This is original content. AI was not used anywhere except for the bottom right image, simply because I could not find one similar enough to what I needed. This took around 6 hours to make.
Transcription (for the visually impaired)
(I tried my best)
The background is an iceberg with 6 levels, denoting 6 different levels of privacy.
The tip of the iceberg is titled “The Brainwashed” with a quote beside it that says “I have nothing to hide”. The logos depicted in this section are:
- Apple
- TikTok
- PayPal
- Google Chrome
- CashApp
- Samsung
- Steam
- Microsoft Windows
- Ring (Security Camera)
- YouTube
- Amazon
- Discord
- Gmail
- ChatGPT
The surface section of the iceberg is titled “As seen on TV” with a quote beside it that says “This video is sponsored by…”. The logos depicted in this section are:
An underwater section of the iceberg is titled “The Beginner” with a quote beside it that says “I don’t like hackers and spying”. The logos depicted in this section are:
- Telegram
- Authy
- Brave Browser
- Privacy.com (Virtual Cards)
- DuckDuckGo
- iMessage
- Proton Mail
- AdBlock (Browser Extension)
A lower section of the iceberg is titled “The Privacy Enthusiast” with a quote beside it that says “I have nothing I want to show”. The logos depicted in this section are:
An even lower section of the iceberg is titled “The Privacy Activist” with a quote beside it that says “Privacy is a human right”. The logos depicted in this section are:
- Monero
- GrapheneOS
- Vanadium (Web Browser)
- KeePassDX
- SimpleX Chat
- Accrescent
- SearXNG
- Aegis Authenticator
- OpenWrt
- Mullvad VPN
- An illustration of physical cash
The lowest portion of the iceberg is titled “The Ghost”. There is a quote beside it that has been intentionally redacted. The images depicted in this section are:
- A cancel sign over a mobile phone, symbolizing “no electronics”
- An illustration of a log cabin, symbolizing “living in a log cabin in the woods”
- A picture of gold bars, symbolizing “paying only in gold”
- A picture of a death certificate, symbolizing “faking your own death”
- An AI generated picture of a person wearing a black hoodie, a baseball cap, a face mask, and reflective sunglasses, symbolizing “hiding ones identity in public”
End of transcription.
I’ve been on a anti bit tech, degoogle, privacy journey then last few months. Thank you for all these resources!
Absolutely incredible you also included links. I’m so used to other sites where some has stolen an image to just post it and has no other information in it. I started trying to figure out what each of then logos was before scrolling down lol.
sexy chart!
Could use some anti-malware/AV for beginners and privacy enthusiast level.
Not everyone in there is running a secured OS.
Where’s GOG.com?
Not sure if gog has anything to do with privacy. Altho if it was on the list I imagine it’d be up there with steam ( not sure why that one’s on the list either )
I’d argue that gog might be a bit better, since you can download executables from their website, and then use them offline, without telemetry. But still, I think neither are necessarily all that relevant here.
Well that sounds like a malware poisoned well
They are a relatively established game storefront, and have been at it for over a decade. Same Corp that’s also behind CD Projekt Red.
In the end, any storefront that distributes executables could in theory distribute malware, but I’d honestly be more worried about steam, since their publishing process seems a lot more automated, with less oversight.
Can you explain why you would think Steam is so bad? I would argue they’re pretty fair, especially with the option to buy steam cards for cash to not disclose your personal data. Does the client do some unsavory shit?
afaik the client does collect a bunch if data, most (all, i think? but not a 100% on that) of which is opt-in.
they do need stuff like IPs for internet related features.
telemetry wise there’s the steam hardware survey, which is opt-in, and it asks every single time it attempts to collect your systems hardware and OS information. this could technically be identifying information, but since it’s opt-in it’s not a privacy violation and it’s entirely optional. (plus it’s super useful for all involved: users, devs, and steam. it’s kind of a win-win and straight up necessary info for devs to know which hardware they should optimize for)
they might be putting it at the top because steam has native support for DRM?
but that’s also weird, because DRM isn’t a privacy violation. it’s a shitty practice, barely does anything, barely works, and keeps breaking or hobbling otherwise perfectly good games, all of which is shitty, but it’s little to do with privacy. and the dev has to specifically opt-in and integrate it as a feature…unless they’re thinking of 3rd party DRM that can be waaay more intrusive, like Vanguard… THAT’S a privacy and security nightmare just waiting to blow up in people’s faces.
otherwise…i haven’t really heard anything bad about steam privacy wise?
doesn’t mean that there’s nothing to be concerned about, but i feel like there’d been some news about it if there was…
No. And also chrome is somehow at the bottom of this list, I don’t care if it’s chromium or vanadium, it’s still chrome.
It’s Vanadium, a fork by the people from GrapheneOS. You could say the same about Graphene, that it’s still Android, but reality is more complex.
When I first installed GOS, wanted to like Vanadium. Went right back into a FF fork+UBO once I saw that while its blocklists did stop ads themselves on TvTropes, it did nothing to the HTML elements that contained them so it left big ugly white boxes visible.
