The Privacy Iceberg

This is original content. AI was not used anywhere except for the bottom right image, simply because I could not find one similar enough to what I needed. This took around 6 hours to make.

Transcription (for the visually impaired)

(I tried my best)

The background is an iceberg with 6 levels, denoting 6 different levels of privacy.

The tip of the iceberg is titled “The Brainwashed” with a quote beside it that says “I have nothing to hide”. The logos depicted in this section are:

The surface section of the iceberg is titled “As seen on TV” with a quote beside it that says “This video is sponsored by…”. The logos depicted in this section are:

An underwater section of the iceberg is titled “The Beginner” with a quote beside it that says “I don’t like hackers and spying”. The logos depicted in this section are:

A lower section of the iceberg is titled “The Privacy Enthusiast” with a quote beside it that says “I have nothing I want to show”. The logos depicted in this section are:

An even lower section of the iceberg is titled “The Privacy Activist” with a quote beside it that says “Privacy is a human right”. The logos depicted in this section are:

The lowest portion of the iceberg is titled “The Ghost”. There is a quote beside it that has been intentionally redacted. The images depicted in this section are:

  • A cancel sign over a mobile phone, symbolizing “no electronics”
  • An illustration of a log cabin, symbolizing “living in a log cabin in the woods”
  • A picture of gold bars, symbolizing “paying only in gold”
  • A picture of a death certificate, symbolizing “faking your own death”
  • An AI generated picture of a person wearing a black hoodie, a baseball cap, a face mask, and reflective sunglasses, symbolizing “hiding ones identity in public”

End of transcription.

  • 𝕨𝕒𝕤𝕒𝕓𝕚@feddit.org
    link
    fedilink
    arrow-up
    0
    ·
    1 month ago

    I have no clue why telegram is often mentioned when it comes to “privacy focused messaging”. They don’t even have e2e encrypted group chats. Only 1:1 chats may be encrypted as an opt-in. Even WhatsApp is more secure than that, since they use signals encryption.

    Also the “we don’t give out even a byte of data to anyone” statements made by telegram have been thoroughly debunked as lies. When telegrams bottom line is in danger, they have and will give out your data.

    • ReversalHatchery@beehaw.org
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 month ago

      well that section has a few not so effective services, like authy, and imo brave and adblock, to depict what people believe at that point. and telegram probably gets to be there because it’s not the usual big tech companies, and it seems fine, even if unencrypted.

      Only 1:1 chats may be encrypted as an opt-in.

      and only on the phone app

      • The 8232 Project@lemmy.mlOP
        link
        fedilink
        arrow-up
        0
        ·
        1 month ago

        well that section has a few not so effective services, like authy, and imo brave and adblock, to depict what people believe at that point.

        Yes, this is the exact reason Telegram was put there. I even see Telegram recommended alongside Signal, despite the privacy risks.

    • JiminaMann@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      1 month ago

      Just curious, does telegram keep a log of our msgs? Im guessing right now, mitm attacks doesn’t work since tls exists, but telegram can still read the msg cuz it’s not e2e?

    • Bazoogle@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      1 month ago

      Yea, telegram being advertised as a privacy messenger is a joke. If people want to have group chats like in discord and don’t care about privacy, whatever. But to try and flaunt how privacy focused you are while using your own home-brewed encryption is a joke. Not to mention the fact you have to turn it on for every chat you want end to end encrypted.

      The whole thing about not giving out data is really only accomplished by spreading user data across several countries. So you would have to get a search warrant from every country to get the data, relying on some countries not wanting to cooperate with other countries. That is not real security. Real security would be encrypting it so you literally couldn’t give them the data, even if they had a search warrant. Ya know, like signal.

    • Undertaker@feddit.org
      link
      fedilink
      arrow-up
      0
      ·
      1 month ago

      WhatsApp claim to use this. They do not show their code nor did they do any kind of audit. Therefore we have to assume that there is no encryption.

      • ReversalHatchery@beehaw.org
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 month ago

        or that some part of the encryption, like key handling is flawed. also, considering they have an RCE vulnerability every year, I wouldn’t be surprised if the encryption keys could just be stolen remotely.

        we also don’t know if facebook has implemented some kind of analytics for message content, sent files and media.

  • recklessengagement@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    1 month ago

    I think this is the first time I’ve seen an iceberg meme with sources and explanations for each item. Fantastic. Your work is appreciated.

  • brucethemoose@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    1 month ago

    I just switched from Android to iOS, and while I have many complaints, I’m pleasantly surprised by how “walled off” the apps mostly are. Unlike Android, they have to comply to function for the general public.

