This is original content. AI was not used anywhere except for the bottom right image, simply because I could not find one similar enough to what I needed. This took around 6 hours to make.
Transcription (for the visually impaired)
(I tried my best)
The background is an iceberg with 6 levels, denoting 6 different levels of privacy.
The tip of the iceberg is titled “The Brainwashed” with a quote beside it that says “I have nothing to hide”. The logos depicted in this section are:
- Apple
- TikTok
- PayPal
- Google Chrome
- CashApp
- Samsung
- Steam
- Microsoft Windows
- Ring (Security Camera)
- YouTube
- Amazon
- Discord
- Gmail
- ChatGPT
The surface section of the iceberg is titled “As seen on TV” with a quote beside it that says “This video is sponsored by…”. The logos depicted in this section are:
An underwater section of the iceberg is titled “The Beginner” with a quote beside it that says “I don’t like hackers and spying”. The logos depicted in this section are:
- Telegram
- Authy
- Brave Browser
- Privacy.com (Virtual Cards)
- DuckDuckGo
- iMessage
- Proton Mail
- AdBlock (Browser Extension)
A lower section of the iceberg is titled “The Privacy Enthusiast” with a quote beside it that says “I have nothing I want to show”. The logos depicted in this section are:
An even lower section of the iceberg is titled “The Privacy Activist” with a quote beside it that says “Privacy is a human right”. The logos depicted in this section are:
- Monero
- GrapheneOS
- Vanadium (Web Browser)
- KeePassDX
- SimpleX Chat
- Accrescent
- SearXNG
- Aegis Authenticator
- OpenWrt
- Mullvad VPN
- An illustration of physical cash
The lowest portion of the iceberg is titled “The Ghost”. There is a quote beside it that has been intentionally redacted. The images depicted in this section are:
- A cancel sign over a mobile phone, symbolizing “no electronics”
- An illustration of a log cabin, symbolizing “living in a log cabin in the woods”
- A picture of gold bars, symbolizing “paying only in gold”
- A picture of a death certificate, symbolizing “faking your own death”
- An AI generated picture of a person wearing a black hoodie, a baseball cap, a face mask, and reflective sunglasses, symbolizing “hiding ones identity in public”
End of transcription.
I love this! May I share on my blog and with my newsletter subscribers at Punching Up Press? We’re probably in boxes #2 and #3, with a lot of readers starting off in box #1.
I guess I’m in the privacy enthusiast section. Although I do use searxng. And I will admit I do use some things from the top layer, like YouTube and steam. Also i don’t like how proton is a section above tuta aside from quantum safe encryption which is meaningless at the current state of technology (I agree that could change soon) aside from that proton mail is just as good as tuta.
I use everything from the privacy enthusiast section on a daily basis except for addy.io and tuta since i use proton for email and email aliasing.
Maybe I am wrong, but I think proton doesn’t encrypt headers and some metadata, Tuta encrypts everything or almost everything. Also, proton mail is not available in F-Droid
Personally, I don’t like proto, it doesn’t follow the separation of powers principle, what happens if proton suddenly changes their policy? That is why true free and open software tend to be decentralized, for example mastodon vs bluesky, the only way I can really trust you it is if you can’t “betray” me, even if you really wantYou might be right I searched it up and found that protonmail doesn’t encrypt header lines which isn’t great. The f-droid point is also valid. But unfortunately there is no decentralised email providers, even tuta is still centralised. I would be interested if there are any options for decentralised mail.
On another note regardless of whether I’m using proton or tuta it’s hardly ever end to end encrypted since everyone I’m sending the mail to uses Gmail.
Tuta is located in Germany which has more power to look into your data than the Swiss government, but it’s mhe.
Also what separation of power do you mean? Proton is also owned by a non profit and Tuta is just a Gmbh which is owned by two individuals it seems. Changing something regarding the non profit or the structure is pretty hard to do
Tuta is however more open with that you can find their annual report or at least part of it if you want.
Sorry, I took for granted that you had to buy a pack with vpn, cloud storage, etc. That would have means that you would have to change a lot of services again in the case the proton company let you down. I still think that Tuta is a little more private for the reasons I mentioned
Is tuta better than protonmail?
I think I’m probably slowly transitioning to “the ghost” but more as a matter of digital minimalism than for privacy lmao
Kudos for inclusive alt texting!!
I have no clue why telegram is often mentioned when it comes to “privacy focused messaging”. They don’t even have e2e encrypted group chats. Only 1:1 chats may be encrypted as an opt-in. Even WhatsApp is more secure than that, since they use signals encryption.
