The Privacy Iceberg
This is original content. AI was not used anywhere except for the bottom right image, simply because I could not find one similar enough to what I needed. This took around 6 hours to make.
Transcription (for the visually impaired)
(I tried my best)
The background is an iceberg with 6 levels, denoting 6 different levels of privacy.
The tip of the iceberg is titled "The Brainwashed" with a quote beside it that says "I have nothing to hide". The logos depicted in this section are:
- Apple
- TikTok
- PayPal
- Google Chrome
- CashApp
- Samsung
- Steam
- Microsoft Windows
- Ring (Security Camera)
- YouTube
- Amazon
- Discord
- Gmail
- ChatGPT
The surface section of the iceberg is titled "As seen on TV" with a quote beside it that says "This video is sponsored by...". The logos depicted in this section are:
An underwater section of the iceberg is titled "The Beginner" with a quote beside it that says "I don't like hackers and spying". The logos depicted in this section are:
- Telegram
- Authy
- Brave Browser
- Privacy.com (Virtual Cards)
- DuckDuckGo
- iMessage
- Proton Mail
- AdBlock (Browser Extension)
A lower section of the iceberg is titled "The Privacy Enthusiast" with a quote beside it that says "I have nothing I want to show". The logos depicted in this section are:
An even lower section of the iceberg is titled "The Privacy Activist" with a quote beside it that says "Privacy is a human right". The logos depicted in this section are:
- Monero
- GrapheneOS
- Vanadium (Web Browser)
- KeePassDX
- SimpleX Chat
- Accrescent
- SearXNG
- Aegis Authenticator
- OpenWrt
- Mullvad VPN
- An illustration of physical cash
The lowest portion of the iceberg is titled "The Ghost". There is a quote beside it that has been intentionally redacted. The images depicted in this section are:
- A cancel sign over a mobile phone, symbolizing "no electronics"
- An illustration of a log cabin, symbolizing "living in a log cabin in the woods"
- A picture of gold bars, symbolizing "paying only in gold"
- A picture of a death certificate, symbolizing "faking your own death"
- An AI generated picture of a person wearing a black hoodie, a baseball cap, a face mask, and reflective sunglasses, symbolizing "hiding ones identity in public"
End of transcription.
I think this is the first time I've seen an iceberg meme with sources and explanations for each item. Fantastic. Your work is appreciated.
To be honest, and it wouldn't work here, but I sometime enjoy the cryptic nature of iceberg memes at the lower ranks. It's like a scavenger hunt.
Funny how you need more and more technical knowledge to go deeper into privacy, until the last level, which is basically giving up on technology itself.
I was at the bike shop a few weeks back and a ghost walked in. He came in wearing a medical mask covered by a bandana, sunglasses, cap. They wore gloves, long sleaved pants and shirt.
First question from staff, 'this a robbery?'
Ghost, 'no, I just need 27 2.5 tubes, miss.'
They get the tubes, he agrees. Staff asks if he has an account. Ghost says, "nope, why would I need one?" Staff says they do it for records, insurance claim assist, and discounts. Ghost goes with a John Doe, pays cash and peaces the fuck out.
Total King, but dude was given up a lot. Half of us were drinking beers enjoying a warm evening in spring. I hope he has had some good rides.
I can say with confidence thay he was a white male. In his 50s. About 5'10". 140 lbs-ish. If anyone wants to get any tips, good luck!
I would drop off the face of the earth only to stash porn mags all over the woods.
Speaking as a former kid of rural america you would be doing the lords work, friend
“No, no… the robbery’s far too far to walk”
Ha. The tubes were the final pieces to the getaway vehicle
Sometimes anonymity is itself a unique identifier.
It's genuinely wild that Firefox and LibreWolf are nowhere on these
TIL I'm a privacy activist--who can help me get to the ghost mode?
(Do I even want to get there or is that limited to journalists who have entire states trying to unalive them?)
Only you can answer that.
Pretty much, but if you want to give up all technology, work for yourself, and fake your death, then more power to you!
Seems like faking your death would cause more privacy problems than it solves. Why not just “stay alive” with a completely innocuous identity? Then adopt some new identity which cannot be traced back to the original?
If you're alive, you are asked for documents such as property records, taxes, etc. and if you refuse then bad things happen. If you fake your death, no more questions are asked and you can take on fake identities. In essence, faking your death takes your identity out of "the system"
Do you like living in the woods and not enjoy technology (or can live perfectly happily without it)?
There is this steadily growing activist group that you could join up with.
Easier than you think it is. Hard to keep at it. All you need to do is stop using a phone or computers. Death cert is only needed when you've been compromised and people are out to get you. Gold isnt really usable unless you stumble onto a secret underground society where all trade is done in gold. Realistically, you'd sooner be trading goods (or services) for other goods (or services).
This level technically shuns technology and that brings its own challenges. Its like saying you cant have privacy with technology. I dont necessarily agree with this statement so I'd say don't go to this level.
unalive them
You should stage your death, like they tried to do on prison break and then move to Mexico or Columbia. Send me a DM for more information /J
ExpressVPN is an arm of Israeli intelligence and should be on the tip of the iceberg: https://www.reuters.com/technology/expressvpn-employees-complain-about-ex-spys-top-role-company-2021-09-23/
All users should cancel their accounts immediately.
Can you explain why you would think Steam is so bad? I would argue they're pretty fair, especially with the option to buy steam cards for cash to not disclose your personal data. Does the client do some unsavory shit?
Seeing steam at the top makes me question the list. Likely a hate of DRM rather than privacy
Yeap, and Brave in the middle. They only pretend they are for privacy, but they are the very opposite.
Yeah i hate when I see people using Brave, because they have been brainwashed.
Does anyone remember when they were injecting their own referral links into links for online stores (99% certain they did this pls prove wrong if you know better)? This alone leaves them with 0 trust in my books.
Brave is and always has been gross. Never understood how they’ve been so successful at tricking people into installing it.
