This is original content. AI was not used anywhere except for the bottom right image, simply because I could not find one similar enough to what I needed. This took around 6 hours to make.
Transcription (for the visually impaired)
(I tried my best)
The background is an iceberg with 6 levels, denoting 6 different levels of privacy.
The tip of the iceberg is titled “The Brainwashed” with a quote beside it that says “I have nothing to hide”. The logos depicted in this section are:
- Apple
- TikTok
- PayPal
- Google Chrome
- CashApp
- Samsung
- Steam
- Microsoft Windows
- Ring (Security Camera)
- YouTube
- Amazon
- Discord
- Gmail
- ChatGPT
The surface section of the iceberg is titled “As seen on TV” with a quote beside it that says “This video is sponsored by…”. The logos depicted in this section are:
An underwater section of the iceberg is titled “The Beginner” with a quote beside it that says “I don’t like hackers and spying”. The logos depicted in this section are:
- Telegram
- Authy
- Brave Browser
- Privacy.com (Virtual Cards)
- DuckDuckGo
- iMessage
- Proton Mail
- AdBlock (Browser Extension)
A lower section of the iceberg is titled “The Privacy Enthusiast” with a quote beside it that says “I have nothing I want to show”. The logos depicted in this section are:
An even lower section of the iceberg is titled “The Privacy Activist” with a quote beside it that says “Privacy is a human right”. The logos depicted in this section are:
- Monero
- GrapheneOS
- Vanadium (Web Browser)
- KeePassDX
- SimpleX Chat
- Accrescent
- SearXNG
- Aegis Authenticator
- OpenWrt
- Mullvad VPN
- An illustration of physical cash
The lowest portion of the iceberg is titled “The Ghost”. There is a quote beside it that has been intentionally redacted. The images depicted in this section are:
- A cancel sign over a mobile phone, symbolizing “no electronics”
- An illustration of a log cabin, symbolizing “living in a log cabin in the woods”
- A picture of gold bars, symbolizing “paying only in gold”
- A picture of a death certificate, symbolizing “faking your own death”
- An AI generated picture of a person wearing a black hoodie, a baseball cap, a face mask, and reflective sunglasses, symbolizing “hiding ones identity in public”
End of transcription.
I have no clue why telegram is often mentioned when it comes to “privacy focused messaging”. They don’t even have e2e encrypted group chats. Only 1:1 chats may be encrypted as an opt-in. Even WhatsApp is more secure than that, since they use signals encryption.
Also the “we don’t give out even a byte of data to anyone” statements made by telegram have been thoroughly debunked as lies. When telegrams bottom line is in danger, they have and will give out your data.
Yea, telegram being advertised as a privacy messenger is a joke. If people want to have group chats like in discord and don’t care about privacy, whatever. But to try and flaunt how privacy focused you are while using your own home-brewed encryption is a joke. Not to mention the fact you have to turn it on for every chat you want end to end encrypted.
The whole thing about not giving out data is really only accomplished by spreading user data across several countries. So you would have to get a search warrant from every country to get the data, relying on some countries not wanting to cooperate with other countries. That is not real security. Real security would be encrypting it so you literally couldn’t give them the data, even if they had a search warrant. Ya know, like signal.
Just curious, does telegram keep a log of our msgs? Im guessing right now, mitm attacks doesn’t work since tls exists, but telegram can still read the msg cuz it’s not e2e?
WhatsApp claim to use this. They do not show their code nor did they do any kind of audit. Therefore we have to assume that there is no encryption.
or that some part of the encryption, like key handling is flawed. also, considering they have an RCE vulnerability every year, I wouldn’t be surprised if the encryption keys could just be stolen remotely.
we also don’t know if facebook has implemented some kind of analytics for message content, sent files and media.
well that section has a few not so effective services, like authy, and imo brave and adblock, to depict what people believe at that point. and telegram probably gets to be there because it’s not the usual big tech companies, and it seems fine, even if unencrypted.
