Skip to content
DevMeme
4471 of 7435
The Privacy Booth Conveyor Belt
DataPrivacy Post #4903, on Oct 5, 2022 in TG

The Privacy Booth Conveyor Belt

Why is this DataPrivacy meme funny?

Level 1: The Fancy Privacy Booth

This is funny because it is like a store with a huge sign saying "PRIVATE" at the front desk while workers quietly carry your boxes out the back to different trucks. The lock looks comforting, but the joke is that privacy depends on where all the boxes go, not just on the shiny lock people show you.

Level 2: Locked Door, Open Loading Dock

End-to-end encryption means a message is encrypted on the sender's device and decrypted on the recipient's device. In a strong design, the service provider cannot read the message content while it travels through its servers. That is valuable and should not be dismissed.

But metadata is data about the communication rather than the message text itself. Examples include phone numbers, device details, IP address, timestamps, contact patterns, group membership, app version, and whether a message was delivered. Metadata can expose habits and relationships even when the message content remains private.

The image uses boxes labeled Data to show that a privacy promise can cover one part of the system while other parts still move information around. Advertisers suggests commercial profiling and measurement. Governments suggests legal demands and surveillance concerns. Cloud Providers suggests backups and infrastructure. The WhatsApp shirt ties the joke to messaging apps where users often hear "encrypted" and assume "nothing else can leak."

For developers, this is a familiar design lesson: a system's real privacy properties come from all its components, not the most impressive feature on the landing page. Authentication, logging, analytics, backup storage, customer support tools, abuse reporting, business APIs, and mobile permissions all participate. One strong lock does not secure a building with an open loading dock.

Level 3: The Conveyor Threat Model

The cartoon shows a cheerful counter labeled:

PRIVACY

The person behind it wears a facebook shirt, while a user hands over a box labeled:

Data

Around that polished privacy booth, the important action happens on the conveyor belts. More boxes labeled Data move toward trucks marked Advertisers, Governments, and Cloud Providers. A person in a WhatsApp shirt carries another data box, and masked thieves lurk near the trucks. The giant padlock in front promises safety, but the surrounding logistics network says, "Please ignore the supply chain."

The technical bite is that privacy is not the same thing as message encryption. A messaging product can use end-to-end encryption for message contents while still collecting or processing account data, device information, usage logs, contact relationships, business-interaction data, abuse reports, cloud-backup material, and service metadata. None of those categories require reading the message body to be sensitive. Who talked to whom, when, how often, from what device, and through which business integration can be deeply revealing.

That is why the Cloud Providers truck matters. Backups, sync, and recovery are where pristine security stories usually meet user convenience and start negotiating. Users want their chat history restored when a phone dies. Companies want the feature to be easy. Security people want keys and storage boundaries to be explicit. Product teams want all three by Friday. The result is often a careful design with caveats, optional settings, and enough edge cases to keep incident response employed.

The Advertisers and Governments labels push the joke into SurveillanceCapitalism and SecurityTheater. The cartoon is not saying every box is literally handed to every party in the same way. It is satirizing the trust gap: companies market privacy with front-door symbolism while users worry about back-end data flows, legal requests, business analytics, third-party processors, and platform incentives. The padlock is UI. The conveyor belt is architecture. Guess which one gets the marketing budget.

The masked thieves add the final uncomfortable layer: once data exists, it becomes a target. Even when a company intends to protect it, breach risk, misconfiguration, insider access, weak client devices, compromised accounts, and hostile integrations remain part of the threat model. In privacy engineering, "we do not read your messages" is an important claim. It is not the end of the conversation.

Description

The image is a polished cartoon showing a large booth labeled `PRIVACY` with a big padlock on the front, staffed by a smiling person wearing a `facebook` shirt. A user hands over a box labeled `Data`, while conveyor belts and trucks move more `Data` boxes toward vehicles labeled `Advertisers`, `Governments`, and `Cloud Providers`; another person in a green WhatsApp shirt carries a data box, and masked thieves peek from behind the trucks. The visual joke is that a product can advertise privacy at the counter while the surrounding system quietly routes user data to commercial, governmental, cloud, and possibly criminal destinations. Technically, it points at the difference between message encryption and broader privacy exposure through metadata, account linkage, storage providers, and platform business models.

