- cross-posted to:
- privacy@lemmy.ca
- cross-posted to:
- privacy@lemmy.ca
This is original content. AI was not used anywhere except for the bottom right image, simply because I could not find one similar enough to what I needed. This took around 6 hours to make.
Transcription (for the visually impaired)
(I tried my best)
The background is an iceberg with 6 levels, denoting 6 different levels of privacy.
The tip of the iceberg is titled “The Brainwashed” with a quote beside it that says “I have nothing to hide”. The logos depicted in this section are:
- Apple
- TikTok
- PayPal
- Google Chrome
- CashApp
- Samsung
- Steam
- Microsoft Windows
- Ring (Security Camera)
- YouTube
- Amazon
- Discord
- Gmail
- ChatGPT
The surface section of the iceberg is titled “As seen on TV” with a quote beside it that says “This video is sponsored by…”. The logos depicted in this section are:
An underwater section of the iceberg is titled “The Beginner” with a quote beside it that says “I don’t like hackers and spying”. The logos depicted in this section are:
- Telegram
- Authy
- Brave Browser
- Privacy.com (Virtual Cards)
- DuckDuckGo
- iMessage
- Proton Mail
- AdBlock (Browser Extension)
A lower section of the iceberg is titled “The Privacy Enthusiast” with a quote beside it that says “I have nothing I want to show”. The logos depicted in this section are:
An even lower section of the iceberg is titled “The Privacy Activist” with a quote beside it that says “Privacy is a human right”. The logos depicted in this section are:
- Monero
- GrapheneOS
- Vanadium (Web Browser)
- KeePassDX
- SimpleX Chat
- Accrescent
- SearXNG
- Aegis Authenticator
- OpenWrt
- Mullvad VPN
- An illustration of physical cash
The lowest portion of the iceberg is titled “The Ghost”. There is a quote beside it that has been intentionally redacted. The images depicted in this section are:
- A cancel sign over a mobile phone, symbolizing “no electronics”
- An illustration of a log cabin, symbolizing “living in a log cabin in the woods”
- A picture of gold bars, symbolizing “paying only in gold”
- A picture of a death certificate, symbolizing “faking your own death”
- An AI generated picture of a person wearing a black hoodie, a baseball cap, a face mask, and reflective sunglasses, symbolizing “hiding ones identity in public”
End of transcription.
You must log in or register to comment.
Just tell the normie that you have nothing to say if you have nothing to hide. Also, why there’s no F-Droid?
Kudos for inclusive alt texting!!
I think this is the first time I’ve seen an iceberg meme with sources and explanations for each item. Fantastic. Your work is appreciated.
To be honest, and it wouldn’t work here, but I sometime enjoy the cryptic nature of iceberg memes at the lower ranks. It’s like a scavenger hunt.
Iceberg explanations are a whole Youtube genre, though - it’s such a convenient narrative structure.
Funny how you need more and more technical knowledge to go deeper into privacy, until the last level, which is basically giving up on technology itself.
The last level is living in a cabin in the woods and writing manifestos about industrial society and the ills of technology O_o
Hey, it’s my house! How’d you get a picture of it?!
It’s genuinely wild that Firefox and LibreWolf are nowhere on these
I wouldn’t put Telegram at that level. I would put it in “The Brainwashed.” Its encryption is disabled by default. You need to manually enable it on each chat, and you can’t enable it on group chats. The app gives a false sense of privacy. Telegram flaunts its end-to-end encryption, but it never mentions that it is disabled by default, and it refuses to enable the default. The final result is that people are not using the feature.
A cryptographer and professor wrote a good piece about Telegram’s encryption, calling it “unusual” and the “non-standard authenticated encryption mode ever invented”: Is Telegram really an encrypted messaging app?
I don’t like hackers and spying
brave
lol. lmao, even.
ExpressVPN is an arm of Israeli intelligence and should be on the tip of the iceberg: https://www.reuters.com/technology/expressvpn-employees-complain-about-ex-spys-top-role-company-2021-09-23/
All users should cancel their accounts immediately.
I was at the bike shop a few weeks back and a ghost walked in. He came in wearing a medical mask covered by a bandana, sunglasses, cap. They wore gloves, long sleaved pants and shirt.
First question from staff, ‘this a robbery?’
Ghost, ‘no, I just need 27 2.5 tubes, miss.’
