This is original content. AI was not used anywhere except for the bottom right image, simply because I could not find one similar enough to what I needed. This took around 6 hours to make.
Transcription (for the visually impaired)
(I tried my best)
The background is an iceberg with 6 levels, denoting 6 different levels of privacy.
The tip of the iceberg is titled “The Brainwashed” with a quote beside it that says “I have nothing to hide”. The logos depicted in this section are:
- Apple
- TikTok
- PayPal
- Google Chrome
- CashApp
- Samsung
- Steam
- Microsoft Windows
- Ring (Security Camera)
- YouTube
- Amazon
- Discord
- Gmail
- ChatGPT
The surface section of the iceberg is titled “As seen on TV” with a quote beside it that says “This video is sponsored by…”. The logos depicted in this section are:
An underwater section of the iceberg is titled “The Beginner” with a quote beside it that says “I don’t like hackers and spying”. The logos depicted in this section are:
- Telegram
- Authy
- Brave Browser
- Privacy.com (Virtual Cards)
- DuckDuckGo
- iMessage
- Proton Mail
- AdBlock (Browser Extension)
A lower section of the iceberg is titled “The Privacy Enthusiast” with a quote beside it that says “I have nothing I want to show”. The logos depicted in this section are:
An even lower section of the iceberg is titled “The Privacy Activist” with a quote beside it that says “Privacy is a human right”. The logos depicted in this section are:
- Monero
- GrapheneOS
- Vanadium (Web Browser)
- KeePassDX
- SimpleX Chat
- Accrescent
- SearXNG
- Aegis Authenticator
- OpenWrt
- Mullvad VPN
- An illustration of physical cash
The lowest portion of the iceberg is titled “The Ghost”. There is a quote beside it that has been intentionally redacted. The images depicted in this section are:
- A cancel sign over a mobile phone, symbolizing “no electronics”
- An illustration of a log cabin, symbolizing “living in a log cabin in the woods”
- A picture of gold bars, symbolizing “paying only in gold”
- A picture of a death certificate, symbolizing “faking your own death”
- An AI generated picture of a person wearing a black hoodie, a baseball cap, a face mask, and reflective sunglasses, symbolizing “hiding ones identity in public”
End of transcription.
I think I’m probably slowly transitioning to “the ghost” but more as a matter of digital minimalism than for privacy lmao
Where’s GOG.com?
Not sure if gog has anything to do with privacy. Altho if it was on the list I imagine it’d be up there with steam ( not sure why that one’s on the list either )
I’d argue that gog might be a bit better, since you can download executables from their website, and then use them offline, without telemetry. But still, I think neither are necessarily all that relevant here.
Well that sounds like a malware poisoned well
They are a relatively established game storefront, and have been at it for over a decade. Same Corp that’s also behind CD Projekt Red.
In the end, any storefront that distributes executables could in theory distribute malware, but I’d honestly be more worried about steam, since their publishing process seems a lot more automated, with less oversight.
Can you explain why you would think Steam is so bad? I would argue they’re pretty fair, especially with the option to buy steam cards for cash to not disclose your personal data. Does the client do some unsavory shit?
No. And also chrome is somehow at the bottom of this list, I don’t care if it’s chromium or vanadium, it’s still chrome.
Chromium-based browsers have arguably better security than Firefox. https://madaidans-insecurities.github.io/firefox-chromium.html
Vanadium further improves Chromium’s security by disabling the JS JIT Compiler, using a hardened memory allocator (GrapheneOS hardened_malloc) enabling ARMv8.5 MTE, and applying other hardening patches (https://github.com/GrapheneOS/Vanadium/tree/main/patches).
The securebuild project maintains a hardened Chromium build for Linux called Trivalent, which uses most of the patches from Vanadium, among others. You can get it from their repo: https://repo.secureblue.dev/secureblue.repo
I really wanted to include Trivalent, but I didn’t want to seem too Chromium-oriented and start a flame war.
You could add secureblue. I would put it in the same category as GrapheneOS and Vanadium.
An issue arises with that. Linux is fundamentally insecure, as you are likely well aware if you use secureblue. secureblue is designed to be as secure as possible while still being Linux, and so is still bound by the same constraints. Qubes OS is not a distro, so it (should be) more secure, but it is an absolute pain to use. Furthermore, Qubes OS emulates Linux distros, so the question becomes “Why not just emulate the most secure Linux distro?” which is either Whonix or secureblue depending on who you ask. Is that more secure than running secureblue on bare metal? What about GrapheneOS used in desktop mode? And what about emulating Linux inside of GrapheneOS using the Linux terminal? There are plans to use multiple distros inside of the terminal, so what about secureblue inside of GrapheneOS?