OP replied in another comment its because "firefox is not secure" https://lemmy.dbzer0.com/post/43710170/18564861 :
In another reply parents to this one:
So OP is saying it's not private nor safe? I get what some people are saying of Firefox constantly changing Terms of Services but that'd be in regard to privacy not security and OP tries to argue not being safe which his iceberg also implies in terms of privacy not being good too. Yeah, LibreFox's ToS isn't the same as Firefox's ToS and his counterarguments to Firefox and Firefox-based on replies is Chrome-based browsers exclusive to niche OSes (also OP don't even try arguing Brave on comments so probably just trying to rage-bait with every opportunity). I'd love OP to argue using the examples he used in the iceberg. So many discourse incosistencies along with the iceberg. Also OP FYI while privacy does not mean secure, lack of privacy could mean security risks in some cases.
No epic store and brave is not on the top...
They're not the very opposite. They have done wrong things, just like Mozilla. Doesn't make them Google though.
They are not "just like" Mozilla.
That’s not what I wrote
Also, please stop with the Mozilla praise
You seem unaware of the bullshit they do. They’re not clean at all.
and then Tor so high up, unless you're hell bent on leaving 0 traces that thing is a pain to use, can't have it maximalised, pages load sometimes minutes at a time, no addons, just suffering. nobody sane uses that thing for more than the occasional trip to whatever deep web market is not yet exit scamming
Their bottom line is gold, this should tell you everything you need to know about the creator of the meme.
it also has a log cabin... and Log Cabin is a maple syrup brand... and maple syrup is from maple trees... and maple leaves are on Canadian flags... so... a snowman?
i don't think valve does much with the data even internally. if they did at least the game recommending queue would be slightly accurate. instead i have to manually blacklist tags for it to stop showing me things i'm just deeply uninterested in. like yes Mr. Valve my steam library of RPGs, puzzle games, and open world sandboxes clearly profiles me as someone who'd be interested in the newest Fifa game every year, sure buddy
I think they changed the name in the newer versions so surely you'll be interested now!
now you say it, maybe it's my clicker games that make Valve think i'd like to buy a game where the point seems to be that the number in the title goes up by one every year
Yes but my point was that I believe they changed the name from FIFAYY to FCYY (and I think raised the price).
woah! the innovation!
afaik the client does collect a bunch if data, most (all, i think? but not a 100% on that) of which is opt-in.
they do need stuff like IPs for internet related features.
telemetry wise there's the steam hardware survey, which is opt-in, and it asks every single time it attempts to collect your systems hardware and OS information. this could technically be identifying information, but since it's opt-in it's not a privacy violation and it's entirely optional. (plus it's super useful for all involved: users, devs, and steam. it's kind of a win-win and straight up necessary info for devs to know which hardware they should optimize for)
they might be putting it at the top because steam has native support for DRM?
but that's also weird, because DRM isn't a privacy violation. it's a shitty practice, barely does anything, barely works, and keeps breaking or hobbling otherwise perfectly good games, all of which is shitty, but it's little to do with privacy. and the dev has to specifically opt-in and integrate it as a feature...unless they're thinking of 3rd party DRM that can be waaay more intrusive, like Vanguard... THAT'S a privacy and security nightmare just waiting to blow up in people's faces.
otherwise...i haven't really heard anything bad about steam privacy wise?
doesn't mean that there's nothing to be concerned about, but i feel like there'd been some news about it if there was...
Agree. Steam doesn't even save your birthday, and asks for it every time
They legally have to.
Legal requirement.
No. And also chrome is somehow at the bottom of this list, I don't care if it's chromium or vanadium, it's still chrome.
It's Vanadium, a fork by the people from GrapheneOS. You could say the same about Graphene, that it's still Android, but reality is more complex.
Vanadium is focused on security and privacy, but not much on adblocking. For that reason I use Cromite, which is much better blocking ads while keeping good security policies.
Chromium-based browsers have arguably better security than Firefox. https://madaidans-insecurities.github.io/firefox-chromium.html
Vanadium further improves Chromium's security by disabling the JS JIT Compiler, using a hardened memory allocator (GrapheneOS hardened_malloc) enabling ARMv8.5 MTE, and applying other hardening patches (https://github.com/GrapheneOS/Vanadium/tree/main/patches).
The secureblue project maintains a hardened Chromium build for Linux called Trivalent, which uses most of the patches from Vanadium, among others. You can get it from their repo: https://repo.secureblue.dev/secureblue.repo
I really wanted to include Trivalent, but I didn't want to seem too Chromium-oriented and start a flame war.
You could add secureblue. I would put it in the same category as GrapheneOS and Vanadium.
An issue arises with that. Linux is fundamentally insecure, as you are likely well aware if you use secureblue. secureblue is designed to be as secure as possible while still being Linux, and so is still bound by the same constraints. Qubes OS is not a distro, so it (should be) more secure, but it is an absolute pain to use. Furthermore, Qubes OS emulates Linux distros, so the question becomes "Why not just emulate the most secure Linux distro?" which is either Whonix or secureblue depending on who you ask. Is that more secure than running secureblue on bare metal? What about GrapheneOS used in desktop mode? And what about emulating Linux inside of GrapheneOS using the Linux terminal? There are plans to use multiple distros inside of the terminal, so what about secureblue inside of GrapheneOS?
The whole situation spirals out of control. I know this iceberg chart isn't ranking security, it's ranking what software people generally use for each experience level, but neither secureblue nor Qubes OS would fit nicely in any category. You can read this post for more of my thoughts about this mess.
I know about the security issues in desktop Linux, but I still think secureblue fits that level of the iceberg pretty well. I would put Qubes there as well.
I have no clue why telegram is often mentioned when it comes to "privacy focused messaging". They don't even have e2e encrypted group chats. Only 1:1 chats may be encrypted as an opt-in. Even WhatsApp is more secure than that, since they use signals encryption.
Also the "we don't give out even a byte of data to anyone" statements made by telegram have been thoroughly debunked as lies. When telegrams bottom line is in danger, they have and will give out your data.
Yea, telegram being advertised as a privacy messenger is a joke. If people want to have group chats like in discord and don't care about privacy, whatever. But to try and flaunt how privacy focused you are while using your own home-brewed encryption is a joke. Not to mention the fact you have to turn it on for every chat you want end to end encrypted.