Comments

61
Anonymous ★ Top Pick That padlock is doing excellent UI work while the conveyor belt handles the actual data architecture.
  1. Anonymous ★ Top Pick

    That padlock is doing excellent UI work while the conveyor belt handles the actual data architecture.

  2. Deleted Account 3y

    The next article is: "Why Telegram Will Never Be Secure" spoiler alert it stores user messages on its servers

    1. @mekosko 3y

      *unencrypted messages

      1. Deleted Account 3y

        This

      2. @choke_hazard 3y

        Free tip: messages are always encrypted if you have schizophasia

        1. @YaroST12 3y

          Based suggestion

        2. @AguaMineralDelMonte 3y

          How that works ?

          1. @choke_hazard 3y

            It's a hardware accelerated encryption where the only owner of decryption keys is you

      3. @hhes42 3y

        Their implementation of the encryption they use is not exactly audited, so it’s best assumed that nothing is safe

        1. @freeapp2014 3y

          You mean the “secret chat”?

          1. @hhes42 3y

            Yep

  3. @maggelia 3y

    It's like hearing Microsoft talking shit about Apple Yeah sure they might have a point but just sounds cringe

  4. Deleted Account 3y

    Also, it seems funny to me when Durov talks about FBI backdoors, implying Telegram 100% backdoor free. But he can't prove it since the backend itself is not open-source, it's only the client.

    1. @freeapp2014 3y

      Source code of the server side is useless in this case

    2. @freeapp2014 3y

      You will never be able to verify that the production server runs the same code as what was published

      1. Deleted Account 3y

        Makes sense.

      2. @maggelia 3y

        Yeah sure but releasing open source backend would allow you to run your own and be sure

        1. @freeapp2014 3y

          Well then you either need a federated solution (matrix/XMPP), or it will just work as a corporate/local server, completely destroying the core ideas of telegram

          1. @maggelia 3y

            Their official statement is to prevent government to run their own servers and destroy their user's privacy Which would be preventable if the whole telegram architecture was implemented as e2e, then you don't really care, if you don't count your IP as sensitive information

          2. @RiedleroD 3y

            federated telegram sounds neat, ngl

    3. @maggelia 3y

      Yeah and groups are not e2e enc like Whatsapp so a backdoor would be as simple as reading what comes through

      1. @freeapp2014 3y

        What’s even the point in the general telegram encryption if you get the key from the server?

        1. @maggelia 3y

          Well I mean I think that in 2022 ssl should be pretty much standard for everything hahaha For a chat I expect a little bit more

          1. @freeapp2014 3y

            If that encryption is the transport encryption then it’s just a meme, basic https ssl at least generates different keys on every connection, and here all devices always use the same key?

            1. @freeapp2014 3y

              Not sure about that, I tried to understand MTProto but failed

            2. @maggelia 3y

              I really don't know how telegram enc is implemented, also because they use their own technology (which is extremely stupid), I do know tho than in groups the server has access to everything in clear

              1. @freeapp2014 3y

                Well it seems like telegram was developed without some overlook into the contemporary technology “market” of the time

              2. @freeapp2014 3y

                2013 wasn’t in 1999, there were a lot of industry standards for stuff like encryption, real-time connections etc, you didn’t have to make an overcomplicated protocol from scratch

                1. dev_meme 3y

                  In 1999? How many POPULAR and not flawed protocols were used? Just a reminder: we are talking about time when MD5 was a top notch hashing function while it always was vulnerable for collisions attacks by design

  5. Deleted Account 3y

    Telegram shared data with german authorities over 25 times. The we shared zero bytes is bullshit.

    1. @farkasma 3y

      this is what I came here to ask about, did we ever get a conclusive answer?

  6. Deleted Account 3y

    Telegram now is more like a social network/messenger hybrid

  7. Deleted Account 3y

    But it's not by any means "private" or "secure"

  8. @etsymba 3y

    What's next? Panama papers? Harlem shake? I'm here for the new content, not three-years-old stuff

  9. @maggelia 3y

    Well in a couple of years Whatsapp will have to open its APIs in Europe, that will solve A LOT of problems

    1. dev_meme 3y

      So what if this API gonna stay in Europe and will just proxy all info to american server?

