[OC] What People Think Privacy/Security Is
from Charger8232@lemmy.ml to privacy@lemmy.ml on 12 Jul 00:51
https://lemmy.ml/post/33030794
from Charger8232@lemmy.ml to privacy@lemmy.ml on 12 Jul 00:51
https://lemmy.ml/post/33030794
I know there are plenty of software missing from here. This is just a fun infographic I made, no need to take it seriously :)
threaded - newest
Any article or post of how embrace the use of some of those technologies?
Good question! There are hundreds of good resources, some of which include Privacy Guides and my friends at Punching Up Press (they have a lot of other good infographics). Naomi Brockwell TV is a YouTuber with some great beginner friendly videos to guide you step by step. Let me know if you’re interested in others!
Thank you :D I’m going to check those links this weekend.
Security isn’t the size of the app, it’s how you use it :)
This could have two meanings, one of which I figure I should address:
Oh
I chose Nord VPN based on several posts I read on here (Lemmy). Why are Proton and Mullvad better choices?
Proton VPN and Mullvad VPN are both open source, meaning their code can be publicly audited to make sure they’re upholding their standards of privacy and security. Furthermore, Proton VPN offers a free tier. These are the main 2 reasons. NordVPN only protects your privacy against other websites, not NordVPN themselves. Hope this helps! Let me know if you want more details.
Edit: Mullvad VPN can also be paid for in cash/Monero, and they don’t ask for any personal information to use it (not even a username!)
Being open source doesn’t uphold a lot of standards of privacy and security for VPNs. It’s not useless, but the most common worry about VPNs is traffic logging, and open source apps do nothing to prevent this since it’s server side. ProtonVPN and Mullvad VPN don’t protect from themselves, and they can keep logs. The reason they’re commonly recommended is that they’re more trusted in the privacy community in general. Obscura VPN and Nym VPN do mostly protect from themselves because they’re a two-hop VPN. In the case of Obscura VPN, it’s a first hop through their servers, and a second hop through Mullvad’s. So to associate your traffic with your IP address, Obscura and Mullvad would need to cooperate, which is quite a bit less likely than a single VPN operator logging user traffic.
I don’t think there’s anything wrong with Nord. They are kind of disliked here because they’re not open source and they did a lot of commercials not long ago. Despite all that, they’ve publicly reported multiple third-party audits of their code, which I think is a good thing.
I just think the most trustworthy VPN is the one no one is talking about. NordVPN is a sponsor on every single YouTube video. They are mainstream. I don’t trust mainstream. Mullvad has proven they don’t keep logs. They are simple. They don’t even have accounts. A 16 digit number is all you get to login. No pass. No email. No ties to you. You fill your subscription like quarters in a meter.
Same email for everything is fine if you use subaddressing. My email service, Port87, makes it super easy.
I don’t think anyone thinks WhatsApp is secure
Yes, they do.
‘But it’s end to Ende encrypred’ 🙄
I have this bad gut feeling about Signal and Proton, I have no evidence tho.
Maybe it’s because the current administration uses signal to plan acts of war and proton’s ceo is supportive of said administration.
They don’t use Signal though. They use a clone called TeleMessage Signal which logs and archives all their messages on an Israeli server, and which a hacker was able to access before the service was suspended.
You can’t really help if someone forks and misuses software.
Some of those mentioned likely are compromised, but cannot figured out which. The thing, is to diversify our risk and the privacy minded to use different platforms (Proton VPN and Mullvad VPN for instance).
The good news, is that if an agency is compromising something, they will likely won’t use the intel gathered in court cases in order to leave it open to future prey, so that is good for vast majority of users. The very few that are relevant enough should not trust even the genuine privacy tools and resort to enhanced methods and combining methodologies.