They get the tubes, he agrees. Staff asks if he has an account. Ghost says, “nope, why would I need one?” Staff says they do it for records, insurance claim assist, and discounts. Ghost goes with a John Doe, pays cash and peaces the fuck out.
Total King, but dude was given up a lot. Half of us were drinking beers enjoying a warm evening in spring. I hope he has had some good rides.
I can say with confidence thay he was a white male. In his 50s. About 5’10". 140 lbs-ish. If anyone wants to get any tips, good luck!
I would drop off the face of the earth only to stash porn mags all over the woods.
Speaking as a former kid of rural america you would be doing the lords work, friend
“No, no… the robbery’s far too far to walk”
Ha. The tubes were the final pieces to the getaway vehicle
I have no clue why telegram is often mentioned when it comes to “privacy focused messaging”. They don’t even have e2e encrypted group chats. Only 1:1 chats may be encrypted as an opt-in. Even WhatsApp is more secure than that, since they use signals encryption.
Also the “we don’t give out even a byte of data to anyone” statements made by telegram have been thoroughly debunked as lies. When telegrams bottom line is in danger, they have and will give out your data.
well that section has a few not so effective services, like authy, and imo brave and adblock, to depict what people believe at that point. and telegram probably gets to be there because it’s not the usual big tech companies, and it seems fine, even if unencrypted.
Only 1:1 chats may be encrypted as an opt-in.
and only on the phone app
well that section has a few not so effective services, like authy, and imo brave and adblock, to depict what people believe at that point.
Yes, this is the exact reason Telegram was put there. I even see Telegram recommended alongside Signal, despite the privacy risks.
Yea, telegram being advertised as a privacy messenger is a joke. If people want to have group chats like in discord and don’t care about privacy, whatever. But to try and flaunt how privacy focused you are while using your own home-brewed encryption is a joke. Not to mention the fact you have to turn it on for every chat you want end to end encrypted.
The whole thing about not giving out data is really only accomplished by spreading user data across several countries. So you would have to get a search warrant from every country to get the data, relying on some countries not wanting to cooperate with other countries. That is not real security. Real security would be encrypting it so you literally couldn’t give them the data, even if they had a search warrant. Ya know, like signal.
Even Threema is more secure than Telegram, this iceberg is messed up and missing a lot of things and some inconsistencies. You could say it’s not free but so isn’t mullvad and it’s in the iceberg.
WhatsApp claim to use this. They do not show their code nor did they do any kind of audit. Therefore we have to assume that there is no encryption.
or that some part of the encryption, like key handling is flawed. also, considering they have an RCE vulnerability every year, I wouldn’t be surprised if the encryption keys could just be stolen remotely.
we also don’t know if facebook has implemented some kind of analytics for message content, sent files and media.
Just curious, does telegram keep a log of our msgs? Im guessing right now, mitm attacks doesn’t work since tls exists, but telegram can still read the msg cuz it’s not e2e?
Tried the Privacy Activist and Enthusiast section. Was not really fun and you loose connection to most of your friends and family. Now I have a balanced setup with something out of each layer. Perfect balanced, as things should be
I have taken my own approach; there are things from each layer that I use. Some begrudgingly but others gladly.
The problem I faced when starting this journey is it does cut out a lot of people. And it becomes isolsting. So I did reel back a bit.
It’s equally frustrating to talk to people who’re completely entrenched in the Enthusiast / Activist section. The utter disconnect when it comes to what’s viable for most people is annoying to deal with sometimes. Statements like “Everyone who is able to read can easily learn to use Arch Linux” or “Everyone can flash their phone” do give me headaches. Was there, did both, wouldn’t recommend to my less nerdy family.
The FOSS circlejerk for lack of better term is very loud on Fediverse as a whole. It’s tiring when each time anyone mentions using Windows, or Apple there’s at least one fucker telling you to swap to linux lol…
It’s very loud so I have thought at times to switch back to reddit, where it’s at least less pervasive.
yeah honestly i really think that you should swap to linux!
I can totally understand where you are coming from.
I do hold the view that if you can read, you too can install GrapheneOS, or try Linux; but that doesn’t make it right for everyone. It’s a self imposed journey. I can’t expect everyone to make the same choices I do.
That is where I will educate people as to why I chose what I chose; however I will not try to force someone down the same road.