The whole thing about not giving out data is really only accomplished by spreading user data across several countries. So you would have to get a search warrant from every country to get the data, relying on some countries not wanting to cooperate with other countries. That is not real security. Real security would be encrypting it so you literally couldn't give them the data, even if they had a search warrant. Ya know, like signal.
Even Threema is more secure than Telegram, this iceberg is messed up and missing a lot of things and some inconsistencies. You could say it's not free but so isn't mullvad and it's in the iceberg.
WhatsApp claim to use this. They do not show their code nor did they do any kind of audit. Therefore we have to assume that there is no encryption.
Just curious, does telegram keep a log of our msgs? Im guessing right now, mitm attacks doesn't work since tls exists, but telegram can still read the msg cuz it's not e2e?
Tried the Privacy Activist and Enthusiast section. Was not really fun and you loose connection to most of your friends and family. Now I have a balanced setup with something out of each layer. Perfect balanced, as things should be
I have taken my own approach; there are things from each layer that I use. Some begrudgingly but others gladly.
The problem I faced when starting this journey is it does cut out a lot of people. And it becomes isolsting. So I did reel back a bit.
It's equally frustrating to talk to people who're completely entrenched in the Enthusiast / Activist section. The utter disconnect when it comes to what's viable for most people is annoying to deal with sometimes. Statements like "Everyone who is able to read can easily learn to use Arch Linux" or "Everyone can flash their phone" do give me headaches. Was there, did both, wouldn't recommend to my less nerdy family.
I can totally understand where you are coming from.
I do hold the view that if you can read, you too can install GrapheneOS, or try Linux; but that doesn't make it right for everyone. It's a self imposed journey. I can't expect everyone to make the same choices I do.
That is where I will educate people as to why I chose what I chose; however I will not try to force someone down the same road.
So totally understood.
Yea, being able to and actually doing so are very different. Reading is the barrier to entry for most everything. Time and energy are the missing resources, though. I am a tech enthusiast, and I struggle to find time to do all the things I want.
I get that. We all make choices to decide what we do with our time.
Giving it a try is most of the time the first step. I tried GrapheneOS , used it until my device no longer received updates. Then Google Pixels got disappointing and iOS 14/15 got out with big privacy changes, so I switched the first time to Apple. I know, ironic , but it works for me. I remove most permissions from apps, use my own DNS block list enforced by MDM and if possible, self host my apps and services or use paid / open source ones. I am here on Lemmy instead of Reddit or Instagram…. I also tried Jollas SailfishOS v3 , it was ok, but this was back at the time very limited for social interactions, now with v5 it would have been better. Also good to know, at my place , Apple Pay is one of the most secure and private pay systems…. I hate that, this feels wrong.
I used to run LineageOS with a lot of my own tweaks to meet my privacy needs; however I reached a point I decided it didn't fit my needs for security. So, I went back to GrapheneOS. Which, I am 1uite haply with. Ultimately, I dream of a fully operational Linux phone of sorts; but we aren't there yet.
I ditched reddit, and most centralized social media. I ditched many big tech services in place of self hosting my own. And even that is mostly locked down. Very little exposed to the web. Ad blocking, as well as my own underlying upstream DNS, with a fallback that isn't Google or Cloudflare. Services being firewalled off. Reverse proxy setup limiting access via IP:Port while also including SSL certs for local only https.
And this list goes on; it's a constant journey. But the hard part is to still be social. Hahaha
Did you look at SailfishOS (Linux Smartphone) It supports Android App virtualization.
Cant say that I have, but will now!
i also hate the idea of giving up apple pay when testing graphene. i really hope to find a somewhat ok alternative, but from what i’ve heard it seems to be the best there is atm :(
yeah honestly i really think that you should swap to linux!
To be fair some non-fuckers also tend to recommend linux.
May I suggest Arch btw?
It's easy, just don't have any friends or family! /sad panda
Totally agree with this, two steps forward one step back basically
Everyone's personal comfort level.
Give tech classes to elderly. Explaining to them the iphone photo face recognition saw several of their eyes bug out of their head. Some loved it.
Totally agree about the self ostracization. While I agree with the sentiment you'll cripple yourself socially.
Finding your personal comfort zone is the tech journey
Heeeey it’s me. Totally socially crippled.
I don’t even know how to maintain relationships, don’t have an interest in trying. There’s something wrong with me.
My only friend on this planet is my uncle.
I get it. Am this way to an extent. Mom for me.
Recently attempted to be social at work. Out of the 5, 1 is worth spending additional time with.
If you are comfortable with yourself and who you are, it may take a bit to meet people you actually enjoy.
If you feel like something is wrong with you therapy would not hurt. Reccomend it for everyone to get them the self care tools they need/want.
In my experience I was attempting to be social out of obligation and why it always felt like pulling teeth to do anything is because I didn't really like the people I was with.
Wish you luck bb 🙏
I’ve done the whole therapy thing, I just do not have it in me to have friends.
I haven’t had a desire to make a friend since I was a kid.
I do get lonely. I’ll have a thought that I’d like to share and I know I drive my wife crazy.
I wouldn’t even care if I could find a way to make some money. Right now I’m a stay at home dad. That’s what my wife wanted me to do. I was making money on the stock market, not taking big risks, just making above minimum wage. Then the election happened and now that’s over.
Thank you for caring.
Being social is pretty similar to exercising. When you first try to do it after a while, it's usually painful and not enjoyable. It isn't until practicing and keeping at it that it will get easier and you can actually feel the benefits. Finding someone that you can actually share your hobbies with can go a long way, especially if they are able to give some sort of input as well that is beneficial to what you're working on.
I live deep in the Appalachian mountains and I haven’t met a single person interested in the things that I am since I was a kid.
I’m so bad and hate socializing so much that I recently got the Mortal Kombat II deluxe arcade cabinet, the same dude kept joining my match every single time I played so I just stopped going online haha.
He contacted me and we talked once, and that was that.
I really like him too, I just can’t handle it. Even that tiny little bit of it.
I don’t know why I’m like that. I’m not bad at talking to people. I’ve been told I’m damn good at it. I’ve been told I’m charismatic and all that. There’s just something broken in me.
Probably comes from the abuse I suffered as a kid if I’m being honest. It was rough, and it trained me I guess.