Also the “we don’t give out even a byte of data to anyone” statements made by telegram have been thoroughly debunked as lies. When telegrams bottom line is in danger, they have and will give out your data.
WhatsApp claim to use this. They do not show their code nor did they do any kind of audit. Therefore we have to assume that there is no encryption.
or that some part of the encryption, like key handling is flawed. also, considering they have an RCE vulnerability every year, I wouldn’t be surprised if the encryption keys could just be stolen remotely.
we also don’t know if facebook has implemented some kind of analytics for message content, sent files and media.
Yea, telegram being advertised as a privacy messenger is a joke. If people want to have group chats like in discord and don’t care about privacy, whatever. But to try and flaunt how privacy focused you are while using your own home-brewed encryption is a joke. Not to mention the fact you have to turn it on for every chat you want end to end encrypted.
The whole thing about not giving out data is really only accomplished by spreading user data across several countries. So you would have to get a search warrant from every country to get the data, relying on some countries not wanting to cooperate with other countries. That is not real security. Real security would be encrypting it so you literally couldn’t give them the data, even if they had a search warrant. Ya know, like signal.
Just curious, does telegram keep a log of our msgs? Im guessing right now, mitm attacks doesn’t work since tls exists, but telegram can still read the msg cuz it’s not e2e?
well that section has a few not so effective services, like authy, and imo brave and adblock, to depict what people believe at that point. and telegram probably gets to be there because it’s not the usual big tech companies, and it seems fine, even if unencrypted.
Only 1:1 chats may be encrypted as an opt-in.
and only on the phone app
well that section has a few not so effective services, like authy, and imo brave and adblock, to depict what people believe at that point.
Yes, this is the exact reason Telegram was put there. I even see Telegram recommended alongside Signal, despite the privacy risks.
I just switched from Android to iOS, and while I have many complaints, I’m pleasantly surprised by how “walled off” the apps mostly are. Unlike Android, they have to comply to function for the general public.
It feels a lot more like tier two, where it isn’t like a spyware implant but your banking app or whatever will still function. And yes I know it’s far from good, just talking degrees here…
I just switched from iOS to deGoogled Android (e/OS setup by Murena) and as discussing with a friend yesterday, the biggest trade off is arguably security, namely than iOS and AOSP are relatively secure (even though far form perfect) and applications have both permissions to explicitly request and also containerized (e.g. limited file system access) … yet you do not need a security flaw to exist if your data are being exfiltrated periodically by the OS or apps. So arguably depending on your thread model (e.g. voluntarily offering your data vs spam/scam vs private malicious actors like NSO vs state level espionage) and your needs (banking apps vs Web equivalent) then one can be more appropriate than the other.
I agree that Apple, while not entirely private, is still a decent choice compared to Android. They both have their flaws though.
deleted by creator
Thanks for providing this. It is obvious you put a lot of time into this. Truly appreciated. I will have to look into these.
How did you find these yourself?
Thank you so, so much for the transcription, appreciated!
Using basic things like Graphene OS and keepass shouldn’t be considered privacy activist
Pretty good!! I agree with 95%.
Loved the “As seen on TV” category!
I agree that Tuta is more secure than ProtonMail.
Some are blended like Tor, that should be in Activist if used in secured computer.
Was not aware of the existence of Coincarp (logo by GrapheneOS). Is a crypto price tracker used by Activists? I left crypto a couple of years ago but though Activists just don´t trade much and stick for the long haul and use Monero for purchases.
Was not aware of the existence of Coincarp (logo by GrapheneOS). Is a crypto price tracker used by Activists? I left crypto a couple of years ago but though Activists just don´t trade much and stick for the long haul and use Monero for purchases.
The logos next to it are Vanadium, which is a web browser made by GrapheneOS, and Aegis Authenticator, which is a time-based one-time password (TOTP) application.
Wow… I use Aegis exclusively as my authenticator since 2 years ago and completely did not recognize the logo by itself!!! I used Yandex image search and it told me coincarp… Sorry.
Curious why Tuta may be more secure than Proton? I’ve been debating switching off Proton but calibrating my risk profile, Germany being part of 14 Eyes and all.
Its not. They don’t even sign their releases or support PGP
Tuta is not a proton replacement
I would probably argue they are the same in terms of security and privacy. Privacy communities tend to disfavor Proton because its all eggs in one basket, and also for political reasons. Both of those are subjective to your personal threat/privacy profile.