My impression, and just impression, is that I would trust **Tuta **more than Proton (and not because Proton’s CEO that many interpreted wrong anyways) On VPN… a tad more trust on Mullvad. Signal, I would not use it for high stakes communication but OK for most people. GrapheneOS seems okay and we know for sure it does not leak info on a daily basics, but we have to be careful, it could have an obscure code dormant waiting for a trigger or could easily send data to an unsuspected server, Ironically, if I were Snoden, I would feel more comfortable using a Huawei Mate with HarmonyOS than a Pixel 9 with GrapheneOS… of course China spies too massively, but it has far less beef with Snoden than the US does, therefore not of much interest to Beijing.
Remember that overwhelming majority of FOSS goes without any audit, let alone a comprehensive one. This is what some trusted party should put AI checking ASAP all the FOSS out there!
Very interesting insights. Funnily I use all of the services you cautiously recommend, including GrapheneOS, but not HarmonyOS, hard pass on that one. As a German I am also legally required to prefer Tuta. :) I still have that OG 1€/Month contract.
<img alt="" src="https://lemmy.world/pictrs/image/2b25484c-dde6-4ad5-8374-20151a6ef6b1.gif">
Edit: Your last point is a good idea, although I think the more popular an open source app is, the less likely it is to be malicious. A lot more eyes on it and the xz backdoor was caught pretty much immediately.
Of course… for us normies… GrapheneOS is the way to go. Very high targeted individuals in the West should however consider HarmonyOS. Of Course the Chinese government has eyes on that one but not specifically targeting you… unless they use it to trade intel on someone of high interest for China but no much collaboration between West and China intelligence agencies today…
True, popularity increases the chances someone auditing. But, to a point. Ideally audit should be performed with every single update and on the servers, and there the premise of more eyes does not hold true no more. Then it comes trust. In a company like Tuta, the people behind showed their faces from day one, the same people are there, is a tight team so harder for a bad apple to do something. Considering both Tuta and Proton were good from inception (and I believe it may be the case), it would probably would be easier for an intelligence agency to penetrate Proton than Tuta, just for the structure that appears they have from outside. Now, Tuta made a horrible mistake once! In the Russian invasion of Ukraine, independently of one’s take on it, Tuta made the “Standing with Ukraine” (March 2022); that was a mistake, it may many doubt if privacy still their paramount over any other ideology. Maybe they have change since since no statements on Gaza… or maybe they agree with what is happening… who knows… that is why they should not make any statements at all, or clarify that while they have their ideologies in no case, ever will compromise their stands on privacy. To be fair, Proton did the same… nothing on Ukraine but on Gaza “We unequivocally condemn the terrorist attacks by Hamas against Israeli civilians […] We also condemn violence against civilians in Gaza”; so I guess both are comparable here! My trust for both is slim, as a company, and even their individuals.
Ah, I believe this is what’s called “a conspiracy theory” if you had more details.
For Proton it is the “tech bro”-y feeling and for Signal it is wondering about financing. Also, if you are paying for your own audits there is an obvious conflict of interest.
I’m sorry - paying for an audit is somehow a conflict of interest? How exactly is that?
As someone who had to contract auditing firms every year, and personally sign off in their report as part of our compliance, I would love to hear how I should have …what? Won the audit lottery? Applied for some sort of government assistance? Prayed to an audit fairy godmother?
Who the F else is paying for our audit? I want free audits! I bet everyone does.
proton has already shared user data with authorities; you don’t have to go by your gut
math is always stronger than marketing
Well, usually not. Unfortunately.
Depends on how you measure and what
Well, unlike Bitcoin, Monero is actually anonymous, and sometimes you gotta make payments online.
You can’t do it privately with your card.
Bitcoin’s Lightning Network has onion routing for privacy, like Tor.
When Bitcoin had a bug that allowed some guy to give himself a bazillion bitcoin, it was detected and patched before he was able to sell them. When Monero encounters a similar bug, it will only be detectable by the price going down.
I’m not super knowledgeable on how anonymous such routing us, hence I avoid it.
Don’t know why people bombarded you so much - the other side of total anonymity is that you really never know if anything got broken and someone earned off it.
