The Privacy Iceberg

This is original content. AI was not used anywhere except for the bottom right image, simply because I could not find one similar enough to what I needed. This took around 6 hours to make.

Transcription (for the visually impaired)

(I tried my best)

The background is an iceberg with 6 levels, denoting 6 different levels of privacy.

The tip of the iceberg is titled “The Brainwashed” with a quote beside it that says “I have nothing to hide”. The logos depicted in this section are:

The surface section of the iceberg is titled “As seen on TV” with a quote beside it that says “This video is sponsored by…”. The logos depicted in this section are:

An underwater section of the iceberg is titled “The Beginner” with a quote beside it that says “I don’t like hackers and spying”. The logos depicted in this section are:

A lower section of the iceberg is titled “The Privacy Enthusiast” with a quote beside it that says “I have nothing I want to show”. The logos depicted in this section are:

An even lower section of the iceberg is titled “The Privacy Activist” with a quote beside it that says “Privacy is a human right”. The logos depicted in this section are:

The lowest portion of the iceberg is titled “The Ghost”. There is a quote beside it that has been intentionally redacted. The images depicted in this section are:

  • A cancel sign over a mobile phone, symbolizing “no electronics”
  • An illustration of a log cabin, symbolizing “living in a log cabin in the woods”
  • A picture of gold bars, symbolizing “paying only in gold”
  • A picture of a death certificate, symbolizing “faking your own death”
  • An AI generated picture of a person wearing a black hoodie, a baseball cap, a face mask, and reflective sunglasses, symbolizing “hiding ones identity in public”

End of transcription.

  • Anna@lemmy.ml
    0·
    8 months ago

    Using basic things like Graphene OS and keepass shouldn’t be considered privacy activist

  • edel@lemmy.mlEnglish
    0·
    8 months ago

    Pretty good!! I agree with 95%.

    Loved the “As seen on TV” category!

    I agree that Tuta is more secure than ProtonMail.

    Some are blended like Tor, that should be in Activist if used in secured computer.

    Was not aware of the existence of Coincarp (logo by GrapheneOS). Is a crypto price tracker used by Activists? I left crypto a couple of years ago but though Activists just don´t trade much and stick for the long haul and use Monero for purchases.

      • edel@lemmy.mlEnglish
        0·
        8 months ago

        Wow… I use Aegis exclusively as my authenticator since 2 years ago and completely did not recognize the logo by itself!!! I used Yandex image search and it told me coincarp… Sorry.

      • edel@lemmy.mlEnglish
        0·
        8 months ago

        Technically speaking is highly contested and you have arguments pro and con, one way an another. They use different technologies so it is hard to compare properly, specially since it depends on the users using it properly.

        If the technology is good, it does not matter where it is located. Switzerland, specially since a couple of years, does provide more freedom guarantees than Germany but it is not immune at all, actually, the US had used the Alpine country to do operations due to its attractiveness to dissidents and criminals alike. However, for the overwhelming majority of customers, either option is fine for they privacy and security. Only metadata has been obtained in few instances in both companies and nothing else… at least no that was used in a court of law.

        For ultimate targets, if they have to rely on email, that they should not, I would choose Tuta though. These are my reasons.

        1. It has a lesser footprint, so less likely intelligence agencies tried to infiltrate it.
        2. The people behind are there fro the very beginning and show their faces publicly (Many in Proton too like the CEO, but it is no so transparent with the rest)
        3. The people of Tuta are more ideological so it is a barrier for intelligent services to penetrate. Tuta has show however being anti the Russian government (rightly or not), so this point is not valid if you are in that side.
        4. Tuta has a very organic and progressive growth. Proton had an explosive growth. Of course, it could been good marketing, but still…
        5. Proton still today requires Google’s Push Notification servers, after years and years demanding a solution. Tuta had that solved since long, long ago.
        6. Recently a case came in Canada of a intelligent agent using Tuta since “it was infiltrate by intelligence agencies”… After a few hours going through the case, I read it the opposite, he used it because he actually considered it a better choice to cover his crime. He was not that high in the ranks, but I read that the he resumption o these officers.
        7. Nothing regarding security, but as a paying customer for both I was “tricked” far less by Tuta. Proton, for instance, does not refund you, only gives you credits. Even 20min after an accidental 2yr renewal I got stuck with them unwillingly. That practice should never be acceptable for a SaaS.

        Now, Proton overall, for most is a bit more reliable and full feature and better put together so it is easier to recommend. Think of Proton as the Apple of emails, quite secure and miles away from Gmail, but security wise and ethically, of the two, my bet would be with Tuta.