So totally understood.
Giving it a try is most of the time the first step. I tried GrapheneOS , used it until my device no longer received updates. Then Google Pixels got disappointing and iOS 14/15 got out with big privacy changes, so I switched the first time to Apple. I know, ironic , but it works for me. I remove most permissions from apps, use my own DNS block list enforced by MDM and if possible, self host my apps and services or use paid / open source ones. I am here on Lemmy instead of Reddit or Instagram…. I also tried Jollas SailfishOS v3 , it was ok, but this was back at the time very limited for social interactions, now with v5 it would have been better. Also good to know, at my place , Apple Pay is one of the most secure and private pay systems…. I hate that, this feels wrong.
I used to run LineageOS with a lot of my own tweaks to meet my privacy needs; however I reached a point I decided it didn’t fit my needs for security. So, I went back to GrapheneOS. Which, I am 1uite haply with. Ultimately, I dream of a fully operational Linux phone of sorts; but we aren’t there yet.
I ditched reddit, and most centralized social media. I ditched many big tech services in place of self hosting my own. And even that is mostly locked down. Very little exposed to the web. Ad blocking, as well as my own underlying upstream DNS, with a fallback that isn’t Google or Cloudflare. Services being firewalled off. Reverse proxy setup limiting access via IP:Port while also including SSL certs for local only https.
And this list goes on; it’s a constant journey. But the hard part is to still be social. Hahaha
Did you look at SailfishOS (Linux Smartphone) It supports Android App virtualization.
Cant say that I have, but will now!
i also hate the idea of giving up apple pay when testing graphene. i really hope to find a somewhat ok alternative, but from what i’ve heard it seems to be the best there is atm :(
Yea, being able to and actually doing so are very different. Reading is the barrier to entry for most everything. Time and energy are the missing resources, though. I am a tech enthusiast, and I struggle to find time to do all the things I want.
I get that. We all make choices to decide what we do with our time.
It’s easy, just don’t have any friends or family! /sad panda
Totally agree with this, two steps forward one step back basically
Everyone’s personal comfort level.
Give tech classes to elderly. Explaining to them the iphone photo face recognition saw several of their eyes bug out of their head. Some loved it.
Totally agree about the self ostracization. While I agree with the sentiment you’ll cripple yourself socially.
Finding your personal comfort zone is the tech journey
Heeeey it’s me. Totally socially crippled.
I don’t even know how to maintain relationships, don’t have an interest in trying. There’s something wrong with me.
My only friend on this planet is my uncle.
I get it. Am this way to an extent. Mom for me.
Recently attempted to be social at work. Out of the 5, 1 is worth spending additional time with.
If you are comfortable with yourself and who you are, it may take a bit to meet people you actually enjoy.
If you feel like something is wrong with you therapy would not hurt. Reccomend it for everyone to get them the self care tools they need/want.
In my experience I was attempting to be social out of obligation and why it always felt like pulling teeth to do anything is because I didn’t really like the people I was with.
Wish you luck bb 🙏
I’ve done the whole therapy thing, I just do not have it in me to have friends.
I haven’t had a desire to make a friend since I was a kid.
I do get lonely. I’ll have a thought that I’d like to share and I know I drive my wife crazy.
I wouldn’t even care if I could find a way to make some money. Right now I’m a stay at home dad. That’s what my wife wanted me to do. I was making money on the stock market, not taking big risks, just making above minimum wage. Then the election happened and now that’s over.
Thank you for caring.
Being social is pretty similar to exercising. When you first try to do it after a while, it’s usually painful and not enjoyable. It isn’t until practicing and keeping at it that it will get easier and you can actually feel the benefits. Finding someone that you can actually share your hobbies with can go a long way, especially if they are able to give some sort of input as well that is beneficial to what you’re working on.
I live deep in the Appalachian mountains and I haven’t met a single person interested in the things that I am since I was a kid.
I’m so bad and hate socializing so much that I recently got the Mortal Kombat II deluxe arcade cabinet, the same dude kept joining my match every single time I played so I just stopped going online haha.
He contacted me and we talked once, and that was that.
I really like him too, I just can’t handle it. Even that tiny little bit of it.
I don’t know why I’m like that. I’m not bad at talking to people. I’ve been told I’m damn good at it. I’ve been told I’m charismatic and all that. There’s just something broken in me.