Only 1:1 chats may be encrypted as an opt-in.
and only on the phone app
well that section has a few not so effective services, like authy, and imo brave and adblock, to depict what people believe at that point.
Yes, this is the exact reason Telegram was put there. I even see Telegram recommended alongside Signal, despite the privacy risks.
Pretty good!! I agree with 95%.
Loved the “As seen on TV” category!
I agree that Tuta is more secure than ProtonMail.
Some are blended like Tor, that should be in Activist if used in secured computer.
Was not aware of the existence of Coincarp (logo by GrapheneOS). Is a crypto price tracker used by Activists? I left crypto a couple of years ago but though Activists just don´t trade much and stick for the long haul and use Monero for purchases.
deleted by creator
I would probably argue they are the same in terms of security and privacy. Privacy communities tend to disfavor Proton because its all eggs in one basket, and also for political reasons. Both of those are subjective to your personal threat/privacy profile.
Its true that a single point of failure is more risk than separate services, but that fact doesn’t undermine their security on a technical level, and has nothing to do with privacy. As for the political, yes it’s something to watch but nothing wrong has been done. They are set up as a non profit with checks and measures in place to prevent corruption from happening. I’m OK with different points of view and having different points of view on a board is a good thing.
Technically speaking is highly contested and you have arguments pro and con, one way an another. They use different technologies so it is hard to compare properly, specially since it depends on the users using it properly.
If the technology is good, it does not matter where it is located. Switzerland, specially since a couple of years, does provide more freedom guarantees than Germany but it is not immune at all, actually, the US had used the Alpine country to do operations due to its attractiveness to dissidents and criminals alike. However, for the overwhelming majority of customers, either option is fine for they privacy and security. Only metadata has been obtained in few instances in both companies and nothing else… at least no that was used in a court of law.
For ultimate targets, if they have to rely on email, that they should not, I would choose Tuta though. These are my reasons.
- It has a lesser footprint, so less likely intelligence agencies tried to infiltrate it.
- The people behind are there fro the very beginning and show their faces publicly (Many in Proton too like the CEO, but it is no so transparent with the rest)
- The people of Tuta are more ideological so it is a barrier for intelligent services to penetrate. Tuta has show however being anti the Russian government (rightly or not), so this point is not valid if you are in that side.
- Tuta has a very organic and progressive growth. Proton had an explosive growth. Of course, it could been good marketing, but still…
- Proton still today requires Google’s Push Notification servers, after years and years demanding a solution. Tuta had that solved since long, long ago.
- Recently a case came in Canada of a intelligent agent using Tuta since “it was infiltrate by intelligence agencies”… After a few hours going through the case, I read it the opposite, he used it because he actually considered it a better choice to cover his crime. He was not that high in the ranks, but I read that the he resumption o these officers.
- Nothing regarding security, but as a paying customer for both I was “tricked” far less by Tuta. Proton, for instance, does not refund you, only gives you credits. Even 20min after an accidental 2yr renewal I got stuck with them unwillingly. That practice should never be acceptable for a SaaS.
Now, Proton overall, for most is a bit more reliable and full feature and better put together so it is easier to recommend. Think of Proton as the Apple of emails, quite secure and miles away from Gmail, but security wise and ethically, of the two, my bet would be with Tuta.
Its not. They don’t even sign their releases or support PGP
Tuta is not a proton replacement
The CEO of Proton has tried cozying to Trump and any company led by a guy who does that is knocked down several notches for me
If any service is at the whim of someone’s emotions or opinions, it’s at the bottom, and it should stay there.
Let the program be the program, and if we can’t see how it’s written, assume the above is true.
Foss or die
Was not aware of the existence of Coincarp (logo by GrapheneOS). Is a crypto price tracker used by Activists? I left crypto a couple of years ago but though Activists just don´t trade much and stick for the long haul and use Monero for purchases.
The logos next to it are Vanadium, which is a web browser made by GrapheneOS, and Aegis Authenticator, which is a time-based one-time password (TOTP) application.
