Explain setting up a Raspberry Pi to your aunt and have her tell me it’s a low pricw. Let alone lineage os, Jellyfin, Smart tube, and whatever else was in your list. And that solves just casting and steaming. Now do email, messages, browser tracking and fingerprinting, and everything else in our lives… It a lot. And honestly too much.
Yep, I'm with you on that. I'm actually pretty tech-literate, and even I don't have the time/energy to bother with all of that shit. That's a lot of work and maintenance just for a single task that I want to be as idle as possible. Watching videos should just be two clicks, not studying and building and troubleshooting and updating and configuring a dozen things.
Yes, I understand that setting up a Raspberry Pi with LineageOS and other apps can be a challenge for many people. Protecting your online privacy definitely requires effort, especially when using different services. But even small steps, such as using alternative apps, can make a difference in increasing privacy. Even if you can’t implement all the privacy suggestions, you can choose a few that are most important to you.
This is a long-term war that requires technical knowledge from us. Big Tech corporations take advantage of our lack of knowledge. Information is power, and power is money. That’s the point.
If your aunt doesn’t care, screw it. Take care of yourself.
How are they tagging everyone though? Where’s this database they’re comparing against?
If this is like any other government project it won’t work, it will cost 10 million pounds, and is developed by a company that previously specialized in the manufacture of plastic cutlery.
Microsoft has had facial tagging and tracking software in the wild for at least a decade. It can also accurately estimate your age, race, gender, and even your mood. I’m guessing they’ll probably be using that database overlaid with a criminal wanted list.
The company behind it, who supply the data are called Facewatch. I’m not going to link to their site but they’re the ones supplying the tech and db. They did it by scraping social media sites as well as government documents and the plan is to add the UK Passport db data soon.
No browser has a VPN function, it’s just a proxy. You can use sth like Bitmask for a free VPN. Calyx Institute and RiseUP provide some free servers too.
Well to cut it short, Incognito mode often just means that your own device will not remember anything. Meaning your keyboard does not log your keystrokes, your browser does not save your searches etc. Even if this was compeletely true 100% of the time (which it is not, example, you copy or download something), then the websites you visit would still have your device’s fingerprint, so a VPN connection won’t do much. It is better to use a privacy-oriented browser like Mull. If you want to, you can add incognito mode ON TOP, which on Firefox and therefore Mull is called private browsing mode. Do keep in mind, that it is hard enough to have a non-unique fingerprint. This only gets amplified on mobile devices, at least speaking for Android. IOS is out of the window by default lmao.
😂 you’re telling me that by using proton plus VPN with, say, Firefox in private mode, websites still know who I am? I’m not logged into anything. They don’t know anything.
You know, I don’t know if you are trying to be annoying or if you truly do not know. Here is a wikipedia link for topic of device fingerprints: en.m.wikipedia.org/wiki/Device_fingerprint
The privacyguides website is generally a good resource. Sometimes, rarely, lacks a little behind in the latest and greatest. It’s not primarily a site for news anyways.
One part of your browser’s fingerprint that I find quite interesting and is easy to understand is it’s resolution. Your browser displays websites in a set resolution, say 1080x1920. This resolution is dependent of your screen’s resolution, the window size of the browser and generally everything that changes the shape anf size of the website. Firefox does not protect here, old man.
You were not interested in anything. All you were doing was play down everything I said. Too bad you got by far the most downvotes. The only ones I got seem to be from you, as their count never exceed one. So unless everybody in this community who has voted on our exchange is unknowledgeably, you are so. Furthermore, this is not my information. This is exactly the reason why I pulled up sources, because I just knew a grumpy old dude like you would not dare to take someone else seriously. If you do not trust the tor project on the topic of privacy inside a browser, you truly are not to be taken seriously. What they say is not only likely true but also closely monitored by hunderds if not thousands of security experts. I gave you all the informwtion you need, yet you keep your ignorance and arrogance. What do you want me to call you, a man of class? Clearly not, old man. If you think you can play me by my emotions, go ahead and try again. You’re not gonna get far. Hope your family doesn’t have to put up with you for too long anymore.