But then again, my whole family is like me. I don’t even know 90% of them, but I can tell you that 90% of them do not have Facebook. The ones that do, they don’t ever post, they don’t ever like, nothing. It’s like it’s just who we are or something.
I have brothers who grew up in different households. Two of them never experienced any abuse as children, they were spoiled. They are just like me. They talk to no one.
So maybe it's the environment you live on? If I lived in the Appalachian mountains I'd just relax alone to keep the peace, sounds comfy enough for me. People in the Nordics are like that too.
Wife not fren, fren?
Vibe
lol. lmao, even.
Well which one is it?
On browsers, as you put Chromium then also put Firefox or deMozillaed Firefox e.g. WaterFox.
I'd put Brave back to the 2nd layer due to relying on Chromium and being heavily marketed while gathering data for its crypto scheme. I'd also put Firefox on the 2nd or 3rd layer.
FF doesnt deserve much better than Brave as it sends telemetry, so both on tier 2. LibreWolf would fit for tier 3 or maaaybe 4.
Do you trust this preference panel on telemetry? If not why not? If you do believe it is legit what do you believe it remains problematic?
Lol, no. Here's a list of all the things that panel doesn't account for.
https://forum.level1techs.com/t/browser-hardening-privacy-anti-fingerprint-and-anti-telemetry-guide/198039
Also, there's nothing close to even attempting privacy without strong fingerprint protection anyway, which I should have also mentioned. Vanilla FF allows a bright shining canvas fingerprint that Brave and Librewolf disable.
I'm not sure what's that's supposed to show as "there are built in settings for some of this stuff, it’s not complete and many settings are abstracted away from the user. Enter about:config" since it might be hierarchical, i.e. disabling a single telemetry toggle, either via Preferences or
about:configmight disable all the other ones. I haven't looked specifically at that part of the code of Firefox but I'd trust more a Wireshark analysis than this since it doesn't actually show (unless I missed that part, quite possible as it's relatively long) that information does actually go back to Mozilla even while one has disabled all telemetry option.Fingerprinting is fair, in the sense that yes, if you do broadcast your userAgent and other public information you do narrow the potential search space and thus expose you as an individual more, yet has nothing to do with Mozilla.
But we're taking about this in the context of this infographic. So we have to distill this down to:
Should FF be with, or above, Brave?
I assume we're also taking about relatively low-barrier changes that most users can implement. So vanilla FF vs vanilla Brave, there's a difference. Can we harden FF? Sure. Will 95%+ of people do that with Librewolf or 3 dozen other forks out there? Why bother when there's nuance to be gained with other forks? So now vanilla FF stops being relevant.
And to be clear, I don't use Brave unless I absolutely have to. I don't love it, but vs. normie Vanilla FF, there's a slight edge.
Up to you and OP but the fact that there isn't even Firefox or LibreWolf or WaterFox but there is Chrome, Brave and Chromium is problematic to me. At the very least Firefox should be there and IMHO below Chrome.
Not up to me, I would have done the same as you suggested.
More on Brave https://lemmy.ml/post/29741804
What’s the issue with steam? I thought the epic game store was the one actively spying on your device
Steam has telemetry. They gather a ton of data on you. What details, how they use it, and how secure it is I can't answer, but it's clear that it's happening.
I could also imagine DRM, though not directly privacy related, being a thing. Like the issues of freedom and openness are probably also important to many people who value privacy and might therefore prefer GOG or something over Steam.
Edit: I see someone else mentioned this already: https://lemmy.world/comment/16903223
They also have so many security breaches that it won't even make the news anymore.
Many of those are caused by people having insecure accounts without enabling 2FA etc. And there is a lot of money involved, even the top TF2 accounts are worth tens of thousands of euro's
Until recently, your steam activity and games played are public and your relationship with other steam users can be traced even if you have a private profile.
Good to know, thanks
It collects and stores information about your system and also has your identity tied to your purchases.
I don’t think it’s a big privacy concern as far as tracking and spying on you.
But realize any device you install steam on then is tied to your real identity if you purchased games on that account. And can be used with data gained from other parties to determine your online activity if a government were to be able to obtain both.
Kudos for inclusive alt texting!!
Was going to say links or it never happened but you provided them! And categorized by level! Excelsior!
Thanks also to the comments giving more information.
So grateful for this platform. For the most part.
Thank you so, so much for the transcription, appreciated!
Brave 🤮🤮🤮
Oh, am I that far gone?
::: spoiler spoiler I don't see Qubes, Whonix or Tails on there. :::
I give workshops on privacy. I always tell them that if they get nothing else out of my presentation, its that they should use a password manager.
Honestly I think keepass should be beginner. That comes first before everything else.
Also I think Tor Browser should come before VPNs. Its free and easier to use than VPNs (for when you want to google something secret and don't want to be tracked. Most beginners are selective like that)
TAILS is missing :(
Weird how Apple and iMessage are not in the same category. How do distrust apple’s privacy claims but trust iMessage?
Pretty good!! I agree with 95%.
Loved the "As seen on TV" category!
I agree that Tuta is more secure than ProtonMail.
Some are blended like Tor, that should be in Activist if used in secured computer.
Was not aware of the existence of Coincarp (logo by GrapheneOS). Is a crypto price tracker used by Activists? I left crypto a couple of years ago but though Activists just don´t trade much and stick for the long haul and use Monero for purchases.The logos next to it are Vanadium, which is a web browser made by GrapheneOS, and Aegis Authenticator, which is a time-based one-time password (TOTP) application.
Wow... I use Aegis exclusively as my authenticator since 2 years ago and completely did not recognize the logo by itself!!! I used Yandex image search and it told me coincarp... Sorry.
The CEO of Proton has tried cozying to Trump and any company led by a guy who does that is knocked down several notches for me
If any service is at the whim of someone's emotions or opinions, it's at the bottom, and it should stay there.
Let the program be the program, and if we can't see how it's written, assume the above is true.
Foss or die
Technically speaking is highly contested and you have arguments pro and con, one way an another. They use different technologies so it is hard to compare properly, specially since it depends on the users using it properly.