The whole situation spirals out of control. I know this iceberg chart isn’t ranking security, it’s ranking what software people generally use for each experience level, but neither secureblue nor Qubes OS would fit nicely in any category. You can read this post for more of my thoughts about this mess.
I know about the security issues in desktop Linux, but I still think secureblue fits that level of the iceberg pretty well. I would put Qubes there as well.
It’s Vanadium, a fork by the people from GrapheneOS. You could say the same about Graphene, that it’s still Android, but reality is more complex.
When I first installed GOS, wanted to like Vanadium. Went right back into a FF fork+UBO once I saw that while its blocklists did stop ads themselves on TvTropes, it did nothing to the HTML elements that contained them so it left big ugly white boxes visible.
Seeing steam at the top makes me question the list. Likely a hate of DRM rather than privacy
Yeap, and Brave in the middle. They only pretend they are for privacy, but they are the very opposite.
No epic store and brave is not on the top…
Yeah i hate when I see people using Brave, because they have been brainwashed.
Does anyone remember when they were injecting their own referral links into links for online stores (99% certain they did this pls prove wrong if you know better)? This alone leaves them with 0 trust in my books.
Brave is and always has been gross. Never understood how they’ve been so successful at tricking people into installing it.
OP replied in another comment its because “firefox is not secure” https://lemmy.dbzer0.com/post/43710170/18564861 :
[…] Chromium-based browsers aren’t all bad, such as Vanadium or Trivalent, so people sometimes feel more comfortable sticking with what seems familiar (coming from Chrome).
In another reply parents to this one:
LibreWolf is far from secure, as it is based on Firefox and so comes with the same security issues. If you meant to say privacy and not security, the reason nobody makes high threat model browsers for Windows is because Windows itself is not private and it would be a losing battle.
So OP is saying it’s not private nor safe? I get what some people are saying of Firefox constantly changing Terms of Services but that’d be in regard to privacy not security and OP tries to argue not being safe which his iceberg also implies in terms of privacy not being good too. Yeah, LibreFox’s ToS isn’t the same as Firefox’s ToS and his counterarguments to Firefox and Firefox-based on replies is Chrome-based browsers exclusive to niche OSes (also OP don’t even try arguing Brave on comments so probably just trying to rage-bait with every opportunity). I’d love OP to argue using the examples he used in the iceberg. So many discourse incosistencies along with the iceberg. Also OP FYI while privacy does not mean secure, lack of privacy could mean security risks in some cases.
Yeah. All the issues, even small and quickly-resolved ones, paint a picture - that they are eager to disrespect users’ consent.
They’re not the very opposite. They have done wrong things, just like Mozilla. Doesn’t make them Google though.
They are not “just like” Mozilla.
and then Tor so high up, unless you’re hell bent on leaving 0 traces that thing is a pain to use, can’t have it maximalised, pages load sometimes minutes at a time, no addons, just suffering. nobody sane uses that thing for more than the occasional trip to whatever deep web market is not yet exit scamming
Their bottom line is gold, this should tell you everything you need to know about the creator of the meme.
it also has a log cabin… and Log Cabin is a maple syrup brand… and maple syrup is from maple trees… and maple leaves are on Canadian flags… so… a snowman?
It might be there because there is a lot of data associated with the steam account, especially the community part of it, e.g.:
- Recorded playtimes
- Times and dates when you are regularly logged in
- Possession of games which are precisely tagged by genre/interests/etc.
- On which time and date you spent how much money (participation in sales in the steam store)
- Timestamped posts and comments in groups based on various interests etc.
- Curators/devs/publishers you follow
- Your game wishlist
- Connection and interaction with other steam accounts (friends list, chat, trades, gifts)
All this can be used to create a very detailed behaviour profile and accurately deduce the social status of the real person who uses the account. Maybe the data isn’t misused and it’s just there so the features can actually exist.
Personally, I doubt Valve actually does this as expansive and invasive as other big tech companies. I’m pretty sure they at least aggregate anonymised data to measure how e.g. their sales perform, which game to promote on the store front page etc.
But we can’t be sure because it’s not public.
i don’t think valve does much with the data even internally. if they did at least the game recommending queue would be slightly accurate. instead i have to manually blacklist tags for it to stop showing me things i’m just deeply uninterested in. like yes Mr. Valve my steam library of RPGs, puzzle games, and open world sandboxes clearly profiles me as someone who’d be interested in the newest Fifa game every year, sure buddy
I think they changed the name in the newer versions so surely you’ll be interested now!
now you say it, maybe it’s my clicker games that make Valve think i’d like to buy a game where the point seems to be that the number in the title goes up by one every year
Yes but my point was that I believe they changed the name from FIFAYY to FCYY (and I think raised the price).
afaik the client does collect a bunch if data, most (all, i think? but not a 100% on that) of which is opt-in.
they do need stuff like IPs for internet related features.