Cool now talk about how shitty banks block auto-fill on their login forms which keeps you from using it with your password managers. Oh, and no, you can’t paste into those fields either cuz “security”.
At least on Firefox, there’s a flag you can change in the browser settings to make it so nobody can disable pasting to text fields. It has made the banking experience a lot more pleasant for me. howtogeek.com/…/how-to-enable-pasting-text-on-sit…
My confidence in signal is greater than my confidence in a random fork. Privacy is hard… So I feel it’s better to trust something less than ideal, than to trust a random dude promising to solve all problems…
Have you seen signal’s issue tracker? Ik it’s a big project, but it’s literally getting spammed, plus the desktop app that keeps database key in plaintext and won’t work natively under wayland (needs xwayland, making basic stuff like sending attachments hard if you use most tiling compositor, tho that’s partly Wayland’s design flaw of lacking consistent reference implementation). Also I principally don’t trust apps that rely on both proprietary network services and libraries. The very fact that they don’t leverage their funding to reduce their costs by working on support for federation that is not a matrix bridge (which hasn’t been even developed by them btw) or decentralization, especially since XMPP, SimpleX and Matrix (which has currently 3 well developed server implementations: Synapse, Dendrite and Conduit) have been able to do so with much smaller funding. And it’s Signal, not Molly’s maintainers who have been putting more effort into shiny UX improvements over hardening infrastructure code lately. And even if Signal does improve it’s security, the patches get regularly backported into Molly, whereas even such basic shit implemented solely in Molly, such as app passwords that actually encrypt it’s database is pretty useful. Because even PIN scrambling is not fully immune to shoulder surfing. Defense in deph matters.
tl;dr a longer rant about decentralization vs federation 👇
Even the argument of network effect achieved thanks to reliance on phone numbers is becoming less relevant these days, with DeltaChat providing a convenient way to have encrypted chats using the existing email infrastructure in much more convenient way than traditional PGP. Pixelfed has already achieved E2EE DMs and it’s being worked on for Mastodon. If the UI of the most popular apps and the official web interface are also redesigned to make messaging more convenient to use it might have the same positive effect on user retention as Facebook Messenger once had. Anyway things are bound to change in favor of federation, but not necessarily decentralization. For instance I got mixed feelings about EU’s DMA. I’m optimistic about the interoperability benefits it could bring, but even the official act doesn’t specify how it’ll be implemented. If it relies on something like WebFinger which does require a domain name it’ll end up just grouping a couple of major walled gardens together, so for example SimpleX, Session or Status users still might not be able to chat with people on centralized platforms
Well. I personally am very annoyed that i can’t choose a specific pin for signal. That means my kid can read my messages, because yes… Keeping password from a child is neigh impossible. But my pin for element, fairmail, telegram he don’t know.
So i get a lot of the criticism. For me personally, it’s still a matter of trust. A future malicious molly version might eavesdrop. Signal will probably not do so.
Encryption at rest on an unlocked phone is probably a hard problem. But if somebody is targeting me to that extent, i am probably toast anyways.
I try to create enough usage so that journalists and activists can hide in the mob, and i can hide from fang.
I use element, but do worry about the local server implementation and leak of metadata.
I see your point and don’t negate such possibility. Although the black box nature of proprietary dependencies in vanilla Signal means an inclusion of potential trojan spyware. Speaking of the need for app lock, as an alternative solution, you can create a separate profile for Signal to have a dedicated PIN. But afaik only GrapheneOS allows notification relaying to main profile. LineageOS on the other hand has a feature called AppLocker. If you intentionally lend your device to kids, Android has a feature called app pinning.