Chromium-based browsers have arguably better security than Firefox. https://madaidans-insecurities.github.io/firefox-chromium.html
Vanadium further improves Chromium’s security by disabling the JS JIT Compiler, using a hardened memory allocator (GrapheneOS hardened_malloc) enabling ARMv8.5 MTE, and applying other hardening patches (https://github.com/GrapheneOS/Vanadium/tree/main/patches).
The securebuild project maintains a hardened Chromium build for Linux called Trivalent, which uses most of the patches from Vanadium, among others. You can get it from their repo: https://repo.secureblue.dev/secureblue.repo
I really wanted to include Trivalent, but I didn’t want to seem too Chromium-oriented and start a flame war.
You could add secureblue. I would put it in the same category as GrapheneOS and Vanadium.
An issue arises with that. Linux is fundamentally insecure, as you are likely well aware if you use secureblue. secureblue is designed to be as secure as possible while still being Linux, and so is still bound by the same constraints. Qubes OS is not a distro, so it (should be) more secure, but it is an absolute pain to use. Furthermore, Qubes OS emulates Linux distros, so the question becomes “Why not just emulate the most secure Linux distro?” which is either Whonix or secureblue depending on who you ask. Is that more secure than running secureblue on bare metal? What about GrapheneOS used in desktop mode? And what about emulating Linux inside of GrapheneOS using the Linux terminal? There are plans to use multiple distros inside of the terminal, so what about secureblue inside of GrapheneOS?
The whole situation spirals out of control. I know this iceberg chart isn’t ranking security, it’s ranking what software people generally use for each experience level, but neither secureblue nor Qubes OS would fit nicely in any category. You can read this post for more of my thoughts about this mess.
I know about the security issues in desktop Linux, but I still think secureblue fits that level of the iceberg pretty well. I would put Qubes there as well.
It might be there because there is a lot of data associated with the steam account, especially the community part of it, e.g.:
- Recorded playtimes
- Times and dates when you are regularly logged in
- Possession of games which are precisely tagged by genre/interests/etc.
- On which time and date you spent how much money (participation in sales in the steam store)
- Timestamped posts and comments in groups based on various interests etc.
- Curators/devs/publishers you follow
- Your game wishlist
- Connection and interaction with other steam accounts (friends list, chat, trades, gifts)
All this can be used to create a very detailed behaviour profile and accurately deduce the social status of the real person who uses the account. Maybe the data isn’t misused and it’s just there so the features can actually exist.
Personally, I doubt Valve actually does this as expansive and invasive as other big tech companies. I’m pretty sure they at least aggregate anonymised data to measure how e.g. their sales perform, which game to promote on the store front page etc.
But we can’t be sure because it’s not public.
i don’t think valve does much with the data even internally. if they did at least the game recommending queue would be slightly accurate. instead i have to manually blacklist tags for it to stop showing me things i’m just deeply uninterested in. like yes Mr. Valve my steam library of RPGs, puzzle games, and open world sandboxes clearly profiles me as someone who’d be interested in the newest Fifa game every year, sure buddy
I think they changed the name in the newer versions so surely you’ll be interested now!
now you say it, maybe it’s my clicker games that make Valve think i’d like to buy a game where the point seems to be that the number in the title goes up by one every year
Yes but my point was that I believe they changed the name from FIFAYY to FCYY (and I think raised the price).
Seeing steam at the top makes me question the list. Likely a hate of DRM rather than privacy
Yeap, and Brave in the middle. They only pretend they are for privacy, but they are the very opposite.
Yeah. All the issues, even small and quickly-resolved ones, paint a picture - that they are eager to disrespect users’ consent.
Yeah i hate when I see people using Brave, because they have been brainwashed.
Does anyone remember when they were injecting their own referral links into links for online stores (99% certain they did this pls prove wrong if you know better)? This alone leaves them with 0 trust in my books.
Brave is and always has been gross. Never understood how they’ve been so successful at tricking people into installing it.
OP replied in another comment its because “firefox is not secure” https://lemmy.dbzer0.com/post/43710170/18564861 :
[…] Chromium-based browsers aren’t all bad, such as Vanadium or Trivalent, so people sometimes feel more comfortable sticking with what seems familiar (coming from Chrome).
In another reply parents to this one:
LibreWolf is far from secure, as it is based on Firefox and so comes with the same security issues. If you meant to say privacy and not security, the reason nobody makes high threat model browsers for Windows is because Windows itself is not private and it would be a losing battle.
So OP is saying it’s not private nor safe? I get what some people are saying of Firefox constantly changing Terms of Services but that’d be in regard to privacy not security and OP tries to argue not being safe which his iceberg also implies in terms of privacy not being good too. Yeah, LibreFox’s ToS isn’t the same as Firefox’s ToS and his counterarguments to Firefox and Firefox-based on replies is Chrome-based browsers exclusive to niche OSes (also OP don’t even try arguing Brave on comments so probably just trying to rage-bait with every opportunity). I’d love OP to argue using the examples he used in the iceberg. So many discourse incosistencies along with the iceberg. Also OP FYI while privacy does not mean secure, lack of privacy could mean security risks in some cases.