    It feels a lot more like tier two, where it isn’t like a spyware implant but your banking app or whatever will still function. And yes I know it’s far from good, just talking degrees here…

    • utopiah@lemmy.ml
      link
      fedilink
      arrow-up
      0
      ·
      1 month ago

      I just switched from iOS to deGoogled Android (e/OS setup by Murena) and as discussing with a friend yesterday, the biggest trade off is arguably security, namely than iOS and AOSP are relatively secure (even though far form perfect) and applications have both permissions to explicitly request and also containerized (e.g. limited file system access) … yet you do not need a security flaw to exist if your data are being exfiltrated periodically by the OS or apps. So arguably depending on your thread model (e.g. voluntarily offering your data vs spam/scam vs private malicious actors like NSO vs state level espionage) and your needs (banking apps vs Web equivalent) then one can be more appropriate than the other.

    • St3alth@lemmy.ml
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      1 month ago

      I agree that Apple, while not entirely private, is still a decent choice compared to Android. They both have their flaws though.

  • Gina@lemmy.wtf
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 month ago

    Throw away mobile phone and just use an air gapped machine. Your productivity will tank but then you’ll eventually add local databases of the shit you actually need on your air gapped machine and your productivity will triple.

      • Gina@lemmy.wtf
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 month ago

        Well shit, I shouldn’t be the first to tell you that if you’re serious about your privacy then get off of windows.

        Also if the CIA is targeting with you with air gap malware, then you fucked all the way up. Pedophiles are saying “damn, fuck that guy”

    • utopiah@lemmy.ml
      link
      fedilink
      arrow-up
      0
      ·
      1 month ago

      Your productivity will tank

      Will it though? It’s not like paying with cash or even a credit/debit card takes radically longer than paying with a phone. It’s not like reading a book vs mindlessly scrolling Reddit or Lemmy makes productivity drop.

      We get used to instantaneous tasks and convenience but in fine it’s like speeding up while driving from work to home, it’s not really the seconds or even minutes daily that count, it’s where you are going.

      So… a “dumb” phone will probably for most not make productivity “tank” IMHO.

        • utopiah@lemmy.ml
          link
          fedilink
          arrow-up
          0
          ·
          edit-2
          1 month ago

          What does that have to do with a phone?

          Edit: FWIW you can say no (ideally explaining why, even providing an alternative while doing so, e.g. NextCloud with CollaboraOffice, for email… well you can clarify in a footer that this email thread is not private and suggest creating Tuta or ProtonMail account, even if one time use) to people who use Google Docs and GMail. You can also have a one time use account.

      • Gina@lemmy.wtf
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 month ago

        Yes, your productivity is going to tank. No way you’ll be prepared for a full air gapped machine on day 1.

    • absquatulate@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      1 month ago

      Not sure if gog has anything to do with privacy. Altho if it was on the list I imagine it’d be up there with steam ( not sure why that one’s on the list either )

      • VeganCheesecake@lemmy.blahaj.zone
        link
        fedilink
        arrow-up
        0
        ·
        1 month ago

        I’d argue that gog might be a bit better, since you can download executables from their website, and then use them offline, without telemetry. But still, I think neither are necessarily all that relevant here.

          • VeganCheesecake@lemmy.blahaj.zone
            link
            fedilink
            arrow-up
            0
            ·
            1 month ago

            They are a relatively established game storefront, and have been at it for over a decade. Same Corp that’s also behind CD Projekt Red.

            In the end, any storefront that distributes executables could in theory distribute malware, but I’d honestly be more worried about steam, since their publishing process seems a lot more automated, with less oversight.

  • rumba@lemmy.zip
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 month ago

    sexy chart!

    Could use some anti-malware/AV for beginners and privacy enthusiast level.

    Not everyone in there is running a secured OS.

  • edel@lemmy.ml
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 month ago

    Pretty good!! I agree with 95%.

    Loved the “As seen on TV” category!

    I agree that Tuta is more secure than ProtonMail.

    Some are blended like Tor, that should be in Activist if used in secured computer.

    Was not aware of the existence of Coincarp (logo by GrapheneOS). Is a crypto price tracker used by Activists? I left crypto a couple of years ago but though Activists just don´t trade much and stick for the long haul and use Monero for purchases.

      • edel@lemmy.ml
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 month ago

        Wow… I use Aegis exclusively as my authenticator since 2 years ago and completely did not recognize the logo by itself!!! I used Yandex image search and it told me coincarp… Sorry.

    • hikeandbike@midwest.social
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 month ago

      Curious why Tuta may be more secure than Proton? I’ve been debating switching off Proton but calibrating my risk profile, Germany being part of 14 Eyes and all.

      • edel@lemmy.ml
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 month ago

        Technically speaking is highly contested and you have arguments pro and con, one way an another. They use different technologies so it is hard to compare properly, specially since it depends on the users using it properly.

        If the technology is good, it does not matter where it is located. Switzerland, specially since a couple of years, does provide more freedom guarantees than Germany but it is not immune at all, actually, the US had used the Alpine country to do operations due to its attractiveness to dissidents and criminals alike. However, for the overwhelming majority of customers, either option is fine for they privacy and security. Only metadata has been obtained in few instances in both companies and nothing else… at least no that was used in a court of law.

