Published
owned this note
owned this note
Linked with GitHub
# 2018 Rightscon 分享會共筆 @Taipei
https://bit.ly/2KijnEw RightsCon Hackfoldr
## Pellaeon - 數位人權為何重要,以隱私權為例
數位人權是啥?
考量到大部分的人是第一次接觸數位人權/資安/隱私權相關議題,而且我是第一個講者,所以我會專注講關於這個領域的常見問題,而比較少講rightscon 實際的內容。
- 隱私權為什麼很重要?
- 我猜這邊應該大部分的人可以認同隱私權有一定重要性吧
- 對於現在並不覺得隱私權很重要的人,我無意去說服他隱私權很重要,因為或許哪天他有想要保護的東西,或是權益受到侵害的時候就瞭解到隱私權的重要了
- 但並不能因為隱私權不重要就不去保護他,因為等到你真的想要有隱私權的時候再去保護往往已經來不及了(像言論自由和選舉權一樣)
- 也不能因為一部分的人覺得隱私權不重要,就犧牲所有人的隱私權拿去換一些其他東西。比如說台灣政府拿一些「匿名化」之後的健保資料去賣給私人企業做「大數據研究」。
- Edward Snowden: "Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say." (見[維基百科](https://en.wikipedia.org/wiki/Nothing_to_hide_argument))
- 資訊安全為什麼很重要?
- 跟隱私權相關,隱私權是人權,資訊安全是實作隱私權的(技術)手段
- 不只是個資而已 - 還有 metadata
- 所以我到底應該用哪一家的產品才會比較安全/比較注重隱私?
- 儘量選開源的產品
- ……這是一個很複雜的問題
我支持什麼
- 牽涉到個人資料的服務產品(其實所有網路上的服務都牽涉個人資料)應該要有一個運作良好的競爭市場
- 消費者、使用者(所有網路和科技的使用者)應該要受到足夠的教育和透明的資訊來判斷一個產品的好壞
- 產品應該提供簡單易懂的說明
- 關於產品的資訊(運作方式、營利方式、收集的資料等等)應該儘量透明
- 使用者應該要花時間瞭解他所使用的產品(運作方式、有什麼功能、有什麼設定……),理想上在使用前就要去瞭解
以上的目標,又分為幾個具體的層次(簡單列一下)
- 維持網際網路的健康,避免網路的集中化(所有人和內容都集中在少數私人控制的平臺上面)
- 網路中立性
- 推廣分散式的服務
- 資料可攜性(例如開放格式)
- 維持網際網路的安全
- 軟硬體的安全
- 使用者控制權
- 反對監控
- 維持網際網路的開放 - 允許創新
- 開放的網路協定
- 開放的軟體(開放原始碼與自由軟體)
- 反對扼殺創新的專利法
### 以一個身在台灣的使用者的角度,又可以做些什麼?
1. 持續投入一點點時間,檢查不同服務設定——沒有什麼是「正確/安全」的設定,重點是要去瞭解設定值的意思(運作的方式),然後自己決定要如何設定
a. 打開 facebook 的設定頁,瞭解一下有哪一些設定,facebook 有相當完整易懂的中文說明
b. google
c. 電腦的設定
d. 手機的設定
e. 其他連網裝置(智慧電視、智慧冰箱等等)
2. 針對你常用的服務或是軟體,瞭解一下有什麼其他、類似的替代品,與你平常使用的又有何不同?(功能、費用、隱私等等)甚至可以去試用看看
a. ios - android
b. medium.com - wordpress.com
c. facebook.com - twitter.com
d. microsoft office - libreoffice
e. chrome - firefox
f. LINE - Telegram , Signal.org
g. youtube.com - vimeo
h. (以上只是舉例,還有很多很多)
### 參考
- https://privacytools.twngo.xyz/
- https://securityplanner.org/ (英文)
- 維持網際網路的健康 https://www.mozilla.org/en-US/internet-health/
### 我之前寫的給臺灣人的安全性建議(但是因為某些原因所以是英文的)
> I'll list a few Taiwan specific things anyways (not in any particular order):
>
> 1. Don't use Chinese brand phones, especially Huawei, ZTE and Xiaomi, they all have records of collecting sensitive information. Use Samsung, HTC, Motorola, Sony or other large non-Chinese brands.
> 2. Don't use Chinese softwares or apps, especially communications app like WeChat, your entire chat history is readable by the Chinese government. Other famous Chinese apps include: Tik Tok, Shopee, Taobao, Live.me, iQIY, Meitu, Clean Master (by Cheetah Mobile), QQ, Alipay. They collect information about your device, how you use it, and sometimes locations, phone numbers, contacts, SMS, photos, etc. Facebook/Telegram/LINE/Whatsapp/Viber/Skype/KaokaoTalk are fundamentally no better than wechat, it's just they collect less information, but your chat history is still available for governments to see. Use Signal, no one is able to read your Signal message other than you and the recipient. (unless they seize your phone)
> 3. Avoid using public WiFi, they know what apps you're using, what websites you've visited. But your telecom company knows this anyways, it's just that they don't monetize on this information. If you need to use them, use it with a VPN.
> 4. Don't use free VPN apps, they are the same as public Wifi. If you really need free VPN, use ProtoVPN.
> 5. Don't download apps from other than the Google Play Store, 3rd party sources sometimes bundle malwares with the app.
> 6. Use legitimate copy of softwares and keep them updated. Cracked softwares have 2 security risks: 1) they are often bundled with malware 2) you can't update the software to fix a security hole.
> 7. Use Firefox (best choice) and Google Chrome, they have the best security and privacy protection. Internet Explorer and Safari is OK. Opera is now a Chinese company.
> 8. Don't use mobile payment apps or credit cards, use cash, they are ways to track consumer behavior, and the bank and payment company monetize on your buying history.
> 9. Everything you post on the internet (including private messages) is technically accessible by your government, the only difference is that whether there are lawful process to access it. (Signal is an exception, it's technically impossible)
> 10. Many people respond to privacy issues by saying "I have nothing to hide", there is actually a whole wikipedia page on this, the best quote I'd say comes from Edward Snowden: "Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say."
>
> This is a non-exhaustive list that I can think of right now. Check https://securityplanner.org for more advices.
>
