I know there are plenty of software missing from here. This is just a fun infographic I made, no need to take it seriously :)
I don’t undurstand how Graphene can bigger than Linux on this list.
The size on the list does not matter. I resized them so they could fit better on the page.
Yes but you could have used only graphene logo, it’s too big
I wanted to show that it is a mobile OS for those who are unaware
where’s the shovel and double-ziplocs to bury your cash, silver, gold, platinum, and palladium? or the zippo to burn your prints off? get on my level, ho
You may be interested in this infographic instead ;)
Hey! I resemble this remark!
But you do know that Tor/VPN is not really privacy, nor security? It hides your IP, but that’s about it. If you still login, and give any information, and that could just be your “fingerprint” you are not anonymous…
Hopefully you don’t log in or give personal info to every website you use. Hiding your IP is still more private than not hiding it.
Do you know what your fingerprint is? And all the ways you are being tracked that is not about your IP?
You do give personal info to every website you visit - with the exception of a very few, who respect your privacy. If you think you need to log in, to give personal info, then you are sadly misinformed.
Yep, I do know those things. There are other tools for that. Tor is still useful for doing what it does.
VPNs know who you are and what websites you visit, so no privacy nor anonymity there. With Tor… It’s complicated. That’s why we have guides like this: http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec.
Only a few take their privacy serious. They, sadly, believe in the ethics of the Tech giants…
I2P is king here but it has a limitation that makes it stronger but less practical. I2P doesn’t generally do outproxies. A few exist but they typically aren’t trusted or used. Instead, I2P tries to keep private by only routing around traffic the originated within its own network rather than piping things from clearnet from one place to another. An issue with arrives that do that is you can see traffic from a honey pot going into a black box and with enough monitoring where it ends up leaving that black box. It’s very difficult to track traffic flow within the network but once it jumps back into clear net you can find it again.
Now while you can argue that it doesn’t come out on clearnet, just originates from there, I counter that with Microsoft Windows telemetry, it might as well be clearnet. Windows is the dominant player at the moment so it’s most likely the traffic ends up on a windows machine. There are really benefits behind the telemetry date but they also means there’s a single point an authoritarian regime can apply pressure to to monitor whatever they want. With advances in AI, chewing through tons of collected data is much easier to do, so the idea of “they can’t stop all of us” is ridiculous. They will just pick off the undesirables in smaller chunks.
Ultimately nothing is completely safe but if you really value privacy, make yourself such an enormous pain in the ass that monitoring you becomes a chore.
Encryption is a type of security, and Tor/VPNs encrypt your traffic. Accessing .onion sites over Tor is (at least in theory) more secure than accessing clearnet sites.
OP would not recognize a threat model if it bit him in the ass.
Security isn’t the size of the app, it’s how you use it :)
Security isn’t the size of the app
This could have two meanings, one of which I figure I should address:
- If you mean “size of the userbase for an app,” then yes, even projects that fly under the radar are much more secure than “mainstream” options. That’s the main purpose of this infographic.
- If you mean “physical size of the app on the infographic,” the reason they’re different sizes is simply because they were hard to fit on one page, and this made it look nice ;)
- Penis joke
Oh
I have this bad gut feeling about Signal and Proton, I have no evidence tho.
proton has already shared user data with authorities; you don’t have to go by your gut
Maybe it’s because the current administration uses signal to plan acts of war and proton’s ceo is supportive of said administration.
They don’t use Signal though. They use a clone called TeleMessage Signal which logs and archives all their messages on an Israeli server, and which a hacker was able to access before the service was suspended.
You can’t really help if someone forks and misuses software.
Ah, I believe this is what’s called “a conspiracy theory” if you had more details.
For Proton it is the “tech bro”-y feeling and for Signal it is wondering about financing.
I’m sorry - paying for an audit is somehow a conflict of interest? How exactly is that?
As someone who had to contract auditing firms every year, and personally sign off in their report as part of our compliance, I would love to hear how I should have …what? Won the audit lottery? Applied for some sort of government assistance? Prayed to an audit fairy godmother?
Who the F else is paying for our audit? I want free audits! I bet everyone does.
My guess is they think that since you’re paying for the audit the auditors won’t bust you for fraud, which is cute, since the auditors are asked to audit specific things that the company asks them to audit. They’re not released on the company like witch hunters, with wide open access to everything, cutting a swathe through fraud and criminality while people are furiously burning documents in the basement. So there is no conflict of interest, since the auditors are looking at what the people using them are asking them to look at.
