Idk for most people, but the reason I use proton mail is to avoid google parsing everything I receive to send me ads. I “have nothing to hide” on a legal pov, I’m not a criminal, the worst offence I do is like Jay walking or crossing at a red light on foot when there is no one at midnight. I don’t use proton services to protect myself from the law (or in other words to avoid the consequences of my acts), I just want to be a customer instead of a product.
You are a disgrace!!! How do you sleep with yourself?
DISGUSTING!
/s
But that’s a really great point. It’s easy to thinking of your threat model as all or nothing. And you are right. I’m not hiding from the law. I’m hiding from advertisers. If the government acquires my information then it was a mistake on their part as there is nothing there to find other than emails from my bank.
The article is actually pretty balanced. Yes Proton is secure and private, but if you’re hiding from law enforcement, don’t expect a third party to take the fall for you.
What protocol are you using to connect to your mail service and what third-party apps do you need it to be compatible with? POP, IMAP, SMTP, or those protocols with various SSL/TLS implementations? Thunderbird will likely handle anything you throw at it, but I’m at a loss when you start talking about third-party apps without more info.
The ads come from an ad network where there is very little visibility into what’s going to be displayed in your app. And bad people also keep managing to get their ads published even though the ad network doesn’t allow them
And it all ties into the whole targeted advertising, where they also make sure very few people get the bad ad, and tries to target people they think may be more susceptible to these kinds of tactics. Depending on the amount of interactivity allowed, the ad can even display two different things if it deems you too savvy to fall for it.
It’s basically unescapable unless you only use apps without ads, or pay for the ad-free versions.
The whole advertising industry is sketchy, more news at 10.
Pi-hole blocks ads served by these networks just fine. Never seen an ad in Boost for Lemmy or for Reddit, though I tend to use Jerboa now that I’ve gotten used to it while I was waiting for Boost for Lemmy to release.
DNS based adblocking like Pihole or Adguard limits you to receiving advertising hosted by the app provider (youtube for example) which is usually better curated than third party advertising networks and less commonly found at all.
Hey, could you elaborate or send some lecture? I have the upstream quad9 DoH address in adguard. It’s supposed to better encrypt my traffic right? Never saw any ads or strange DNS requests.
Never heard about ads being inject though DoH or DoT, or did I misunderstood your comment?
Theoretically an app could use a custom DoH endpoint to retrieve ads instead of the standard dns provided by the system. As this uses purely https without a preceding dns request, pihole/adguard would fail to block it; but it’s just not something currently employed.
Maybe in comming years, but I’ve never encountered an ad served explicitly through DoH/DoT. It’s certainly possible, just not actually in use yet.
You can also setup DoH front and back ends for pihole so traffic entering and leaving it is encrypted. When/if it becomes necessary I’ll probably look into https packet inspection using custom Root certs to force clients to use my local DoH services and block other traffic, or look into inspecting the SNI to apply blocking there; but again its just not needed yet and may not be for a long time. We’ll see. I’m sure the pihole/Adguard teams are also investigating solutions.
Yep, also the ads don’t get initialized at all if the user buys the ad-free version (going to top all in the Lemmy Boost community should bring up the post about it). It’s relatively cheap and the dev is very active with bugs and requests. The dev is developing for the Fediverse and I’m happy to support that (as well as devs for Sync, Connect, Lemmy, etc.)
I like Boost and paid for ad-Free, but a lot of other clients should work for your needs. While they might not be privacy focussed, many are open source so you can check what is going on.
My preference goes
Boost (not FOSS, one time payment to remove ads)
Connect (not FOSS, ad free)
Eternity (FOSS & ad free)
I uninstalled the other ones and haven’t kept up with them. There may be better ones out there, these are the ones I’m keeping up with
Jerboa. It lacks some features, but it’s the official app and it’s also pretty minimalistic with its material you UI. Other than that Thunder is pretty good. They’re both FOSS.
PREACH, after using infinity for reddit for years this is the only app that I can ever be comfortable with. It’s genuinely amazing, thank you to the person who ported it.