Probably comes from the abuse I suffered as a kid if I’m being honest. It was rough, and it trained me I guess.
But then again, my whole family is like me. I don’t even know 90% of them, but I can tell you that 90% of them do not have Facebook. The ones that do, they don’t ever post, they don’t ever like, nothing. It’s like it’s just who we are or something.
I have brothers who grew up in different households. Two of them never experienced any abuse as children, they were spoiled. They are just like me. They talk to no one.
So maybe it’s the environment you live on? If I lived in the Appalachian mountains I’d just relax alone to keep the peace, sounds comfy enough for me. People in the Nordics are like that too.
Wife not fren, fren?
Vibe
Was going to say links or it never happened but you provided them! And categorized by level! Excelsior!
Thanks also to the comments giving more information.
So grateful for this platform. For the most part.
Apple: “Brainwashed”
iMessage: “Beginner”
Well which one is it?
Brave 🤮🤮🤮
Can you explain why you would think Steam is so bad? I would argue they’re pretty fair, especially with the option to buy steam cards for cash to not disclose your personal data. Does the client do some unsavory shit?
Seeing steam at the top makes me question the list. Likely a hate of DRM rather than privacy
Yeap, and Brave in the middle. They only pretend they are for privacy, but they are the very opposite.
Yeah i hate when I see people using Brave, because they have been brainwashed.
Does anyone remember when they were injecting their own referral links into links for online stores (99% certain they did this pls prove wrong if you know better)? This alone leaves them with 0 trust in my books.
Brave is and always has been gross. Never understood how they’ve been so successful at tricking people into installing it.
OP replied in another comment its because “firefox is not secure” https://lemmy.dbzer0.com/post/43710170/18564861 :
[…] Chromium-based browsers aren’t all bad, such as Vanadium or Trivalent, so people sometimes feel more comfortable sticking with what seems familiar (coming from Chrome).
In another reply parents to this one:
LibreWolf is far from secure, as it is based on Firefox and so comes with the same security issues. If you meant to say privacy and not security, the reason nobody makes high threat model browsers for Windows is because Windows itself is not private and it would be a losing battle.
So OP is saying it’s not private nor safe? I get what some people are saying of Firefox constantly changing Terms of Services but that’d be in regard to privacy not security and OP tries to argue not being safe which his iceberg also implies in terms of privacy not being good too. Yeah, LibreFox’s ToS isn’t the same as Firefox’s ToS and his counterarguments to Firefox and Firefox-based on replies is Chrome-based browsers exclusive to niche OSes (also OP don’t even try arguing Brave on comments so probably just trying to rage-bait with every opportunity). I’d love OP to argue using the examples he used in the iceberg. So many discourse incosistencies along with the iceberg. Also OP FYI while privacy does not mean secure, lack of privacy could mean security risks in some cases.
Yeah. All the issues, even small and quickly-resolved ones, paint a picture - that they are eager to disrespect users’ consent.
No epic store and brave is not on the top…
They’re not the very opposite. They have done wrong things, just like Mozilla. Doesn’t make them Google though.
They are not “just like” Mozilla.
That’s not what I wrote
Also, please stop with the Mozilla praise
You seem unaware of the bullshit they do. They’re not clean at all.
and then Tor so high up, unless you’re hell bent on leaving 0 traces that thing is a pain to use, can’t have it maximalised, pages load sometimes minutes at a time, no addons, just suffering. nobody sane uses that thing for more than the occasional trip to whatever deep web market is not yet exit scamming
Their bottom line is gold, this should tell you everything you need to know about the creator of the meme.
it also has a log cabin… and Log Cabin is a maple syrup brand… and maple syrup is from maple trees… and maple leaves are on Canadian flags… so… a snowman?
It might be there because there is a lot of data associated with the steam account, especially the community part of it, e.g.:
- Recorded playtimes
- Times and dates when you are regularly logged in
- Possession of games which are precisely tagged by genre/interests/etc.
- On which time and date you spent how much money (participation in sales in the steam store)
- Timestamped posts and comments in groups based on various interests etc.
- Curators/devs/publishers you follow
- Your game wishlist
- Connection and interaction with other steam accounts (friends list, chat, trades, gifts)
All this can be used to create a very detailed behaviour profile and accurately deduce the social status of the real person who uses the account. Maybe the data isn’t misused and it’s just there so the features can actually exist.