Wow… I use Aegis exclusively as my authenticator since 2 years ago and completely did not recognize the logo by itself!!! I used Yandex image search and it told me coincarp… Sorry.
I just switched from Android to iOS, and while I have many complaints, I’m pleasantly surprised by how “walled off” the apps mostly are. Unlike Android, they have to comply to function for the general public.
It feels a lot more like tier two, where it isn’t like a spyware implant but your banking app or whatever will still function. And yes I know it’s far from good, just talking degrees here…
Even before I cared about privacy, I think Apple would’ve been unacceptable to me due to how tightly locked down it is. Like… I’d have to go through hoops and pay some money for a cert (not much if you know where to look, but still) to get something as basic as an adless Youtube client.
I agree that Apple, while not entirely private, is still a decent choice compared to Android. They both have their flaws though.
I just switched from iOS to deGoogled Android (e/OS setup by Murena) and as discussing with a friend yesterday, the biggest trade off is arguably security, namely than iOS and AOSP are relatively secure (even though far form perfect) and applications have both permissions to explicitly request and also containerized (e.g. limited file system access) … yet you do not need a security flaw to exist if your data are being exfiltrated periodically by the OS or apps. So arguably depending on your thread model (e.g. voluntarily offering your data vs spam/scam vs private malicious actors like NSO vs state level espionage) and your needs (banking apps vs Web equivalent) then one can be more appropriate than the other.
Throw away mobile phone and just use an air gapped machine. Your productivity will tank but then you’ll eventually add local databases of the shit you actually need on your air gapped machine and your productivity will triple.
Well shit, I shouldn’t be the first to tell you that if you’re serious about your privacy then get off of windows.
Also if the CIA is targeting with you with air gap malware, then you fucked all the way up. Pedophiles are saying “damn, fuck that guy”
The government targeting pedos? That would be a more effective way to eliminate government than doge
This is Lemmy. You’re the 30billionth to tell me.
Since we are 6, that’s about 6 billion times per each of us.
I think someone is stealing some of my 6 billion for themselves. Just some. Not all. Just. Some.
Yeah, that’s because I didnn’t count you!
Your productivity will tank
Will it though? It’s not like paying with cash or even a credit/debit card takes radically longer than paying with a phone. It’s not like reading a book vs mindlessly scrolling Reddit or Lemmy makes productivity drop.
We get used to instantaneous tasks and convenience but in fine it’s like speeding up while driving from work to home, it’s not really the seconds or even minutes daily that count, it’s where you are going.
So… a “dumb” phone will probably for most not make productivity “tank” IMHO.
until you need to collaborate with the average person who uses google docs and gmail
What does that have to do with a phone?
Edit: FWIW you can say no (ideally explaining why, even providing an alternative while doing so, e.g. NextCloud with CollaboraOffice, for email… well you can clarify in a footer that this email thread is not private and suggest creating Tuta or ProtonMail account, even if one time use) to people who use Google Docs and GMail. You can also have a one time use account.
Yes, your productivity is going to tank. No way you’ll be prepared for a full air gapped machine on day 1.
TIL I’m a privacy activist–who can help me get to the ghost mode?
(Do I even want to get there or is that limited to journalists who have entire states trying to unalive them?)Do I even want to get there
Only you can answer that.
or is that limited to journalists who have entire states trying to unalive them?
Pretty much, but if you want to give up all technology, work for yourself, and fake your death, then more power to you!
Seems like faking your death would cause more privacy problems than it solves. Why not just “stay alive” with a completely innocuous identity? Then adopt some new identity which cannot be traced back to the original?
If you’re alive, you are asked for documents such as property records, taxes, etc. and if you refuse then bad things happen. If you fake your death, no more questions are asked and you can take on fake identities. In essence, faking your death takes your identity out of “the system”
Easier than you think it is. Hard to keep at it. All you need to do is stop using a phone or computers. Death cert is only needed when you’ve been compromised and people are out to get you. Gold isnt really usable unless you stumble onto a secret underground society where all trade is done in gold. Realistically, you’d sooner be trading goods (or services) for other goods (or services).
