I know there are plenty of software missing from here. This is just a fun infographic I made, no need to take it seriously :)

@lock@lemmy.ml
link
fedilink
2
edit-2
18d

How is iCloud not secure or privacy focused? You make no sense with this list. iOS is insanely secure compared to stock android.

Apple’s closed off ecosystem should not be considered privacy focused. We have no idea what’s going on behind the scenes. NSA back doors, probably.

OP would not recognize a threat model if it bit him in the ass.

The hardest online privacy is not operating in a way that just links all your “private” activity because you logged in around enough places to link them together and at least one place somewhere can be linked to your real identity

c1a5s1c
link
fedilink
319d

what’s Anubis?

The 8232 Project
creator
link
fedilink
819d

A tool to slow down web crawlers (instead of making you solve captcha puzzles)

Anubis is so lightweight you’ll forget it’s there until you look at your hosting bill.

I don’t know if they realize this is implying it’s onerously expensive, lol.

What’s nuts is that what made Anubis’ author go down that path was Amazon Bot (I remember precisely because they are the bot that also blew up my logs and thus forced me to take action against LLM scrappers) and… a significant share of the Web is hosted on AWS. So… Amazon is actually probably MAKING money by scrapping, no matter how inefficiently. I already hated Amazon but this is even worst than I imagined. It’s probably not by design, to be fair, but it’s also probably not something they’ll invest into “fixing” as it’s making them money. What an absolute human centipede situation.

That amused me, too.

I think it plays fine for the intended audience, though.

For the folks looking into Anubis, that line plays well - because hosting costs are driven up by the kinds of spam bot visits that Anubis slows down.

proton VPN

lol. lmao, even.

What’s wrong with it?

proton has already shared user details with authorities.

kadu
link
fedilink
819d

deleted by creator

@pyre@lemmy.world
link
fedilink
-1
edit-2
19d

except they shared an IP address of an account even though they state “No personal information is required to create your secure email account. By default, we do not keep any IP logs which can be linked to your anonymous email account. Your privacy comes first.” on their homepage

If I understood correctly from Proton’s privacy policy, VPN does not log IP addresses but at least in some circumstances Mail does. This is from their privacy policy:

Due to limitations of the SMTP protocol, we have access to the following email metadata: sender and recipient email addresses, the IP address incoming messages originated from, attachment name, message subject, and message sent and received times.

One thing must be remembered: Even Proton must follow the law and rules.

kadu
link
fedilink
119d

deleted by creator

It’s right there in your copy-paste my dude, “BY DEFAULT”.

The jackass(es) who actually was at risk went the extra step to enable IP address logging, which means that when Proton had to comply with a lawful court order, they actually had data to give.

Proton is a company like any other that has to comply with laws in the country they operate in, but unlike a lot of other companies, they don’t log data UNLESS YOU ASK THEM TO.

Moral of the story is, like has oft been repeated, know your threat model and plan appropriately.

I’ll go further than this and say that true security is where everybody has support enough to not want to steal your shit, hack you etc.

Yeah corporations and governments are still a problem, for now, but both of the above parties would be far more secure if they did mutual aid, supported progrms to help the impoverished etc etc.

Basically having a collective approach to security and not such a myopic individualistic one.

What’s with the diss on Malwarebytes?

The 8232 Project
creator
link
fedilink
19
edit-2
20d

Mainly because it’s proprietary, privacy invasive by nature, and invasive.

They’re taking it too seriously lol

It’s also a shit product riding on marketing laurels from its past glory days, like Norton. It leaves pieces behind that can cause malware to come roaring back.

It isn’t hard to just nuke a system or restore a backup people.

Assuming that your backup isn’t also infected.

Proprietary sure, but how is it privacy invasive let alone invasive on computers?

What non-proprietary option is there? I can’t think of a single antivirus option which is actually remotely decent which is open.

The 8232 Project
creator
link
fedilink
420d

ClamAV is an open source antivirus, but I would recommend against using an antivirus altogether due to their invasive nature. You shouldn’t need one with proper sandboxing and isolation.

ClamAV is slow to get updates and frankly not a great tool to use. AV is a must as isolation and sandboxing are only as good as the next exploit. Not too mention scams like phishing are not stopped by isolation.

spv.sh
link
fedilink
2420d

where’s the shovel and double-ziplocs to bury your cash, silver, gold, platinum, and palladium? or the zippo to burn your prints off? get on my level, ho

Universal Monk
link
fedilink
220d

Hey! I resemble this remark!