Patents seems to be the hardest one to find alternatives. The thing with google patents is that it searches from multiple databases, from multiple countries, so we don’t need to look for each source.
I used to litigate patents, and for international searches I have not found an adequate substitute. Depending on why you are searching, searching may be inadvisable anyway, at least in the U.S. if your search uncovers a specific patent (or even arguably should have uncovered a specific patent) and you are later sued by the rights holder for infringement, your actual knowledge of the patent can be used against you to show willful infringement, a damage multiplier. Apparently, companies that know about a patent need to hire competent legal counsel to analyze the patent with respect to their products and give them an opinion on possible infringement. That process can be quite expensive, so it is often better to not search in the first place. I wrote a few opinions over the years, but it was not a common activity. Accusations of willful infringement were pretty common in litigation though, probably about 40% of my cases.
Just writing this quick summary makes me glad I retired from practicing law.
Also, you are not my client, this is not legal advice, I might be a fraud, yadda yadda yadda.
Thank you for the tip. In my case, I’m working with technology prospecting, and we use patents as a source of information on what kinds of new technologies to expect, what technologies are about to become public domain, etc. It’s not something that can violate any IP.
It’s been a while since I looked into it, and things might have changed since then, but some stuff off the top of my head:
Messages are stored on the server, not on the device
end-to-end encryption not enabled by default
uses proprietary encryption, making security audits difficult
Apart from that it’s somewhat politically questionable, based in Dubai (I think), with dubious financial backing and Russian developers. Because it’s closed source and the encryption is proprietary, there’s no way of knowing how much info it leaks.
Messages are stored on the server, not on the device
Yes, pretty much necessary to provide multidevice support
end-to-end encryption not enabled by default
True that and telegram sucks big here, but I donth think e2ee can be enabled in a feasible way for multiple devices.
uses proprietary encryption, making security audits difficult
The MTProto isnt open source but its fully documented, there have been security audits on it.
dubious financial backing
No. Pavel Durov have always said since starting he paid for telegram’s servers from his pocket, in recent years telegram has started monetisation programs to cover its costs.
Russian developers
The founders were born in Russia, but they now have dual citizenship of UAE and France. If you are talking about politically questionable, even signal have been accused of having backdoors for CIA.
Your comment makes me wonder if one could get around AT by installing faraday cages around where the chips are.
I block telemetry on my IoT devices and they still work. I’m curious if cars would be bricked if they couldn’t call home, or if you could selectively allow certain messages through.
I’m curious if cars would be bricked if they couldn’t call home, or if you could selectively allow certain messages through.
I can’t speak for every car but at least Teslas do not mind being offline. You cannot control which messages they send because they connect via a VPN to the mothership. So it’s an all or nothing kinda deal.
You can also pretty easily remove the SIM card on older models with just a few screws. Newer ones use eSIMs, never looked into how to get rid of that one but I assume it is more complicated.
Your comment makes me wonder if one could get around AT by installing faraday cages around where the chips are.
The antennas are usually external, mounted somewhere else in the car and can be unplugged. Never checked if it can still get a signal without the antenna though.
edit: Also, the PCB itself is mounted inside a faraday cage because the entire thing sits inside of RF shielding.
Thank you for the recommendation. I didn’t know archive.org had this feature, and it seems to be focused on open databases, something that even scholar doesn’t do. It will help me a lot.
No. Whatsapp’s metadata is not encrypted and can be used by its parent company, also backups are not secure. While telegram’s is opt in (yeah that sucks and here’s there excuse for that tsf.telegram.org/manuals/e2ee-simple), they are as secure as signal’s (if not more).
I am not talking about mtproto lmao. I was talking about their opt-in e2ee feature. Edit: Also the research you shared is based on mtproto 1.0 which telegram abandoned almost a decade ago and there have been No such defects found in mtproto 2 yet.
And that UX makes it a hard sell to non-tech/privacy folks.
I had a few converts, then they pulled SMS. My converts left.
