> there is no privacy without security

This is factually incorrect. You can have privacy without security, and you can have security without privacy. Security keeps things safe, privacy keeps things hidden.

Also, ChromeOS devices ship with a rootkit called the Play Store. There are also hundreds of apps on the play store that install malware on Android devices. You may not need to install an anti-virus, but you may also very easily install what looks like a fun game, and then find your funds being drained from your bank account.

> This is factually incorrect. You can have privacy without security, and you can have security without privacy. Security keeps things safe, privacy keeps things hidden.

Uh that's not factually incorrect. You can definitely have security without privacy, but not the other way around. Without security that means your privacy can't be protected.

The fact that your privacy isn't secured doesn't automatically mean that it is automatically compromised, does it? I mean, sure, maybe you assume it is for any real purpose, but that doesn't mean your privacy is actually compromised.

For example, my first iPhone, I didn't have a password (I think -- maybe that was my first ipad). It was insecure, but I'm reasonably sure that everything on there was private (in that more physical sense; I have no idea about internal security of those first generations of iphone/ipad).

A weaker claim that is probably true might be: you cannot guarantee your privacy without security. That you cannot have privacy seems like too strong of a claim?

I think it's bit of a nitpick, but the iPad was under physical security.

I do agree with you though. Privacy is having your information to yourself. You don't need security for that, just that everyone else keep their nose to them self. But if you want to guarantee your privacy, you need some form of security.

If you knew my kids, you might not say that my iDevices are always under the best of physical security.

"The domain of privacy partially overlaps security (confidentiality), which can include the concepts of appropriate use, as well as protection of information." [1] It does not, however, implicitly provide security.

If I send and receive e-mails with a reporter off the record, we are communicating privately. But the communication may not be strictly confidential, nor secure, unless I take additional steps to ensure it.

If I keep files in my home directory, on my own hard disk, with permissions so only my user can access the files, then my files are private. They are not, however, implicitly secure. Another example: an SSH private key. Without a password on the key, the key is private, but not secure.

[1] https://en.wikipedia.org/wiki/Privacy

A system that doesn’t collect certain kinds of data also doesn’t need to protect (i.e. secure) it.

(Of course it’s impossible to tell that a system hasn’t been manipulated if it’s insecure and that makes the argument bollocks.)

> Security keeps things safe, privacy keeps things hidden.

This seems like a false dichotomy. Safety and being hidden are utterly intertwined—is the act of preventing a request revealing my identity an act of security, or of privacy? It seems like both to me: privacy is effected via security of not performing the request without my consent.

You can have privacy and security, you just have no guarantee of one just because you have the other.

Cookie tracking is like wearing only a towel at the beach. Under the towel, you have privacy. But browsers suck at security, and so many websites can still walk up and yank off your towel, exposing you.

Security would be locking the towel to your body with a padlock. I'm not aware of browsers implementing strong security mechanisms for user data, so I'm pretty sure any privacy gains you get are just another towel.

ChromeOS devices don't ship with Play Store, you have to enable it.

Isn’t that as long as you keep all your data with a third party? Not sure how that works for real privacy.