This is original content. AI was not used anywhere except for the bottom right image, simply because I could not find one similar enough to what I needed. This took around 6 hours to make.
Transcription (for the visually impaired)
(I tried my best)
The background is an iceberg with 6 levels, denoting 6 different levels of privacy.
The tip of the iceberg is titled “The Brainwashed” with a quote beside it that says “I have nothing to hide”. The logos depicted in this section are:
- Apple
- TikTok
- PayPal
- Google Chrome
- CashApp
- Samsung
- Steam
- Microsoft Windows
- Ring (Security Camera)
- YouTube
- Amazon
- Discord
- Gmail
- ChatGPT
The surface section of the iceberg is titled “As seen on TV” with a quote beside it that says “This video is sponsored by…”. The logos depicted in this section are:
An underwater section of the iceberg is titled “The Beginner” with a quote beside it that says “I don’t like hackers and spying”. The logos depicted in this section are:
- Telegram
- Authy
- Brave Browser
- Privacy.com (Virtual Cards)
- DuckDuckGo
- iMessage
- Proton Mail
- AdBlock (Browser Extension)
A lower section of the iceberg is titled “The Privacy Enthusiast” with a quote beside it that says “I have nothing I want to show”. The logos depicted in this section are:
An even lower section of the iceberg is titled “The Privacy Activist” with a quote beside it that says “Privacy is a human right”. The logos depicted in this section are:
- Monero
- GrapheneOS
- Vanadium (Web Browser)
- KeePassDX
- SimpleX Chat
- Accrescent
- SearXNG
- Aegis Authenticator
- OpenWrt
- Mullvad VPN
- An illustration of physical cash
The lowest portion of the iceberg is titled “The Ghost”. There is a quote beside it that has been intentionally redacted. The images depicted in this section are:
- A cancel sign over a mobile phone, symbolizing “no electronics”
- An illustration of a log cabin, symbolizing “living in a log cabin in the woods”
- A picture of gold bars, symbolizing “paying only in gold”
- A picture of a death certificate, symbolizing “faking your own death”
- An AI generated picture of a person wearing a black hoodie, a baseball cap, a face mask, and reflective sunglasses, symbolizing “hiding ones identity in public”
End of transcription.
I feel that I2P is missing somewhere in here too.
I have no clue why telegram is often mentioned when it comes to “privacy focused messaging”. They don’t even have e2e encrypted group chats. Only 1:1 chats may be encrypted as an opt-in. Even WhatsApp is more secure than that, since they use signals encryption.
Also the “we don’t give out even a byte of data to anyone” statements made by telegram have been thoroughly debunked as lies. When telegrams bottom line is in danger, they have and will give out your data.
well that section has a few not so effective services, like authy, and imo brave and adblock, to depict what people believe at that point. and telegram probably gets to be there because it’s not the usual big tech companies, and it seems fine, even if unencrypted.
Only 1:1 chats may be encrypted as an opt-in.
and only on the phone app
well that section has a few not so effective services, like authy, and imo brave and adblock, to depict what people believe at that point.
Yes, this is the exact reason Telegram was put there. I even see Telegram recommended alongside Signal, despite the privacy risks.
Just curious, does telegram keep a log of our msgs? Im guessing right now, mitm attacks doesn’t work since tls exists, but telegram can still read the msg cuz it’s not e2e?
Yea, telegram being advertised as a privacy messenger is a joke. If people want to have group chats like in discord and don’t care about privacy, whatever. But to try and flaunt how privacy focused you are while using your own home-brewed encryption is a joke. Not to mention the fact you have to turn it on for every chat you want end to end encrypted.
The whole thing about not giving out data is really only accomplished by spreading user data across several countries. So you would have to get a search warrant from every country to get the data, relying on some countries not wanting to cooperate with other countries. That is not real security. Real security would be encrypting it so you literally couldn’t give them the data, even if they had a search warrant. Ya know, like signal.
WhatsApp claim to use this. They do not show their code nor did they do any kind of audit. Therefore we have to assume that there is no encryption.
or that some part of the encryption, like key handling is flawed. also, considering they have an RCE vulnerability every year, I wouldn’t be surprised if the encryption keys could just be stolen remotely.
we also don’t know if facebook has implemented some kind of analytics for message content, sent files and media.
I think this is the first time I’ve seen an iceberg meme with sources and explanations for each item. Fantastic. Your work is appreciated.
deleted by creator
To be honest, and it wouldn’t work here, but I sometime enjoy the cryptic nature of iceberg memes at the lower ranks. It’s like a scavenger hunt.
I just switched from Android to iOS, and while I have many complaints, I’m pleasantly surprised by how “walled off” the apps mostly are. Unlike Android, they have to comply to function for the general public.
