Please do not talk about this. I was asked to keep this private.
And I'm hearing about this because? I seem like a trustworthy guy? I wouldn't want my secrets shared, even to trustworthy people.
I try my best to hold a policy that if you volunteer me some private information, you'll not be worse off for it [1]. Otherwise you'd just not tell me. What it will do, however, is affect my infosec policy around you. And I need to think about keeping other people's secrets too.
Trust develops by testing it again and again. It's rather sad hearing your own secrets from people you didn't share them with.
It makes sense to model others' infosec policies as a separate shard of trustworthiness. Oftentimes it's not obvious to the other person what you feel betrayed about. Sometimes mentioning it helps, more often it doesn't. It's a culture gap, to be treated just like any other. There are many ways to do this, they involve different tradeoffs, and most of the problems come from misunderstandings.
Expectations management might help with this. It's just quite a bit of work and, in some cultures, distasteful. Nuance far away from your own culture is hard to keep track of even when you try. Often there's also an unusually bad illusion of transparency, which contributes to the misunderstandings. The right answer to "Can you keep a secret?" is universally known to be "yes" and not your actual policy. I thus very rarely attempt to discuss the object-level topic anymore.
One factor making the communication of privacy boundaries difficult is that it affects status games. Discussion of status-impacting techniques is by itself deemed manipulative and thus immoral by many, and often people mislead even themselves about their motives here.
However, infosec games are often played for politeness reasons for mutual benefit. For instance, if I'm going to a party next Saturday, and I'd like to know if my friend will be there too, directly asking would be rude. Not only towards the other person, who might be sad that they didn't get invited, but also towards the host. I just burned some of the host's social capital! That's not polite. Maybe this would be different if we lived in Tell culture or something.
But of course I also enjoy the more adversarial sort of social games. I also do infosec stuff for a living sometimes. In both contexts, it annoys me to see people shooting themselves in the foot with unsophistication. And other people are annoyed when I shoot my own foot by being too explicit about the taboo topics.
Besides obvious corner cases. And probably non-obvious too, to make this robust. I know it when I see it etc etc. ↩︎
And I'm hearing about this because? I seem like a trustworthy guy? I wouldn't want my secrets shared, even to trustworthy people.
I try my best to hold a policy that if you volunteer me some private information, you'll not be worse off for it [1] . Otherwise you'd just not tell me. What it will do, however, is affect my infosec policy around you. And I need to think about keeping other people's secrets too.
Trust develops by testing it again and again. It's rather sad hearing your own secrets from people you didn't share them with.
It makes sense to model others' infosec policies as a separate shard of trustworthiness. Oftentimes it's not obvious to the other person what you feel betrayed about. Sometimes mentioning it helps, more often it doesn't. It's a culture gap, to be treated just like any other. There are many ways to do this, they involve different tradeoffs, and most of the problems come from misunderstandings.
Expectations management might help with this. It's just quite a bit of work and, in some cultures, distasteful. Nuance far away from your own culture is hard to keep track of even when you try. Often there's also an unusually bad illusion of transparency, which contributes to the misunderstandings. The right answer to "Can you keep a secret?" is universally known to be "yes" and not your actual policy. I thus very rarely attempt to discuss the object-level topic anymore.
One factor making the communication of privacy boundaries difficult is that it affects status games. Discussion of status-impacting techniques is by itself deemed manipulative and thus immoral by many, and often people mislead even themselves about their motives here.
However, infosec games are often played for politeness reasons for mutual benefit. For instance, if I'm going to a party next Saturday, and I'd like to know if my friend will be there too, directly asking would be rude. Not only towards the other person, who might be sad that they didn't get invited, but also towards the host. I just burned some of the host's social capital! That's not polite. Maybe this would be different if we lived in Tell culture or something.
But of course I also enjoy the more adversarial sort of social games. I also do infosec stuff for a living sometimes. In both contexts, it annoys me to see people shooting themselves in the foot with unsophistication. And other people are annoyed when I shoot my own foot by being too explicit about the taboo topics.
Besides obvious corner cases. And probably non-obvious too, to make this robust. I know it when I see it etc etc. ↩︎