I should also add, this would require you to use a GDPR respecting instance. There’s a reason places like Amazon have amazon.com and amazon.co.uk, etc. That’s not tenable for me, or most users.
If you don’t have much experience with linux you should not use nixos. I don’t think nixos is any different from debian or fedora in privacy, anonymity, or security. Many people even reduce their privacy by putting their config on github.
Nixos can be more secure than classic distros. First of all, you have atomic states of your system, so nothing can be added without rebuilding the whole system and giving it a new name
Also you can do impermanence to ensure nothing can slip in for sure, because the system will be recreated every boot
I mean yes you reduce your privacy by interacting with Microsoft GitHub in general, but posting your Nix config to the public isn’t much of a privacy concern since you shouldn’t have any plaintext secrets anyhow as a best practice since it would be compiled into the Nix store. There are a couple of different ways to encrypt secrets, as well as just not committing private *.nix to a public repository.
It’s like giving a map of your infrastructure to a hacker, but it depends on your thread model. Most of the attacks on home servers are automated, so it shouldn’t be a consern
Another thing if your thread model is different, then the situation is not that good, but you can encrypt a lot of stuff, especially when you’re making your config reproducible
I host my own Simplelogin instance and generate a new address for every service. Combined with Bitwarden, I now have a unique address and password combination for each account.
This is why I just moved from protonmail to Fastmail. With Fastmail I can send from arbitrary addresses using my domain. Why it’s not that simple with proton is beyond me and now that I’ve tested everything with Fastmail these past few weeks, I see it’s a choice.
I almost signed up for simplelogin but realized I was being sold something that should just be included. Plus setup was convoluted as fuck.
And when those addresses wind up on mailing/spam lists and they’re coming from multiple places, you’re screwed. That’s why email forwarders became a thing, catch-alls aren’t new, but you lack the control most want with them.
Plus, Proton does support plus/+ addressing, which does the same thing as a catch-all. You know the email addy it came from.
If I were a professional spammer, the first thing I’d do to clean the address list I have is to strip out plus addresses. It’s a simple regex.
On how to filter, I can send any address straight to the trash apparently just like simplelogin. I’ll know who sold or leaked my info because it’s in Bitwarden and I can just search my vault to see who I handed that particular address to.
But in some cases you don’t want to use arbitrary addresses, but the exact same that was used to send you an e-mail. For me this is necessary and Simplelogin hides my real e-mail address. Additionally, I can with ease deactivate addresses and minimize spam by a lot.
I can reply from ANY address from my domain including the exact one that was used to send me an email.
I can “deactivate addresses” by sending messages to a particular address straight to trash with rules.
Edit: turns out Fastmail has a masked addresses feature built in, separate from a catch-all. It’s basically simplelogin built in, if you want to enable it. Proton is looking more and more overpriced.
Yes, I have the same issue with DDG for something like a year now. I can’t use it anymore for basic searches, I feel like the bing api they are using is getting worse and worse.
Most companies I’ve sent data deletion request just do it, but when they start to argue I just hit them with most ridiculous bullshit while acting like the most privileged bitch until they do it my way.
Try saying no, see what happens.
Fearmongering, gaslighting, lawful threats, technical jargon and the word ‘rape’ are your friend.
Just recently when requesting GDPR data deletion from UK-based company they also wanted to confirm my identity, hell they will.
I hit them with the fact that a person controlling the e-mail address can use their ‘Forgot password’ feature to take control over the account and access my sensitive data they’re in possession of or steal my identity using their own services. I also not so kindly suggested that I’ll report them so their security practices are investigated for the safety of their customers.
…they deleted the data without any further questions.
PS. Not sure about UK laws, but for GDPR: Always request confirmation of the deletion and the detailed steps they’ve taken to ensuring your data has been properly erased. They’re obligated to tell you that upon request.
I hit them with the fact that a person controlling the e-mail address can use their ‘Forgot password’ feature to take control over the account and access my sensitive data they’re in possession of or steal my identity using their own services.
this was their excuse to why they won't delete my info without proof of ID.
I told them no, I told them that if my bank or phone provider or online grocer who all have much more important and sensitive info, namely my payment/bank details, can verify me without extra documentation, so can they, they still said no.
So I've filled a complaint with the ICO, there's fuck all else I can do unfortunately..
It is true, I haven’t found anything akin to sandboxes in any other ROM. However, if you contain your apps inside a workspace, that seems fairly sandboxed to me, for the most part. It is unfortunate that Google’s mobiles are not as repairable.
Let us know what you end up buying. I wonder if sandboxing can be implemented in other ROMs through some modifications in the Kernel (it’s Linux after all).
I’ve only used Thunder, but it’s been just fine and I haven’t felt like I need to see what else is out there. I guess it could be more responsive with reply notifications and such but that’s pretty minor.
Been using it for a couple of years now I think. Haven’t seen a reason not to like it.
There’s a thread in GitHub where the privacyguides.org guys discussed some flaws in the encryption but that was at the very beginning, I remember reading those have been solved apparently.
Pricing, well, it seems cheap but honestly I think it’s just because we are used to seeing outrageous prices for ridiculously small amounts of storage. Thinking about it, 30 eur for 100gb is not cheap at all, like some other comment says when compared to physical drive prices. Plus, offering lifetime is a common marketing technique to attract customers used by small or starting businesses. I don’t know if that is the case here but it certainly isn’t an automatic red flag for me. I don’t know if they are gonna be around next year or 5 years from now, but I’m willing to take the risk. They claim to have lots of users and be cash flow sustainable, plus they keep developing and are getting into business features to attract that kind of customers, certainly doesn’t look like a business on life support to me.
App and code-wise, they are much better than they were a year ago. Android app is still a bit janky sometimes but I don’t use it a lot so I got not much to say, other than I can see my files and upload something small once in a while just fine. The desktop client is amazing, the best functioning client for Linux that I have used from any service, or from the few services that have a Linux client at least. The clients are open source and since the service is e2ee you don’t really need to see the server code if the client encryption is done correctly, which apparently there is no sign that it isn’t, as mentioned before.
Overall I would say you can use it, but keep a backup somewhere else just in case, which is just the thing that anyone should be doing anyways.
At e.g. Hetzner you can get 10TB for 25 EUR so no, that is not cheap at all, even if it might include some additional services compared to the Hetzner offering (which is not end to end encrypted but for costs of disk space that should not matter).
You are the one who introduced that detail about Hetzner. Nobody discussed using their hosting service. People were discussing cloud storage options and prices.
privacy
Top
This magazine is from a federated server and may be incomplete. Browse more on the original instance.