My suggestion, however, is to use Monero for payments, and not as a store of value.
Yep, anonymous right up until its use burns the world to the ground.
.
Monero transactions consume orders of magnitude less energy than Bitcoin’s thanks to an ASIC-resistant algorithm
This is the correct initial reaction but given the extent to which the US monitors every single transaction everyone makes, it’s getting awful hard to manage the influx of feral hogs without having them streaming through your door.
<img alt="data-laughing" src="https://hexbear.net/api/v3/image_proxy?url=https%3A%2F%2Fchapo.chat%2Fpictrs%2Fimage%2Fb6671e8e-7f34-45d6-82d3-509fe8a4d683.png">
What anubis has to do with privacy or security?
It stops bots from crawling your sites.
Yes, this was the intention. It helps protect your website’s data by slowing down web scrapers.
Nothing, op confused anti AI with anti tracking.
AI Datasets are a huge privacy breach once they start spilling them up
ig it’s a counterpart to recaptcha which is in the left panel
For starters, it’s open source. And I’m not too into the details, but the creator of Anubis even mentioned that they were interested in creating a non-javascript version for privacy.
Google’s reCaptcha, to which Anubis is being compared to by OP, is obviously far less private. It’s just another mechanism of control and data harvesting for Google. One of the ways that they determine if you’re malicious/human or not is to check if you have a Google cookie in your browser and are signed in. Not to mention fingerprinting (hardware and software info), browsing data, AI training ironically enough (the fucking streetlights), etc etc.
Anubis is relevant here because it is more private, among other things.
But you do know that Tor/VPN is not really privacy, nor security? It hides your IP, but that’s about it. If you still login, and give any information, and that could just be your “fingerprint” you are not anonymous…
VPNs know who you are and what websites you visit, so no privacy nor anonymity there. With Tor… It’s complicated. That’s why we have guides like this: blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fk….
I2P is king here but it has a limitation that makes it stronger but less practical. I2P doesn’t generally do outproxies. A few exist but they typically aren’t trusted or used. Instead, I2P tries to keep private by only routing around traffic the originated within its own network rather than piping things from clearnet from one place to another. An issue with arrives that do that is you can see traffic from a honey pot going into a black box and with enough monitoring where it ends up leaving that black box. It’s very difficult to track traffic flow within the network but once it jumps back into clear net you can find it again.
Now while you can argue that it doesn’t come out on clearnet, just originates from there, I counter that with Microsoft Windows telemetry, it might as well be clearnet. Windows is the dominant player at the moment so it’s most likely the traffic ends up on a windows machine. There are really benefits behind the telemetry date but they also means there’s a single point an authoritarian regime can apply pressure to to monitor whatever they want. With advances in AI, chewing through tons of collected data is much easier to do, so the idea of “they can’t stop all of us” is ridiculous. They will just pick off the undesirables in smaller chunks.
Ultimately nothing is completely safe but if you really value privacy, make yourself such an enormous pain in the ass that monitoring you becomes a chore.
Only a few take their privacy serious. They, sadly, believe in the ethics of the Tech giants…
Encryption is a type of security, and Tor/VPNs encrypt your traffic. Accessing .onion sites over Tor is (at least in theory) more secure than accessing clearnet sites.
In theory - but it’s still primarily your IP you are hiding. And very few people only visits -onion pages…
Hopefully you don’t log in or give personal info to every website you use. Hiding your IP is still more private than not hiding it.
Do you know what your fingerprint is? And all the ways you are being tracked that is not about your IP?
You do give personal info to every website you visit - with the exception of a very few, who respect your privacy. If you think you need to log in, to give personal info, then you are sadly misinformed.
Pretty sure banks have a pretty good track record of “keeping your money safe”. Why the fork would anybody trust banks to keep their money safe if they can’t keep your money safe?
I don’t really understand why that statement is even on there?
