• 0 Posts
Joined 4Y ago
Cake day: May 31, 2020


I mean, that makes sense, but consider the other side. You find some document that very clearly says that you have a license to do whatever the hell you want with it.

In this particular case, you probably heard the news, but in many other cases, you just couldn’t trust any license anymore, because there’s just no way to know whether something was intended to be licensed like that. It would pretty much defeat the purpose of licensing anything at all.

Not sure, if this is precisely the same in the US, but here in Germany, employees act on behalf of their company. So, if you write such a documentation, your copyright is assigned to the company, but just as much, you’re allowed to license this copyrighted work.

In many cases, this is absolutely necessary to do for your daily work. Like, maybe your job is to work with external contractors that implement changes to these search ranking parameters.

There is some things, like entering a contract, which require a signature to be legally valid. And signing things, that is something that not everyone can do. But yeah, you don’t need a signature for licensing.

This doesn’t show individual requests, but it shows the tracker libraries and permission demands: https://reports.exodus-privacy.eu.org/en/reports/com.alarm.alarmmobile.android/latest/

Does this app itself do the security surveiling or why does it need access to the camera, microphone, location, user movement, biometrics, contacts etc.?

Waterfox started out as a 64-bit fork, but then transitioned to being Firefox with a few different default settings for better privacy. Then Waterfox got sold to an ad company. Then last year, the solo dev bought it back. It’s a bit of a weird history.

Like, ultimately I agree that there’s not much of a point to it. It’s better to configure Firefox. But it is not anymore just about the 64-bit build.

Between you and me?

Love that that’s part of the quote…

Could be that Firefox downloads the codec after you enable that. At least, I’ve heard of it being implemented like that in other software…

I’m using a SHIFT6mq with LineageOS. It’s similar to the Fairphone (expensive, but repairable, sustainable, good Custom ROM support), but it’s got a few different design decisions and much higher build quality compared to the FP3 I had before.

I’ve heard Logseq is comparable to Obsidian and it’s open-source. It is the corporate kind of open-source, though, so no guarantees that it stays as such…

Yeah, I feel like that’s why the EU has such strong privacy regulations. Tech giants in our market are mostly either state-tolerated&-utilized monopolies from the US or state-owned monopolies from China.

Corporate lawyers tend to be …optimistic. And then management will put a risk calculation on top of that. As a result, most larger companies violate the GDPR. See the popular use of Google Analytics or Microsoft 365, for example, which are illegal in the EU, if you ask a DPA¹. Giving them a reality check is never a bad idea.

¹) https://www.imy.se/en/news/four-companies-must-stop-using-google-analytics/

Yeah, a formal complaint isn’t quite intended for this purpose. Just writing to your data protection authority/officer to let them know that this is important to look after, will do the same here. They can then hand out a warning to Reddit.

Mozilla pays for a premium subscription to Google Analytics, which allows them to opt out of data usage by Google. So, obviously Google still aggregates the data, but only for providing reports to Mozilla. Google may not use the data for their own user analysis/tracking, as they would do without the premium subscription. Otherwise, Google would be in breach of contract, which would be an easy lawsuit with high punishment for Google.


You can find a detailed description about Firefox Sync’s design in regards to privacy here: https://hacks.mozilla.org/2018/11/firefox-sync-privacy/

Because it’s not true. Account data is not shared with Google.

They did not say that there’s no relation to politics at all. But we do not need to hold a particular political position to agree that the government should not censor people’s opinions.

It only starts to become a right-wing talking point when liberally applied to everything else. When even government officials argue your opinion should be censored, because it is critical of their opinion. That has nothing to do with the actual free speech principle. Quite the contrary.

The JVM languages (Scala, Java, Kotlin) usually have decent-quality libraries and tooling. The Rust community loves to pump out high-quality stuff. And well, a bit more unusual, but I would have high confidence in Haskell or OCaml libraries, too.

It’s mainly JavaScript and Python where the whole ecosystem is built from the ground up with a “good enough for my script”-attitude. Oh, and C is out for manually managing memory.

I considered whether you can fault them for that, but I do think, I’ll fault them for using Python in a security-relevant context.

You get so little assistance from the language tooling and a lot of Python libraries have low code-quality. Especially the whole asyncio system is so tricky to use, it’s extremely hard to produce correct code.

Yeah, when you log in with an account, they don’t need a separate mechanism of identifying you.

@rhymepurple@lemmy.ml did specifically ask about hardened Firefox, which literally means Firefox with configuration changes to make it more secure.

Having said that, personally I do think Firefox’s default experience is close to the best you can do for people that really just want to install without thinking about it.
Going beyond that quickly results in broken webpages. And broken webpages require that you know what you’re doing, so you can unbreak them, if needed.

From what I’ve heard in the past, Mozilla is doing a good job upstreaming work from the Tor Browser devs and putting it behind an about:config value, if they don’t use it in Firefox. So, assuming your hardened Firefox uses the right config values and browser extensions, there should be relatively few differences…

Oh wow, I had seen some people talking about telemetry in Go and thought this was about their proxying bullshit again, and even thinking that, I told someone it’s basically unheard of for programming languages to behave this badly.

And now you’re telling me, Google is actually behaving significantly worse still? 🙃

Possibly sacrilegious question, but what difference does it make here? The JavaScript that’s delivered to users is essentially a binary, and the source code to compile that binary is available. That’s how it’s done in other software, too.

And with PeerTube being under the AGPLv3, this also holds even when someone modifies the version of PeerTube that they host, as they have to make those changes available.