I know there are plenty of software missing from here. This is just a fun infographic I made, no need to take it seriously :)
What’s with the diss on Malwarebytes?
Mainly because it’s proprietary, privacy invasive by nature, and invasive on computers.
They’re taking it too seriously lol
It’s also a shit product riding on marketing laurels from its past glory days, like Norton. It leaves pieces behind that can cause malware to come roaring back.
It isn’t hard to just nuke a system or restore a backup people.
Proprietary sure, but how is it privacy invasive let alone invasive on computers?
What non-proprietary option is there? I can’t think of a single antivirus option which is actually remotely decent which is open.
ClamAV is an open source antivirus, but I would recommend against using an antivirus altogether due to their invasive nature. You shouldn’t need one with proper sandboxing and isolation.
ClamAV is slow to get updates and frankly not a great tool to use. AV is a must as isolation and sandboxing are only as good as the next exploit. Not too mention scams like phishing are not stopped by isolation.
where’s the shovel and double-ziplocs to bury your cash, silver, gold, platinum, and palladium? or the zippo to burn your prints off? get on my level, ho
You may be interested in this infographic instead ;)
Lol proton vpn
Still secure
VPN services aren’t for security they’re for getting around regional blocks. If you want privacy build your own. But even then youll still be tracked
They are multipurpose. You can’t deny using a VPN over no VPN increases anonymity
Incorrect. It just means someone has to throw money at proton to get that data instead of throwing at ISPs and marketing nuts. They are subject to the same capitalistic pressures as anyone else.
I2P needs more torrents and more people.
Torrenting over VPN service is also dumb. Why bother just get a seedbox that accepts xmr
The post is about security /privacy, the non American ceos political opinions don’t impact that. Proton is still a good VPN/mail provider
What’s wrong with Proton VPN?
They’re pro-Trump
There are no alternative options for me, as a free user.
that’s fine for now. Mullvad is very affordable though.
I’m aware. I will use it when i finally decide to pay for even more privacy.
I don’t undurstand how Graphene can bigger than Linux on this list.
The size on the list does not matter. I resized them so they could fit better on the page.
Yes but you could have used only graphene logo, it’s too big
I wanted to show that it is a mobile OS for those who are unaware
iOS is actually secure
Yes and no. It’s certainly better than stock android. You won’t find anyone who says otherwise. But it creates unnecessary dependancies on apple’s ecosystem and Apple can’t be trusted. Nothing with shareholders can be trusted. Apple might be an ally today but they are a US based-company operating within the confines of what the US will let it do.
All their cloud services are pretty poorly protected too. Every year or so me and my friends will find Chinese gibberish entries in our calendars that link to phishing sites. These get cleaned up eventually but it proves that Apple is lying about not being able to access your shit.
I’m planning my exodus from the Apple ecosystem and looking at grapheneOS but I’m still in the skeptic stage. I have lots of cloud decoupling to do and my self hosting ambitions are big so at the moment my iPhone isnt the biggest priority to change out.
But I absolutely do not trust it.
Cool and who validates the code base for security vulnerability? And sends tons of packets related to tracking back to there servers?
the codebase itself? besides XNU, nobody… but, given the immense amount of scrutiny placed on the software, if there was some magic backdoor (an intentional one, anyway, not talking about like NSO group RCEs 'n shit), don’t you think we’d know?
the average person doesn’t even know what grapheneos is. if they’re either going to buy an iphone, or some generic android phone running a vendor kernel that hasn’t been patched this administration, i’d want them to buy the iphone.
There are massive backdoors, tho on android too. How do you think Pegasus works
moi: “not talking about like NSO group RCEs 'n shit”
tu: “how do you think pegasus works”
you could have at least picked a different cyberwarfare company…
by that logic, every OS under the sun has massive backdoors. bugs exist, man. my point was that for the average person, a fully-patched ithing is going to be among the more secure options.
Are you interested in a bridge?
Lineageos is good enough and runs on most devices.
And isn’t Nitrokey a blackbox? At least there are multiple Open Source implementations and some even sold as Open Hardware. Yubikey and so on.
It’s not about what you use, but how you use it. PEBCAK Almost 100% privacy and security is offline at home, reading a book, if you bought the book with cash and not online and/or with credit card.
You can use Google, Microsoft, Apple and co however you want, the problem is, what you use
Pretty sure banks have a pretty good track record of “keeping your money safe”. Why the fuck would anybody trust banks to keep their money safe I’d they can’t keep your money safe?
I don’t really understand why that statement is even on there?
Unless you mean to argue some anonimity point, which I could agree with considering e.g. Monero would be more anonymous than a bank.
But safe? I’d say the bank is quite safe to store money.
The intention was more “Banks keep my data safe,” but I wanted to provide a clearer explanation that if your data isn’t safe, neither is your money. I didn’t have enough room to put my full thoughts.
Banks keeping your money safe depends on what country you live in and how much its government has regulated them and/or provided some sort of backup in the case of a run or the bank going out of business.
Money in the bank can be seized and frozen for all sorts of reasons. If you’re in the USA, then police can charge your money with a crime even if you haven’t broken any laws. It’s safe until it’s not.
