- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
This is original content. AI was not used anywhere except for the bottom right image, simply because I could not find one similar enough to what I needed. This took around 6 hours to make.
Transcription (for the visually impaired)
(I tried my best)
The background is an iceberg with 6 levels, denoting 6 different levels of privacy.
The tip of the iceberg is titled “The Brainwashed” with a quote beside it that says “I have nothing to hide”. The logos depicted in this section are:
- Apple
- TikTok
- PayPal
- Google Chrome
- CashApp
- Samsung
- Steam
- Microsoft Windows
- Ring (Security Camera)
- YouTube
- Amazon
- Discord
- Gmail
- ChatGPT
The surface section of the iceberg is titled “As seen on TV” with a quote beside it that says “This video is sponsored by…”. The logos depicted in this section are:
An underwater section of the iceberg is titled “The Beginner” with a quote beside it that says “I don’t like hackers and spying”. The logos depicted in this section are:
- Telegram
- Authy
- Brave Browser
- Privacy.com (Virtual Cards)
- DuckDuckGo
- iMessage
- Proton Mail
- AdBlock (Browser Extension)
A lower section of the iceberg is titled “The Privacy Enthusiast” with a quote beside it that says “I have nothing I want to show”. The logos depicted in this section are:
An even lower section of the iceberg is titled “The Privacy Activist” with a quote beside it that says “Privacy is a human right”. The logos depicted in this section are:
- Monero
- GrapheneOS
- Vanadium (Web Browser)
- KeePassDX
- SimpleX Chat
- Accrescent
- SearXNG
- Aegis Authenticator
- OpenWrt
- Mullvad VPN
- An illustration of physical cash
The lowest portion of the iceberg is titled “The Ghost”. There is a quote beside it that has been intentionally redacted. The images depicted in this section are:
- A cancel sign over a mobile phone, symbolizing “no electronics”
- An illustration of a log cabin, symbolizing “living in a log cabin in the woods”
- A picture of gold bars, symbolizing “paying only in gold”
- A picture of a death certificate, symbolizing “faking your own death”
- An AI generated picture of a person wearing a black hoodie, a baseball cap, a face mask, and reflective sunglasses, symbolizing “hiding ones identity in public”
End of transcription.
You must log in or register to comment.
Iceberg of the year! Btw I would place tiktok the 1st over all softwares in layer 1.
I am apparently the privacy activist (not using Monero, SimpleX Chat, Degoogled Chromium, or Keypass, though). I do use uBlock Origin (Gecko ffs!) and Bitwarden (self-hosted Vaultwarden). Unfortunately, I am using Telegram, but trying to move all my contacts to my own Snikket server. It’s a very slow process.
I think this is the first time I’ve seen an iceberg meme with sources and explanations for each item. Fantastic. Your work is appreciated.
To be honest, and it wouldn’t work here, but I sometime enjoy the cryptic nature of iceberg memes at the lower ranks. It’s like a scavenger hunt.
Iceberg explanations are a whole Youtube genre, though - it’s such a convenient narrative structure.
I love this! May I share on my blog and with my newsletter subscribers at Punching Up Press? We’re probably in boxes #2 and #3, with a lot of readers starting off in box #1.
On the 5th layer I’d add NitroKey or YubiKey to remind people that in addition to software you can have physical tokens too.
I considered adding security keys, but I ran out of space and couldn’t decide on a “de facto” brand
IMHO with these 2 you cover most.
The only thing stopping me from being ‘the Activist Group’ is that Mullvad requires payment. Sorry, but I’m running a little tight on budget.
At the same time, I can’t use Proton VPN for torrenting.
Brave 🤮🤮🤮
deleted by creator
Apple: “Brainwashed”
iMessage: “Beginner”
Well which one is it?
Talk about high effort content holy shit
Also my toxic trait is that I use stuff from every single tier
I feel that I2P is missing somewhere in here too.
The problem with mullvad is a lot of its IPs are flagged as bots or denied around the web. Is there a good VPN that will still give access to most of the web?
I’ve never had that issue with Mullvad unless it was for a streaming app.
Sometimes I get detected and it makes me do a cloud flare “I’m not a robot” page.
I just got Mullvad again and the main site I get flagged on is reddit. Which I wouldn’t care but the state of search is so abysmal that I still regularly have to query reddit to find what I’m actually looking for (for some types of info anyway). It’s fine though, there’s some mullvad servers that haven’t been flagged yet so I just server hop as needed. Less convenient, but not terrible
LibRedirect works for me
LibRedirect + Libreddit instances is fantastic.
Honestly, Reddit is one of the few services that can be redirected easily now. Invidious, Freetube, NewPipe, etc. is constantly being nuked by Youtube, and while Twitter redirects are still alive, they were dead for a short period, ProxiTok never works, nor does Proxigram instances…
Oh yeah! Reddit does that? But I just login with a throwaway account.
