Any suggestions on starting this process? I have a Raspberry Pi and was looking into self-hosted Google Drive/Photos/Gmail replacement. Best FOSS replacements?
Look up Syncthing and then never stop trying to replace closed source and paid software/services. Like any time you launch something ask yourself “does this hit the same way as when I swapped to Syncthing?” If the answer is no you then put “[name of thing you want to replace] foss alternative” into your search engine of choice. You’ll end up down so many rabbit holes, but you’ll come out the other side a whole lot better at making your technology work for you, not the company that made it, and with a suite of free open sourced tools you are in complete control of.
Here are some tools I use that are super easy to get going.
Syncthing (cloud storage replacement)
KeepassXC or Pass if you’re a command line person (locally stored password manager, coupled with Syncthing you have your own private cloud password manager
Tailscale/wireguard (private VPN that allows you to easily connect all your devices without exposing any of the traffic to The Internet)
PiHole (a DNS sinkhole that blocks a lot of ads and tracking on your entire network, bonus points if you set it as you Tailscale DNS provider to give all your devices ad block no matter where you are as long as the device was a connected to Tailscale)
Those are the ones that got me going and I personally believe act as a solid core. Most people will find all of those useful. Other services are more user specific, but that’s a lightweight bundle of software that your RPi will handle well. Much more and you might want to look at beefier hardware.
Noticed in one of your comments this is happening on Signal desktop. Is this a windows machine? Maybe update your post so people are aware it’s no on Android
Without knowing any information about this, the hachyderm instance is one which would host such a thing. They’re tech focused, and well organised with a co-op umbrella organisation running the instance that has pretty clear rules and ideas around how incorporated entities can engage and join it. So it’ll be interesting to see where this goes.
I use Firefox focus for random browsing, normal Firefox for general browsing that I want to keep the history of, and Mull for anything where I want to absolutely minimize tracking / enhance privacy.
I personally like to keep them separate as I use the different devices for different purposes. I don’t really ever have more than the visible row of bookmarks at any one time. If I need to save something I’m not using often, I’ll archive the page. Like for recipes in particular I have a directory filled with them.
Why did someone see that I joined Signal? People who already know your number and already have you in their contacts see that they can contact you on Signal. Nothing is sent to them by your Signal app or the Signal service. They just see a number they know is registered. If someone knows how to send you an insecure SMS, we want them to see that they can send you a Signal message instead.
Why did I see that my contact joined Signal? You are notified when someone that is stored in your contact list is a new Signal user. If you can send an insecure SMS to a contact, we want you to know you can send a Signal message instead.
You can check that in the phone app too. Hit new message, enter the numer, hit "New message to… " and it’ll tell you if it isn’t known. There is rate limiting in that function, you’d need a lot of signal accounts to sweep all phone numbers.
You could also try signing up to signal using the number you want to check.
Neither way however you would get the signal name or profile pic of the number if I understand it correctly, that would get sent if they reply to you.
It’s a necessary feature if you are using phone numbers. Signal has to tell you if your message has any chance of being received.
I don’t want to message someones number, to find out they never got my message and don’t have signal a few days later, and I don’t want to message them via whatsapp too, giving them a chance to use that when they have signal.
My confidence in signal is greater than my confidence in a random fork. Privacy is hard… So I feel it’s better to trust something less than ideal, than to trust a random dude promising to solve all problems…
Have you seen signal’s issue tracker? Ik it’s a big project, but it’s literally getting spammed, plus the desktop app that keeps database key in plaintext and won’t work natively under wayland (needs xwayland, making basic stuff like sending attachments hard if you use most tiling compositor, tho that’s partly Wayland’s design flaw of lacking consistent reference implementation). Also I principally don’t trust apps that rely on both proprietary network services and libraries. The very fact that they don’t leverage their funding to reduce their costs by working on support for federation that is not a matrix bridge (which hasn’t been even developed by them btw) or decentralization, especially since XMPP, SimpleX and Matrix (which has currently 3 well developed server implementations: Synapse, Dendrite and Conduit) have been able to do so with much smaller funding. And it’s Signal, not Molly’s maintainers who have been putting more effort into shiny UX improvements over hardening infrastructure code lately. And even if Signal does improve it’s security, the patches get regularly backported into Molly, whereas even such basic shit implemented solely in Molly, such as app passwords that actually encrypt it’s database is pretty useful. Because even PIN scrambling is not fully immune to shoulder surfing. Defense in deph matters.