I know, it’s just kind of laughably shouting they don’t know what either an audit or conflict of interest actually are.
The hardest part some times is finding an audit firm that isn’t stupid expensive, but also won’t do a shit job and give you a report that looks like some knock-off free LLM didn’t write it to maximize their own payday. I love a good audit report with findings, it means I didn’t waste money. But my shit is (well, was, at another place years back) locked down tight, so we didn’t ever expect anything terrible.
Same here, everyone was so stressed about “the audit” but we had written common sense processes and executed them as needed, with mechanisms in place to flag potential areas for improvement if we found gaps.
The audit was fine.
Some of those mentioned likely are compromised, but cannot figured out which. The thing, is to diversify our risk and the privacy minded to use different platforms (Proton VPN and Mullvad VPN for instance).
The good news, is that if an agency is compromising something, they will likely won’t use the intel gathered in court cases in order to leave it open to future prey, so that is good for vast majority of users. The very few that are relevant enough should not trust even the genuine privacy tools and resort to enhanced methods and combining methodologies.
My impression, and just impression, is that I would trust **Tuta **more than Proton (and not because Proton’s CEO that many interpreted wrong anyways) On VPN… a tad more trust on Mullvad. Signal, I would not use it for high stakes communication but OK for most people. GrapheneOS seems okay and we know for sure it does not leak info on a daily basics, but we have to be careful, it could have an obscure code dormant waiting for a trigger or could easily send data to an unsuspected server, Ironically, if I were Snoden, I would feel more comfortable using a Huawei Mate with HarmonyOS than a Pixel 9 with GrapheneOS… of course China spies too massively, but it has far less beef with Snoden than the US does, therefore not of much interest to Beijing.
Remember that overwhelming majority of FOSS goes without any audit, let alone a comprehensive one. This is what some trusted party should put AI checking ASAP all the FOSS out there!
Very interesting insights. Funnily I use all of the services you cautiously recommend, including GrapheneOS, but not HarmonyOS, hard pass on that one. As a German I am also legally required to prefer Tuta. :) I still have that OG 1€/Month contract.
Edit: Your last point is a good idea, although I think the more popular an open source app is, the less likely it is to be malicious. A lot more eyes on it and the xz backdoor was caught pretty much immediately.
Of course… for us normies… GrapheneOS is the way to go. Very high targeted individuals in the West should however consider HarmonyOS. Of Course the Chinese government has eyes on that one but not specifically targeting you… unless they use it to trade intel on someone of high interest for China but no much collaboration between West and China intelligence agencies today…
True, popularity increases the chances someone auditing. But, to a point. Ideally audit should be performed with every single update and on the servers, and there the premise of more eyes does not hold true no more. Then it comes trust. In a company like Tuta, the people behind showed their faces from day one, the same people are there, is a tight team so harder for a bad apple to do something. Considering both Tuta and Proton were good from inception (and I believe it may be the case), it would probably would be easier for an intelligence agency to penetrate Proton than Tuta, just for the structure that appears they have from outside. Now, Tuta made a horrible mistake once! In the Russian invasion of Ukraine, independently of one’s take on it, Tuta made the “Standing with Ukraine” (March 2022); that was a mistake, it may many doubt if privacy still their paramount over any other ideology. Maybe they have change since since no statements on Gaza… or maybe they agree with what is happening… who knows… that is why they should not make any statements at all, or clarify that while they have their ideologies in no case, ever will compromise their stands on privacy. To be fair, Proton did the same… nothing on Ukraine but on Gaza “We unequivocally condemn the terrorist attacks by Hamas against Israeli civilians […] We also condemn violence against civilians in Gaza”; so I guess both are comparable here! My trust for both is slim, as a company, and even their individuals.
“Tr0ub4dor&3 is my password for everything.”
What anubis has to do with privacy or security?
AI Datasets are a huge privacy breach once they start spilling them up
ig it’s a counterpart to recaptcha which is in the left panel
It stops bots from crawling your sites.
Yes, this was the intention. It helps protect your website’s data by slowing down web scrapers.
Nothing, op confused anti AI with anti tracking.
For starters, it’s open source. And I’m not too into the details, but the creator of Anubis even mentioned that they were interested in creating a non-javascript version for privacy.
Google’s reCaptcha, to which Anubis is being compared to by OP, is obviously far less private. It’s just another mechanism of control and data harvesting for Google. One of the ways that they determine if you’re malicious/human or not is to check if you have a Google cookie in your browser and are signed in. Not to mention fingerprinting (hardware and software info), browsing data, AI training ironically enough (the fucking streetlights), etc etc.