      • jagged_circle@feddit.nlEnglish
        0·
        8 months ago

        Its not. They don’t even sign their releases or support PGP

        Tuta is not a proton replacement

      • errer@lemmy.worldEnglish
        0·
        8 months ago

        The CEO of Proton has tried cozying to Trump and any company led by a guy who does that is knocked down several notches for me

        • chingadera@lemmy.world
          0·
          8 months ago

          If any service is at the whim of someone’s emotions or opinions, it’s at the bottom, and it should stay there.

          Let the program be the program, and if we can’t see how it’s written, assume the above is true.

          Foss or die

      • Broken@lemmy.ml
        0·
        8 months ago

        I would probably argue they are the same in terms of security and privacy. Privacy communities tend to disfavor Proton because its all eggs in one basket, and also for political reasons. Both of those are subjective to your personal threat/privacy profile.

        Its true that a single point of failure is more risk than separate services, but that fact doesn’t undermine their security on a technical level, and has nothing to do with privacy. As for the political, yes it’s something to watch but nothing wrong has been done. They are set up as a non profit with checks and measures in place to prevent corruption from happening. I’m OK with different points of view and having different points of view on a board is a good thing.

  • kn0wmad1c@programming.devEnglish
    0·
    8 months ago

    The problem with mullvad is a lot of its IPs are flagged as bots or denied around the web. Is there a good VPN that will still give access to most of the web?

      • GregorGizeh@lemmy.zip
        0·
        8 months ago

        Gotta use less popular locations close to what you need. As a german I have mostly been using Finland and other smaller eastern European countries, those generally work just fine. Germany itself barely ever.

    • neon_nova@lemmy.dbzer0.comEnglish
      0·
      8 months ago

      I’ve never had that issue with Mullvad unless it was for a streaming app.

      Sometimes I get detected and it makes me do a cloud flare “I’m not a robot” page.

      • YexingTudou@lemmy.ml
        0·
        8 months ago

        I just got Mullvad again and the main site I get flagged on is reddit. Which I wouldn’t care but the state of search is so abysmal that I still regularly have to query reddit to find what I’m actually looking for (for some types of info anyway). It’s fine though, there’s some mullvad servers that haven’t been flagged yet so I just server hop as needed. Less convenient, but not terrible

          • Novaling@lemmy.zipEnglish
            0·
            8 months ago

            LibRedirect + Libreddit instances is fantastic.

            Honestly, Reddit is one of the few services that can be redirected easily now. Invidious, Freetube, NewPipe, etc. is constantly being nuked by Youtube, and while Twitter redirects are still alive, they were dead for a short period, ProxiTok never works, nor does Proxigram instances…

        • neon_nova@lemmy.dbzer0.comEnglish
          0·
          8 months ago

          Oh yeah! Reddit does that? But I just login with a throwaway account.

          Sometimes after logging in, it will say there was a problem or just reload the login page.

          If that happens just click login again and it will load normally.

    • jagged_circle@feddit.nlEnglish
      0·
      8 months ago

      Those are mutually exclusive.

      Just avoid those shitty websites that don’t respect their user’s privacy.

  • tisktisk@piefed.socialEnglish
    0·
    8 months ago

    TIL I’m a privacy activist–who can help me get to the ghost mode?
    (Do I even want to get there or is that limited to journalists who have entire states trying to unalive them?)

    • murky0106@lemmy.world
      0·
      8 months ago

      limited to journalists who have entire states trying to unalive them. Don’t live your life in fear

    • The 8232 Project@lemmy.mlOP
      0·
      8 months ago

      Do I even want to get there

      Only you can answer that.

      or is that limited to journalists who have entire states trying to unalive them?

      Pretty much, but if you want to give up all technology, work for yourself, and fake your death, then more power to you!

      • jaybone@lemmy.zipEnglish
        0·
        8 months ago

        Seems like faking your death would cause more privacy problems than it solves. Why not just “stay alive” with a completely innocuous identity? Then adopt some new identity which cannot be traced back to the original?

        • The 8232 Project@lemmy.mlOP
          0·
          8 months ago

          If you’re alive, you are asked for documents such as property records, taxes, etc. and if you refuse then bad things happen. If you fake your death, no more questions are asked and you can take on fake identities. In essence, faking your death takes your identity out of “the system”

    • PieMePlenty@lemmy.world
      0·
      8 months ago

      Easier than you think it is. Hard to keep at it. All you need to do is stop using a phone or computers. Death cert is only needed when you’ve been compromised and people are out to get you. Gold isnt really usable unless you stumble onto a secret underground society where all trade is done in gold. Realistically, you’d sooner be trading goods (or services) for other goods (or services).