telemetry wise there’s the steam hardware survey, which is opt-in, and it asks every single time it attempts to collect your systems hardware and OS information. this could technically be identifying information, but since it’s opt-in it’s not a privacy violation and it’s entirely optional. (plus it’s super useful for all involved: users, devs, and steam. it’s kind of a win-win and straight up necessary info for devs to know which hardware they should optimize for)
they might be putting it at the top because steam has native support for DRM?
but that’s also weird, because DRM isn’t a privacy violation. it’s a shitty practice, barely does anything, barely works, and keeps breaking or hobbling otherwise perfectly good games, all of which is shitty, but it’s little to do with privacy. and the dev has to specifically opt-in and integrate it as a feature…unless they’re thinking of 3rd party DRM that can be waaay more intrusive, like Vanguard… THAT’S a privacy and security nightmare just waiting to blow up in people’s faces.
otherwise…i haven’t really heard anything bad about steam privacy wise?
doesn’t mean that there’s nothing to be concerned about, but i feel like there’d been some news about it if there was…
Agree. Steam doesn’t even save your birthday, and asks for it every time
They legally have to.
Throw away mobile phone and just use an air gapped machine. Your productivity will tank but then you’ll eventually add local databases of the shit you actually need on your air gapped machine and your productivity will triple.
Well shit, I shouldn’t be the first to tell you that if you’re serious about your privacy then get off of windows.
Also if the CIA is targeting with you with air gap malware, then you fucked all the way up. Pedophiles are saying “damn, fuck that guy”
This is Lemmy. You’re the 30billionth to tell me.
Since we are 6, that’s about 6 billion times per each of us.
I think someone is stealing some of my 6 billion for themselves. Just some. Not all. Just. Some.
Yeah, that’s because I didnn’t count you!
The government targeting pedos? That would be a more effective way to eliminate government than doge
Your productivity will tank
Will it though? It’s not like paying with cash or even a credit/debit card takes radically longer than paying with a phone. It’s not like reading a book vs mindlessly scrolling Reddit or Lemmy makes productivity drop.
We get used to instantaneous tasks and convenience but in fine it’s like speeding up while driving from work to home, it’s not really the seconds or even minutes daily that count, it’s where you are going.
So… a “dumb” phone will probably for most not make productivity “tank” IMHO.
Yes, your productivity is going to tank. No way you’ll be prepared for a full air gapped machine on day 1.
until you need to collaborate with the average person who uses google docs and gmail
What does that have to do with a phone?
Edit: FWIW you can say no (ideally explaining why, even providing an alternative while doing so, e.g. NextCloud with CollaboraOffice, for email… well you can clarify in a footer that this email thread is not private and suggest creating Tuta or ProtonMail account, even if one time use) to people who use Google Docs and GMail. You can also have a one time use account.
TIL I’m a privacy activist–who can help me get to the ghost mode?
(Do I even want to get there or is that limited to journalists who have entire states trying to unalive them?)There is this steadily growing activist group that you could join up with.
limited to journalists who have entire states trying to unalive them. Don’t live your life in fear
Do I even want to get there
Only you can answer that.
or is that limited to journalists who have entire states trying to unalive them?
Pretty much, but if you want to give up all technology, work for yourself, and fake your death, then more power to you!
Seems like faking your death would cause more privacy problems than it solves. Why not just “stay alive” with a completely innocuous identity? Then adopt some new identity which cannot be traced back to the original?
If you’re alive, you are asked for documents such as property records, taxes, etc. and if you refuse then bad things happen. If you fake your death, no more questions are asked and you can take on fake identities. In essence, faking your death takes your identity out of “the system”
Easier than you think it is. Hard to keep at it. All you need to do is stop using a phone or computers. Death cert is only needed when you’ve been compromised and people are out to get you. Gold isnt really usable unless you stumble onto a secret underground society where all trade is done in gold. Realistically, you’d sooner be trading goods (or services) for other goods (or services).
This level technically shuns technology and that brings its own challenges. Its like saying you cant have privacy with technology. I dont necessarily agree with this statement so I’d say don’t go to this level.
You should stage your death, like they tried to do on prison break and then move to Mexico or Columbia. Send me a DM for more information /J
You can replace the generated image by searching for images of “Goggle wool ski mask” IMHO.
Oh, am I that far gone?
spoiler
I don’t see Qubes, Whonix or Tails on there.
What’s the issue with steam? I thought the epic game store was the one actively spying on your device
They also have so many security breaches that it won’t even make the news anymore.
Many of those are caused by people having insecure accounts without enabling 2FA etc. And there is a lot of money involved, even the top TF2 accounts are worth tens of thousands of euro’s
I am now paranoid about someone getting in and deleting my gibus
It collects and stores information about your system and also has your identity tied to your purchases.