        For ultimate targets, if they have to rely on email, that they should not, I would choose Tuta though. These are my reasons.

        1. It has a lesser footprint, so less likely intelligence agencies tried to infiltrate it.
        2. The people behind are there fro the very beginning and show their faces publicly (Many in Proton too like the CEO, but it is no so transparent with the rest)
        3. The people of Tuta are more ideological so it is a barrier for intelligent services to penetrate. Tuta has show however being anti the Russian government (rightly or not), so this point is not valid if you are in that side.
        4. Tuta has a very organic and progressive growth. Proton had an explosive growth. Of course, it could been good marketing, but still…
        5. Proton still today requires Google’s Push Notification servers, after years and years demanding a solution. Tuta had that solved since long, long ago.
        6. Recently a case came in Canada of a intelligent agent using Tuta since “it was infiltrate by intelligence agencies”… After a few hours going through the case, I read it the opposite, he used it because he actually considered it a better choice to cover his crime. He was not that high in the ranks, but I read that the he resumption o these officers.
        7. Nothing regarding security, but as a paying customer for both I was “tricked” far less by Tuta. Proton, for instance, does not refund you, only gives you credits. Even 20min after an accidental 2yr renewal I got stuck with them unwillingly. That practice should never be acceptable for a SaaS.

        Now, Proton overall, for most is a bit more reliable and full feature and better put together so it is easier to recommend. Think of Proton as the Apple of emails, quite secure and miles away from Gmail, but security wise and ethically, of the two, my bet would be with Tuta.

      • errer@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 month ago

        The CEO of Proton has tried cozying to Trump and any company led by a guy who does that is knocked down several notches for me

        • chingadera@lemmy.world
          link
          fedilink
          arrow-up
          0
          ·
          1 month ago

          If any service is at the whim of someone’s emotions or opinions, it’s at the bottom, and it should stay there.

          Let the program be the program, and if we can’t see how it’s written, assume the above is true.

          Foss or die

      • Broken@lemmy.ml
        link
        fedilink
        arrow-up
        0
        ·
        1 month ago

        I would probably argue they are the same in terms of security and privacy. Privacy communities tend to disfavor Proton because its all eggs in one basket, and also for political reasons. Both of those are subjective to your personal threat/privacy profile.

        Its true that a single point of failure is more risk than separate services, but that fact doesn’t undermine their security on a technical level, and has nothing to do with privacy. As for the political, yes it’s something to watch but nothing wrong has been done. They are set up as a non profit with checks and measures in place to prevent corruption from happening. I’m OK with different points of view and having different points of view on a board is a good thing.

      • jagged_circle@feddit.nl
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        1 month ago

        Its not. They don’t even sign their releases or support PGP

        Tuta is not a proton replacement

  • kn0wmad1c@programming.dev
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 month ago

    The problem with mullvad is a lot of its IPs are flagged as bots or denied around the web. Is there a good VPN that will still give access to most of the web?

    • jagged_circle@feddit.nl
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 month ago

      Those are mutually exclusive.

      Just avoid those shitty websites that don’t respect their user’s privacy.

    • neon_nova@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 month ago

      I’ve never had that issue with Mullvad unless it was for a streaming app.

      Sometimes I get detected and it makes me do a cloud flare “I’m not a robot” page.

      • YexingTudou@lemmy.ml
        link
        fedilink
        arrow-up
        0
        ·
        1 month ago

        I just got Mullvad again and the main site I get flagged on is reddit. Which I wouldn’t care but the state of search is so abysmal that I still regularly have to query reddit to find what I’m actually looking for (for some types of info anyway). It’s fine though, there’s some mullvad servers that haven’t been flagged yet so I just server hop as needed. Less convenient, but not terrible

        • neon_nova@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 month ago

          Oh yeah! Reddit does that? But I just login with a throwaway account.

          Sometimes after logging in, it will say there was a problem or just reload the login page.

          If that happens just click login again and it will load normally.

          • Novaling@lemmy.zip
            link
            fedilink
            English
            arrow-up
            0
            ·
            1 month ago

            LibRedirect + Libreddit instances is fantastic.

            Honestly, Reddit is one of the few services that can be redirected easily now. Invidious, Freetube, NewPipe, etc. is constantly being nuked by Youtube, and while Twitter redirects are still alive, they were dead for a short period, ProxiTok never works, nor does Proxigram instances…

      • GregorGizeh@lemmy.zip
        link
        fedilink
        arrow-up
        0
        ·
        1 month ago

        Gotta use less popular locations close to what you need. As a german I have mostly been using Finland and other smaller eastern European countries, those generally work just fine. Germany itself barely ever.