Its true that a single point of failure is more risk than separate services, but that fact doesn’t undermine their security on a technical level, and has nothing to do with privacy. As for the political, yes it’s something to watch but nothing wrong has been done. They are set up as a non profit with checks and measures in place to prevent corruption from happening. I’m OK with different points of view and having different points of view on a board is a good thing.
The CEO of Proton has tried cozying to Trump and any company led by a guy who does that is knocked down several notches for me
If any service is at the whim of someone’s emotions or opinions, it’s at the bottom, and it should stay there.
Let the program be the program, and if we can’t see how it’s written, assume the above is true.
Foss or die
Technically speaking is highly contested and you have arguments pro and con, one way an another. They use different technologies so it is hard to compare properly, specially since it depends on the users using it properly.
If the technology is good, it does not matter where it is located. Switzerland, specially since a couple of years, does provide more freedom guarantees than Germany but it is not immune at all, actually, the US had used the Alpine country to do operations due to its attractiveness to dissidents and criminals alike. However, for the overwhelming majority of customers, either option is fine for they privacy and security. Only metadata has been obtained in few instances in both companies and nothing else… at least no that was used in a court of law.
For ultimate targets, if they have to rely on email, that they should not, I would choose Tuta though. These are my reasons.
- It has a lesser footprint, so less likely intelligence agencies tried to infiltrate it.
- The people behind are there fro the very beginning and show their faces publicly (Many in Proton too like the CEO, but it is no so transparent with the rest)
- The people of Tuta are more ideological so it is a barrier for intelligent services to penetrate. Tuta has show however being anti the Russian government (rightly or not), so this point is not valid if you are in that side.
- Tuta has a very organic and progressive growth. Proton had an explosive growth. Of course, it could been good marketing, but still…
- Proton still today requires Google’s Push Notification servers, after years and years demanding a solution. Tuta had that solved since long, long ago.
- Recently a case came in Canada of a intelligent agent using Tuta since “it was infiltrate by intelligence agencies”… After a few hours going through the case, I read it the opposite, he used it because he actually considered it a better choice to cover his crime. He was not that high in the ranks, but I read that the he resumption o these officers.
- Nothing regarding security, but as a paying customer for both I was “tricked” far less by Tuta. Proton, for instance, does not refund you, only gives you credits. Even 20min after an accidental 2yr renewal I got stuck with them unwillingly. That practice should never be acceptable for a SaaS.
Now, Proton overall, for most is a bit more reliable and full feature and better put together so it is easier to recommend. Think of Proton as the Apple of emails, quite secure and miles away from Gmail, but security wise and ethically, of the two, my bet would be with Tuta.
Is it easy to implement Openwrt?
I’m like a mix of the three tiers above ghost and in not really trying to be which is odd
Tried the Privacy Activist and Enthusiast section. Was not really fun and you loose connection to most of your friends and family. Now I have a balanced setup with something out of each layer. Perfect balanced, as things should be
Everyone’s personal comfort level.
Give tech classes to elderly. Explaining to them the iphone photo face recognition saw several of their eyes bug out of their head. Some loved it.
Totally agree about the self ostracization. While I agree with the sentiment you’ll cripple yourself socially.
Finding your personal comfort zone is the tech journey
Heeeey it’s me. Totally socially crippled.
I don’t even know how to maintain relationships, don’t have an interest in trying. There’s something wrong with me.
My only friend on this planet is my uncle.
Vibe
I get it. Am this way to an extent. Mom for me.
Recently attempted to be social at work. Out of the 5, 1 is worth spending additional time with.
If you are comfortable with yourself and who you are, it may take a bit to meet people you actually enjoy.
If you feel like something is wrong with you therapy would not hurt. Reccomend it for everyone to get them the self care tools they need/want.
In my experience I was attempting to be social out of obligation and why it always felt like pulling teeth to do anything is because I didn’t really like the people I was with.
Wish you luck bb 🙏
I’ve done the whole therapy thing, I just do not have it in me to have friends.
I haven’t had a desire to make a friend since I was a kid.
I do get lonely. I’ll have a thought that I’d like to share and I know I drive my wife crazy.
I wouldn’t even care if I could find a way to make some money. Right now I’m a stay at home dad. That’s what my wife wanted me to do. I was making money on the stock market, not taking big risks, just making above minimum wage. Then the election happened and now that’s over.
Thank you for caring.
