There’s several overlapping problems:

First, that the problem is complex. It’s not just “Microsoft bad.” There’s a turducken lasagna of layered problems that make it hard for the average person to wrap their heads around the issue.

Next, there’s no direct monetary incentive. You can’t say “you lose $500 a year because data brokers know your address.” Most people also have relied their whole lives on free email, so the average person in already in “debt” in terms of trade offs already.

You’re also starting from a point of blaming the victim in a way. It’s the same problem companies have with cybersecurity, blaming everyone except the executive that didn’t know the risks of skimping on cyber budgets. Hiding the problem to avoid public shame is the natural human response.

Finally, that resolving the problem is fucking hard. I know, we all know, it’s a constantly moving target that requires at the very least moderate technical skill. My partner wants to have more privacy online, but would rather have conveniences in many cases. And has zero patience for keeping up with changes, so I have to be a CISO for a household. So the average person, and the average household, does not have the skillset to care “effectively” if they wanted to.

You can’t force people to care or act in their own self interest. The US will sooner adopt the metric system and mandatory digital IDs.

Well, to be fair it’s also proof that people do not value privacy, and that the means by which actual privacy can be obtained are few and narrow.

It also really drives home the fact that our systems of IDs, licensure, taxes, property purchase, etc. are designed for an analog 20th century world. We need new systems based on modern technology, bit not in a way that simply contracts out to the very companies that put us here.

I’ve done OSINT research and that alone converted me into a privacy advocate. Seeing how Alphabet, Meta, and MS have allowed creep to get training data… Whew. It’s breathtaking and complicated beyond the ability to explain in 114 characters.

Y’all, we are cooked. Currently. Present tense. If you aren’t freaked out already, you’re missing about 85% of reality.

The easy solution is to stop engagement on Lemmy. Cool. Cool cool cool.

The short version is to network yourself into a relationship and job where you don’t need to apply by throwing your resume against the castle wall with 83848770188573937 other people.

Also, get a specific resume email address that you can trash once you have a job. “HireBob@yourcustomdomain.com” is easy, cheap, and helps you stand out from the crowd of gmail addresses.

You’re correct. I was thinking of how I have Floorp set up.

CreepJS doesn’t see NoScript as an extension and only catches me if I don’t switch IPs. Time zone is also worth adjusting of one is serious.

And I pass this test, plus the EFF cover your tracks test, and AmIUnique, all the time.

Of course, and I’m saying that while turning JS on for Bob’s website is maybe acceptable, leaving it turned off for gstatic, googleadmamager, etc. also on Bob’s website is easier than the other way around. Layers of defense. Don’t count on canvas blocker.

Though this is just for what you want to obscure. It doesn’t make any sense to openly interact with Google or Meta products with all this going on. Use for your socials, anything tied to your name or face, regular vanilla FF with containers for safety. Let G associate that IP/geography and fingerprint with what you HAVE to do publicly visible. Then you close FF, change VPN locations, and open private mode Librewolf. It’s full plausible deniability. Or use TOR, same same.

Convenience and security are a trade off. Find the balance that works for you based on your threat model. It’s different for everyone.

You can. Librewolf with canvas blocker, turned on in settings, Chameleon, and uBlock and/or(?) JS blocker like NoScript. Edit.

Canvas blocker and a JS blocker limits a lot of what Google can see and fingerprint per page. And you’ll be shocked at first how many pages have google trackers that a JS blocker kills. It’s easier to turn things on one at a time than claw back data once it’s out of your hands.

Chameleon spoofs a lot of other details, like browser, system time, languages, headers, etc. So for what can be seen, it’s always changing and harder to corroborate. This plus moving VPN locations is what is needed.

Also, TOR does the job, but not the most fun internet experience.

Just boot to a USB for a low-risk test.

F me

I also use them, and have liked the results.