      1. @maggelia 3y

        e2e encryption saves you

    2. @maggelia 3y

      The important message is that Whatsapp will have to open it's APIs (as for European regulation), letting other people modify the clients At that point you could very well consider Whatsapp backend an untrusted element of the chain and act accordingly

  10. dev_meme 3y

    Without exposing a bit of real data?

  11. @maggelia 3y

    And btw European data can't go into USA servers, it's against the GDPR

    1. dev_meme 3y

      Do I understand correctly: you expect that some EU inspectors will go to Data centers of big tech companies then somehow extract encryption keys (for all layers, including process of freezing RAM using liquid nitrogen to extract RAM only keys) and software running on those servers and will analyse it to prove that no data goes to US from those servers?

      1. @maggelia 3y

        Well it's already happening to some extent, in Italy Google adsense is effectively illegal

        1. dev_meme 3y

          You can make company illegal But it’s next to impossible to verify claim that no EU data is leaked outside EU

          1. @maggelia 3y

            Well that's exactly what happend, they banned a service which exported data into the US

      2. @maggelia 3y

        And btw I think you're missing the point It's not that European data is staying or leaving the EU, it's just that as I'm controlling the client I can implement whatever client side security I want I can can encrypt e2e messages and metadata, I can use tor to mask my IP, I can develop whatever I want ON TOP of Whatsapp's backend

      3. @AhmedSphere 3y

        "including process of freezing RAM using liquid nitrogen to extract RAM only keys" You mean cold boot attack? Or I misunderstood you?

        1. @RiedleroD 3y

          you can freeze RAM with liquid nitrogen to preserve data on it without giving it power iirc

  12. @maggelia 3y

    To me that's gdpr working

    1. dev_meme 3y

      GDPR is EU level framework How many EU countries joined that ban?

      1. @maggelia 3y

        The Privacy Shield, as it was called, was declared illegal a good amount of years ago, I can't remember but I'm gonna say probably 2020ish Since then countries have started to declare illegal services that transmit data into the Us, adsense being one of them Idk exactly how many but that I know of it's Italy and France but all that's needed is a lawsuit from whomever directed to a particular entity which is using Google services for it to fall

  13. @maggelia 3y

    Because as a data owner you need to ensure gdpr rules so you're liable also if one of your providers is violeting them, rightfully so

    1. dev_meme 3y

      My point is: there’s no watchdog with capabilities of confirming or denying that data is sent over the border or not

      1. @maggelia 3y

        Yea sure that might be true for small data, we're talking about tens of PB, it's not that hard to notice And truly that was beside the point I was making about Whatsapp

  14. @galafm 3y

    Article is more than 3 years old 🤔

  15. @hhes42 3y

    OTP is not an encryption ;). Besides, anything actually proven to be safe is good enough, like Signal or GPG over email. It’s just that Telegram has never shown that we can trust it

  16. @hhes42 3y

    Yup, exactly. Not an encryption

  17. @hhes42 3y

    Yeah, it’s an encryption technique for key exchange. Not an encryption

  18. @hhes42 3y

    Because those you can compile and audit

  19. @hhes42 3y

    I really don’t want to go into this basic security conversation. If you want to trust Telegram, that’s fine. Just try to understand why nobody on ITSec scene cannot recommend it and why nobody that actually needs to care about privacy like journalists use it for serious things

  20. dev_meme 3y

    Because there’s a big difference between leaked by default (coz somehow stored on the 3rd party server in the way which allows decryption) and when data presented in decrypted form only on device and targeted attack required to get that data. When plain data stored by 3rd party there’s not a lot you can do to secure it When it’s stored on your device - there’s a plenty of options how to secure it. And plenty of options how to attack you too, of course. But all of them are much more complicated than asking your friend from **classified** to extract that data from service provider

    1. @callofvoid0 3y

      hmmm *classified* part looks sus

Use J and K for navigation