It’s easy to “stand on the shoulders of giants” and claim some software is better when you’re adding 1-5% of additional work on top of a fully developed service/app/infrastructure. It’s why generally forks of software tend to have more features than the original source - See the following examples where people polish something and release it as their own improved creation:
Chromium/Chrome > Edge/Brave
Debian > Ubuntu/Mint/Pop!_OS
Android Open Source Project (AOSP) > WhateverSamsung’s_is_called
Firefox > LibreWolf
Now, I’m not trying to say people should stop forking software, I’m all for it as it breeds competition and innovation, but to complain that a software project is not meeting your specific demands and their forks are doing so much more means you’re not understanding the other projects would probably die without all the hard work that goes on in the core product.
whereas even such basic shit implemented solely in Molly, such as app passwords that actually encrypt it’s database is pretty useful.
You say this but do you have any evidence to back up the claim that it’s useful and to who? Who’s asking for it? What percentage of Signal users would enable the feature? Is it 1%. Is that worth it? There’s barely a demand for privacy from the general populace otherwise Signal would be a hit and everyone would leave Whatsapp immediately, but it isn’t.
if you use most tiling compositor
You’re the 1% of the 1% when it comes to desktop configurations if you’re using a tiling window manager. I used one about 10 years ago and have yet to find one other person in the real world who has ever used one and I work in IT. Whether you like it or not, Signal developers are not going to spend any effort on making your very niche use case any better. I’m not saying that to be rude, but you have to be realistic. Your expectations are high for a free service that generally works for 99% of the population.
Also regarding tiling compositors/WMs. Base rate fallacy. Yeah desktop linux has got 3% market share but probably somewhat more if you exclude company or public computers. But then, probably also higher among Signal users. Anyway, that’s probably an Electron issue. Glad to see Flare getting better, so hopefully if it doesn’t get abandoned we might soon have a viable alternative that is more lightweight, secure and integrates better with the system in a more agnostic fashion. Heck, I might be even inclined to contribute a little to that project myself.
It wasn’t my intention to state that an extensions of certain big software is always better or should get all the credit. No. First of all, I consider Molly protestware and second of all, the thing about being able to do federation and whatnot with much smaller funding was not about Molly. It was about simplex, matrix, XMPP, E2EE for Fedi and handful other decentralized/federated projects. Signal already has been downloaded hundreds of millions of times according to App Store/Play Store and received countless endorsements. And they did in fact face outages after receiving one from Elon Muskrat. So, they needed to find ways to scale better. Their server software could in theory be self hosted, but unlike Matrix or XMPP, it won’t federate so in a way it’s even worse than e-mail when it comes to this. One would thus think that it’s implicit that they would finally add the possibility to let people run their own servers or even devolve towards more P2P-oriented design. But instead they’ve decided to partner with a pump and dump shitcoin scheme whose privacy-friendliness was absolute trash, though granted, that was also at a time when every tech company was trying to join the Web3 hype. Now their reach is even bigger, but has grown at a steadier pace. I won’t try to go more tinfoil here with any unsubstantiated suspicions and begging the question but even though decentralized or federated systems are harder to design in a way that makes them secure, centralized ones are more abusable and create a single point of failure that can affect a large share of the user base.
Also don’t get me wrong. Molly might be written by less experienced programmers. And if it was written from scratch, it could be very likely it would contain more vulnerabilities per 1000 lines of code than standard Signal app. But it’s mostly just it’s a hardened superset sans some nasty stuff. I’d compare that more to how Calyx or GrapheneOS are to plain AOSP than how some low maintenance random custom ROM from XDA with fuckton of bells and whistles that will leave your bootloader unlocked is.
I think enabling the functionality would require too much back-office and vendor integration to make it a feasible lie. Too many people would know about it - and the risks from lying and saying 'not enabled' are too great.
If they had been enabled - and found out - the recommended lie would be "we are currently undertaking a small-scale trial of the technology to assess it's effectveness. We will be report on the results early next year as part of a wider public consultation into it's wider deployment". (Why yes, I have worked in public sector comms).
Spending money on giving kids school meals, hell no way. Spending millions on data collection under the pretext of protecting kids. hell yeah!
These shithouses do not give a damn about the people of the country. How long do you think it is going to be before someone gets blackmailed for voting for the wrong party and being a porn watcher.
privacy
Active
This magazine is from a federated server and may be incomplete. Browse more on the original instance.