Being social is pretty similar to exercising. When you first try to do it after a while, it’s usually painful and not enjoyable. It isn’t until practicing and keeping at it that it will get easier and you can actually feel the benefits. Finding someone that you can actually share your hobbies with can go a long way, especially if they are able to give some sort of input as well that is beneficial to what you’re working on.
I live deep in the Appalachian mountains and I haven’t met a single person interested in the things that I am since I was a kid.
I’m so bad and hate socializing so much that I recently got the Mortal Kombat II deluxe arcade cabinet, the same dude kept joining my match every single time I played so I just stopped going online haha.
He contacted me and we talked once, and that was that.
I really like him too, I just can’t handle it. Even that tiny little bit of it.
I don’t know why I’m like that. I’m not bad at talking to people. I’ve been told I’m damn good at it. I’ve been told I’m charismatic and all that. There’s just something broken in me.
Probably comes from the abuse I suffered as a kid if I’m being honest. It was rough, and it trained me I guess.
But then again, my whole family is like me. I don’t even know 90% of them, but I can tell you that 90% of them do not have Facebook. The ones that do, they don’t ever post, they don’t ever like, nothing. It’s like it’s just who we are or something.
I have brothers who grew up in different households. Two of them never experienced any abuse as children, they were spoiled. They are just like me. They talk to no one.
So maybe it’s the environment you live on? If I lived in the Appalachian mountains I’d just relax alone to keep the peace, sounds comfy enough for me. People in the Nordics are like that too.
I have taken my own approach; there are things from each layer that I use. Some begrudgingly but others gladly.
The problem I faced when starting this journey is it does cut out a lot of people. And it becomes isolsting. So I did reel back a bit.
It’s equally frustrating to talk to people who’re completely entrenched in the Enthusiast / Activist section. The utter disconnect when it comes to what’s viable for most people is annoying to deal with sometimes. Statements like “Everyone who is able to read can easily learn to use Arch Linux” or “Everyone can flash their phone” do give me headaches. Was there, did both, wouldn’t recommend to my less nerdy family.
deleted by creator
yeah honestly i really think that you should swap to linux!
I can totally understand where you are coming from.
I eochold the view that if you can read, you too can install GrapheneOS, or try Linux; but that doesn’t make it right for everyone. It’s a self imposed journey. I can’t expect everyone to make the same choices I do.
That is where I will educate people as to why I chose what I chose; however I will not try to force someone down the same road.
So totally understood.
Giving it a try is most of the time the first step. I tried GrapheneOS , used it until my device no longer received updates. Then Google Pixels got disappointing and iOS 14/15 got out with big privacy changes, so I switched the first time to Apple. I know, ironic , but it works for me. I remove most permissions from apps, use my own DNS block list enforced by MDM and if possible, self host my apps and services or use paid / open source ones. I am here on Lemmy instead of Reddit or Instagram…. I also tried Jollas SailfishOS v3 , it was ok, but this was back at the time very limited for social interactions, now with v5 it would have been better. Also good to know, at my place , Apple Pay is one of the most secure and private pay systems…. I hate that, this feels wrong.
i also hate the idea of giving up apple pay when testing graphene. i really hope to find a somewhat ok alternative, but from what i’ve heard it seems to be the best there is atm :(
deleted by creator
I used to run LineageOS with a lot of my own tweaks to meet my privacy needs; however I reached a point I decided it didn’t fit my needs for security. So, I went back to GrapheneOS. Which, I am 1uite haply with. Ultimately, I dream of a fully operational Linux phone of sorts; but we aren’t there yet.
I ditched reddit, and most centralized social media. I ditched many big tech services in place of self hosting my own. And even that is mostly locked down. Very little exposed to the web. Ad blocking, as well as my own underlying upstream DNS, with a fallback that isn’t Google or Cloudflare. Services being firewalled off. Reverse proxy setup limiting access via IP:Port while also including SSL certs for local only https.
And this list goes on; it’s a constant journey. But the hard part is to still be social. Hahaha
Did you look at SailfishOS (Linux Smartphone) It supports Android App virtualization.
Cant say that I have, but will now!
Yea, being able to and actually doing so are very different. Reading is the barrier to entry for most everything. Time and energy are the missing resources, though. I am a tech enthusiast, and I struggle to find time to do all the things I want.
I get that. We all make choices to decide what we do with our time.
It’s easy, just don’t have any friends or family! /sad panda
Totally agree with this, two steps forward one step back basically
Cash and Monero being on the same tier is very funny
