Critical Thinking 101

In college I took a Philosophy 101 class, mostly just to fulfill the credit requirements. Ironically, this ended up being one of the most insightful and important classes I ever took, as about half the class was an emphasis on critical thinking, specifically in the context of "how to evaluate a claim." This class has paid dividends for me, helping me navigate nearly every aspect of life ever since - especially the privacy space, which is rife with circumstantial "evidence" and sensationalist YouTubers looking to get clicks by riling up their audiences with wild speculation and confirmation bias.

The information I learned in that class has only become increasingly valuable and vital in the years since, as fake/heavily biased news and AI deepfakes proliferate more every day. I feel like this is something that should be taught as a mandatory part of high school curricula, but unfortunately it's not and probably won't be any time soon. So in the meantime I want to share what I learned in the hopes it will help you, too.

Step 0: Solipsism, Certainty, & Standards of Proof

We need to get something out of the way right now: it is literally impossible to ever be 100%, truly, “come down off a mountain and found a religion” positive about anything. The famous phrase “I think therefore I am” was said by Rene Descartes while he was attempting to determine the nature of reality. His thought process went something like this:

Suppose you sat down and decided “I want to prove beyond any doubt what is real.” Am I [Nate Bartram of The New Oil] real? Maybe not. Maybe I’m a very well programmed AI, complete with deepfake videos and all. Is this blog post real? Maybe not, it could be a glitch on your device. Surely your device that you’re reading this on is real. After all, you can see and touch it. Not necessarily. Maybe you’re hallucinating. You could be in a coma right now, or a brain in a jar being stimulated with electricity by researchers to see what happens.

At the end of the day, the only thing you can truly be certain is 100% real is your sense of self - the fact you are perceiving something and that you are conscious. What you are perceiving may be a hallucination, it may not be real, but the fact that you are conscious at all shows that if nothing else, you are real.

This is called solipsism, and I apologize if I just gave anyone an existential crisis. The point is that in the most extreme sense of the word, we can never be certain of anything.

When it comes to deciding if you believe anything - even solipsism - we use what I call a “standard of proof.” The standard of proof is simply the level at which someone has presented enough evidence or logic that you say “okay, I believe that.” Like threat modeling, the standard of proof is not a hard-and-fast, objective thing. It should vary depending on several factors such as the severity of the claims and how high the stakes are if true.

It is with these important points in mind that we can now move forward.

Step 1: The Claim

When someone is making a claim, the first place to start is the claim itself. Does this claim contradict proven, repeated evidence?

In this post, I'll be focusing on Signal because it's a common source of such claims as well as evidence to refute them. Here's a common conspiracy theory: “Signal is a honeypot.”

However this claim is easily disproven. Signal is open source and wildly popular. Signal has had many audits - both professional and informal - on various aspects of the code over the years and numerous experts from across a variety of fields, companies, and levels of experience have all stated that there is no indication in the source code of Signal’s client app that there is any kind of vulnerability, backdoor, or malicious activity. Experts agree the app is designed in such a way that even if the servers were compromised, there would be nothing to compromise since everything happens on-device.

In fact, we can even go a step further and look at the infamous Vault 7 CIA document leaks and see that the US intelligence community has spent considerable effort attempting (and failing) to crack Signal and find workarounds to circumvent their encryption.

Therefore, this claim can already be discredited by existing, confirmed knowledge.

Step 2: The Evidence

I kept the previous example free of supporting evidence to focus on the claim itself. However most people present evidence of their claims. The "Signal is a honeypot" crowd have a variety of reasons to believe this, but I'll focus on a simple one: "because Signal is an American company."

In this case, the person’s "evidence" is the belief that all American companies either inevitably have encryption backdoors or can be compelled to insert backdoors. This is actually a claim itself, but let's treat it as evidence for the sake of this exploration.

This evidence is not entirely without logical merit. The US government has attempted to push through a significant number of backdoors, honeypots, and under-the-table data sharing agreements in the past such as the weakening of RSA encryption, the ANOM messenger, and PRISM. We also know that the US currently has - at best - a tense opinion of end-to-end encryption and is capable of issuing gag orders that would forbid companies from coming forward to discuss legal proceedings.

Despite this, the US legally has never - as far as we know - mandated that tech companies insert any backdoors, and in my non-lawyer opinion I feel like such a mandate would meet heavy pushback from all sides thanks to the legal ruling that code is free speech and that the government can't dictate speech like that.