Personally, I doubt Valve actually does this as expansive and invasive as other big tech companies. I’m pretty sure they at least aggregate anonymised data to measure how e.g. their sales perform, which game to promote on the store front page etc.
But we can’t be sure because it’s not public.
i don’t think valve does much with the data even internally. if they did at least the game recommending queue would be slightly accurate. instead i have to manually blacklist tags for it to stop showing me things i’m just deeply uninterested in. like yes Mr. Valve my steam library of RPGs, puzzle games, and open world sandboxes clearly profiles me as someone who’d be interested in the newest Fifa game every year, sure buddy
I think they changed the name in the newer versions so surely you’ll be interested now!
now you say it, maybe it’s my clicker games that make Valve think i’d like to buy a game where the point seems to be that the number in the title goes up by one every year
Yes but my point was that I believe they changed the name from FIFAYY to FCYY (and I think raised the price).
woah! the innovation!
afaik the client does collect a bunch if data, most (all, i think? but not a 100% on that) of which is opt-in.
they do need stuff like IPs for internet related features.
telemetry wise there’s the steam hardware survey, which is opt-in, and it asks every single time it attempts to collect your systems hardware and OS information. this could technically be identifying information, but since it’s opt-in it’s not a privacy violation and it’s entirely optional. (plus it’s super useful for all involved: users, devs, and steam. it’s kind of a win-win and straight up necessary info for devs to know which hardware they should optimize for)
they might be putting it at the top because steam has native support for DRM?
but that’s also weird, because DRM isn’t a privacy violation. it’s a shitty practice, barely does anything, barely works, and keeps breaking or hobbling otherwise perfectly good games, all of which is shitty, but it’s little to do with privacy. and the dev has to specifically opt-in and integrate it as a feature…unless they’re thinking of 3rd party DRM that can be waaay more intrusive, like Vanguard… THAT’S a privacy and security nightmare just waiting to blow up in people’s faces.
otherwise…i haven’t really heard anything bad about steam privacy wise?
doesn’t mean that there’s nothing to be concerned about, but i feel like there’d been some news about it if there was…
Agree. Steam doesn’t even save your birthday, and asks for it every time
They legally have to.
No. And also chrome is somehow at the bottom of this list, I don’t care if it’s chromium or vanadium, it’s still chrome.
It’s Vanadium, a fork by the people from GrapheneOS. You could say the same about Graphene, that it’s still Android, but reality is more complex.
Chromium-based browsers have arguably better security than Firefox. https://madaidans-insecurities.github.io/firefox-chromium.html
Vanadium further improves Chromium’s security by disabling the JS JIT Compiler, using a hardened memory allocator (GrapheneOS hardened_malloc) enabling ARMv8.5 MTE, and applying other hardening patches (https://github.com/GrapheneOS/Vanadium/tree/main/patches).
The secureblue project maintains a hardened Chromium build for Linux called Trivalent, which uses most of the patches from Vanadium, among others. You can get it from their repo: https://repo.secureblue.dev/secureblue.repo
I really wanted to include Trivalent, but I didn’t want to seem too Chromium-oriented and start a flame war.
You could add secureblue. I would put it in the same category as GrapheneOS and Vanadium.
An issue arises with that. Linux is fundamentally insecure, as you are likely well aware if you use secureblue. secureblue is designed to be as secure as possible while still being Linux, and so is still bound by the same constraints. Qubes OS is not a distro, so it (should be) more secure, but it is an absolute pain to use. Furthermore, Qubes OS emulates Linux distros, so the question becomes “Why not just emulate the most secure Linux distro?” which is either Whonix or secureblue depending on who you ask. Is that more secure than running secureblue on bare metal? What about GrapheneOS used in desktop mode? And what about emulating Linux inside of GrapheneOS using the Linux terminal? There are plans to use multiple distros inside of the terminal, so what about secureblue inside of GrapheneOS?
The whole situation spirals out of control. I know this iceberg chart isn’t ranking security, it’s ranking what software people generally use for each experience level, but neither secureblue nor Qubes OS would fit nicely in any category. You can read this post for more of my thoughts about this mess.
I know about the security issues in desktop Linux, but I still think secureblue fits that level of the iceberg pretty well. I would put Qubes there as well.