But you do know that Tor/VPN is not really privacy, nor security? It hides your IP, but that’s about it. If you still login, and give any information, and that could just be your “fingerprint” you are not anonymous…
Encryption is a type of security, and Tor/VPNs encrypt your traffic. Accessing .onion sites over Tor is (at least in theory) more secure than accessing clearnet sites.
VPNs know who you are and what websites you visit, so no privacy nor anonymity there. With Tor… It’s complicated. That’s why we have guides like this: http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec.
What anubis has to do with privacy or security?
AI Datasets are a huge privacy breach once they start spilling them up
Nothing, op confused anti AI with anti tracking.
It stops bots from crawling your sites.
Yes, this was the intention. It helps protect your website’s data by slowing down web scrapers.
“Tr0ub4dor&3 is my password for everything.”
crypto currency
This is the correct initial reaction but given the extent to which the US monitors every single transaction everyone makes, it’s getting awful hard to manage the influx of feral hogs without having them streaming through your door.
Well, unlike Bitcoin, Monero is actually anonymous, and sometimes you gotta make payments online.
You can’t do it privately with your card.
Bitcoin’s Lightning Network has onion routing for privacy, like Tor.
When Bitcoin had a bug that allowed some guy to give himself a bazillion bitcoin, it was detected and patched before he was able to sell them. When Monero encounters a similar bug, it will only be detectable by the price going down.
math is always stronger than marketing
Well, usually not. Unfortunately.
I have this bad gut feeling about Signal and Proton, I have no evidence tho.
Some of those mentioned likely are compromised, but cannot figured out which. The thing, is to diversify our risk and the privacy minded to use different platforms (Proton VPN and Mullvad VPN for instance).
The good news, is that if an agency is compromising something, they will likely won’t use the intel gathered in court cases in order to leave it open to future prey, so that is good for vast majority of users. The very few that are relevant enough should not trust even the genuine privacy tools and resort to enhanced methods and combining methodologies.
My impression, and just impression, is that I would trust **Tuta **more than Proton (and not because Proton’s CEO that many interpreted wrong anyways) On VPN… a tad more trust on Mullvad. Signal, I would not use it for high stakes communication but OK for most people. GrapheneOS seems okay and we know for sure it does not leak info on a daily basics, but we have to be careful, it could have an obscure code dormant waiting for a trigger or could easily send data to an unsuspected server, Ironically, if I were Snoden, I would feel more comfortable using a Huawei Mate with HarmonyOS than a Pixel 9 with GrapheneOS… of course China spies too massively, but it has far less beef with Snoden than the US does, therefore not of much interest to Beijing.
Remember that overwhelming majority of FOSS goes without any audit, let alone a comprehensive one. This is what some trusted party should put AI checking ASAP all the FOSS out there!
Very interesting insights. Funnily I use all of the services you cautiously recommend, including GrapheneOS, but not HarmonyOS, hard pass on that one. As a German I am also legally required to prefer Tuta. :) I still have that OG 1€/Month contract.
Edit: Your last point is a good idea, although I think the more popular an open source app is, the less likely it is to be malicious. A lot more eyes on it and the xz backdoor was caught pretty much immediately.
Of course… for us normies… GrapheneOS is the way to go. Very high targeted individuals in the West should however consider HarmonyOS. Of Course the Chinese government has eyes on that one but not specifically targeting you… unless they use it to trade intel on someone of high interest for China but no much collaboration between West and China intelligence agencies today…
True, popularity increases the chances someone auditing. But, to a point. Ideally audit should be performed with every single update and on the servers, and there the premise of more eyes does not hold true no more. Then it comes trust. In a company like Tuta, the people behind showed their faces from day one, the same people are there, is a tight team so harder for a bad apple to do something. Considering both Tuta and Proton were good from inception (and I believe it may be the case), it would probably would be easier for an intelligence agency to penetrate Proton than Tuta, just for the structure that appears they have from outside. Now, Tuta made a horrible mistake once! In the Russian invasion of Ukraine, independently of one’s take on it, Tuta made the “Standing with Ukraine” (March 2022); that was a mistake, it may many doubt if privacy still their paramount over any other ideology. Maybe they have change since since no statements on Gaza… or maybe they agree with what is happening… who knows… that is why they should not make any statements at all, or clarify that while they have their ideologies in no case, ever will compromise their stands on privacy. To be fair, Proton did the same… nothing on Ukraine but on Gaza “We unequivocally condemn the terrorist attacks by Hamas against Israeli civilians […] We also condemn violence against civilians in Gaza”; so I guess both are comparable here! My trust for both is slim, as a company, and even their individuals.
Maybe it’s because the current administration uses signal to plan acts of war and proton’s ceo is supportive of said administration.
They don’t use Signal though. They use a clone called TeleMessage Signal which logs and archives all their messages on an Israeli server, and which a hacker was able to access before the service was suspended.
You can’t really help if someone forks and misuses software.
I don’t think anyway thinks WhatsApp is secure
Yes, they do.
‘But it’s end to end encrypred’ 🙄
![[OC] What People Think Privacy/Security Is](https://lemmy.ml/pictrs/image/30cec389-1586-4849-84ac-d8a9f4f0df5b.png){kind=link}