- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
This is original content. AI was not used anywhere except for the bottom right image, simply because I could not find one similar enough to what I needed. This took around 6 hours to make.
Transcription (for the visually impaired)
(I tried my best)
The background is an iceberg with 6 levels, denoting 6 different levels of privacy.
The tip of the iceberg is titled “The Brainwashed” with a quote beside it that says “I have nothing to hide”. The logos depicted in this section are:
- Apple
- TikTok
- PayPal
- Google Chrome
- CashApp
- Samsung
- Steam
- Microsoft Windows
- Ring (Security Camera)
- YouTube
- Amazon
- Discord
- Gmail
- ChatGPT
The surface section of the iceberg is titled “As seen on TV” with a quote beside it that says “This video is sponsored by…”. The logos depicted in this section are:
An underwater section of the iceberg is titled “The Beginner” with a quote beside it that says “I don’t like hackers and spying”. The logos depicted in this section are:
- Telegram
- Authy
- Brave Browser
- Privacy.com (Virtual Cards)
- DuckDuckGo
- iMessage
- Proton Mail
- AdBlock (Browser Extension)
A lower section of the iceberg is titled “The Privacy Enthusiast” with a quote beside it that says “I have nothing I want to show”. The logos depicted in this section are:
An even lower section of the iceberg is titled “The Privacy Activist” with a quote beside it that says “Privacy is a human right”. The logos depicted in this section are:
- Monero
- GrapheneOS
- Vanadium (Web Browser)
- KeePassDX
- SimpleX Chat
- Accrescent
- SearXNG
- Aegis Authenticator
- OpenWrt
- Mullvad VPN
- An illustration of physical cash
The lowest portion of the iceberg is titled “The Ghost”. There is a quote beside it that has been intentionally redacted. The images depicted in this section are:
- A cancel sign over a mobile phone, symbolizing “no electronics”
- An illustration of a log cabin, symbolizing “living in a log cabin in the woods”
- A picture of gold bars, symbolizing “paying only in gold”
- A picture of a death certificate, symbolizing “faking your own death”
- An AI generated picture of a person wearing a black hoodie, a baseball cap, a face mask, and reflective sunglasses, symbolizing “hiding ones identity in public”
End of transcription.
You must log in or # to comment.
I love this! May I share on my blog and with my newsletter subscribers at Punching Up Press? We’re probably in boxes #2 and #3, with a lot of readers starting off in box #1.
I guess I’m in the privacy enthusiast section. Although I do use searxng. And I will admit I do use some things from the top layer, like YouTube and steam. Also i don’t like how proton is a section above tuta aside from quantum safe encryption which is meaningless at the current state of technology (I agree that could change soon) aside from that proton mail is just as good as tuta.
I use everything from the privacy enthusiast section on a daily basis except for addy.io and tuta since i use proton for email and email aliasing.
Maybe I am wrong, but I think proton doesn’t encrypt headers and some metadata, Tuta encrypts everything or almost everything. Also, proton mail is not available in F-Droid
Personally, I don’t like proto, it doesn’t follow the separation of powers principle, what happens if proton suddenly changes their policy? That is why true free and open software tend to be decentralized, for example mastodon vs bluesky, the only way I can really trust you it is if you can’t “betray” me, even if you really wantTuta is located in Germany which has more power to look into your data than the Swiss government, but it’s mhe.
Also what separation of power do you mean? Proton is also owned by a non profit and Tuta is just a Gmbh which is owned by two individuals it seems. Changing something regarding the non profit or the structure is pretty hard to do
Tuta is however more open with that you can find their annual report or at least part of it if you want.
Sorry, I took for granted that you had to buy a pack with vpn, cloud storage, etc. That would have means that you would have to change a lot of services again in the case the proton company let you down. I still think that Tuta is a little more private for the reasons I mentioned
You might be right I searched it up and found that protonmail doesn’t encrypt header lines which isn’t great. The f-droid point is also valid. But unfortunately there is no decentralised email providers, even tuta is still centralised. I would be interested if there are any options for decentralised mail.
On another note regardless of whether I’m using proton or tuta it’s hardly ever end to end encrypted since everyone I’m sending the mail to uses Gmail.
I have no clue why telegram is often mentioned when it comes to “privacy focused messaging”. They don’t even have e2e encrypted group chats. Only 1:1 chats may be encrypted as an opt-in. Even WhatsApp is more secure than that, since they use signals encryption.
Also the “we don’t give out even a byte of data to anyone” statements made by telegram have been thoroughly debunked as lies. When telegrams bottom line is in danger, they have and will give out your data.
Just curious, does telegram keep a log of our msgs? Im guessing right now, mitm attacks doesn’t work since tls exists, but telegram can still read the msg cuz it’s not e2e?
