanks. I had noted the lack of internet permission as a positive. I guess that I was just puzzled at the lack of coverage within the community. Maybe the app simply hasn’t been around long enough to attract the attention it seems to warrant. Or maybe I am being overcautious.