      This level technically shuns technology and that brings its own challenges. Its like saying you cant have privacy with technology. I dont necessarily agree with this statement so I’d say don’t go to this level.

    • Rose56@lemmy.ca
      0·
      8 months ago

      You should stage your death, like they tried to do on prison break and then move to Mexico or Columbia. Send me a DM for more information /J

  • neon_nova@lemmy.dbzer0.comEnglish
    0·
    8 months ago

    As a US citizen your crypto transactions need to be individually listed in your tax returns. It’s the main reason I don’t use crypto, it makes my taxes super complicated.

  • LumpyPancakes@lemm.ee
    0·
    8 months ago

    Android missing?

    Hi from near the top of the iceberg. I have five from the top and two from the next level down, plus two from level four. A balanced diet?

    • St3alth@lemmy.mlEnglish
      0·
      8 months ago

      Depends what they are, I think a fair amount of people might be in the same boat, with a few services from different tiers.

      • utopiah@lemmy.ml
        0·
        8 months ago

        I’d put Android/iOS on top layer then AOSP on the 2nd layer then deGoogled Androids on 3rd layer then PostMarketOS on 4th or 5th layer.

  • josefo@leminal.space
    0·
    8 months ago

    Anyone else noticed you are descending and are dangerously low in the pic? I didn’t realize lol

    • The 8232 Project@lemmy.mlOP
      0·
      8 months ago

      Privacy isn’t dangerous unless it gets in the way of your life (your job, relationships, housing, etc.). As long as you maintain a good balance, more privacy is generally better.

  • mmhmm@lemmy.ml
    0·
    8 months ago

    I was at the bike shop a few weeks back and a ghost walked in. He came in wearing a medical mask covered by a bandana, sunglasses, cap. They wore gloves, long sleaved pants and shirt.

    First question from staff, ‘this a robbery?’

    Ghost, ‘no, I just need 27 2.5 tubes, miss.’

    They get the tubes, he agrees. Staff asks if he has an account. Ghost says, “nope, why would I need one?” Staff says they do it for records, insurance claim assist, and discounts. Ghost goes with a John Doe, pays cash and peaces the fuck out.

    Total King, but dude was given up a lot. Half of us were drinking beers enjoying a warm evening in spring. I hope he has had some good rides.

    I can say with confidence thay he was a white male. In his 50s. About 5’10". 140 lbs-ish. If anyone wants to get any tips, good luck!

    • baaaaaaaaaaah [comrade/them]@hexbear.netEnglish
      0·
      8 months ago

      I respect it but what’s the point? I kinda hope he’s some kind of super-criminal or as you say he’s given up a lot to hide from a state that probably doesn’t even care he exists even if they did know who he was.

      • Broken@lemmy.ml
        0·
        8 months ago

        I’m no ghost, not even close. Be careful though, “what’s the point?” Is essentially the question everybody asks at every phase of that iceberg diagram.

        A possible answer to your question though, is that even if the state doesn’t know or care about him today that might change tomorrow.

        That’s not my threat profile but it’s a valid one.

        • mmhmm@lemmy.ml
          0·
          8 months ago

          I’d have guessed white nationalist if it was anywhere but a bike shop

            • mmhmm@lemmy.ml
              0·
              8 months ago

              Exactly right. My bad. Thanks for the reminder. Geography and majority opinions in the area were coloring my perspective but are not relevant

      • mmhmm@lemmy.ml
        0·
        8 months ago

        Speaking as a former kid of rural america you would be doing the lords work, friend

  • comfy@lemmy.ml
    0·
    8 months ago

    Oh, am I that far gone?

    spoiler

    I don’t see Qubes, Whonix or Tails on there.

  • procapra@lemm.ee
    0·
    8 months ago

    What is so bad about nordvpn? What makes protonvpn better?

    Been a nordvpn user for around 4 years now. If I need to switch I’ll do it, this is just the first time I’ve heard it isn’t all that great.

    • The 8232 Project@lemmy.mlOP
      0·
      8 months ago

      ProtonVPN is open source, meaning the code running ProtonVPN can be inspected by anyone to make sure privacy is being upheld. ProtonVPN is also based in Switzerland, which has strict privacy laws. NordVPN has had many criticisms about their privacy and security practices. ProtonVPN also has a free tier.