The 8232 Project
creator
link
fedilink
520d

You may be interested in this infographic instead ;)

krolden
link
fedilink
420d

Lol proton vpn

Still secure

krolden
link
fedilink
8
edit-2
20d

VPN services aren’t for security they’re for getting around regional blocks. If you want privacy build your own. But even then youll still be tracked

They are multipurpose. You can’t deny using a VPN over no VPN increases anonymity

Drunk & Root
link
fedilink
220d

vpns are not anonymous just instead of your isp getting your internet traffic the vpn does theres also not a real way to verify what there doing on there servers unless your sitting inside of the datacenter monitoring it vpns where never supposed to be anonymous

krolden
link
fedilink
120d

You’re just letting another party harvest your browsing habits.

Incorrect. It just means someone has to throw money at proton to get that data instead of throwing at ISPs and marketing nuts. They are subject to the same capitalistic pressures as anyone else.

I2P needs more torrents and more people.

krolden
link
fedilink
020d

Torrenting over VPN service is also dumb. Why bother just get a seedbox that accepts xmr

Seed boxes are also dumb. You are making a honeypot for yourself that can be monitored by the hosting provider.

krolden
link
fedilink
120d

You’re just letting another party harvest your browsing habits.

@Zetta@mander.xyz
link
fedilink
10
edit-2
20d

The post is about security /privacy, the non American ceos political opinions don’t impact that. Proton is still a good VPN/mail provider

What’s wrong with Proton VPN?

@edel@lemmy.ml
link
fedilink
520d

The Proton CEO is quite active in twitter and participates in podcasts. Well, one day he praised one action of the Trump administration on antitrust and a whole community attacked him for “praising Trump” when he did only a nomination for Attorney General for the Antitrust division. I highly doubt he is a MAGA supporter and listening to him for 30min on any of the multiple appearances he was on, will confirm you that. Several things concerns me on Proton, the CEO’s ideology ain’t one of them.

Unrelated to this, I wish people was more forgiven of Trump voters, it is not the monolithic the Left tries to portray it is. Trump sold himself as fighting the establishment, being anti-war and pro-antitrust (many small business owners supported him). People voted for him even suspecting he most likely was lying. Many people, both in 2016 and 2024, voted for Trump because Hillary was very pro-war (for instance she say she would attack Russian military directly in Syria) and Kamala proudly said she would not change anything on Biden’s policy in the middle of Gaza’s massacres. MAGA has many racists, many! (Democrats has is share too, but usually quieter but one can notice them at the grocery stores!) But what made Trump win was desperate disfranchised Americans with no other alternatives that promised Change. Europeans should keep quiet too… in the last elections they voted as different as they could demanding change to end up with Ursula von der Leyen for another term. Democracies in both sides of the Atlantlic are heavily ill and people, in desperation, vote for whoever promises change, independently of anything else.

Universal Monk
link
fedilink
8
edit-2
20d

I wish people was more forgiven of Trump voters, it is not the monolithic the Left tries to portray it is. Trump sold himself as fighting the establishment, being anti-war and pro-antitrust (many small business owners supported him)

Be prepared to accept accusations of being a fascist Nazi for saying this. You’re right, but Lemmy is so extreme on this subject, that if you aren’t with the majority, then you’re an evil nazi pig–regardless of reality.

I still get accused of it and all I did was vote third party in the election. 9 months ago! lol

Stop having rational discussions. This is Lemmy.

Universal Monk
link
fedilink
320d

Good point! I forgot where I was for a sec.

@edel@lemmy.ml
link
fedilink
320d

Screw me! I feel bad because instead of welcoming those now disenchanted MAGA, we are shunning them away and pushing them toward Musk’s new party and the like. We did same mistake after Trump’s 1st term too.

Universal Monk
link
fedilink
3
edit-2
20d

Agreed. Lots of missed opportunities, and Lemmy is also shunning away their allies against Trump by overusing the words Nazi and Fascist to describe every poster that disagrees with Democrats. My gf, who is very very anti-Trump, lasted on Lemmy one day. One day!

She said it was way too hateful and political. lol

I feel bad even recommending it to her, and I don’t recommend it to any of my friends anymore.

Lemmy will die in a few years because of it’s extremism. It’s already slowing down. But I’ll ride it to the end to prove to people that they didn’t bully me off of it. :)

@edel@lemmy.ml
link
fedilink
220d

Let me know if you find a better venue… I am also disappointed in Lemmy. Is it so hard to find a place where people try to understand why things are one way and another before slapping each other.

