[OC] What People Think Privacy/Security Is

The 8232 Project@lemmy.ml · 20 hours ago

[OC] What People Think Privacy/Security Is

edel@lemmy.ml · 14 hours ago

Some of those mentioned likely are compromised, but cannot figured out which. The thing, is to diversify our risk and the privacy minded to use different platforms (Proton VPN and Mullvad VPN for instance).

The good news, is that if an agency is compromising something, they will likely won’t use the intel gathered in court cases in order to leave it open to future prey, so that is good for vast majority of users. The very few that are relevant enough should not trust even the genuine privacy tools and resort to enhanced methods and combining methodologies.

My impression, and just impression, is that I would trust **Tuta **more than Proton (and not because Proton’s CEO that many interpreted wrong anyways) On VPN… a tad more trust on Mullvad. Signal, I would not use it for high stakes communication but OK for most people. GrapheneOS seems okay and we know for sure it does not leak info on a daily basics, but we have to be careful, it could have an obscure code dormant waiting for a trigger or could easily send data to an unsuspected server, Ironically, if I were Snoden, I would feel more comfortable using a Huawei Mate with HarmonyOS than a Pixel 9 with GrapheneOS… of course China spies too massively, but it has far less beef with Snoden than the US does, therefore not of much interest to Beijing.

Remember that overwhelming majority of FOSS goes without any audit, let alone a comprehensive one. This is what some trusted party should put AI checking ASAP all the FOSS out there!

nebulaone@lemmy.world · edit-2 13 hours ago

Very interesting insights. Funnily I use all of the services you cautiously recommend, including GrapheneOS, but not HarmonyOS, hard pass on that one. As a German I am also legally required to prefer Tuta. :) I still have that OG 1€/Month contract.

Edit: Your last point is a good idea, although I think the more popular an open source app is, the less likely it is to be malicious. A lot more eyes on it and the xz backdoor was caught pretty much immediately.

edel@lemmy.ml · 3 hours ago

Of course… for us normies… GrapheneOS is the way to go. Very high targeted individuals in the West should however consider HarmonyOS. Of Course the Chinese government has eyes on that one but not specifically targeting you… unless they use it to trade intel on someone of high interest for China but no much collaboration between West and China intelligence agencies today…

True, popularity increases the chances someone auditing. But, to a point. Ideally audit should be performed with every single update and on the servers, and there the premise of more eyes does not hold true no more. Then it comes trust. In a company like Tuta, the people behind showed their faces from day one, the same people are there, is a tight team so harder for a bad apple to do something. Considering both Tuta and Proton were good from inception (and I believe it may be the case), it would probably would be easier for an intelligence agency to penetrate Proton than Tuta, just for the structure that appears they have from outside. Now, Tuta made a horrible mistake once! In the Russian invasion of Ukraine, independently of one’s take on it, Tuta made the “Standing with Ukraine” (March 2022); that was a mistake, it may many doubt if privacy still their paramount over any other ideology. Maybe they have change since since no statements on Gaza… or maybe they agree with what is happening… who knows… that is why they should not make any statements at all, or clarify that while they have their ideologies in no case, ever will compromise their stands on privacy. To be fair, Proton did the same… nothing on Ukraine but on Gaza “We unequivocally condemn the terrorist attacks by Hamas against Israeli civilians […] We also condemn violence against civilians in Gaza”; so I guess both are comparable here! My trust for both is slim, as a company, and even their individuals.