It feels a lot more like tier two, where it isn’t like a spyware implant but your banking app or whatever will still function. And yes I know it’s far from good, just talking degrees here…
I just switched from iOS to deGoogled Android (e/OS setup by Murena) and as discussing with a friend yesterday, the biggest trade off is arguably security, namely than iOS and AOSP are relatively secure (even though far form perfect) and applications have both permissions to explicitly request and also containerized (e.g. limited file system access) … yet you do not need a security flaw to exist if your data are being exfiltrated periodically by the OS or apps. So arguably depending on your thread model (e.g. voluntarily offering your data vs spam/scam vs private malicious actors like NSO vs state level espionage) and your needs (banking apps vs Web equivalent) then one can be more appropriate than the other.
I agree that Apple, while not entirely private, is still a decent choice compared to Android. They both have their flaws though.
deleted by creator
ExpressVPN is an arm of Israeli intelligence and should be on the top of the iceberg: https://www.reuters.com/technology/expressvpn-employees-complain-about-ex-spys-top-role-company-2021-09-23/
All users should cancel their accounts immediately.
Throw away mobile phone and just use an air gapped machine. Your productivity will tank but then you’ll eventually add local databases of the shit you actually need on your air gapped machine and your productivity will triple.
Well shit, I shouldn’t be the first to tell you that if you’re serious about your privacy then get off of windows.
Also if the CIA is targeting with you with air gap malware, then you fucked all the way up. Pedophiles are saying “damn, fuck that guy”
This is Lemmy. You’re the 30billionth to tell me.
Since we are 6, that’s about 6 billion times per each of us.
I think someone is stealing some of my 6 billion for themselves. Just some. Not all. Just. Some.
Yeah, that’s because I didnn’t count you!
The government targeting pedos? That would be a more effective way to eliminate government than doge
Your productivity will tank
Will it though? It’s not like paying with cash or even a credit/debit card takes radically longer than paying with a phone. It’s not like reading a book vs mindlessly scrolling Reddit or Lemmy makes productivity drop.
We get used to instantaneous tasks and convenience but in fine it’s like speeding up while driving from work to home, it’s not really the seconds or even minutes daily that count, it’s where you are going.
So… a “dumb” phone will probably for most not make productivity “tank” IMHO.
until you need to collaborate with the average person who uses google docs and gmail
What does that have to do with a phone?
Edit: FWIW you can say no (ideally explaining why, even providing an alternative while doing so, e.g. NextCloud with CollaboraOffice, for email… well you can clarify in a footer that this email thread is not private and suggest creating Tuta or ProtonMail account, even if one time use) to people who use Google Docs and GMail. You can also have a one time use account.
Yes, your productivity is going to tank. No way you’ll be prepared for a full air gapped machine on day 1.
How the heck is TOR less secure than any of the vpns? Also nice vpn psyop/ad.
Where’s GOG.com?
Not sure if gog has anything to do with privacy. Altho if it was on the list I imagine it’d be up there with steam ( not sure why that one’s on the list either )
I’d argue that gog might be a bit better, since you can download executables from their website, and then use them offline, without telemetry. But still, I think neither are necessarily all that relevant here.
Well that sounds like a malware poisoned well
They are a relatively established game storefront, and have been at it for over a decade. Same Corp that’s also behind CD Projekt Red.
In the end, any storefront that distributes executables could in theory distribute malware, but I’d honestly be more worried about steam, since their publishing process seems a lot more automated, with less oversight.
It’s genuinely wild that Firefox and LibreWolf are nowhere on these
sexy chart!
Could use some anti-malware/AV for beginners and privacy enthusiast level.
Not everyone in there is running a secured OS.
Pretty good!! I agree with 95%.
Loved the “As seen on TV” category!
I agree that Tuta is more secure than ProtonMail.
Some are blended like Tor, that should be in Activist if used in secured computer.
Was not aware of the existence of Coincarp (logo by GrapheneOS). Is a crypto price tracker used by Activists? I left crypto a couple of years ago but though Activists just don´t trade much and stick for the long haul and use Monero for purchases.
Was not aware of the existence of Coincarp (logo by GrapheneOS). Is a crypto price tracker used by Activists? I left crypto a couple of years ago but though Activists just don´t trade much and stick for the long haul and use Monero for purchases.
The logos next to it are Vanadium, which is a web browser made by GrapheneOS, and Aegis Authenticator, which is a time-based one-time password (TOTP) application.
Wow… I use Aegis exclusively as my authenticator since 2 years ago and completely did not recognize the logo by itself!!! I used Yandex image search and it told me coincarp… Sorry.
Curious why Tuta may be more secure than Proton? I’ve been debating switching off Proton but calibrating my risk profile, Germany being part of 14 Eyes and all.
Technically speaking is highly contested and you have arguments pro and con, one way an another. They use different technologies so it is hard to compare properly, specially since it depends on the users using it properly.