I’d lived in a very swing state, in a very swing county and thanks to that predicted elections like no pollster did (even Trump in 2016 as he came down a escalator and every media laughed at him)… I saw no more malice in an average Trump voter than a Kamala one, I find a portion of them both as equally racist (some 30% I would say), one just is more vocal and explicit while the other chooses to express the racism passively aggressive… Two black family moved into our street and one Trumper told me that he does not like the “blacks in front” and a long time Democrat neighbor told me instead… that she was going to move to a better school district “because demographics”… what is the difference?

Universal Monk
link
fedilink
320d

Let me know if you find a better venue… I am also disappointed in Lemmy.

I still love Lemmy, and my main Lemmy instance. But ugh, everything is getting so political and extreme everywhere. I’m trying to transition into just posting my writing and staying in writing communities, but my reputation proceeds me (still no regrets and I still believe in everything I said) and things can downgrade pretty quick.

And if I came up with an alt name, people would recognize my writing and say I was ban-evading.

So ugh, we’ll see. I’m trying to just stay out of everything political, but people mention my fucking name all the time anytime someone talks about “trolls.” And I never back down when I get false accused. lmao

@kaidezee@lemmy.ml
link
fedilink
0
edit-2
20d

I don’t undurstand how Graphene can bigger than Linux on this list.

The 8232 Project
creator
link
fedilink
820d

The size on the list does not matter. I resized them so they could fit better on the page.

Yes but you could have used only graphene logo, it’s too big

The 8232 Project
creator
link
fedilink
420d

I wanted to show that it is a mobile OS for those who are unaware

iOS is actually secure

it maybe secure. Sending your privacy information securely to the server and sharing with ad companies

Not by default.

Yes and no. It’s certainly better than stock android. You won’t find anyone who says otherwise. But it creates unnecessary dependancies on apple’s ecosystem and Apple can’t be trusted. Nothing with shareholders can be trusted. Apple might be an ally today but they are a US based-company operating within the confines of what the US will let it do.

All their cloud services are pretty poorly protected too. Every year or so me and my friends will find Chinese gibberish entries in our calendars that link to phishing sites. These get cleaned up eventually but it proves that Apple is lying about not being able to access your shit.

I’m planning my exodus from the Apple ecosystem and looking at grapheneOS but I’m still in the skeptic stage. I have lots of cloud decoupling to do and my self hosting ambitions are big so at the moment my iPhone isnt the biggest priority to change out.

But I absolutely do not trust it.

Every year or so me and my friends will find Chinese gibberish entries in our calendars that link to phishing sites.

D@mn! That was an absolute PITA. In my experience, my calendars and contacts never synced properly anyway so I went to the Proton ecosystem a few years ago.

Anyway, thank you for sharing. I only know one other person who had the same problem and we both thought we were going nuts.

Grapheneos is surely better privacy and security wise

Cool and who validates the code base for security vulnerability? And sends tons of packets related to tracking back to there servers?

spv.sh
link
fedilink
-320d

the codebase itself? besides XNU, nobody… but, given the immense amount of scrutiny placed on the software, if there was some magic backdoor (an intentional one, anyway, not talking about like NSO group RCEs 'n shit), don’t you think we’d know?

the average person doesn’t even know what grapheneos is. if they’re either going to buy an iphone, or some generic android phone running a vendor kernel that hasn’t been patched this administration, i’d want them to buy the iphone.

There are massive backdoors, tho on android too. How do you think Pegasus works

Drunk & Root
link
fedilink
120d

wasn’t Pegasus attack vector sms how is it a OS issue if its a protocol its the same as saying Linux is insecure because xmpp had a vulnrabilty and allowed remote access

spv.sh
link
fedilink
118d

depends on the chain in question. some used iMessage as a way in, but (at least in the case i’m thinking of rn) it was only used to trigger an image parsing bug. in others, sms was used to trick someone into clicking a link, exploiting a bug in JavaScriptCore.

spv.sh
link
fedilink
320d

moi: “not talking about like NSO group RCEs 'n shit”

tu: “how do you think pegasus works”

you could have at least picked a different cyberwarfare company…

by that logic, every OS under the sun has massive backdoors. bugs exist, man. my point was that for the average person, a fully-patched ithing is going to be among the more secure options.

Are you interested in a bridge?

deleted by creator

It’s not about what you use, but how you use it. PEBCAK Almost 100% privacy and security is offline at home, reading a book, if you bought the book with cash and not online and/or with credit card.

You can use Google, Microsoft, Apple and co however you want, the problem is, what you use

nelson
link
fedilink
76
edit-2
20d

Pretty sure banks have a pretty good track record of “keeping your money safe”. Why the fork would anybody trust banks to keep their money safe if they can’t keep your money safe?

I don’t really understand why that statement is even on there?

Unless you mean to argue some anonimity point, which I could agree with considering e.g. Monero would be more anonymous than a bank.