tl;dr a longer rant about decentralization vs federation 👇
Even the argument of network effect achieved thanks to reliance on phone numbers is becoming less relevant these days, with DeltaChat providing a convenient way to have encrypted chats using the existing email infrastructure in much more convenient way than traditional PGP. Pixelfed has already achieved E2EE DMs and it’s being worked on for Mastodon. If the UI of the most popular apps and the official web interface are also redesigned to make messaging more convenient to use it might have the same positive effect on user retention as Facebook Messenger once had. Anyway things are bound to change in favor of federation, but not necessarily decentralization. For instance I got mixed feelings about EU’s DMA. I’m optimistic about the interoperability benefits it could bring, but even the official act doesn’t specify how it’ll be implemented. If it relies on something like WebFinger which does require a domain name it’ll end up just grouping a couple of major walled gardens together, so for example SimpleX, Session or Status users still might not be able to chat with people on centralized platforms
Well. I personally am very annoyed that i can’t choose a specific pin for signal. That means my kid can read my messages, because yes… Keeping password from a child is neigh impossible. But my pin for element, fairmail, telegram he don’t know.
So i get a lot of the criticism. For me personally, it’s still a matter of trust. A future malicious molly version might eavesdrop. Signal will probably not do so.
Encryption at rest on an unlocked phone is probably a hard problem. But if somebody is targeting me to that extent, i am probably toast anyways.
I try to create enough usage so that journalists and activists can hide in the mob, and i can hide from fang.
I use element, but do worry about the local server implementation and leak of metadata.
I see your point and don’t negate such possibility. Although the black box nature of proprietary dependencies in vanilla Signal means an inclusion of potential trojan spyware. Speaking of the need for app lock, as an alternative solution, you can create a separate profile for Signal to have a dedicated PIN. But afaik only GrapheneOS allows notification relaying to main profile. LineageOS on the other hand has a feature called AppLocker. If you intentionally lend your device to kids, Android has a feature called app pinning.
It’s easy to “stand on the shoulders of giants” and claim some software is better when you’re adding 1-5% of additional work on top of a fully developed service/app/infrastructure. It’s why generally forks of software tend to have more features than the original source - See the following examples where people polish something and release it as their own improved creation:
Chromium/Chrome > Edge/Brave
Debian > Ubuntu/Mint/Pop!_OS
Android Open Source Project (AOSP) > WhateverSamsung’s_is_called
Firefox > LibreWolf
Now, I’m not trying to say people should stop forking software, I’m all for it as it breeds competition and innovation, but to complain that a software project is not meeting your specific demands and their forks are doing so much more means you’re not understanding the other projects would probably die without all the hard work that goes on in the core product.
whereas even such basic shit implemented solely in Molly, such as app passwords that actually encrypt it’s database is pretty useful.
You say this but do you have any evidence to back up the claim that it’s useful and to who? Who’s asking for it? What percentage of Signal users would enable the feature? Is it 1%. Is that worth it? There’s barely a demand for privacy from the general populace otherwise Signal would be a hit and everyone would leave Whatsapp immediately, but it isn’t.
if you use most tiling compositor
You’re the 1% of the 1% when it comes to desktop configurations if you’re using a tiling window manager. I used one about 10 years ago and have yet to find one other person in the real world who has ever used one and I work in IT. Whether you like it or not, Signal developers are not going to spend any effort on making your very niche use case any better. I’m not saying that to be rude, but you have to be realistic. Your expectations are high for a free service that generally works for 99% of the population.
Also regarding tiling compositors/WMs. Base rate fallacy. Yeah desktop linux has got 3% market share but probably somewhat more if you exclude company or public computers. But then, probably also higher among Signal users. Anyway, that’s probably an Electron issue. Glad to see Flare getting better, so hopefully if it doesn’t get abandoned we might soon have a viable alternative that is more lightweight, secure and integrates better with the system in a more agnostic fashion. Heck, I might be even inclined to contribute a little to that project myself.