Sometimes after logging in, it will say there was a problem or just reload the login page.
If that happens just click login again and it will load normally.
Yeah, it’ll give me one of these screens with most mullvad servers. I don’t really interact on reddit anymore so I refuse to log in even with a throwaway (on my phone at least). Maybe there’s something to it, maybe it’s my own silly little battle against rude web design 😅
Try a Reddit mirror like RedLib, i.e. https://redlib.privacyredirect.com/
when this happens, just hit “reconnect” on the VPN and refresh - usually after one or two reconnects Reddit won’t have blocked that IP yet, IME
It’s so cringe how they make everything cutesy
Reddit is the ONLY website I use that outright denies me entry from my VPS (unless you count the “sorry we’re not available in Europe because we’d have to abide by GDPR”). Even Youtube lifts the ban after waiting for a while!
Interestingly enough, Reddit - the only website I use that denied me entry from my VPS - doesn’t block Tor at all.
Interesting, I’ll have to try that out!
If you’re Privacy Activist tier, that CF CAPTCHA should spin infinitely. Otherwise, you’re being fingerprinted.
I’ve been running into this a lot with Proton, too.
Gotta use less popular locations close to what you need. As a german I have mostly been using Finland and other smaller eastern European countries, those generally work just fine. Germany itself barely ever.
I’ve had fewer issues when using servers in Asia.
Those are mutually exclusive.
Just avoid those shitty websites that don’t respect their user’s privacy.
Weird how Apple and iMessage are not in the same category. How do distrust apple’s privacy claims but trust iMessage?
How the heck is TOR less secure than any of the vpns? Also nice vpn psyop/ad.
Can you explain why you would think Steam is so bad? I would argue they’re pretty fair, especially with the option to buy steam cards for cash to not disclose your personal data. Does the client do some unsavory shit?
Seeing steam at the top makes me question the list. Likely a hate of DRM rather than privacy
Yeap, and Brave in the middle. They only pretend they are for privacy, but they are the very opposite.
Yeah i hate when I see people using Brave, because they have been brainwashed.
Does anyone remember when they were injecting their own referral links into links for online stores (99% certain they did this pls prove wrong if you know better)? This alone leaves them with 0 trust in my books.
Brave is and always has been gross. Never understood how they’ve been so successful at tricking people into installing it.
OP replied in another comment its because “firefox is not secure” https://lemmy.dbzer0.com/post/43710170/18564861 :
[…] Chromium-based browsers aren’t all bad, such as Vanadium or Trivalent, so people sometimes feel more comfortable sticking with what seems familiar (coming from Chrome).
In another reply parents to this one:
LibreWolf is far from secure, as it is based on Firefox and so comes with the same security issues. If you meant to say privacy and not security, the reason nobody makes high threat model browsers for Windows is because Windows itself is not private and it would be a losing battle.
So OP is saying it’s not private nor safe? I get what some people are saying of Firefox constantly changing Terms of Services but that’d be in regard to privacy not security and OP tries to argue not being safe which his iceberg also implies in terms of privacy not being good too. Yeah, LibreFox’s ToS isn’t the same as Firefox’s ToS and his counterarguments to Firefox and Firefox-based on replies is Chrome-based browsers exclusive to niche OSes (also OP don’t even try arguing Brave on comments so probably just trying to rage-bait with every opportunity). I’d love OP to argue using the examples he used in the iceberg. So many discourse incosistencies along with the iceberg. Also OP FYI while privacy does not mean secure, lack of privacy could mean security risks in some cases.
and then Tor so high up, unless you’re hell bent on leaving 0 traces that thing is a pain to use, can’t have it maximalised, pages load sometimes minutes at a time, no addons, just suffering. nobody sane uses that thing for more than the occasional trip to whatever deep web market is not yet exit scamming
They’re not the very opposite. They have done wrong things, just like Mozilla. Doesn’t make them Google though.
They are not “just like” Mozilla.
That’s not what I wrote
Also, please stop with the Mozilla praise
You seem unaware of the bullshit they do. They’re not clean at all.
Yeah. All the issues, even small and quickly-resolved ones, paint a picture - that they are eager to disrespect users’ consent.
No epic store and brave is not on the top…
Their bottom line is gold, this should tell you everything you need to know about the creator of the meme.
it also has a log cabin… and Log Cabin is a maple syrup brand… and maple syrup is from maple trees… and maple leaves are on Canadian flags… so… a snowman?
Agree. Steam doesn’t even save your birthday, and asks for it every time
They legally have to.
It might be there because there is a lot of data associated with the steam account, especially the community part of it, e.g.:
- Recorded playtimes
- Times and dates when you are regularly logged in
- Possession of games which are precisely tagged by genre/interests/etc.
- On which time and date you spent how much money (participation in sales in the steam store)
- Timestamped posts and comments in groups based on various interests etc.