But safe? I’d say the bank is quite safe to store money.

any bank that has the capacity to close your account without you explicitly requesting it should not be considered safe.

fucking cip errors deleted my account

whoever invented cip errors should be defenestrated at the earliest convenience

小莱卡
link
fedilink
620d

Banks literally seize and freeze assets from people, e.g. Julian Assange.

Banks have also a track record of seizing countries international reserves like Russia, Venezuela, Iran, etc…

The 8232 Project
creator
link
fedilink
420d

The intention was more “Banks keep my data safe,” but I wanted to provide a clearer explanation that if your data isn’t safe, neither is your money. I didn’t have enough room to put my full thoughts.

Banks keeping your money safe depends on what country you live in and how much its government has regulated them and/or provided some sort of backup in the case of a run or the bank going out of business.

Money in the bank can be seized and frozen for all sorts of reasons. If you’re in the USA, then police can charge your money with a crime even if you haven’t broken any laws. It’s safe until it’s not.

Doesn’t have to be in the bank either; if you’re traveling with your life savings in cash, then if you get pulled over cops are likely to seize that money. Just because fuck you, that’s why.

Universal Monk
link
fedilink
14
edit-2
19d

Can confirm. about 15 years ago, my bank account was frozen for 3 weeks for child-support enforcement. Only they weren’t talking about my kid or even me. Some dude in Florida with my same first and last name was a deadbeat dad. So they froze my account because apparently, he didn’t have a bank account or something.

What’s super annoying about it is that we had different middle names, not even close to the same social security number, and not one person even contacted me before my bank account was frozen. I only found out because a check I wrote or something bounced. And I was like, WTF?

I was finally able to talk to enough bank people to clear it up. But it took 3 weeks. I never got an apology for it either. And the fuckers did not refund my insufficient funds fee. I mean, it was only $15 bucks, and it would have cost me more than that in my time to get a refund, but still…

So yeah, even here in the US, banks can suck.

Ardens
link
fedilink
1521d

But you do know that Tor/VPN is not really privacy, nor security? It hides your IP, but that’s about it. If you still login, and give any information, and that could just be your “fingerprint” you are not anonymous…

Hopefully you don’t log in or give personal info to every website you use. Hiding your IP is still more private than not hiding it.

Ardens
link
fedilink
320d

Do you know what your fingerprint is? And all the ways you are being tracked that is not about your IP?

You do give personal info to every website you visit - with the exception of a very few, who respect your privacy. If you think you need to log in, to give personal info, then you are sadly misinformed.

Yep, I do know those things. There are other tools for that. Tor is still useful for doing what it does.

The 8232 Project
creator
link
fedilink
320d

Encryption is a type of security, and Tor/VPNs encrypt your traffic. Accessing .onion sites over Tor is (at least in theory) more secure than accessing clearnet sites.

Ardens
link
fedilink
120d

In theory - but it’s still primarily your IP you are hiding. And very few people only visits -onion pages…

@kaidezee@lemmy.ml
link
fedilink
5
edit-2
20d

VPNs know who you are and what websites you visit, so no privacy nor anonymity there. With Tor… It’s complicated. That’s why we have guides like this: http://blog.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/opsec.

Ardens
link
fedilink
220d

Only a few take their privacy serious. They, sadly, believe in the ethics of the Tech giants…

I2P is king here but it has a limitation that makes it stronger but less practical. I2P doesn’t generally do outproxies. A few exist but they typically aren’t trusted or used. Instead, I2P tries to keep private by only routing around traffic the originated within its own network rather than piping things from clearnet from one place to another. An issue with arrives that do that is you can see traffic from a honey pot going into a black box and with enough monitoring where it ends up leaving that black box. It’s very difficult to track traffic flow within the network but once it jumps back into clear net you can find it again.

Now while you can argue that it doesn’t come out on clearnet, just originates from there, I counter that with Microsoft Windows telemetry, it might as well be clearnet. Windows is the dominant player at the moment so it’s most likely the traffic ends up on a windows machine. There are really benefits behind the telemetry date but they also means there’s a single point an authoritarian regime can apply pressure to to monitor whatever they want. With advances in AI, chewing through tons of collected data is much easier to do, so the idea of “they can’t stop all of us” is ridiculous. They will just pick off the undesirables in smaller chunks.

Ultimately nothing is completely safe but if you really value privacy, make yourself such an enormous pain in the ass that monitoring you becomes a chore.

Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 124 users / day
  • 1.05K users / week
  • 1.3K users / month
  • 4.58K users / 6 months
  • 1 subscriber
  • 3.97K Posts
  • 99.7K Comments
  • Modlog