No epic store and brave is not on the top…
They’re not the very opposite. They have done wrong things, just like Mozilla. Doesn’t make them Google though.
They are not “just like” Mozilla.
and then Tor so high up, unless you’re hell bent on leaving 0 traces that thing is a pain to use, can’t have it maximalised, pages load sometimes minutes at a time, no addons, just suffering. nobody sane uses that thing for more than the occasional trip to whatever deep web market is not yet exit scamming
Their bottom line is gold, this should tell you everything you need to know about the creator of the meme.
it also has a log cabin… and Log Cabin is a maple syrup brand… and maple syrup is from maple trees… and maple leaves are on Canadian flags… so… a snowman?
Agree. Steam doesn’t even save your birthday, and asks for it every time
They legally have to.
I use Keepass but mostly for convenience and I don’t understand why it’s in the 5th category. If I have 50 different accounts with 50 different passwords but they can all be had with one keepass password, how is that different than having 50 different accounts all using the same password?
best way to stay private is to just not play the game, sadly everyone whos here more or less got auto registered into this game at the very begining
Thank you so, so much for the transcription, appreciated!
I am apparently the privacy activist (not using Monero, SimpleX Chat, Degoogled Chromium, or Keypass, though). I do use uBlock Origin (Gecko ffs!) and Bitwarden (self-hosted Vaultwarden). Unfortunately, I am using Telegram, but trying to move all my contacts to my own Snikket server. It’s a very slow process.
Beautiful and I love it Thank you
Iceberg of the year! Btw I would place tiktok the 1st over all softwares in layer 1.
Throw away mobile phone and just use an air gapped machine. Your productivity will tank but then you’ll eventually add local databases of the shit you actually need on your air gapped machine and your productivity will triple.
Your productivity will tank
Will it though? It’s not like paying with cash or even a credit/debit card takes radically longer than paying with a phone. It’s not like reading a book vs mindlessly scrolling Reddit or Lemmy makes productivity drop.
We get used to instantaneous tasks and convenience but in fine it’s like speeding up while driving from work to home, it’s not really the seconds or even minutes daily that count, it’s where you are going.
So… a “dumb” phone will probably for most not make productivity “tank” IMHO.
Yes, your productivity is going to tank. No way you’ll be prepared for a full air gapped machine on day 1.
until you need to collaborate with the average person who uses google docs and gmail
What does that have to do with a phone?
Edit: FWIW you can say no (ideally explaining why, even providing an alternative while doing so, e.g. NextCloud with CollaboraOffice, for email… well you can clarify in a footer that this email thread is not private and suggest creating Tuta or ProtonMail account, even if one time use) to people who use Google Docs and GMail. You can also have a one time use account.
Well shit, I shouldn’t be the first to tell you that if you’re serious about your privacy then get off of windows.
Also if the CIA is targeting with you with air gap malware, then you fucked all the way up. Pedophiles are saying “damn, fuck that guy”
This is Lemmy. You’re the 30billionth to tell me.
Since we are 6, that’s about 6 billion times per each of us.
I think someone is stealing some of my 6 billion for themselves. Just some. Not all. Just. Some.
Yeah, that’s because I didnn’t count you!
The government targeting pedos? That would be a more effective way to eliminate government than doge
TIL I’m a privacy activist–who can help me get to the ghost mode?
(Do I even want to get there or is that limited to journalists who have entire states trying to unalive them?)You should stage your death, like they tried to do on prison break and then move to Mexico or Columbia. Send me a DM for more information /J
limited to journalists who have entire states trying to unalive them. Don’t live your life in fear
Easier than you think it is. Hard to keep at it. All you need to do is stop using a phone or computers. Death cert is only needed when you’ve been compromised and people are out to get you. Gold isnt really usable unless you stumble onto a secret underground society where all trade is done in gold. Realistically, you’d sooner be trading goods (or services) for other goods (or services).
This level technically shuns technology and that brings its own challenges. Its like saying you cant have privacy with technology. I dont necessarily agree with this statement so I’d say don’t go to this level.
There is this steadily growing activist group that you could join up with.
Do I even want to get there
Only you can answer that.
or is that limited to journalists who have entire states trying to unalive them?
Pretty much, but if you want to give up all technology, work for yourself, and fake your death, then more power to you!
Seems like faking your death would cause more privacy problems than it solves. Why not just “stay alive” with a completely innocuous identity? Then adopt some new identity which cannot be traced back to the original?
If you’re alive, you are asked for documents such as property records, taxes, etc. and if you refuse then bad things happen. If you fake your death, no more questions are asked and you can take on fake identities. In essence, faking your death takes your identity out of “the system”
Apple: “Brainwashed”
iMessage: “Beginner”
Well which one is it?
Cash and Monero being on the same tier is very funny
Brave 🤮🤮🤮
