The Privacy Iceberg

This is original content. AI was not used anywhere except for the bottom right image, simply because I could not find one similar enough to what I needed. This took around 6 hours to make.

Transcription (for the visually impaired)

(I tried my best)

The background is an iceberg with 6 levels, denoting 6 different levels of privacy.

The tip of the iceberg is titled “The Brainwashed” with a quote beside it that says “I have nothing to hide”. The logos depicted in this section are:

The surface section of the iceberg is titled “As seen on TV” with a quote beside it that says “This video is sponsored by…”. The logos depicted in this section are:

An underwater section of the iceberg is titled “The Beginner” with a quote beside it that says “I don’t like hackers and spying”. The logos depicted in this section are:

A lower section of the iceberg is titled “The Privacy Enthusiast” with a quote beside it that says “I have nothing I want to show”. The logos depicted in this section are:

An even lower section of the iceberg is titled “The Privacy Activist” with a quote beside it that says “Privacy is a human right”. The logos depicted in this section are:

The lowest portion of the iceberg is titled “The Ghost”. There is a quote beside it that has been intentionally redacted. The images depicted in this section are:

  • A cancel sign over a mobile phone, symbolizing “no electronics”
  • An illustration of a log cabin, symbolizing “living in a log cabin in the woods”
  • A picture of gold bars, symbolizing “paying only in gold”
  • A picture of a death certificate, symbolizing “faking your own death”
  • An AI generated picture of a person wearing a black hoodie, a baseball cap, a face mask, and reflective sunglasses, symbolizing “hiding ones identity in public”

End of transcription.

  • recklessengagement@lemmy.world
    1061·
    24 days ago

    I think this is the first time I’ve seen an iceberg meme with sources and explanations for each item. Fantastic. Your work is appreciated.

  • nossaquesapao@lemmy.eco.br
    91·
    23 days ago

    Funny how you need more and more technical knowledge to go deeper into privacy, until the last level, which is basically giving up on technology itself.

    • The 8232 Project@lemmy.mlOP
      471·
      23 days ago

      “As seen on TV” does not imply privacy, it just implies a large advertising budget. These are software that market themselves as private (and are sometimes better than nothing at all) but may still be just as bad as software on the tip of the iceberg.

    • zarkanian@sh.itjust.works
      2·
      23 days ago

      A man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017.

      Did AI write this?

  • mmhmm@lemmy.ml
    421·
    24 days ago

    I was at the bike shop a few weeks back and a ghost walked in. He came in wearing a medical mask covered by a bandana, sunglasses, cap. They wore gloves, long sleaved pants and shirt.

    First question from staff, ‘this a robbery?’

    Ghost, ‘no, I just need 27 2.5 tubes, miss.’

    They get the tubes, he agrees. Staff asks if he has an account. Ghost says, “nope, why would I need one?” Staff says they do it for records, insurance claim assist, and discounts. Ghost goes with a John Doe, pays cash and peaces the fuck out.

    Total King, but dude was given up a lot. Half of us were drinking beers enjoying a warm evening in spring. I hope he has had some good rides.

    I can say with confidence thay he was a white male. In his 50s. About 5’10". 140 lbs-ish. If anyone wants to get any tips, good luck!

      • Broken@lemmy.ml
        18·
        23 days ago

        I’m no ghost, not even close. Be careful though, “what’s the point?” Is essentially the question everybody asks at every phase of that iceberg diagram.

        A possible answer to your question though, is that even if the state doesn’t know or care about him today that might change tomorrow.

        That’s not my threat profile but it’s a valid one.

        • mmhmm@lemmy.ml
          11·
          23 days ago

          I’d have guessed white nationalist if it was anywhere but a bike shop

            • mmhmm@lemmy.ml
              8·
              23 days ago

              Exactly right. My bad. Thanks for the reminder. Geography and majority opinions in the area were coloring my perspective but are not relevant

      • mmhmm@lemmy.ml
        7·
        23 days ago

        Speaking as a former kid of rural america you would be doing the lords work, friend

  • 𝕨𝕒𝕤𝕒𝕓𝕚@feddit.org
    34·
    23 days ago

    I have no clue why telegram is often mentioned when it comes to “privacy focused messaging”. They don’t even have e2e encrypted group chats. Only 1:1 chats may be encrypted as an opt-in. Even WhatsApp is more secure than that, since they use signals encryption.

    Also the “we don’t give out even a byte of data to anyone” statements made by telegram have been thoroughly debunked as lies. When telegrams bottom line is in danger, they have and will give out your data.

    • Bazoogle@lemmy.world
      10·
      23 days ago

      Yea, telegram being advertised as a privacy messenger is a joke. If people want to have group chats like in discord and don’t care about privacy, whatever. But to try and flaunt how privacy focused you are while using your own home-brewed encryption is a joke. Not to mention the fact you have to turn it on for every chat you want end to end encrypted.

      The whole thing about not giving out data is really only accomplished by spreading user data across several countries. So you would have to get a search warrant from every country to get the data, relying on some countries not wanting to cooperate with other countries. That is not real security. Real security would be encrypting it so you literally couldn’t give them the data, even if they had a search warrant. Ya know, like signal.

      • SirPea@lemmy.dbzer0.comEnglish
        1·
        22 days ago

        Even Threema is more secure than Telegram, this iceberg is messed up and missing a lot of things and some inconsistencies. You could say it’s not free but so isn’t mullvad and it’s in the iceberg.