Telegram has its problems, I completely agree the encryption issue is problematic. But how do you get non-tech people to use a tool like this when to have a new device get the history, or signing into multiple devices simultaneously, requires transmitting an encryption key? I really don’t know.
I know SimpleX is working on this very issue - their current approach requires switching between active devices by scanning a QR code (or sharing code between devices out-of-band). So currently only one device can be active with your credsntials/ID. It has an ok UI, I’d say slightly better than Signal. But it’s security and privacy are just about the best I’ve seen.
This seems to be the big hurdle - people want a simple login, most don’t care if their convos are stored in servers iut means they can just login.
I’m using telegram with a few people for just this reason, since it gets us off SMS. They like that they can use whatever device is in front of them.
Getting people to switch to Telegram is far easier than anything else, since it’s UI is much better than Signal, Wire, XMPP clients (which can be some of the best).
We know exactly how bad Whatsapp is from a privacy standpoint - I’d choose telegram over it any day.
I would prefer telegram because its just not from Meta. There is bounty on breaking telegram’s protocol too.
Telegram sells ads on public channels with consent of owners and the ads are based on the channel data and not users data. They are back up with their crypto schemes, infact idk whats wrong with crypto, they are better for privacy than normal bank transactions. Anyone cant pay from their pocket for lifetime, it was coming since longway because telegram have no parent company to fund it neither its founder are that rich to spend billions of dollars on it every year. Those “nitro” features didnt take anything away from free users tho, also if they are trying to cover up their cost from the userbase that just proves they have no dubious financing from backdoors.
I dont know how rape laws are connected with a messenger being based there. US have its social problems too or wherever signal is located, every country have social issues.
Yeah facebook is big enough reason to not use facebook. On top of that there have been no data breaches, almost no big outages in telegram till date. They offer a lot of features, from bots to channels, to large public communities and much more.
Telegram just claims its private enough and they never said they are e2ee by default, I dont see the misinformation here, yeah they exaggerate it sometimes but the fact that there have been no data breaches in a decade with almost 800 million monthly active users is quite a bit of achievement. They invested on developing their own encryption protocol, it maybe less private but they made it to remove complexities which signal have. There’s no point on having some 100% secure stuff when no one gonna use it due to complexities, telegram have fueled pro democratic protests worldwide and I thank them for that atleast (even they got banned in many countries for doing so).
MTProto is what Telegram uses for “Secret Chats”, their opt-in end-to-end encryption. Normal messages aren’t encrypted at all. They’re stored in plain text on Telegram servers. The fact that E2EE is opt-in already makes this app ridiculous. On top of that, it isn’t even secure or private lol
the fact that E2EE is opt-in already makes this app ridiculous
in matter of privacy, yes. But it have cool features so.
They’re stored in plain text on Telegram servers No, non secret chats use mptroto but with different schema, thats not plain servers. And no data breach have been reported in telegram yet if it was “that” easy to breach them. From my last comment: “Also the research you shared is based on mtproto 1.0 which telegram abandoned almost a decade ago and there have been No such defects found in mtproto 2 yet.”
I’m not saying that WhatsApp is the good guy here, Meta sucks but compared to Telegram I rather trust them if I have to.
And the unencrypted backups are only problematic when you use the automatic Google Drive upload.
They tell whatever they want until their claims can be validated with the source code. If we take it for granted that they use an original, unmodified version of the signal protocol programming libraries, there are still multiple questions:
how often do they update the version they use
what are they doing with the messages after local decryption (receiving), and before encryption (sending)
how are they storing the secret keys used for encryption, and what exactly are they doing with it in the code
Any of these questions could reveal problems that would invalidate any security that is added by using the signal protocol. Like if they use an outdated version of the programming library that has a known vulnerability, if they analyze the messages in their plain data form, or on the UI, or the keypresses as you type them, or if they are mishandling your encryption keys by sending them or a part of them to wherever
privacy
Active
This magazine is from a federated server and may be incomplete. Browse more on the original instance.