Unless you mean to argue some anonimity point, which I could agree with considering e.g. Monero would be more anonymous than a bank.
But safe? I’d say the bank is quite safe to store money.
Money in the bank can be seized and frozen for all sorts of reasons. If you’re in the USA, then police can charge your money with a crime even if you haven’t broken any laws. It’s safe until it’s not.
Can confirm. about 15 years ago, my bank account was frozen for 3 weeks for child-support enforcement. Only they weren’t talking about my kid or even me. Some dude in Florida with my same first and last name, was a deadbeat dad. So they froze my account because apparently he didn’t have a bank account or something.
What’s super annoying about it is that we had different middle names, not even close to the same social security number, and not one person even contacted me before my bank account was frozen. I only found out because I check I wrote or something bounced. And I was like, WTF?
I was finally able to talk to enough bank people to clear it up. But it took 3 weeks. I never got an apology for it either. Adn the fuckers did not refund my insufficient funds fee. I mean, it was only $15 bucks, and it would have cost me more than that in my time to get a refund, but still…
So yeah, even here in the US, banks can suck.
Doesn’t have to be in the bank either; if you’re traveling with your life savings in cash, then if you get pulled over cops are likely to seize that money. Just because fuck you, that’s why.
Banks keeping your money safe depends on what country you live in and how much its government has regulated them and/or provided some sort of backup in the case of a run or the bank going out of business.
The intention was more “Banks keep my data safe,” but I wanted to provide a clearer explanation that if your data isn’t safe, neither is your money. I didn’t have enough room to put my full thoughts.
Banks literally seize and freeze assets from people, e.g. Julian Assange.
Banks have also a track record of seizing countries international reserves like Russia, Venezuela, Iran, etc…
It’s not about what you use, but how you use it. PEBCAK Almost 100% privacy and security is offline at home, reading a book, if you bought the book with cash and not online and/or with credit card.
You can use Google, Microsoft, Apple and co however you want, the problem is, what you use
.
iOS is actually secure
Are you interested in a bridge?
Cool and who validates the code base for security vulnerability? And sends tons of packets related to tracking back to there servers?
the codebase itself? besides XNU, nobody… but, given the immense amount of scrutiny placed on the software, if there was some magic backdoor (an intentional one, anyway, not talking about like NSO group RCEs 'n shit), don’t you think we’d know?
the average person doesn’t even know what grapheneos is. if they’re either going to buy an iphone, or some generic android phone running a vendor kernel that hasn’t been patched this administration, i’d want them to buy the iphone.
There are massive backdoors, tho on android too. How do you think Pegasus works
you could have at least picked a different cyberwarfare company…
by that logic, every OS under the sun has massive backdoors. bugs exist, man. my point was that for the average person, a fully-patched ithing is going to be among the more secure options.
wasn’t Pegasus attack vector sms how is it a OS issue if its a protocol its the same as saying Linux is insecure because xmpp had a vulnrabilty and allowed remote access
<img alt="" src="https://discuss.tchncs.de/pictrs/image/55554ba4-e1c4-4b21-a8c8-1a5c0a9735b8.gif">
Yes and no. It’s certainly better than stock android. You won’t find anyone who says otherwise. But it creates unnecessary dependancies on apple’s ecosystem and Apple can’t be trusted. Nothing with shareholders can be trusted. Apple might be an ally today but they are a US based-company operating within the confines of what the US will let it do.
All their cloud services are pretty poorly protected too. Every year or so me and my friends will find Chinese gibberish entries in our calendars that link to phishing sites. These get cleaned up eventually but it proves that Apple is lying about not being able to access your shit.
I’m planning my exodus from the Apple ecosystem and looking at grapheneOS but I’m still in the skeptic stage. I have lots of cloud decoupling to do and my self hosting ambitions are big so at the moment my iPhone isnt the biggest priority to change out.
But I absolutely do not trust it.
