blog: Don Marti


a survivability onion for privacy tools?

29 October 2022

This is intended to be part 1 of a series of notes on figuring out how to apply Integrated Survivability Assessment, or something similar, to personal privacy protection.

Starting with some good news. There are several versions of the Survivability Onion but most appear to be US government work and so not copyrighted. I'm going to borrow it because it looks like a good starting point for setting priorities for designing a privacy tools and and services stack. Yes, in the long run, the real impact of individual privacy measures will be not so much in how you’re protected as an individual, but in how you help drive future investments away from surveillance and toward more constructive projects.

It would be good to get more privacy people leveled up:

Level 1 mix of effective and ineffective actions

Level 2 effective actions, but applied haphazardly (this is about where I am now)

Level 3 effective actions, efficiently selected and applied

If you want privacy, prepare for surveillance? All right, onion time.

Integrated SoS Survivability Onion chart, showing layers: pre-emptive encounter, pre-emptive kill,
  avoid/prevent encounter/exposure, avoid detection, avoid targeting, avoid engagement, avoid hit/application, avoid kill

A survivability onion is a way to visualize layers of protection. From Integrated Survivability Assessment:

The separate and independent “layers” of functions, which the threat has to “penetrate” to kill the system in a typical engagement, are most often represented mathematically by independent probabilities; thus, the overall probability of survival is the product of the independent component probabilities.

Since you have limited resources when designing an armored vehicle or whatever, you can apply your limited weight and money budgets to the most effective combinations of layers. The object is to maximize the probability of survival, which is the product of the probabilities of the attack getting through each layer.

And hey, that sounds familiar. We have a limited amount of time, money, and political juice for privacy stuff too. I think we can visualize the protection options in a similar way. Here's a first attempt at a survivability onion for a personal privacy stack, with some examples of what fits into what layer.

  • Don't do a trackable activity (delete a surveillance app, don't visit a surveilled location, boycott a vendor)

  • Don't send tracking info (block tracking traffic, either by using a tool like Disconnect to keep a tracking script from loading, or using a network filter like Pi-hole to prevent tracking SDKs from communicating with their hosts)

  • Send tracking info that is hard to link to your real info (use an auto-generated email address system like Firefox Relay, churn tracking cookies with Cookie AutoDelete)

  • Object or opt out when doing a tracked activity (Global Privacy Control)

  • Object, exercise the right to delete, or opt out later, after data has been collected but before you are targeted (CCPA Authorized Agents, RtD automation tools like Mine)

So that's step one—define the layers of the onion.

Next step: assessing threats. (Will add a link here soon.)

Devs: It’s Time to Consider IPFS as an Alternative to HTTP

The Remote Control Killers Behind Russia’s Cruise Missile Strikes on Ukraine

Keep your family’s internet private with Total Cookie Protection on Firefox

Collections: Strategic Airpower 101

Google Ads has become a massive dark money operation

Rent Going Up? One Company’s Algorithm Could Be Why.