We now have to weigh this evidence. In this case, we have what's called "circumstantial evidence." There is no actual evidence of a backdoor in Signal presented here, only an argument that the US government could have influenced Signal quietly. On the other hand, there is actual evidence against this (presented in Step 1). In this case, the evidence against the Signal honeypot theory is stronger than the evidence for it.

Of course, if any of these variables were to shift - if Signal were to become proprietary or if the US passed a law that says they can force software backdoors - that might change things. But the world has an infinite number of "what if"s. It's important to stick to what we know right now. We're going off the current landscape and currently available information.

Step 3: The Claimant

The final piece of critical thinking that must be examined is the person making the claim. Let me be clear: this is not the same as an “ad hominem” attack.

An ad hominem attack refers to attacking the person in a way that has nothing to do with the argument at hand. It’s the equivalent of calling someone a buttface because you didn’t like what they said. But there is, in fact, a way to evaluate a person - for good or bad - in a way that's relevant.

The proper way to evaluate the person making the claim - without resorting to "ad hominem" - comes down to two broad factors: qualifications and conflicts of interest.

Qualifications are made up of a number of factors that aren’t always necessarily equal or important. Education is one. If I’m making the claim that Signal is broken, do I have any formal education as a cryptographer? If so, did I graduate from MIT or community college?

Of course, education alone is not the end-all-be-all. There are plenty of self-taught geniuses, especially in fields like tech, and being too poor for Harvard doesn't make you stupid. If I didn't have any formal education, what's my track record? Do I have a long history of contributing to projects that shows that I do indeed have an expert knowledge of my field and that I know what I'm talking about? Or did I just start making this claim after a month of writing janky Python apps? Do others consider me credible or a quack? Do I have any recognition from other experts, such as awards or speaking engagements? (There's a reason so many people guest on podcasts these days.)

Conflict of interests are also worth nothing. For example, I once interviewed Session, and I continue to occasionally keep in touch with both Kee (CEO of Session) and Alex (President of the Session Foundation). Some could cite that as evidence that I have a reason to "bring Signal down a peg" and promote my friends instead.

While none of these factors - education and conflict of interest - are inherently smoking guns that immediately discredits the claims or evidence, they are important factors to consider as part of an overall evaluation.

Step 4: Bringing It All Together

As I've said several times, it's important to know that no one of these should be a deciding factor. There's plenty of reasons that someone who's not an expert or has a conflict of interest could still be right, and many sensational claims have turned out to be true in retrospect. Likewise, things that seem "obvious" aren't always true either.

It's incredibly important to take a fact-based approach to critical thinking, weighing all the facts. This is especially true in a field where choosing to err on the side of caution can - if left unchecked - very quickly spiral into paranoia and isolation, causing mental health problems and general loss of quality of life. It's best to consider the whole picture rather than just the "what if"s and extremes.

There is one final thing to consider when weighing an argument: how much it matters. Is Signal backdoored? This is a very important claim, especially as someone has nearly all of his communication on the platform. But what about another claim, such as "your favorite coffee shop’s Wi‑Fi logs the exact number of times you’ve ordered a latte"? Putting aside the fact that your favorite coffee shop is absolutely tracking that if you use a rewards program, the stakes on a claim like this are much lower, and therefore it really doesn't matter (in most cases) if this is true or not. There's no need to lose sleep over it.

There seems to be a psychological need in many people these days to be fully convinced of something and (metaphorically) die on that hill, but it's important we learn to live with a little uncertainty. I'm always open to learning why I'm wrong, being presented with new evidence or arguments, and changing my mind or habits. It's important to be willing to change your views when presented with new evidence, but also it's okay not to be 100% certain either way. It's okay to say "I'm 80% certain that something is true, but I'm open to hearing more facts either way."

Allowing room for error gives us the flexibility to make small improvements to our lives. If I'm 90% sure that Signal isn't a honeypot, that allows me to keep using it while also saying "but maybe some conversations are better saved for chatting in person. Just in case." If I think there's a 10% chance the coffee shop is spying on my order, I can start putting my phone in airplane mode before I go inside while also accepting that it's okay if I forget once or twice. In many cases, a healthy dose of "digital minimalism" and "harm reduction" will address a lot of concerns.

This process may not always give you a definite “yes” or “no” on whether a claim is true or not, but I believe it will help you weed out a lot of low-hanging fruit and can be part of your process when deciding whether or not to believe something. I hope you find this as helpful as I have.