Thank you for sharing.
I work in a central RSE team and have raised this topic to the team, with a view of bringing attention to this issue and better educating our researchers (as part of our training offerings and documentation).
I pick the software best for my uses and then look at which desktop supports that software and workflows around them the best.
Not always clear/clean selections possible in my situation - I've a jumble of GUI designs and frameworks used, so I favour a more agnostic desktop.
I uploaded a picture with poor lighting and wearing dark cloths. Got almost everything wrong...
....
Reading, coding, martial arts, substance abuse, illegal hacking, violent thoughts
One thing people underestimate is how brittle digital identity actually is in the UK.
There isnt a single identity. Theres a loose federation of databases (banks, CRAs, telecoms, electoral roll, etc.).
There are multiple operational definitions of "name": legal name, common name, known-as name, card name, account display name. None is universally canonical. Theres no statutory hierarchy that forces institutions to agree on precedence.
In the absence of a mandatory national ID, identification relies on matching across name, date of birth, and address history, which are inconsistently collected. Fuzziness is necessary for coverage, but it introduces brittleness. If a variant isnt explicitly linked as an alias, automated online checks can fail because the matching rules dont explore every permutation.
Even within a single dataset the problem doesnt disappear. Large systems such as the NHS have documented identification errors involving patients with identical names, twins at the same address, or demographic overlaps. Unique identifiers help, but operational workflows still depend on humans entering and reconciling imperfect data.
i used to work, 15 years ago, on a (permissive, not covert) monitoring service for a UK national public service, the NHS spine core. We used switches to mirror ports and capture traffic in promisciouse mode on a few dozen servers
split across a few datacentres that all the traffic went througg. We had certs installed to decode https. We could get enough hardware to do this step easily, but fast enough storage was an issue, we had 1 petabyte of usable storage across all sitesn that could hold a few days of content. We aimed to get this data filtered and forwarded into our central Splunk (seperate storage) and also into our bespoke dashboards within 60s. We often lagged...
You can only decode those https certificates if you are mitming them (and have a compromised certificate)
A copy of the certificate and private keys won't help thanks to the magic of Diffie–Hellman, you can't passively (assuming you haven't got a practical quantum computer) read the stream
Your company will have deployed root certificates to devices and run as a MITM. This is standard corporate firewall behaviour.
Bitwarden is installed via F-Droid from the official Bitwarden repository and is a build provided directly from Bitwarden. F-Droid does not provide a build of Bitwarden.
"I have nothing to hide" only makes sense if privacy and disclosure are treated as a binary. In reality, both exist on a spectrum: privacy is controlled disclosure, shaped by what is shared, with whom, at what level of detail, and under what power asymmetry.
Large surveillance systems inevitably build baselines. They don't just detect crimes; they detect patterns and anomalies relative to whatever becomes "normal".
The problem with "nothing to hide" is that it defaults to maximal disclosure. Data is persistent, aggregatable, and reinterpretable as norms and regimes change. The data doesn't.
This isn't purely individual. Your disclosures can expose others through contact graphs and inference, regardless of intent. And it doesn't matter whether the collector is the state or a company; aggregation and reuse work the same way.
reply