Yea, telegram being advertised as a privacy messenger is a joke. If people want to have group chats like in discord and don’t care about privacy, whatever. But to try and flaunt how privacy focused you are while using your own home-brewed encryption is a joke. Not to mention the fact you have to turn it on for every chat you want end to end encrypted.
The whole thing about not giving out data is really only accomplished by spreading user data across several countries. So you would have to get a search warrant from every country to get the data, relying on some countries not wanting to cooperate with other countries. That is not real security. Real security would be encrypting it so you literally couldn’t give them the data, even if they had a search warrant. Ya know, like signal.
well that section has a few not so effective services, like authy, and imo brave and adblock, to depict what people believe at that point. and telegram probably gets to be there because it’s not the usual big tech companies, and it seems fine, even if unencrypted.
Only 1:1 chats may be encrypted as an opt-in.
and only on the phone app
well that section has a few not so effective services, like authy, and imo brave and adblock, to depict what people believe at that point.
Yes, this is the exact reason Telegram was put there. I even see Telegram recommended alongside Signal, despite the privacy risks.
WhatsApp claim to use this. They do not show their code nor did they do any kind of audit. Therefore we have to assume that there is no encryption.
or that some part of the encryption, like key handling is flawed. also, considering they have an RCE vulnerability every year, I wouldn’t be surprised if the encryption keys could just be stolen remotely.
we also don’t know if facebook has implemented some kind of analytics for message content, sent files and media.
Iceberg of the year! Btw I would place tiktok the 1st over all softwares in layer 1.
I feel that I2P is missing somewhere in here too.
Because of Lemmy: proton, GrapheneOS, pi hole, open wrt, nextcloud
@Charger8232
It’s nice how firefox is just nowhere in therechromium is taking its place, somehow
@greywolf0x1 That there is Vanadium, GrapheneOS’s hardened Chromium… also funny how Tor is above GrapheneOS and Mullvad and all that stuff. Not much sense is being made on the two levels above ghost.
Wow this blew up. People still not getting the meme portion of this?
Is tuta better than protonmail?
I use something from each tier except the As Seen on TV tier.
I give workshops oj privacy. I always tell them that if they get nothing else out of my presentation, its that they should use a password manager.
Honestly I think keepass should be beginner. That comes first before everything else.
Also I think Tor Browser should come before VPNs. Its free and easier to use than VPNs (for when you want to google something secret and don’t want to be tracked. Most beginners would be selective like that)
Why keepass and not Bitwarden? Wouldn’t bitwarden be more user friendly for trying to ease people into secure technologies?
Bitwarden had some security issues historically. I generally recommend using software for password managers that isn’t internet connected.
My keepass trainings involve generating a veracrypt encrypted USB drive (for windows and Mac users) for storing a backups of their keepass file. I also recommend they upload it to whatever cloud storage they use (google drive or iCloud usually)
Bitwarden had some security issues historically.
What security issues? If you mean potential security vulnerabilities researcher found that they’ve patched, I don’t understand how that would be different from Keepass and their previous security vulnerabilities. Bitwarden has never had a security issues historically that I know of. Lastpass, on the other hand…
I generally recommend using software for password managers that isn’t internet connected.
I also recommend they upload it to whatever cloud storage they use
I also really don’t get these two. They seem to contradict each other.
I usually recommend bitwarden, where they can use the browser extension and mobile phone app. It gives them autofill features on all their sites. Getting someone to change their passwords and use a password manager is already difficult enough. Giving them the most convenient option is going to make it more like they stick with it.
You play games on steam? clearly brainwashed.
also how dare you slander Malwarebytes like that
@Charger8232 I am privacy enthusiast and I don’t plan to go any farther - lack of privacy in one direction, lack of users in the other direction 😁
TAILS is missing :(
as is i2p, qbittorrent and a few others
And qubes/whonix.
So what’s the deal with i2p? I heard it was a more secure alternative to vpns, I downloaded it but I haven’t been motivated to figure out how to set it up on Linux.
It’s more similar to tor than a vpn.
Ah, is it considered more secure, or is it just different?
as a darknet it’s more secure than tor, but less people use it so less anonymous. the benefits are really for using in-network services there, not so much for accessing the clearnet, though you’ll find clearnet things bridged to i2p
That’s how amnesiac it is.
I wouldn’t put Telegram at the level. I would put it in “The Brainwashed.” Its encryption is disabled by default. You need to manually enable it on each chat, and you can’t enable it on group chats. The app gives a false sense of privacy. Telegram flaunts its end-to-end encryption, but it never mentions that it is disabled by default, and it refuses to enable the default. The final result is that people are not using the feature.
A cryptographer and professor wrote a good piece about Telegram’s encryption, calling it “unusual” and the “non-standard authenticated encryption mode ever invented”: Is Telegram really an encrypted messaging app?