Anubis is relevant here because it is more private, among other things.
Same email for everything is fine if you use subaddressing. My email service, Port87, makes it super easy.
Lineageos is good enough and runs on most devices.
And isn’t Nitrokey a blackbox? At least there are multiple Open Source implementations and some even sold as Open Hardware. Yubikey and so on.
I chose Nord VPN based on several posts I read on here (Lemmy). Why are Proton and Mullvad better choices?
I just think the most trustworthy VPN is the one no one is talking about. NordVPN is a sponsor on every single YouTube video. They are mainstream. I don’t trust mainstream. Mullvad has proven they don’t keep logs. They are simple. They don’t even have accounts. A 16 digit number is all you get to login. No pass. No email. No ties to you. You fill your subscription like quarters in a meter.
Proton VPN and Mullvad VPN are both open source, meaning their code can be publicly audited to make sure they’re upholding their standards of privacy and security. Furthermore, Proton VPN offers a free tier. These are the main 2 reasons. NordVPN only protects your privacy against other websites, not NordVPN themselves. Hope this helps! Let me know if you want more details.
Being open source doesn’t uphold a lot of standards of privacy and security for VPNs. It’s not useless, but the most common worry about VPNs is traffic logging, and open source apps do nothing to prevent this since it’s server side. ProtonVPN and Mullvad VPN don’t protect from themselves, and they can keep logs. The reason they’re commonly recommended is that they’re more trusted in the privacy community in general. Obscura VPN and Nym VPN do mostly protect from themselves because they’re a two-hop VPN. In the case of Obscura VPN, it’s a first hop through their servers, and a second hop through Mullvad’s. So to associate your traffic with your IP address, Obscura and Mullvad would need to cooperate, which is quite a bit less likely than a single VPN operator logging user traffic.
I don’t think there’s anything wrong with Nord. They are kind of disliked here because they’re not open source and they did a lot of commercials not long ago. Despite all that, they’ve publicly reported multiple third-party audits of their code, which I think is a good thing.
I’ll go further than this and say that true security is where everybody has support enough to not want to steal your shit, hack you etc.
Yeah corporations and governments are still a problem, for now, but both of the above parties would be far more secure if they did mutual aid, supported progrms to help the impoverished etc etc.
Basically having a collective approach to security and not such a myopic individualistic one.
proton VPN
lol. lmao, even.
What’s wrong with it?
proton has already shared user details with authorities.
Any compliant commercial service will share user data with authorities - you don’t get to operate a company and skip local laws. That’s a non argument.
What’s important is what “user details” they had on hand to share. If I create my service in such a way that I have zero data about you except some random useless string, I can “hand over all user data” to authorities and it would mean absolutely nothing for your privacy.
except they shared the IP address of an account even though they state “No personal information is required to create your secure email account. By default, we do not keep any IP logs which can be linked to your anonymous email account. Your privacy comes first.” on their homepage
If I understood correctly from Proton’s privacy policy, VPN does not log IP addresses but at least in some circumstances Mail does. This is from their privacy policy:
Due to limitations of the SMTP protocol, we have access to the following email metadata: sender and recipient email addresses, the IP address incoming messages originated from, attachment name, message subject, and message sent and received times.
One thing must be remembered: Even Proton must follow the law and rules.
It’s right there in your copy-paste my dude, “BY DEFAULT”.
The jackass(es) who actually was at risk went the extra step to enable IP address logging, which means that when Proton had to comply with a lawful court order, they actually had data to give.
Proton is a company like any other that has to comply with laws in the country they operate in, but unlike a lot of other companies, they don’t log data UNLESS YOU ASK THEM TO.
Moral of the story is, like has oft been repeated, know your threat model and plan appropriately.
what’s Anubis?
A tool to slow down web crawlers (instead of making you solve captcha puzzles)
Anubis is so lightweight you’ll forget it’s there until you look at your hosting bill.
I don’t know if they realize this is implying it’s onerously expensive, lol.
That amused me, too.
I think it plays fine for the intended audience, though.
For the folks looking into Anubis, that line plays well - because hosting costs are driven up by the kinds of spam bot visits that Anubis slows down.
I don’t think anyway thinks WhatsApp is secure
Yes, they do.
‘But it’s end to end encrypred’ 🙄
![[OC] What People Think Privacy/Security Is](https://lemmy.ml/pictrs/image/30cec389-1586-4849-84ac-d8a9f4f0df5b.png){kind=link}