It wasn’t my intention to state that an extensions of certain big software is always better or should get all the credit. No. First of all, I consider Molly protestware and second of all, the thing about being able to do federation and whatnot with much smaller funding was not about Molly. It was about simplex, matrix, XMPP, E2EE for Fedi and handful other decentralized/federated projects. Signal already has been downloaded hundreds of millions of times according to App Store/Play Store and received countless endorsements. And they did in fact face outages after receiving one from Elon Muskrat. So, they needed to find ways to scale better. Their server software could in theory be self hosted, but unlike Matrix or XMPP, it won’t federate so in a way it’s even worse than e-mail when it comes to this. One would thus think that it’s implicit that they would finally add the possibility to let people run their own servers or even devolve towards more P2P-oriented design. But instead they’ve decided to partner with a pump and dump shitcoin scheme whose privacy-friendliness was absolute trash, though granted, that was also at a time when every tech company was trying to join the Web3 hype. Now their reach is even bigger, but has grown at a steadier pace. I won’t try to go more tinfoil here with any unsubstantiated suspicions and begging the question but even though decentralized or federated systems are harder to design in a way that makes them secure, centralized ones are more abusable and create a single point of failure that can affect a large share of the user base.
Also don’t get me wrong. Molly might be written by less experienced programmers. And if it was written from scratch, it could be very likely it would contain more vulnerabilities per 1000 lines of code than standard Signal app. But it’s mostly just it’s a hardened superset sans some nasty stuff. I’d compare that more to how Calyx or GrapheneOS are to plain AOSP than how some low maintenance random custom ROM from XDA with fuckton of bells and whistles that will leave your bootloader unlocked is.
Lol what will you say them? Your IP won’t be shared to other websites, but only to Google, switch your browser now! That will be so dumb…
I won’t tell them much. I will suggest they read it and let them know I will gladly answer any question they may have after reading it.
They’re just ignorant of the technical considerations but they still have a fully working brain, and given some lead they should easily understand the topic at hand (a bit like, say, if I discussed the differences in the process of painting watercolor versus oil or gouache while you have yourself never painted a canvas in your live I would not consider you too dumb to understand, or laugh at you, I would instead take some time to explain you what are those essential differences and why they matter. Well, this article will do exactly that in regard to Google, for those persons).
As I wrote in my first comment, this article is a nice and clear summary of the issue (Google privacy-washing) and should help them understand or, if you prefer, realize that this issue may be worth getting more into it. Then, could begin our discussion.
Don’t you agree that understanding there is an issue is a required starting point for anyone to take any decision in order to try to correct said issue?
As for the rest of your well thought-out comment, here is my take: I hope they will change, and not just their browser, but I certainly will not tell them to change or to do anything they don’t want.
I know we live in this strange new world, where hostility and mockery is becoming the norm, but barking orders or Loling at the face of people is not what a discussion is supposed to be. Maybe that is something that’s worth repeating, no matter how dumb it sounds.
For me, the main issue will be to get people who have not considered the big picture to realize that even if it helps reduce a real issue, and it does, the solution may be worse or much more costly than the issue. Even more so in the long run.
Think the best response when I've told someone that their data is getting harvest was "Why wouldn't I want that?". That puts the statement of "I have nothing to hide" to shame
That is a real problem. In a perfect world you would want all of your data to be available to everyone who can use it to improve your live. And only getting advertisement for things you actually want/need (not only think you want/need) is a real improvement of your live.
Sadly “improving lives of consumers” is not the goal of any of the big data collectors and as such any data collected is or will be missused to cause harm to the owner even if it is not directly obvious.
Thanks for the link, the part about disabling Ad privacy in Android is also helpful, I had no idea about this and all of it was turned on after the last os update.
Matrix defines a set of open APIs for decentralised communication, suitable for securely publishing, persisting and subscribing to data over a global open federation of servers with no single point of control. Uses include Instant Messaging (IM), Voice over IP (VoIP) signalling, Internet of Things (IoT) communication, and bridging together existing communication silos - providing the basis of a new open real-time communication ecosystem.
privacy
Oldest
This magazine is from a federated server and may be incomplete. Browse more on the original instance.