    • ReversalHatchery@beehaw.orgEnglish
      8·
      23 days ago

      well that section has a few not so effective services, like authy, and imo brave and adblock, to depict what people believe at that point. and telegram probably gets to be there because it’s not the usual big tech companies, and it seems fine, even if unencrypted.

      Only 1:1 chats may be encrypted as an opt-in.

      and only on the phone app

      • The 8232 Project@lemmy.mlOP
        81·
        23 days ago

        well that section has a few not so effective services, like authy, and imo brave and adblock, to depict what people believe at that point.

        Yes, this is the exact reason Telegram was put there. I even see Telegram recommended alongside Signal, despite the privacy risks.

    • Undertaker@feddit.org
      4·
      23 days ago

      WhatsApp claim to use this. They do not show their code nor did they do any kind of audit. Therefore we have to assume that there is no encryption.

      • ReversalHatchery@beehaw.orgEnglish
        2·
        22 days ago

        or that some part of the encryption, like key handling is flawed. also, considering they have an RCE vulnerability every year, I wouldn’t be surprised if the encryption keys could just be stolen remotely.

        we also don’t know if facebook has implemented some kind of analytics for message content, sent files and media.

    • JiminaMann@lemmy.world
      1·
      22 days ago

      Just curious, does telegram keep a log of our msgs? Im guessing right now, mitm attacks doesn’t work since tls exists, but telegram can still read the msg cuz it’s not e2e?

  • neuroneiro@lemmy.world
    342·
    23 days ago

    Was going to say links or it never happened but you provided them! And categorized by level! Excelsior!

    Thanks also to the comments giving more information.

    So grateful for this platform. For the most part.

      • wolfinthewoods@lemmy.mlEnglish
        5·
        23 days ago

        So what’s the deal with i2p? I heard it was a more secure alternative to vpns, I downloaded it but I haven’t been motivated to figure out how to set it up on Linux.

            • sploodged@lemmy.dbzer0.com
              3·
              23 days ago

              as a darknet it’s more secure than tor, but less people use it so less anonymous. the benefits are really for using in-network services there, not so much for accessing the clearnet, though you’ll find clearnet things bridged to i2p

                • sploodged@lemmy.dbzer0.com
                  1·
                  18 days ago

                  to remain secure from outside observers is the main goal, the i2p network is much more secure than tor or a vpn, though it does a good job protecting you from others on the network too.

            • swelter_spark@reddthat.comEnglish
              3·
              22 days ago

              In some ways I2p is more secure, but it has its own pros and cons. It’s primarily used with services & sites within its own network, similar to onion sites, and used that way it’s said to be faster than Tor. It can be used for torrenting with a client that supports it, like qBittorrent or BiglyBT, without harming the network. There are outproxies you can use if you want to anonymize access to normal websites, but there’s only a few of them, and it’s slow. You can have it and Tor running at the same time without them interfering with each other, though.

              • wolfinthewoods@lemmy.mlEnglish
                1·
                19 days ago

                So, it sounds like you’d be better off just running Tor or a vpn unless you have a specific use-case for i2p. I looked briefly at the install instructions, but it seemed to be like it would be a hassle to initially setup on my linux build.

                • swelter_spark@reddthat.comEnglish
                  1·
                  17 days ago

                  I think that would be fair to say. I mostly run it to contribute to the network, so that other people can communicate or share files more privately. (On OpenSuSE, it can be installed from the repo and just run with no special configuration.)

  • jagged_circle@feddit.nlEnglish
    302·
    23 days ago

    I give workshops on privacy. I always tell them that if they get nothing else out of my presentation, its that they should use a password manager.

    Honestly I think keepass should be beginner. That comes first before everything else.

    Also I think Tor Browser should come before VPNs. Its free and easier to use than VPNs (for when you want to google something secret and don’t want to be tracked. Most beginners are selective like that)

    • Bazoogle@lemmy.world
      81·
      23 days ago

      Why keepass and not Bitwarden? Wouldn’t bitwarden be more user friendly for trying to ease people into secure technologies?

      • jagged_circle@feddit.nlEnglish
        4·
        23 days ago

        Bitwarden had some security issues historically. I generally recommend using software for password managers that isn’t internet connected.

        My keepass trainings involve generating a veracrypt encrypted USB drive (for windows and Mac users) for storing a backups of their keepass file. I also recommend they upload it to whatever cloud storage they use (google drive or iCloud usually)

        • Bazoogle@lemmy.world
          5·
          22 days ago

          Bitwarden had some security issues historically.

          What security issues? If you mean potential security vulnerabilities researcher found that they’ve patched, I don’t understand how that would be different from Keepass and their previous security vulnerabilities. Bitwarden has never had a security issues historically that I know of. Lastpass, on the other hand…

          I generally recommend using software for password managers that isn’t internet connected.

          I also recommend they upload it to whatever cloud storage they use

          I also really don’t get these two. They seem to contradict each other.

          I usually recommend bitwarden, where they can use the browser extension and mobile phone app. It gives them autofill features on all their sites. Getting someone to change their passwords and use a password manager is already difficult enough. Giving them the most convenient option is going to make it more like they stick with it.

  • LeTak@lemm.ee
    25·
    24 days ago

    Tried the Privacy Activist and Enthusiast section. Was not really fun and you loose connection to most of your friends and family. Now I have a balanced setup with something out of each layer. Perfect balanced, as things should be