Comments

ono, 1 year ago (edited 6 months ago) to programmer_humor in The Perfect Solution

dedent() can help with that.

ono, 1 year ago to privacy in The Boost android client for Lemmy is displaying these dark pattern ads pretending to be system notifications. What security/privacy conscious Lemmy clients do you recommend?

Depends on the particulars, and on the needs of the individual.

That’s not really how things like security works.

If that were true, threat modeling wouldn’t exist. ;)

I think some people just go crazy for something that’s not big tech, and then quit looking at the particulars.

I expect that’s probably true. It’s safe to assume I’m not one of them, though. Cheers.

ono, 1 year ago to privacy in The Boost android client for Lemmy is displaying these dark pattern ads pretending to be system notifications. What security/privacy conscious Lemmy clients do you recommend?

So it could still be considered less secure than N.

It could be, or it could not be. Depends on the particulars, and on the needs of the individual.

Mind, I’m not going around presuming to tell other people what’s better for them, as one or two others in this thread are doing. I’m just stating what’s a good fit for me.

ono, 1 year ago to privacy in The Boost android client for Lemmy is displaying these dark pattern ads pretending to be system notifications. What security/privacy conscious Lemmy clients do you recommend?

N + 1 > N

ono, 1 year ago to privacy in The Boost android client for Lemmy is displaying these dark pattern ads pretending to be system notifications. What security/privacy conscious Lemmy clients do you recommend?

I use it because, contrary to what that scare piece you linked would have the reader believe, it’s better for my needs than the alternatives.

(I’m no stranger to software development and security, by the way. I understand the pros and cons.)

ono, 1 year ago (edited 7 months ago) to privacy in The Boost android client for Lemmy is displaying these dark pattern ads pretending to be system notifications. What security/privacy conscious Lemmy clients do you recommend?

You’ll have to trust an additional party when getting your apps, and updates are often a couple days behind.

I know how it works, and in this case, that’s fine with me.

F-Droid has an excellent track record; better than many developers have. And I’m not addicted to having the latest versions of everything on the day they’re released. In fact, not immediately jumping on the latest versions has saved me from nasty bugs more than once.

ono, 1 year ago to privacy in The Boost android client for Lemmy is displaying these dark pattern ads pretending to be system notifications. What security/privacy conscious Lemmy clients do you recommend?

Part of what I value in F-Droid is the additional layer in the build/release process, because it makes tampering more likely to be detected.

It’s still nice to know a tool like obtanium exists, though. Thanks for the link.

ono, 1 year ago to privacy in The Boost android client for Lemmy is displaying these dark pattern ads pretending to be system notifications. What security/privacy conscious Lemmy clients do you recommend?

If new versions don’t make it to F-Droid, they might as well not exist for me. There are only a couple of apps that I find important enough that I’ll spend time manually building/pulling/installing, and a Lemmy reader isn’t one of them. Thanks for the tip, though.

ono, 1 year ago to privacy in The Boost android client for Lemmy is displaying these dark pattern ads pretending to be system notifications. What security/privacy conscious Lemmy clients do you recommend?

I start with whatever is on F-Droid, and narrow it down from there.

Jerboa was the only option there until recently. I see Voyager and Eternity are there now. I’ll have to give them a try.

ono, 1 year ago (edited 1 year ago) to privacy in Proton domains blocked as disposable in disposable filter

but you have no direct connection from this resource to harm you claim it causes?

The connection is very clear, because you can see what domains are on the list.

So you’re lumping this resource into a bucket with other resources that were malicious

You’re saying a dev using this list […] needs to convert their FOSS use-case to yours?

[…] the argument I feel you’re making.

Please stop putting words in my mouth. As you seem to be arguing in bad faith, I’m done with this conversation.

ono, 1 year ago (edited 1 year ago) to privacy in Proton domains blocked as disposable in disposable filter

You’re getting into very sketchy territory by saying a dev who is using a public GitHub repo to solve their problems needs to take it down

No, I don’t believe I said any such thing. Since you mention it, though, I think taking this list down and removing the false positives before bringing it back up would be the responsible thing to do.

In the interest of specifics, can you point to where this specific list has done harm?

I know from personal experience and investigation (both as a user and on the admin side) that there are now many cases of privacy-focused email addresses being rejected, or even worse, accepted and then silently black-holed, due to the domains being inappropriately added to lists like this one. I don’t know of a place where people report such cases so they can be documented in aggregate, but if I find one, I’ll be sure to bookmark it in case your question comes up again in the future.

ono, 1 year ago to privacy in Proton domains blocked as disposable in disposable filter

That’s not what this specific list is for.

Yet it has a lot of legitimate domains, and has had them for years.

Regardless of whether the maintainer is malicious or just irresponsible, his list is doing harm.

ono, 1 year ago to privacy in Proton domains blocked as disposable in disposable filter

They rejects them because it is an abuse prevention mechanism.

An “abuse prevention mechanism” that punishes legitimate users is a badly designed mechanism. It’s a lot like police racial profiling.

You can solve captcha and register without any additional information

Nobody said anything about registering.

ono, 1 year ago to privacy in Proton domains blocked as disposable in disposable filter

Devs can use them to block DISPOSABLE mails, not PRIVACY legitimate emails.

That’s what they claim, but in practice, they seldom distinguish between the two.

ono, 1 year ago to privacy in Proton domains blocked as disposable in disposable filter

Ironically, when I tried setting a ProtonMail account recovery email address, they rejected it because it was on a list like this one. I hope Proton gets off this blacklist, but I also think they should practice what they preach.