• 0 Posts
  • 33 Comments
Joined 11 months ago
cake
Cake day: February 10th, 2024

help-circle

  • I’d love to be able to disagree in any of your points, but I can’t.

    The vast majority of users want something that simply works, is polished and intuitively usable. Reading docs, remembering anything other than the bare minimum, running into issues that don’t get magically resolved within 5 minutes will turn them away forever.

    Even people with a technical background will at least partially compromise and migrate towards the services with the most users to not isolate themselfs.

    Matrix is neat, Lemmy is neat, Nextcloud is neat (well, in theory), Immich is neat, so many other privacy friendly solutions are neat. But they’ll always be irrelevant in the global context.



  • Telcos know that authentication is about the only remaining use case for SMS and are not going to turn down the revenue stream.

    And it can’t die fast enough, as it’s essentially the same as broadcasting your sensitive information over unencrypted radio.

    Apart from security, phone number based user identification is such a half-assed approach and I still don’t get why Signal wants to die on that hill. It’s inconvenient, yet trivial, for anyone to register a second, third or tenth phone number. With a bit more knowledge and inconvenience, even anonymously. It adds so little.





  • open from a direct link from the Play store (in which the app page opens, however, with almost no information, such as version, permissions, size and so on, and the download doesn’t start.

    Tested this myself, as that used to be the workaround for apps not appearing, but I’m facing the same issue on some apps. For the time being, installing/updating manually via APKMirror isn’t ideal, but I’m not installing the Play Store.





  • Mullvad certifiably doesn’t log. Their VPN infrastructure even transitioned to RAM-only a few months back. They’ve been raided by the police and nothing was confiscated because there was nothing to confiscate. Obviously they have a list of registered accounts and payments, but without any connection to - well, connections.

    I get what you mean though and mostly agree: There are only a few providers I trust enough to shift said trust from the ISP to them.

    As mentioned in the comment you replied to: Yes, trusting a third party is a compromise. But you are also trusting a third party when renting a server for a private VPN endpoint, as well. A third party provider with probably a lot more logging going on than a trusted service such as Mullvad. While being way more exposed.

    Since TOR isn’t feasible for most users 24/7, trusted commercial VPNs are the next best thing when the alternative is your ISP logging everything you do.


  • This is something I’ve not understood yet. If you rent a server somewhere to use as a private VPN endpoint, your clear IP will be pretty much the only one connecting to the server. Correlating your traffic and your clear IP to your masked IP is easy for sufficiently motivated, able actors.

    Meanwhile, the main benefit of a shared VPN such as Mullvad is that many users simultaneously use the same endpoint, making it much harder to identify the user (taking only IP and traffic into account), provided they don’t log your traffic.

    So while having control over your endpoint is nice, how does that actually contribute anything meaningful to your privacy?


  • suppenloeffel@feddit.detoPrivacy@lemmy.mlMozilla Monitor is shady
    link
    fedilink
    arrow-up
    96
    arrow-down
    2
    ·
    edit-2
    10 months ago

    Yikes. This has the potential to seriously damage the reputation of Mozilla. I guess there are 3 possibilities:

    • Onerep isn’t actually shady, but partnering with a company part of a conglomerate with companies directly opposing the stated goal isn’t a good look either way
    • Onerep is shady and Mozilla failed to conduct the necessary research before partnering with them
    • Onerep is shady and Mozilla knew

    In any case: Personally, I’ll never not be grateful towards Mozilla for continuing to support and develop Firefox, which is quite literally the only relevant engine standing against the monopoly of chromium and all the bad that entails. But I trust other companies/initiatives/projects more when it comes to services other than the browser engine.


  • Ah, the meaning of my comment went straight over your head and you resort to throwing insults around.

    I’ll spell it out then: The fact that the first shot merely went through his mouth, from one cheek to the other makes it entirely possible, even probable, that Gary Webb commited suicide. Even his ex-wife said so:

    Webb’s ex-wife, Susan Bell, told reporters that she believed Webb had died by suicide.[72] “The way he was acting it would be hard for me to believe it was anything but suicide,” she said. According to Bell, Webb had been unhappy for some time over his inability to get a job at another major newspaper. He had sold his house the week before his death because he was unable to afford the mortgage.

    Spreading unfounded, exaggerated conspiracy theories while not even getting the facts straight isn’t helping anyone but the perpetrators, especially when the CIA actually did commit some atrocious crimes that can be cited by stating facts instead of fiction.




  • Doesn’t even have to be malice. I’m sure that most instance admins are great, competent and caring, but setting up a Lemmy instance is trivial, securing it is not.

    The default configuration of a proxy could log connections, the config interface may accidentally be exposed unprotected and so on. Again, I’m not saying that most instances are inherently untrustworthy. But, depending on your instance, you are trusting one person or a small team of volunteers to stay on top of everything andyou can’t expect them to drain their bank accounts in case of legal issues for you.