If the technology is good, it does not matter where it is located. Switzerland, specially since a couple of years, does provide more freedom guarantees than Germany but it is not immune at all, actually, the US had used the Alpine country to do operations due to its attractiveness to dissidents and criminals alike. However, for the overwhelming majority of customers, either option is fine for they privacy and security. Only metadata has been obtained in few instances in both companies and nothing else... at least no that was used in a court of law.
For ultimate targets, if they have to rely on email, that they should not, I would choose Tuta though. These are my reasons.
Now, Proton overall, for most is a bit more reliable and full feature and better put together so it is easier to recommend. Think of Proton as the Apple of emails, quite secure and miles away from Gmail, but security wise and ethically, of the two, my bet would be with Tuta.
I would probably argue they are the same in terms of security and privacy. Privacy communities tend to disfavor Proton because its all eggs in one basket, and also for political reasons. Both of those are subjective to your personal threat/privacy profile.
Its true that a single point of failure is more risk than separate services, but that fact doesn't undermine their security on a technical level, and has nothing to do with privacy. As for the political, yes it's something to watch but nothing wrong has been done. They are set up as a non profit with checks and measures in place to prevent corruption from happening. I'm OK with different points of view and having different points of view on a board is a good thing.
Its not. They don't even sign their releases or support PGP
Tuta is not a proton replacement
Sadly, using small niche VPNs that might be more trusted makes you stand out more. It's pretty unusual to have a Mullvad user on your server
They don't rotate IPs as well so a lot of them are blacklisted... and don't offer port forwarding anymore
I wish they could change IPs reguarly and add port forwarding back :-( - I would happily pay for their service again
Because 5€ for their current service is overpriced
This probably doesn't matter does it? Because being spotted as a mulvad, airvpn, etc user doesn't make you more of a target for anything.
It just means that if they try to trace your connection back to you, they won't find anything out, because you have a trusted zero-logging vpn.
Only think I could see is it could potentially be easier to track usage through the ip and assume it's one person, but idk you could do that with anything if you look at the request timings, etc. It's still just guesses.
Am i missing something?
Probably not on the usual sites people visit (youtube, etc, the big sites 99% of ppl go to exclusively), but I can see your point for any smaller site.
Airvpn provide a discount for each extra month you sign up for in bulk which is nice. It's a great service in my opinion.
https://airvpn.org/
I’m just taking a stab at this since I’m not entirely certain, but I would think that this would weaken you against fingerprinting since it depends on having many different semi-unique characteristics as you browse?
This ^
If you have 2 accounts on a website for example, you can be easily exposed if using a niche VPN. If on a more popular VPN, it’s not as likely as some other users probably use those as well
Realistically, on bigger websites it doesn’t matter as much - it would really depend on your config. You’re bound to be fingerprinted at some point anyways. It’s just too hard and too annoying to blend in.
At this point I believe we should just aim at randomizing our fingerprint every few seconds by sending BS rather than aiming to all have the same one
https://mullvad.net/en/vpn/daita
I don’t get how that’s relevant to what I said. That’s still something else
Your last sentence?
What you sent is to prevent your ISP (or government) from correlating your internet activity to your identity
What I’m talking about is preventing fingerprinting or correlating 2 sessions to the same website (the entity that tracks you is the website itself in this case)
What do you use instead of Mullvad now?
https://airvpn.org/ is a great option that is still privacy friendly and allows port forwarding. Still niche if you care about that, so may not be for you.
Interesting option as well, but some problems :
I'll add that their servers are a bit slow (I have a gigabit connection) and they don't have a server in my country
Going to get hate for it (justified), but NordVPN
Reasons: low price, and someone I know already had an account.
Could switch but most VPNs don't have what I'm looking for (port forwarding), as well as IPs that often change and a solid userbase to mask traffic in smaller websites
Tested mullvad a few years ago and had some small connection problems, but the main issue was that it wasn't usable in many websites due to their IPs being really abused (+ blocked from streaming services).
I don’t get why the second layer of Op iceberg is solutions having strong marketing budget. As far as I know (correct me if I’m wrong) Nord VPN has been audited by 3rd parties which confirmed its no-log policy. Also feel more anonymous when using a mainstream VPN because many users share the same IP. On the contrary if you use a VPN where only 2 users are on the same IP, seems easier to track you. Maybe I’m wrong but the hate for NordVPN does not seems justified.
The hate is mainly because they run current anti consumer techniques, such as:
They are also in a country where they can legally not provide any info to anyone (also in case of legal problem I believe), but it is a double edged sword, as it also means they can lie and sell our info and will never get sued over it
Such things makes it hard to trust, but the reality is they’re most likely fine to use because they already make a ton of money. They probably won’t risk to lose a business over this.
Check out IVPN, I find the service very similar but they also offer reverse split tunneling (choosing what programs go through the VPN).
That's not port forwarding though 🤔 but still a nice thing to have I guess
Mullvad has that now. It usually works.
I can't find the announcement and this issue is still open, can you share your source? https://github.com/mullvad/mullvadvpn-app/issues/2808
My bad. I assumed this was about regular split tunneling, not inverse, which I had never heard of.
Mullvad is one of the most popular VPNs with loads of other users wtf
Compared to other options like mainstream VPNs and proton, they don’t have much servers, so, users
I'm not confident thats a valid assumption
f-droid? the guardian project?
Impressive, an academic grade meme.
You, sir/madam, are an artist and a scholar
Any Chromium-based browser in anything but the top-most panel is a non-starter with their abandonment of Manifest v2. Manifest v3 seriously cripples any Chromium-based browser’s ability to be secure, as extensions like uBlock Origin are no longer compatible by design.
Google has it’s ad business to protect, after all.
The problem with mullvad is a lot of its IPs are flagged as bots or denied around the web. Is there a good VPN that will still give access to most of the web?
I’ve never had that issue with Mullvad unless it was for a streaming app.
Sometimes I get detected and it makes me do a cloud flare “I’m not a robot” page.
I just got Mullvad again and the main site I get flagged on is reddit. Which I wouldn't care but the state of search is so abysmal that I still regularly have to query reddit to find what I'm actually looking for (for some types of info anyway). It's fine though, there's some mullvad servers that haven't been flagged yet so I just server hop as needed. Less convenient, but not terrible
LibRedirect works for me
LibRedirect + Libreddit instances is fantastic.