Grapheneos is surely better privacy and security wise
Not by default.
it maybe secure. Sending your privacy information securely to the server and sharing with ad companies
I don’t undurstand how Graphene can bigger than Linux on this list.
The size on the list does not matter. I resized them so they could fit better on the page.
Yes but you could have used only graphene logo, it’s too big
I wanted to show that it is a mobile OS for those who are unaware
Lol proton vpn
What’s wrong with Proton VPN?
They’re pro-Trump
There are no alternative options for me, as a free user.
that’s fine for now. Mullvad is very affordable though.
I’m aware. I will use it when i finally decide to pay for even more privacy.
I2P and postman are free.
How does that effect their privacy/security?
It means they don’t understand privacy very well so they’re probably going to do a bad job at it
The Proton CEO is quite active in twitter and participates in podcasts. Well, one day he praised one action of the Trump administration on antitrust and a whole community attacked him for “praising Trump” when he did only a nomination for Attorney General for the Antitrust division. I highly doubt he is a MAGA supporter and listening to him for 30min on any of the multiple appearances he was on, will confirm you that. Several things concerns me on Proton, the CEO’s ideology ain’t one of them.
Unrelated to this, I wish people was more forgiven of Trump voters, it is not the monolithic the Left tries to portray it is. Trump sold himself as fighting the establishment, being anti-war and pro-antitrust (many small business owners supported him). People voted for him even suspecting he most likely was lying. Many people, both in 2016 and 2024, voted for Trump because Hillary was very pro-war (for instance she say she would attack Russian military directly in Syria) and Kamala proudly said she would not change anything on Biden’s policy in the middle of Gaza’s massacres. MAGA has many racists, many! (Democrats has is share too, but usually quieter but one can notice them at the grocery stores!) But what made Trump win was desperate disfranchised Americans with no other alternatives that promised Change. Europeans should keep quiet too… in the last elections they voted as different as they could demanding change to end up with Ursula von der Leyen for another term. Democracies in both sides of the Atlantlic are heavily ill and people, in desperation, vote for whoever promises change, independently of anything else.
Be prepared to accept accusations of being a fascist Nazi for saying this. You’re right, but Lemmy is so extreme on this subject, that if you aren’t with the majority, then you’re an evil nazi pig–regardless of reality.
I still get accused of it and all I did was vote third party in the election. 9 months ago! lol
Screw me! I feel bad because instead of welcoming those now disenchanted MAGA, we are shunning them away and pushing them toward Musk’s new party and the like. We did same mistake after Trump’s 1st term too.
Agreed. Lots of missed opportunities, and Lemmy is also shunning away their allies against Trump by overusing the words Nazi and Fascist to describe every poster that disagrees with Democrats. My gf, who is very very anti-Trump, lasted on Lemmy one day. One day!
She said it was way too hateful and political. lol
I feel bad even recommending it to her, and I don’t recommend it to any of my friends anymore.
Lemmy will die in a few years because of it’s extremism. It’s already slowing down. But I’ll ride it to the end to prove to people that they didn’t bully me off of it. :)
Let me know if you find a better venue… I am also disappointed in Lemmy. Is it so hard to find a place where people try to understand why things are one way and another before slapping each other.
I’d lived in a very swing state, in a very swing county and thanks to that predicted elections like no pollster did (even Trump in 2016 as he came down a escalator and every media laughed at him)… I saw no more malice in an average Trump voter than a Kamala one, I find a portion of them both as equally racist (some 30% I would say), one just is more vocal and explicit while the other chooses to express the racism passively aggressive… Two black family moved into our street and one Trumper told me that he does not like the “blacks in front” and a long time Democrat neighbor told me instead… that she was going to move to a better school district “because demographics”… what is the difference?
I still love Lemmy, and my main Lemmy instance. But ugh, everything is getting so political and extreme everywhere. I’m trying to transition into just posting my writing and staying in writing communities, but my reputation proceeds me (still no regrets and I still believe in everything I said) and things can downgrade pretty quick.