This level technically shuns technology and that brings its own challenges. Its like saying you cant have privacy with technology. I dont necessarily agree with this statement so I’d say don’t go to this level.
You should stage your death, like they tried to do on prison break and then move to Mexico or Columbia. Send me a DM for more information /J
limited to journalists who have entire states trying to unalive them. Don’t live your life in fear
There is this steadily growing activist group that you could join up with.
Android missing?
Hi from near the top of the iceberg. I have five from the top and two from the next level down, plus two from level four. A balanced diet?
Depends what they are, I think a fair amount of people might be in the same boat, with a few services from different tiers.
Android missing?
I wasn’t able to fit everything, but I specifically excluded Android, because it isn’t inherently bad. GrapheneOS is based on the Android Open Source Project (AOSP), for example, so I didn’t want to give the wrong idea.
I’d put Android/iOS on top layer then AOSP on the 2nd layer then deGoogled Androids on 3rd layer then PostMarketOS on 4th or 5th layer.
I think this is the first time I’ve seen an iceberg meme with sources and explanations for each item. Fantastic. Your work is appreciated.
Iceberg explanations are a whole Youtube genre, though - it’s such a convenient narrative structure.
To be honest, and it wouldn’t work here, but I sometime enjoy the cryptic nature of iceberg memes at the lower ranks. It’s like a scavenger hunt.
ayo, I think I won the privacy bingo! thats what this is right?
I was at the bike shop a few weeks back and a ghost walked in. He came in wearing a medical mask covered by a bandana, sunglasses, cap. They wore gloves, long sleaved pants and shirt.
First question from staff, ‘this a robbery?’
Ghost, ‘no, I just need 27 2.5 tubes, miss.’
They get the tubes, he agrees. Staff asks if he has an account. Ghost says, “nope, why would I need one?” Staff says they do it for records, insurance claim assist, and discounts. Ghost goes with a John Doe, pays cash and peaces the fuck out.
Total King, but dude was given up a lot. Half of us were drinking beers enjoying a warm evening in spring. I hope he has had some good rides.
I can say with confidence thay he was a white male. In his 50s. About 5’10". 140 lbs-ish. If anyone wants to get any tips, good luck!
“No, no… the robbery’s far too far to walk”
Ha. The tubes were the final pieces to the getaway vehicle
I would drop off the face of the earth only to stash porn mags all over the woods.
Speaking as a former kid of rural america you would be doing the lords work, friend
I respect it but what’s the point? I kinda hope he’s some kind of super-criminal or as you say he’s given up a lot to hide from a state that probably doesn’t even care he exists even if they did know who he was.
Probably an activist who isn’t just protecting himself
I’d have guessed white nationalist if it was anywhere but a bike shop
Don’t make assumptions. Privacy is a right for all
Exactly right. My bad. Thanks for the reminder. Geography and majority opinions in the area were coloring my perspective but are not relevant
I’m no ghost, not even close. Be careful though, “what’s the point?” Is essentially the question everybody asks at every phase of that iceberg diagram.
A possible answer to your question though, is that even if the state doesn’t know or care about him today that might change tomorrow.
That’s not my threat profile but it’s a valid one.
What’s the issue with steam? I thought the epic game store was the one actively spying on your device
They also have so many security breaches that it won’t even make the news anymore.
Many of those are caused by people having insecure accounts without enabling 2FA etc. And there is a lot of money involved, even the top TF2 accounts are worth tens of thousands of euro’s
I am now paranoid about someone getting in and deleting my gibus
I could also imagine DRM, though not directly privacy related, being a thing. Like the issues of freedom and openness are probably also important to many people who value privacy and might therefore prefer GOG or something over Steam.
Edit: I see someone else mentioned this already: https://lemmy.world/comment/16903223
Until recently, your steam activity and games played are public and your relationship with other steam users can be traced even if you have a private profile.
Good to know, thanks
Steam has telemetry. They gather a ton of data on you. What details, how they use it, and how secure it is I can’t answer, but it’s clear that it’s happening.