Honestly, Reddit is one of the few services that can be redirected easily now. Invidious, Freetube, NewPipe, etc. is constantly being nuked by Youtube, and while Twitter redirects are still alive, they were dead for a short period, ProxiTok never works, nor does Proxigram instances...
Oh yeah! Reddit does that? But I just login with a throwaway account.
Sometimes after logging in, it will say there was a problem or just reload the login page.
If that happens just click login again and it will load normally.
Yeah, it'll give me one of these screens with most mullvad servers. I don't really interact on reddit anymore so I refuse to log in even with a throwaway (on my phone at least). Maybe there's something to it, maybe it's my own silly little battle against rude web design 😅
Try a Reddit mirror like RedLib, i.e. https://redlib.privacyredirect.com/
It’s so cringe how they make everything cutesy
when this happens, just hit "reconnect" on the VPN and refresh - usually after one or two reconnects Reddit won't have blocked that IP yet, IME
All of us.
Interesting, I'll have to try that out!
If you're Privacy Activist tier, that CF CAPTCHA should spin infinitely. Otherwise, you're being fingerprinted.
I've been running into this a lot with Proton, too.
Gotta use less popular locations close to what you need. As a german I have mostly been using Finland and other smaller eastern European countries, those generally work just fine. Germany itself barely ever.
Those are mutually exclusive.
Just avoid those shitty websites that don't respect their user's privacy.
I've had fewer issues when using servers in Asia.
Thanks a ton OP for linking to all the tools and services in description, this is an awesome resource!
Just tell the normie that you have nothing to say if you have nothing to hide. Also, why there's no F-Droid?
This is a modern art masterpiece. I've starred at it for hours while installing Arch Linux on my brand new T480.
install gentoo
install haiku
install Yocto
install slackware
Wanna cyber?
Where's GOG.com?
Not sure if gog has anything to do with privacy. Altho if it was on the list I imagine it'd be up there with steam ( not sure why that one's on the list either )
I'd argue that gog might be a bit better, since you can download executables from their website, and then use them offline, without telemetry. But still, I think neither are necessarily all that relevant here.
Well that sounds like a malware poisoned well
They are a relatively established game storefront, and have been at it for over a decade. Same Corp that's also behind CD Projekt Red.
In the end, any storefront that distributes executables could in theory distribute malware, but I'd honestly be more worried about steam, since their publishing process seems a lot more automated, with less oversight.
If its not signed upstream, don't download it
How the heck is TOR less secure than any of the vpns? Also nice vpn psyop/ad.
I wouldn't put Telegram at that level. I would put it in "The Brainwashed." Its encryption is disabled by default. You need to manually enable it on each chat, and you can't enable it on group chats. The app gives a false sense of privacy. Telegram flaunts its end-to-end encryption, but it never mentions that it is disabled by default, and it refuses to enable the default. The final result is that people are not using the feature.
A cryptographer and professor wrote a good piece about Telegram's encryption, calling it "unusual" and the "non-standard authenticated encryption mode ever invented": Is Telegram really an encrypted messaging app?
Because of Lemmy: proton, GrapheneOS, pi hole, open wrt, nextcloud
On the 5th layer I'd add NitroKey or YubiKey to remind people that in addition to software you can have physical tokens too.
I considered adding security keys, but I ran out of space and couldn't decide on a "de facto" brand
IMHO with these 2 you cover most.
@Charger8232
It's nice how firefox is just nowhere in there
I forgot to put it on there. I would put it probably in The Beginner. Chromium-based browsers aren't all bad, such as Vanadium or Trivalent, so people sometimes feel more comfortable sticking with what seems familiar (coming from Chrome).
chromium is taking its place, somehow
@greywolf0x1 That there is Vanadium, GrapheneOS's hardened Chromium... also funny how Tor is above GrapheneOS and Mullvad and all that stuff. Not much sense is being made on the two levels above ghost.
Throw away mobile phone and just use an air gapped machine. Your productivity will tank but then you’ll eventually add local databases of the shit you actually need on your air gapped machine and your productivity will triple.
https://thehackernews.com/2017/06/wikileaks-Brutal-Kangaroo-airgap-malware.html?m=1
Well shit, I shouldn’t be the first to tell you that if you’re serious about your privacy then get off of windows.
Also if the CIA is targeting with you with air gap malware, then you fucked all the way up. Pedophiles are saying “damn, fuck that guy”
This is Lemmy. You're the 30billionth to tell me.
Since we are 6, that's about 6 billion times per each of us.
I think someone is stealing some of my 6 billion for themselves. Just some. Not all. Just. Some.
Yeah, that's because I didnn't count you!
The government targeting pedos? That would be a more effective way to eliminate government than doge
Will it though? It's not like paying with cash or even a credit/debit card takes radically longer than paying with a phone. It's not like reading a book vs mindlessly scrolling Reddit or Lemmy makes productivity drop.
We get used to instantaneous tasks and convenience but in fine it's like speeding up while driving from work to home, it's not really the seconds or even minutes daily that count, it's where you are going.
So... a "dumb" phone will probably for most not make productivity "tank" IMHO.
until you need to collaborate with the average person who uses google docs and gmail
What does that have to do with a phone?
Edit: FWIW you can say no (ideally explaining why, even providing an alternative while doing so, e.g. NextCloud with CollaboraOffice, for email... well you can clarify in a footer that this email thread is not private and suggest creating Tuta or ProtonMail account, even if one time use) to people who use Google Docs and GMail. You can also have a one time use account.
Yes, your productivity is going to tank. No way you’ll be prepared for a full air gapped machine on day 1.
Again I'm not comparing a perfectly setup productivity machine online versus an offline one, I'm comparing an entertainment machine also used for work vs an offline one.
FWIW I did do offline holidays and yes, I was missing a lot, yet arguably it didn't make me less productive. Now I travel with kiwix with StackOverflow and Wikipedia .zim files and each time I believe, maybe naively, that I'm more productive, so indeed iteration helps but my point was more against distractions.
I don't have internet. Now my productivity is 0%. Help.
The only thing stopping me from being 'the Activist Group' is that Mullvad requires payment. Sorry, but I'm running a little tight on budget.
At the same time, I can't use Proton VPN for torrenting.