I don’t think it’s a big privacy concern as far as tracking and spying on you.
But realize any device you install steam on then is tied to your real identity if you purchased games on that account. And can be used with data gained from other parties to determine your online activity if a government were to be able to obtain both.
Steam has telemetry. They gather a ton of data on you. What details, how they use it, and how secure it is I can’t answer, but it’s clear that it’s happening.
Does that happen only when you use Steam or is it gathering data at all times?
I don’t know. I’m sure it only transmits when active, but that doesn’t mean its not collecting data at all times. If you’re on windows you can turn it off with a script, but it might turn back on after major updates.
I’m on Linux, actually. I installed Steam with great reluctance because everything else I’m running is privacy-friendly FOSS stuff but one of my best friends wanted to play something and there was no other way. As it always happens, we ended up never playing together and I just did stuff on my own, so I should probably just uninstall it at this point.
Thanks!
Until recently, your steam activity and games played are public and your relationship with other steam users can be traced even if you have a private profile.
Good to know, thanks
I could also imagine DRM, though not directly privacy related, being a thing. Like the issues of freedom and openness are probably also important to many people who value privacy and might therefore prefer GOG or something over Steam.
Edit: I see someone else mentioned this already: https://lemmy.world/comment/16903223
Talk about high effort content holy shit
Also my toxic trait is that I use stuff from every single tier
On browsers, as you put Chromium then also put Firefox or deMozillaed Firefox e.g. WaterFox.
I’d put Brave back to the 2nd layer due to relying on Chromium and being heavily marketed while gathering data for its crypto scheme. I’d also put Firefox on the 2nd or 3rd layer.
FF doesnt deserve much better than Brave as it sends telemetry, so both on tier 2. LibreWolf would fit for tier 3 or maaaybe 4.
Do you trust this preference panel on telemetry? If not why not? If you do believe it is legit what do you believe it remains problematic?
Lol, no. Here’s a list of all the things that panel doesn’t account for.
Also, there’s nothing close to even attempting privacy without strong fingerprint protection anyway, which I should have also mentioned. Vanilla FF allows a bright shining canvas fingerprint that Brave and Librewolf disable.
I’m not sure what’s that’s supposed to show as “there are built in settings for some of this stuff, it’s not complete and many settings are abstracted away from the user. Enter about:config” since it might be hierarchical, i.e. disabling a single telemetry toggle, either via Preferences or
about:configmight disable all the other ones. I haven’t looked specifically at that part of the code of Firefox but I’d trust more a Wireshark analysis than this since it doesn’t actually show (unless I missed that part, quite possible as it’s relatively long) that information does actually go back to Mozilla even while one has disabled all telemetry option.Fingerprinting is fair, in the sense that yes, if you do broadcast your userAgent and other public information you do narrow the potential search space and thus expose you as an individual more, yet has nothing to do with Mozilla.
But we’re taking about this in the context of this infographic. So we have to distill this down to:
Should FF be with, or above, Brave?
I assume we’re also taking about relatively low-barrier changes that most users can implement. So vanilla FF vs vanilla Brave, there’s a difference. Can we harden FF? Sure. Will 95%+ of people do that with Librewolf or 3 dozen other forks out there? Why bother when there’s nuance to be gained with other forks? So now vanilla FF stops being relevant.
And to be clear, I don’t use Brave unless I absolutely have to. I don’t love it, but vs. normie Vanilla FF, there’s a slight edge.
Up to you and OP but the fact that there isn’t even Firefox or LibreWolf or WaterFox but there is Chrome, Brave and Chromium is problematic to me. At the very least Firefox should be there and IMHO below Chrome.
Android missing?
Hi from near the top of the iceberg. I have five from the top and two from the next level down, plus two from level four. A balanced diet?
Android missing?
I wasn’t able to fit everything, but I specifically excluded Android, because it isn’t inherently bad. GrapheneOS is based on the Android Open Source Project (AOSP), for example, so I didn’t want to give the wrong idea.
I’d put Android/iOS on top layer then AOSP on the 2nd layer then deGoogled Androids on 3rd layer then PostMarketOS on 4th or 5th layer.
Depends what they are, I think a fair amount of people might be in the same boat, with a few services from different tiers.
Impressive, an academic grade meme.
You, sir/madam, are an artist and a scholar
Malwarebytes is good in my opinion and ads didn’t told me about it. I discovered it by myself. And nowdays ads can’t really tell me much because I block every single ad I just possibly can.
Yeah I’ve also heard malware bytes is good. I heard if from thenewoil.org.
Too bad I can’t upvote more than once. Thanks for making/sharing
On the 5th layer I’d add NitroKey or YubiKey to remind people that in addition to software you can have physical tokens too.
I considered adding security keys, but I ran out of space and couldn’t decide on a “de facto” brand
