Thank you! Please continue to get this refined for all of us.
I for one greatly appreciate what you are working on here. This visualization communicates volumes of written discussion in a simple, easy to understand format.
edit: I can see either adding or another diagram showing where Windows, Mac, Linux secure version (Secure blue?), GrapheneOS, iOS, etc. (unfortunately, personally I am an Eli5, so ill equipped to create such a visual diagram….)
phnx, if I may be so bold, what is your reason for “down voting” this visualization? I am not trying to argue. Just wanting to understand a different view on this topic.
@phnx. I’m also curious about the downvote.
- I don’t like the implication that security, privacy, and anonymity, and their relationship to each other, can be explained in such a trivial 3-Circle Venn diagram.
- The things being compared are so arbitrary that ultimately this diagram tells you nothing.
- Blatant misinformation: Telegram being secure?, unencrypted email (email in any form really) being private?, Tails being secure?, using Tor to access websites using trackers not being private?, etc.
This is not a useful source of any information; avoid it.
I share similar criticism by @phnx about explaining and comparing things trivially using a Venn diagram.
If you need to visually explain the difference between security, anonymity and privacy as a 101 concepts lesson, I would use a limited example, for instance text messaging, and plot different options (postal service, SMS, email, Signal and so forth) onto the Venn diagram. Nuances of those text messaging options would be missed, but if the goal is to explain the broad concepts then a Venn diagram could work.
I think the Venn diagram approach is a bad idea for informing threat modeling or technology choice.
IDK why but when I see “security” put in contrast with privacy or anonymity it doesn’t feel right. Defined very narrowly as “protection from unauthorized access” it makes sense. However, security means much more and often encompasses privacy and anonymity. There are very few cases when you can have security without having privacy (for instance authoritarian security systems/models), and there are times when anonymity is a prerequisite for security (for instance voting and whistleblowing).
Is SimpleX really anonymous? It claims to be but AFAIK doesn’t route data through Tor or anything, thus users leak their IP address unless they take extra countermeasures.
Pedantic points.
- “Anonymity” and not “Anonimity.”
- “Tor” and not “TOR,” similarly, “Tails” and not “TAILS.” Those names are officially not allcaps, similar to how “radar” and “laser” originated from “RADAR” and “LASER.”
Please allow me to disagree.
As we all have learned, different people process information differently and require different levels of granularity.
For example, if this “Infographic” were typed in a textual format, it would describe choices based on a person threat model.
Low threat but still want privacy? Here are products or settings that could be commonly used.
High threat model? Focus in on these products, settings and behaviors.
I appreciate that. While different people process information differently, and some people process information better when it is presented visually instead of textually, I still think a trivial visual presentation of a complex topic is prone to cause misunderstanding. When people learn about and consider adopting different solutions, they need to know how they assure security, anonymity or privacy (and what their limitations are), not just that they are secure, anonymous or private. “The devil is in the detail” so to say.
Further, having text messaging, password managers, web browsers etc on the same Venn diagram, when those things cannot be meaningfully compared, will likely cause incorrect associations. At a minimum I would suggest categorizing solutions and plotting them on separate Venn diagrams.
This leaves me believing that no one could even build a Taxonomy of products/configurations focused on Security, Privacy and Anonymity. I’m definitely showing my lack of depth in this…..
I still do not understand the argument against a high level mapping of Products in a Venn diagram. Unless this is an almost religious argument (such as, how many angels can dance on the head of a pin. and details overwhelming the smartest scientists)
As my example, the recent video review of SecureBlue discussed the Security, Privacy and Anonimity.
As stated, Linux Desktop would show strong on Privacy and Anonymity but would not be included in Security. It would show SecureBlue as moving into the Security vector, but not fully secure as Desktop Security is still a work in progress.
Is this not a good example of how a verbal discussion of this Venn Diagram is allowed, but not to put it into a graphical representation?