- Curators/devs/publishers you follow
- Your game wishlist
- Connection and interaction with other steam accounts (friends list, chat, trades, gifts)
All this can be used to create a very detailed behaviour profile and accurately deduce the social status of the real person who uses the account. Maybe the data isn’t misused and it’s just there so the features can actually exist.
Personally, I doubt Valve actually does this as expansive and invasive as other big tech companies. I’m pretty sure they at least aggregate anonymised data to measure how e.g. their sales perform, which game to promote on the store front page etc.
But we can’t be sure because it’s not public.
i don’t think valve does much with the data even internally. if they did at least the game recommending queue would be slightly accurate. instead i have to manually blacklist tags for it to stop showing me things i’m just deeply uninterested in. like yes Mr. Valve my steam library of RPGs, puzzle games, and open world sandboxes clearly profiles me as someone who’d be interested in the newest Fifa game every year, sure buddy
I think they changed the name in the newer versions so surely you’ll be interested now!
now you say it, maybe it’s my clicker games that make Valve think i’d like to buy a game where the point seems to be that the number in the title goes up by one every year
Yes but my point was that I believe they changed the name from FIFAYY to FCYY (and I think raised the price).
woah! the innovation!
No. And also chrome is somehow at the bottom of this list, I don’t care if it’s chromium or vanadium, it’s still chrome.
Chromium-based browsers have arguably better security than Firefox. https://madaidans-insecurities.github.io/firefox-chromium.html
Vanadium further improves Chromium’s security by disabling the JS JIT Compiler, using a hardened memory allocator (GrapheneOS hardened_malloc) enabling ARMv8.5 MTE, and applying other hardening patches (https://github.com/GrapheneOS/Vanadium/tree/main/patches).
The secureblue project maintains a hardened Chromium build for Linux called Trivalent, which uses most of the patches from Vanadium, among others. You can get it from their repo: https://repo.secureblue.dev/secureblue.repo
I really wanted to include Trivalent, but I didn’t want to seem too Chromium-oriented and start a flame war.
You could add secureblue. I would put it in the same category as GrapheneOS and Vanadium.
An issue arises with that. Linux is fundamentally insecure, as you are likely well aware if you use secureblue. secureblue is designed to be as secure as possible while still being Linux, and so is still bound by the same constraints. Qubes OS is not a distro, so it (should be) more secure, but it is an absolute pain to use. Furthermore, Qubes OS emulates Linux distros, so the question becomes “Why not just emulate the most secure Linux distro?” which is either Whonix or secureblue depending on who you ask. Is that more secure than running secureblue on bare metal? What about GrapheneOS used in desktop mode? And what about emulating Linux inside of GrapheneOS using the Linux terminal? There are plans to use multiple distros inside of the terminal, so what about secureblue inside of GrapheneOS?
The whole situation spirals out of control. I know this iceberg chart isn’t ranking security, it’s ranking what software people generally use for each experience level, but neither secureblue nor Qubes OS would fit nicely in any category. You can read this post for more of my thoughts about this mess.
I know about the security issues in desktop Linux, but I still think secureblue fits that level of the iceberg pretty well. I would put Qubes there as well.
It’s Vanadium, a fork by the people from GrapheneOS. You could say the same about Graphene, that it’s still Android, but reality is more complex.
When I first installed GOS, wanted to like Vanadium. Went right back into a FF fork+UBO once I saw that while its blocklists did stop ads themselves on TvTropes, it did nothing to the HTML elements that contained them so it left big ugly white boxes visible.
Vanadium is focused on security and privacy, but not much on adblocking. For that reason I use Cromite, which is much better blocking ads while keeping good security policies.
afaik the client does collect a bunch if data, most (all, i think? but not a 100% on that) of which is opt-in.
they do need stuff like IPs for internet related features.
telemetry wise there’s the steam hardware survey, which is opt-in, and it asks every single time it attempts to collect your systems hardware and OS information. this could technically be identifying information, but since it’s opt-in it’s not a privacy violation and it’s entirely optional. (plus it’s super useful for all involved: users, devs, and steam. it’s kind of a win-win and straight up necessary info for devs to know which hardware they should optimize for)
they might be putting it at the top because steam has native support for DRM?
but that’s also weird, because DRM isn’t a privacy violation. it’s a shitty practice, barely does anything, barely works, and keeps breaking or hobbling otherwise perfectly good games, all of which is shitty, but it’s little to do with privacy. and the dev has to specifically opt-in and integrate it as a feature…unless they’re thinking of 3rd party DRM that can be waaay more intrusive, like Vanguard… THAT’S a privacy and security nightmare just waiting to blow up in people’s faces.
otherwise…i haven’t really heard anything bad about steam privacy wise?
doesn’t mean that there’s nothing to be concerned about, but i feel like there’d been some news about it if there was…