And if I came up with an alt name, people would recognize my writing and say I was ban-evading.
So ugh, we’ll see. I’m trying to just stay out of everything political, but people mention my fucking name all the time anytime someone talks about “trolls.” And I never back down when I get false accused. lmao
I see how you feel with your Peertube song.
Of course, Lemmy is an amazing FOSS tool, just sad many people (if so) are a bit toxic… Of course, I was blamed in the past as troll, bot, pro-putin, pro-china, pro-european, pro-american… and few actually get involved in a insightful conversation. The way i see it, Lemmy (or any of these mediums) are just entertainment and our work should be in the real world, with your neighbors and physical communities.
haha, thanks! Yeah, I was feeling creative that day. I figured, “Hey, I should make a Lemmy song!” You reminded me of it, so I posted it to a nerdcore comm just now. lol
I’m with ya. I LOVE the decentralized nature and concept of Lemmy. Just wish some of the more extreme rhetoric would die down. Because this would make a great creative space. People should def not take it quite so seriously and spend more time outside.
But as an aside, I just had a talk with one of the admins for my instance, and it was a great convo and they are supported of creatives here. So right now, feeling good.
I think the issue is that too many people think they can social-media post their way back to the Biden-era. Although in this particular Lemmy instance there’s also the pro-Russia stuff (that’s a different beast, and I don’t know where it comes from).
There’s no solution to our political crisis that doesn’t involve touching grass.
Stop having rational discussions. This is Lemmy.
Good point! I forgot where I was for a sec.
The post is about security /privacy, the non American ceos political opinions don’t impact that. Proton is still a good VPN/mail provider
Still secure
VPN services aren’t for security they’re for getting around regional blocks. If you want privacy build your own. But even then youll still be tracked
They are multipurpose. You can’t deny using a VPN over no VPN increases anonymity
Incorrect. It just means someone has to throw money at proton to get that data instead of throwing at ISPs and marketing nuts. They are subject to the same capitalistic pressures as anyone else.
I2P needs more torrents and more people.
You’re just letting another party harvest your browsing habits.
Torrenting over VPN service is also dumb. Why bother just get a seedbox that accepts xmr
Seed boxes are also dumb. You are making a honeypot for yourself that can be monitored by the hosting provider.
You’re just letting another party harvest your browsing habits.
vpns are not anonymous just instead of your isp getting your internet traffic the vpn does theres also not a real way to verify what there doing on there servers unless your sitting inside of the datacenter monitoring it vpns where never supposed to be anonymous
where’s the shovel and double-ziplocs to bury your cash, silver, gold, platinum, and palladium? or the zippo to burn your prints off? get on my level, ho
You may be interested in this infographic instead ;)
Hey! I resemble this remark!
What’s with the diss on Malwarebytes?
Mainly because it’s proprietary, privacy invasive by nature, and invasive on computers.
Proprietary sure, but how is it privacy invasive let alone invasive on computers?
What non-proprietary option is there? I can’t think of a single antivirus option which is actually remotely decent which is open.
ClamAV is an open source antivirus, but I would recommend against using an antivirus altogether due to their invasive nature. You shouldn’t need one with proper sandboxing and isolation.
ClamAV is slow to get updates and frankly not a great tool to use. AV is a must as isolation and sandboxing are only as good as the next exploit. Not too mention scams like phishing are not stopped by isolation.
It’s also a shit product riding on marketing laurels from its past glory days, like Norton. It leaves pieces behind that can cause malware to come roaring back.
It isn’t hard to just nuke a system or restore a backup people.
Assuming that your backup isn’t also infected.
They’re taking it too seriously lol
I’ll go further than this and say that true security is where everybody has support enough to not want to steal your shit, hack you etc.
Yeah corporations and governments are still a problem, for now, but both of the above parties would be far more secure if they did mutual aid, supported progrms to help the impoverished etc etc.
Basically having a collective approach to security and not such a myopic individualistic one.
lol. lmao, even.