If the technology is good, it does not matter where it is located. Switzerland, specially since a couple of years, does provide more freedom guarantees than Germany but it is not immune at all, actually, the US had used the Alpine country to do operations due to its attractiveness to dissidents and criminals alike. However, for the overwhelming majority of customers, either option is fine for they privacy and security. Only metadata has been obtained in few instances in both companies and nothing else… at least no that was used in a court of law.
For ultimate targets, if they have to rely on email, that they should not, I would choose Tuta though. These are my reasons.
- It has a lesser footprint, so less likely intelligence agencies tried to infiltrate it.
- The people behind are there fro the very beginning and show their faces publicly (Many in Proton too like the CEO, but it is no so transparent with the rest)
- The people of Tuta are more ideological so it is a barrier for intelligent services to penetrate. Tuta has show however being anti the Russian government (rightly or not), so this point is not valid if you are in that side.
- Tuta has a very organic and progressive growth. Proton had an explosive growth. Of course, it could been good marketing, but still…
- Proton still today requires Google’s Push Notification servers, after years and years demanding a solution. Tuta had that solved since long, long ago.
- Recently a case came in Canada of a intelligent agent using Tuta since “it was infiltrate by intelligence agencies”… After a few hours going through the case, I read it the opposite, he used it because he actually considered it a better choice to cover his crime. He was not that high in the ranks, but I read that the he resumption o these officers.
- Nothing regarding security, but as a paying customer for both I was “tricked” far less by Tuta. Proton, for instance, does not refund you, only gives you credits. Even 20min after an accidental 2yr renewal I got stuck with them unwillingly. That practice should never be acceptable for a SaaS.
Now, Proton overall, for most is a bit more reliable and full feature and better put together so it is easier to recommend. Think of Proton as the Apple of emails, quite secure and miles away from Gmail, but security wise and ethically, of the two, my bet would be with Tuta.
The CEO of Proton has tried cozying to Trump and any company led by a guy who does that is knocked down several notches for me
If any service is at the whim of someone’s emotions or opinions, it’s at the bottom, and it should stay there.
Let the program be the program, and if we can’t see how it’s written, assume the above is true.
Foss or die
I would probably argue they are the same in terms of security and privacy. Privacy communities tend to disfavor Proton because its all eggs in one basket, and also for political reasons. Both of those are subjective to your personal threat/privacy profile.
Its true that a single point of failure is more risk than separate services, but that fact doesn’t undermine their security on a technical level, and has nothing to do with privacy. As for the political, yes it’s something to watch but nothing wrong has been done. They are set up as a non profit with checks and measures in place to prevent corruption from happening. I’m OK with different points of view and having different points of view on a board is a good thing.
Its not. They don’t even sign their releases or support PGP
Tuta is not a proton replacement
Apple: “Brainwashed”
iMessage: “Beginner”
Well which one is it?
The problem with mullvad is a lot of its IPs are flagged as bots or denied around the web. Is there a good VPN that will still give access to most of the web?
Those are mutually exclusive.
Just avoid those shitty websites that don’t respect their user’s privacy.
I’ve never had that issue with Mullvad unless it was for a streaming app.
Sometimes I get detected and it makes me do a cloud flare “I’m not a robot” page.
I just got Mullvad again and the main site I get flagged on is reddit. Which I wouldn’t care but the state of search is so abysmal that I still regularly have to query reddit to find what I’m actually looking for (for some types of info anyway). It’s fine though, there’s some mullvad servers that haven’t been flagged yet so I just server hop as needed. Less convenient, but not terrible
Oh yeah! Reddit does that? But I just login with a throwaway account.
Sometimes after logging in, it will say there was a problem or just reload the login page.
If that happens just click login again and it will load normally.
deleted by creator
Interesting, I’ll have to try that out!
Yeah, it’ll give me one of these screens with most mullvad servers. I don’t really interact on reddit anymore so I refuse to log in even with a throwaway (on my phone at least). Maybe there’s something to it, maybe it’s my own silly little battle against rude web design 😅
It’s so cringe how they make everything cutesy
when this happens, just hit “reconnect” on the VPN and refresh - usually after one or two reconnects Reddit won’t have blocked that IP yet, IME
Try a Reddit mirror like RedLib, i.e. https://redlib.privacyredirect.com/
LibRedirect works for me
LibRedirect + Libreddit instances is fantastic.
Honestly, Reddit is one of the few services that can be redirected easily now. Invidious, Freetube, NewPipe, etc. is constantly being nuked by Youtube, and while Twitter redirects are still alive, they were dead for a short period, ProxiTok never works, nor does Proxigram instances…
I’ve been running into this a lot with Proton, too.
Gotta use less popular locations close to what you need. As a german I have mostly been using Finland and other smaller eastern European countries, those generally work just fine. Germany itself barely ever.
Cash and Monero being on the same tier is very funny