As a US citizen your crypto transactions need to be individually listed in your tax returns. It’s the main reason I don’t use crypto, it makes my taxes super complicated.
I absolutely report all of my cryptocurrency that the government would need to break PKI to trace back to me. I would never violate laws that I could rely on never being caught violating.
Sorry, this post is a bit confusing…
Ohh, gotcha! Yeah, I’m not messing around with taxes. That can get you in some serious trouble.
Unless it's one of those cases that matters the most, like being wealthy.
I feel that I2P is missing somewhere in here too.
https://p.lemmy.world/c/[email protected]
Also, I am out of the loop? What’s up with firefox? I have used it on linux mint for maybe 6 years now with uBlock. Currently trying to use DuckDuckGo as default browser because that Google AI results thing is starting to annoy me.
What’s open wrt for?
Enthusiast level. Not bad. Not bad. Also where would you put librewolf?
Why is Incogni bad?
Cash and Monero being on the same tier is very funny
ayo, I think I won the privacy bingo! thats what this is right?
I think I'm probably slowly transitioning to "the ghost" but more as a matter of digital minimalism than for privacy lmao
I just switched from Android to iOS, and while I have many complaints, I’m pleasantly surprised by how “walled off” the apps mostly are. Unlike Android, they have to comply to function for the general public.
It feels a lot more like tier two, where it isn’t like a spyware implant but your banking app or whatever will still function. And yes I know it’s far from good, just talking degrees here…
I agree that Apple, while not entirely private, is still a decent choice compared to Android. They both have their flaws though.
I just switched from iOS to deGoogled Android (e/OS setup by Murena) and as discussing with a friend yesterday, the biggest trade off is arguably security, namely than iOS and AOSP are relatively secure (even though far form perfect) and applications have both permissions to explicitly request and also containerized (e.g. limited file system access) ... yet you do not need a security flaw to exist if your data are being exfiltrated periodically by the OS or apps. So arguably depending on your thread model (e.g. voluntarily offering your data vs spam/scam vs private malicious actors like NSO vs state level espionage) and your needs (banking apps vs Web equivalent) then one can be more appropriate than the other.
Thanks for providing this. It is obvious you put a lot of time into this. Truly appreciated. I will have to look into these.
How did you find these yourself?
Wow this blew up. People still not getting the meme portion of this?
I always wished I could pull a House M.D. and just start a life underground.
Using basic things like Graphene OS and keepass shouldn't be considered privacy activist
Anyone else noticed you are descending and are dangerously low in the pic? I didn't realize lol
Privacy isn't dangerous unless it gets in the way of your life (your job, relationships, housing, etc.). As long as you maintain a good balance, more privacy is generally better.
I have a little bit of everything except As Seen on TV and Ghost.
I mostly have 3,4,5 and still use YT and Discord
Malwarebytes is good in my opinion and ads didn't told me about it. I discovered it by myself. And nowdays ads can't really tell me much because I block every single ad I just possibly can.
Yeah I've also heard malware bytes is good. I heard if from thenewoil.org.
I use Keepass but mostly for convenience and I don't understand why it's in the 5th category. If I have 50 different accounts with 50 different passwords but they can all be had with one keepass password, how is that different than having 50 different accounts all using the same password?
I'm like a mix of the three tiers above ghost and in not really trying to be which is odd
I already made browser suggestions https://lemmy.ml/post/29712598/18453254 but I would also add Ceno https://ceno.network/ in the 5th layer due to its P2P and caching nature.
I am apparently the privacy activist (not using Monero, SimpleX Chat, Degoogled Chromium, or Keypass, though). I do use uBlock Origin (Gecko ffs!) and Bitwarden (self-hosted Vaultwarden). Unfortunately, I am using Telegram, but trying to move all my contacts to my own Snikket server. It's a very slow process.
Too bad I can't upvote more than once. Thanks for making/sharing
In regards to addy, are my messages private in relation to the service or does it only serve to keep my anonymity to other threat actors?
You can replace the generated image by searching for images of "Goggle wool ski mask" IMHO.
I use something from each tier except the As Seen on TV tier.
best way to stay private is to just not play the game, sadly everyone whos here more or less got auto registered into this game at the very begining
What is so bad about nordvpn? What makes protonvpn better?
Been a nordvpn user for around 4 years now. If I need to switch I'll do it, this is just the first time I've heard it isn't all that great.
ProtonVPN is open source, meaning the code running ProtonVPN can be inspected by anyone to make sure privacy is being upheld. ProtonVPN is also based in Switzerland, which has strict privacy laws. NordVPN has had many criticisms about their privacy and security practices. ProtonVPN also has a free tier.
Thank you. I remember back in the day hearing they didn't keep logs and figured "well alright sounds good!" and that was the end of it.
I'll give Proton a try when my current plan of Nordvpn ends. Didn't know Proton was open source either, so that's pretty cool! Wish I didn't get downvoted to hell for asking a question, but it is what it is.
I'd put OpenVPN and WireGuard on the 5th layer.
Android missing?
Hi from near the top of the iceberg. I have five from the top and two from the next level down, plus two from level four. A balanced diet?
I wasn't able to fit everything, but I specifically excluded Android, because it isn't inherently bad. GrapheneOS is based on the Android Open Source Project (AOSP), for example, so I didn't want to give the wrong idea.
I'd put Android/iOS on top layer then AOSP on the 2nd layer then deGoogled Androids on 3rd layer then PostMarketOS on 4th or 5th layer.
Depends what they are, I think a fair amount of people might be in the same boat, with a few services from different tiers.
I've been on a anti big tech, de-google, privacy journey then last few months. Thank you for all these resources!
Absolutely incredible you also included links. I'm so used to other sites where some has stolen an image to just post it and has no other information in it. I started trying to figure out what each of then logos was before scrolling down lol.
What's the logo between Tor and ProtonVPN?
I am precisely in the middle of this chart.
Is tuta better than protonmail?
Beautiful and I love it Thank you
sexy chart!
Could use some anti-malware/AV for beginners and privacy enthusiast level.
Not everyone in there is running a secured OS.
Iceberg of the year! Btw I would place tiktok the 1st over all softwares in layer 1.