      • procapra@lemm.ee
        0·
        8 months ago

        Thank you. I remember back in the day hearing they didn’t keep logs and figured “well alright sounds good!” and that was the end of it.

        I’ll give Proton a try when my current plan of Nordvpn ends. Didn’t know Proton was open source either, so that’s pretty cool! Wish I didn’t get downvoted to hell for asking a question, but it is what it is.

  • utopiah@lemmy.ml
    0·
    8 months ago

    On browsers, as you put Chromium then also put Firefox or deMozillaed Firefox e.g. WaterFox.

    I’d put Brave back to the 2nd layer due to relying on Chromium and being heavily marketed while gathering data for its crypto scheme. I’d also put Firefox on the 2nd or 3rd layer.

    • hansolo@lemm.eeEnglish
      0·
      8 months ago

      FF doesnt deserve much better than Brave as it sends telemetry, so both on tier 2. LibreWolf would fit for tier 3 or maaaybe 4.

      • utopiah@lemmy.ml
        0·
        8 months ago

        Do you trust this preference panel on telemetry? If not why not? If you do believe it is legit what do you believe it remains problematic?

          • utopiah@lemmy.ml
            0·
            8 months ago

            I’m not sure what’s that’s supposed to show as “there are built in settings for some of this stuff, it’s not complete and many settings are abstracted away from the user. Enter about:config” since it might be hierarchical, i.e. disabling a single telemetry toggle, either via Preferences or about:config might disable all the other ones. I haven’t looked specifically at that part of the code of Firefox but I’d trust more a Wireshark analysis than this since it doesn’t actually show (unless I missed that part, quite possible as it’s relatively long) that information does actually go back to Mozilla even while one has disabled all telemetry option.

            Fingerprinting is fair, in the sense that yes, if you do broadcast your userAgent and other public information you do narrow the potential search space and thus expose you as an individual more, yet has nothing to do with Mozilla.

            • hansolo@lemm.eeEnglish
              0·
              8 months ago

              But we’re taking about this in the context of this infographic. So we have to distill this down to:

              Should FF be with, or above, Brave?

              I assume we’re also taking about relatively low-barrier changes that most users can implement. So vanilla FF vs vanilla Brave, there’s a difference. Can we harden FF? Sure. Will 95%+ of people do that with Librewolf or 3 dozen other forks out there? Why bother when there’s nuance to be gained with other forks? So now vanilla FF stops being relevant.

              And to be clear, I don’t use Brave unless I absolutely have to. I don’t love it, but vs. normie Vanilla FF, there’s a slight edge.

              • utopiah@lemmy.ml
                0·
                8 months ago

                Up to you and OP but the fact that there isn’t even Firefox or LibreWolf or WaterFox but there is Chrome, Brave and Chromium is problematic to me. At the very least Firefox should be there and IMHO below Chrome.

  • ISOmorph@feddit.org
    0·
    8 months ago

    Can you explain why you would think Steam is so bad? I would argue they’re pretty fair, especially with the option to buy steam cards for cash to not disclose your personal data. Does the client do some unsavory shit?

    • lazynooblet@lazysoci.alEnglish
      0·
      8 months ago

      Seeing steam at the top makes me question the list. Likely a hate of DRM rather than privacy

      • Nalivai@lemmy.world
        0·
        8 months ago

        Their bottom line is gold, this should tell you everything you need to know about the creator of the meme.

        • antbricks@lemmy.today
          0·
          8 months ago

          it also has a log cabin… and Log Cabin is a maple syrup brand… and maple syrup is from maple trees… and maple leaves are on Canadian flags… so… a snowman?

      • lb_o@lemmy.world
        0·
        8 months ago

        Yeap, and Brave in the middle. They only pretend they are for privacy, but they are the very opposite.

        • MajesticElevator@lemmy.zipBanned
          0·
          8 months ago

          They’re not the very opposite. They have done wrong things, just like Mozilla. Doesn’t make them Google though.

        • dogs0n@sh.itjust.works
          0·
          8 months ago

          Yeah i hate when I see people using Brave, because they have been brainwashed.

          Does anyone remember when they were injecting their own referral links into links for online stores (99% certain they did this pls prove wrong if you know better)? This alone leaves them with 0 trust in my books.

          • const_void@lemmy.ml
            0·
            8 months ago

            Brave is and always has been gross. Never understood how they’ve been so successful at tricking people into installing it.