Does that happen only when you use Steam or is it gathering data at all times?
I don’t know. I’m sure it only transmits when active, but that doesn’t mean its not collecting data at all times. If you’re on windows you can turn it off with a script, but it might turn back on after major updates.
I’m on Linux, actually. I installed Steam with great reluctance because everything else I’m running is privacy-friendly FOSS stuff but one of my best friends wanted to play something and there was no other way. As it always happens, we ended up never playing together and I just did stuff on my own, so I should probably just uninstall it at this point.
Thanks!
Use flatpak steam and faltseal to deny as access to user directories.
It collects and stores information about your system and also has your identity tied to your purchases.
I don’t think it’s a big privacy concern as far as tracking and spying on you.
But realize any device you install steam on then is tied to your real identity if you purchased games on that account. And can be used with data gained from other parties to determine your online activity if a government were to be able to obtain both.
I have a little bit of everything except As Seen on TV and Ghost.
I mostly have 3,4,5 and still use YT and Discord
Where’s GOG.com?
Not sure if gog has anything to do with privacy. Altho if it was on the list I imagine it’d be up there with steam ( not sure why that one’s on the list either )
I’d argue that gog might be a bit better, since you can download executables from their website, and then use them offline, without telemetry. But still, I think neither are necessarily all that relevant here.
Well that sounds like a malware poisoned well
They are a relatively established game storefront, and have been at it for over a decade. Same Corp that’s also behind CD Projekt Red.
In the end, any storefront that distributes executables could in theory distribute malware, but I’d honestly be more worried about steam, since their publishing process seems a lot more automated, with less oversight.
As a US citizen your crypto transactions need to be individually listed in your tax returns. It’s the main reason I don’t use crypto, it makes my taxes super complicated.
I absolutely report all of my cryptocurrency that the government would need to break PKI to trace back to me. I would never violate laws that I could rely on never being caught violating.
Sorry, this post is a bit confusing…
deleted by creator
Ohh, gotcha! Yeah, I’m not messing around with taxes. That can get you in some serious trouble.
Unless it’s one of those cases that matters the most, like being wealthy.
On the 5th layer I’d add NitroKey or YubiKey to remind people that in addition to software you can have physical tokens too.
I considered adding security keys, but I ran out of space and couldn’t decide on a “de facto” brand
Gold is great until you find out you can manufacture it and mass production was kept secret to avoid what happened with diamonds.
produce gold? please tell me how one “mass produces” a base element?
alchemy
The day we can mass produce gold is the day we have a post-scarcity society. Full elemental transmutation, which would be required to mass produce gold, would also eliminate virtually all resource shortages.
We are already post scarcity
The scarcity of housing and food is artificial scarcity
Post-scarcity refers to most goods being able to be produced in abundance with minimal human labor. Even assuming that current food production fully falls under that umbrella, housing definitely does not, and it requires a lot more than just food and housing.
We already have that. Think of how much food and housing could be built with all the money and resources used building bombs and fighter jets. Think about all the resources it will take to rebuild what has been destroyed in the middle east. We need to genetically eliminate psychopathic tendencies, and then immediately outlaw further human genetic alterations for two or three generations afterwards.
Because obviously what starts as innocent will become genetic modifications to prevent diseases, and then the remaining assholes will start saying that being gay it trans or black is a disease too. Hell, they might try to make us all blond hair and blue eyes if people get their way.
Housing it definitely does. There’s more empty houses than homeless people.
We’ve already arrived at post scarcity. All we need to do is this off the capitalists that keep unused housing empty. The scarcity is artificial
I was referring to the fact that building and maintaining housing is still a largely manual process, and requires a fairly large amount of human labor. Maintaining power, water, sewage, and other things required for modern housing requires an even larger amount of human work.
Whether there are enough houses to actually fit all the people is unrelated to this.
My point is we already did all that. Thanks to efforts from our ancestors, we no longer have a scarcity of housing.
What we do have is a bunch of oligarchs who have stolen our housing and are holding it for ransom