You play games on steam? clearly brainwashed.
also how dare you slander Malwarebytes like that
I guess I'm in the privacy enthusiast section. Although I do use searxng. And I will admit I do use some things from the top layer, like YouTube and steam. Also i don't like how proton is a section above tuta aside from quantum safe encryption which is meaningless at the current state of technology (I agree that could change soon) aside from that proton mail is just as good as tuta.
I use everything from the privacy enthusiast section on a daily basis except for addy.io and tuta since i use proton for email and email aliasing.
Maybe I am wrong, but I think proton doesn't encrypt headers and some metadata, Tuta encrypts everything or almost everything. Also, proton mail is not available in F-Droid
Personally, I don't like proto, it doesn't follow the separation of powers principle, what happens if proton suddenly changes their policy? That is why true free and open software tend to be decentralized, for example mastodon vs bluesky, the only way I can really trust you it is if you can't "betray" me, even if you really want
You might be right I searched it up and found that protonmail doesn't encrypt header lines which isn't great. The f-droid point is also valid. But unfortunately there is no decentralised email providers, even tuta is still centralised. I would be interested if there are any options for decentralised mail.
On another note regardless of whether I'm using proton or tuta it's hardly ever end to end encrypted since everyone I'm sending the mail to uses Gmail.
Tuta is located in Germany which has more power to look into your data than the Swiss government, but it's mhe.
Also what separation of power do you mean? Proton is also owned by a non profit and Tuta is just a Gmbh which is owned by two individuals it seems. Changing something regarding the non profit or the structure is pretty hard to do
Tuta is however more open with that you can find their annual report or at least part of it if you want.
Sorry, I took for granted that you had to buy a pack with vpn, cloud storage, etc. That would have means that you would have to change a lot of services again in the case the proton company let you down. I still think that Tuta is a little more private for the reasons I mentioned
You mentioned almost nothing? Tuta can even more easily change their privacy policy. Not saying Tuta isn’t the right choice, but it’s worse than a lot of people make you think it is
Mark boyle, the man who quit money and electricity
I'm a mix of UbO, Firefox, Windscribe, Windows (modified), Protonmail, Discord, and Cash
@Charger8232 I am privacy enthusiast and I don't plan to go any farther - lack of privacy in one direction, lack of users in the other direction 😁
I don't see Blokada mentioned here. It definitely deserves a mention somewhere.
Is it easy to implement Openwrt?
For me its less "I have nothing to hide" and more "I am literally forced to use this because I have no other option"
Samsung because I cannot afford a Google Pixel that still supports GrapheneOS, I didn't get the money I needed
Steam because I can't play my games without them
Amazon cause that's the only online store my parents will buy from 99% of the time
And Discord because all my friends are on there and I cant get them to move, plus there's currently not a very good Discord alternative imo
I m definitely a privacy enthusiast, but I use searx also, the rest I have no clue what they are
Yeah Tor is just straight up unusable for most sites.
My experience is it does work with most sites. And the minority of sites where it doesn't work are evil sites that I don't want to visit anyway
Maybe email the site admin and let them know
I usually tell them to test their site in Tor Browser on Strict mode to reproduce the issue.
Same.
I use KeepassDX and Aegis, I use Facebook, Viber, Whatsapp and Gmail to communicate, use Linux, also use Lemmy as is apperant from this very comment. I have uBlock Origin installed on Firefox as the main browser, I also have Protonmail as my main email, also I use simpleLogin. My search engine is DuckDuckGo. I also use ProtonVPN and used to use Opera VPN.
I am from all of the above tiers
Monero? Really? I used to mine it and know about it but just advertising crypto is just weird.
Gold is great until you find out you can manufacture it and mass production was kept secret to avoid what happened with diamonds.
The day we can mass produce gold is the day we have a post-scarcity society. Full elemental transmutation, which would be required to mass produce gold, would also eliminate virtually all resource shortages.
We are already post scarcity
The scarcity of housing and food is artificial scarcity
Post-scarcity refers to most goods being able to be produced in abundance with minimal human labor. Even assuming that current food production fully falls under that umbrella, housing definitely does not, and it requires a lot more than just food and housing.
Housing it definitely does. There's more empty houses than homeless people.
We've already arrived at post scarcity. All we need to do is this off the capitalists that keep unused housing empty. The scarcity is artificial
I was referring to the fact that building and maintaining housing is still a largely manual process, and requires a fairly large amount of human labor. Maintaining power, water, sewage, and other things required for modern housing requires an even larger amount of human work.
Whether there are enough houses to actually fit all the people is unrelated to this.
My point is we already did all that. Thanks to efforts from our ancestors, we no longer have a scarcity of housing.
What we do have is a bunch of oligarchs who have stolen our housing and are holding it for ransom
Post-scarcity does not refer to the physical resources required to maintain civilization. It refers to the ability to maintain said resources and civilization without a lot of human labor. We could have ten houses per person, but housing still wouldn't fall under the post-scarcity umbrella until we could maintain and build new houses with minimal human labor.
We already have that. Think of how much food and housing could be built with all the money and resources used building bombs and fighter jets. Think about all the resources it will take to rebuild what has been destroyed in the middle east. We need to genetically eliminate psychopathic tendencies, and then immediately outlaw further human genetic alterations for two or three generations afterwards.
Because obviously what starts as innocent will become genetic modifications to prevent diseases, and then the remaining assholes will start saying that being gay it trans or black is a disease too. Hell, they might try to make us all blond hair and blue eyes if people get their way.
Again, none of that has anything to do with what post-scarcity actually means. It doesn't matter if we are misusing resources. What matters is that even if we did use those resources for food and housing, the food and housing would still require a significant amount of human labor to produce.
As for your completely unrelated idea of making specific changes to the entirety of humanity, then discarding the ability to do so after making the ones you want, that seems incredibly short-sighted. While it could theoretically be used to make pointless cosmetic changes as you said, it could also be used to make countless objective improvements to the human body. It's basically like saying we should throw away any ability to shape metal because it can be used to make weapons.
Edit: Also, being trans is absolutely something that could be fixed just by giving them the right sex from birth, sparing them a lifetime of dysphoria.
produce gold? please tell me how one "mass produces" a base element?
Mines