            • SirPea@lemmy.dbzer0.comEnglish
              0·
              8 months ago

              OP replied in another comment its because “firefox is not secure” https://lemmy.dbzer0.com/post/43710170/18564861 :

              […] Chromium-based browsers aren’t all bad, such as Vanadium or Trivalent, so people sometimes feel more comfortable sticking with what seems familiar (coming from Chrome).

              In another reply parents to this one:

              LibreWolf is far from secure, as it is based on Firefox and so comes with the same security issues. If you meant to say privacy and not security, the reason nobody makes high threat model browsers for Windows is because Windows itself is not private and it would be a losing battle.

              So OP is saying it’s not private nor safe? I get what some people are saying of Firefox constantly changing Terms of Services but that’d be in regard to privacy not security and OP tries to argue not being safe which his iceberg also implies in terms of privacy not being good too. Yeah, LibreFox’s ToS isn’t the same as Firefox’s ToS and his counterarguments to Firefox and Firefox-based on replies is Chrome-based browsers exclusive to niche OSes (also OP don’t even try arguing Brave on comments so probably just trying to rage-bait with every opportunity). I’d love OP to argue using the examples he used in the iceberg. So many discourse incosistencies along with the iceberg. Also OP FYI while privacy does not mean secure, lack of privacy could mean security risks in some cases.

        • shneancy@lemmy.world
          0·
          8 months ago

          and then Tor so high up, unless you’re hell bent on leaving 0 traces that thing is a pain to use, can’t have it maximalised, pages load sometimes minutes at a time, no addons, just suffering. nobody sane uses that thing for more than the occasional trip to whatever deep web market is not yet exit scamming

    • 9bananas@feddit.org
      0·
      8 months ago

      afaik the client does collect a bunch if data, most (all, i think? but not a 100% on that) of which is opt-in.

      they do need stuff like IPs for internet related features.

      telemetry wise there’s the steam hardware survey, which is opt-in, and it asks every single time it attempts to collect your systems hardware and OS information. this could technically be identifying information, but since it’s opt-in it’s not a privacy violation and it’s entirely optional. (plus it’s super useful for all involved: users, devs, and steam. it’s kind of a win-win and straight up necessary info for devs to know which hardware they should optimize for)

      they might be putting it at the top because steam has native support for DRM?

      but that’s also weird, because DRM isn’t a privacy violation. it’s a shitty practice, barely does anything, barely works, and keeps breaking or hobbling otherwise perfectly good games, all of which is shitty, but it’s little to do with privacy. and the dev has to specifically opt-in and integrate it as a feature…unless they’re thinking of 3rd party DRM that can be waaay more intrusive, like Vanguard… THAT’S a privacy and security nightmare just waiting to blow up in people’s faces.

      otherwise…i haven’t really heard anything bad about steam privacy wise?

      doesn’t mean that there’s nothing to be concerned about, but i feel like there’d been some news about it if there was…

    • chingadera@lemmy.world
      0·
      8 months ago

      No. And also chrome is somehow at the bottom of this list, I don’t care if it’s chromium or vanadium, it’s still chrome.

    • onion_trial@europe.pub
      0·
      8 months ago

      It might be there because there is a lot of data associated with the steam account, especially the community part of it, e.g.:

      • Recorded playtimes
      • Times and dates when you are regularly logged in
      • Possession of games which are precisely tagged by genre/interests/etc.
      • On which time and date you spent how much money (participation in sales in the steam store)
      • Timestamped posts and comments in groups based on various interests etc.
      • Curators/devs/publishers you follow
      • Your game wishlist
      • Connection and interaction with other steam accounts (friends list, chat, trades, gifts)

      All this can be used to create a very detailed behaviour profile and accurately deduce the social status of the real person who uses the account. Maybe the data isn’t misused and it’s just there so the features can actually exist.

      Personally, I doubt Valve actually does this as expansive and invasive as other big tech companies. I’m pretty sure they at least aggregate anonymised data to measure how e.g. their sales perform, which game to promote on the store front page etc.

      But we can’t be sure because it’s not public.

      • shneancy@lemmy.world
        0·
        8 months ago

        i don’t think valve does much with the data even internally. if they did at least the game recommending queue would be slightly accurate. instead i have to manually blacklist tags for it to stop showing me things i’m just deeply uninterested in. like yes Mr. Valve my steam library of RPGs, puzzle games, and open world sandboxes clearly profiles me as someone who’d be interested in the newest Fifa game every year, sure buddy

          • shneancy@lemmy.world
            0·
            8 months ago

            now you say it, maybe it’s my clicker games that make Valve think i’d like to buy a game where the point seems to be that the number in the title goes up by one every year