• 1 Post
  • 142 Comments
Joined 1Y ago
cake
Cake day: Jun 15, 2023

help-circle
rss

Most people, however, are not that careful about partitioning their accounts (myself included, frankly).



  • ProtonVPN – VPN
  • LibreWolf – Browser
    • uBlock Origin
    • Skip Redirect
    • NoScript
    • Decentraleyes
    • CookieAutoDelete
    • DuckDuckGo Privacy Essentials (tbh I’m not sure if this isn’t redundant frankly what with the others I have installed; might get rid of it…)
  • KeePassXC – Passwords
  • FreeTube – YouTube

I’m the same here as I too use the Fediverse and LibreWolf, but we shouldn’t kid ourselves about the former: by the very nature of how the Fediverse works, it is honestly pretty damn terrible for the purposes of privacy. Unless I’m missing something, which mind you is certainly a possibility.


I feel like that’s kind of a case of circular reasoning though: we move away from it because it’s legacy, and it’s legacy because we’re moving away from it… Mind you, I’m no expert on VPNs; this is just something I thought I’d bring to attention here.




Yeah, I imagine the USPS would would have some concerns about transporting biological samples across international borders. Lol.


Same. I’d love to know any privacy-respecting companies…that is, if they even exist.


And, as advised, watch for unusual activity (but forever, not just a few months, that’s just a false sense of security).

Alternatively, pay a service (one that’s actually reputable!!!*) to watch your shit for you. (Still keep an eye out, of course, but this at least takes a LOT of the load off.)

For example, I pay a 12.95 USD a month for a service provided by my credit union (way better than a bank) and I can input whatever information I want monitored. They do that and let me know as well if they detect any shit going down. They also give me an update email every month letting me know that something has changed (or, likewise, if nothing hasn’t changed :) ).

I started doing this way back in 2018 when my wallet (containing my ID, debit card, social security card, everything) was stolen. (Gods, that was a fucking nightmare.)  

 


*None of that LifeLock bullshit. AFAIK that’s just marketing fluff mainly. (Somebody correct me if I’m wrong on that.) In any case, I don’t trust any service that is provided by the same fucking company that owns Norton. shudder****


Oh that is a SHAME.

DuckStation is such a wonderful piece of software too. :(


  • “Because Proton are not accepting contributions, they own all the copyright, so can make the code closed source again if they want to (that wouldn’t affect the already released versions, but future versions)”

They can’t do that actually. They can close the source, yes, but if they do they can’t then release the new closed-source version to the public.

From the GPL FAQ page:

Does the GPL require that source code of modified versions be posted to the public?

The GPL does not require you to release your modified version, or any part of it. You are free to make modifications and use them privately, without ever releasing them. This applies to organizations (including companies), too; an organization can make a modified version and use it internally without ever releasing it outside the organization.

But if you release the modified version to the public in some way, the GPL requires you to make the modified source code available to the program’s users, under the GPL. [Emboldened by me.]

Alternatively:

Can the developer of a program who distributed it under the GPL later license it to another party for exclusive use?

No, because the public already has the right to use the program under the GPL, and this right cannot be withdrawn.

  • “They could likely take down any derivative on iOS, since Apple will always take instruction from the copyright holder, for GPL’d code”

Does the license prohibit this? Definitely. Could they get away with it? Probably. Though I’m uncertain Proton would go that far. I mean, if they wanted to prevent forks, they wouldn’t have released the source, let alone with the GPL3 license, which requires the right to make modifications (as that’s one of the Four Freedoms).

  • “Since the builds are not reproducible, there’s no guarantee that the binaries they distribute are built from the source code”

Technically true, I suppose, though again why they would do that is beyond me. If they didn’t want forks, they likely wouldn’t have allowed forks.

 

Again, this is all assuming I’m understanding the GPL FAQ page correctly. If I’m wrong, I would welcome someone smarter than me to correct me. :)


That’s how I see it, too.

First make it so you can eat. Then you can deal with any privacy holes you need to fill.


I’m pretty sure that qualifies, at least in the US, as financial fraud…


As @thejevans@lemmy.ml said in their above comment, they’re also backed by a company heavy into crypto bullshit.

Also, anything can be monetized. Never underestimate the ability of greedy fuckheads to be greedy fuckheads.


There’s a certain point where it just comes down to trust. And if you distrust a company enough that you think they aren’t posting the same code to the git repository that they say they are, then maybe that’s when you shouldn’t be doing business with them.

This is the case with all organizations, corporate or otherwise.


So, I just looked it up and apparently their official stance is that auditing is questionably effective and thus unnecessary:

Our software is free and open source, while we repute at the moment [it’s] not acceptable to provide external companies with root access to our servers to perform audits which can not anyway guarantee future avoidance of traffic logging or transmission to third parties. On the contrary, we deem very useful anything related to penetration tests. Such tests are frequently performed by independent researchers and bounty hunters and we also have a bounty program.

In other words, their reasoning seems to be:

  1. Their software is free and open source, so if it does logs anything, the community would find out, so in this sense the community is the independent auditors;
  2. There’s no stopping an audited party from ceasing to log right before the audit and start up again after the audit ends, so an audit is kind of toothless anyway;
  3. Regarding penetration tests, they already have independent testing done as well as a bounty program.

Personally, I don’t entirely agree with points #2 and #3 (though I can see their points), but point #1 is fair I suppose. In my opinion, though, it should not be up to the users to hold the company accountable; and there is a difference between penetration tests and log auditing, as the former I believe are merely to check the resilience against outside hacking.

My end impression is that judging from their other documentation and forum posts, the fact that their software is fully open-source, and their past behavior in accordance with their stated values, I think I’m inclined to believe them. However, it is somewhat worrying nevertheless that there isn’t log auditing involved regardless of their actions.

 


Edit: Clarification


What do you mean? Are they not good for privacy or security? They seem definitely more zealous about that on their FAQs and forum pages than, say, ProtonVPN, for sure.


Not familiar with AliExpress, but yeah eBay might be an option. Thanks!


Definitely something I looked into. Sadly, all of the ones I found were only purchaseable on Amazon or from Walmart.


Sadly, none that were not purchasable through only Amazon or Walmart.

Motherfuckers aren’t getting my money. (Amazon and Walmart, I mean, though technically also the product companies too I guess.)


Okay, so I switched my VPN to an Australian server and it worked.

That being said, I’m in the US and they do not ship anywhere outside of the Australian proximity.

From their delivery FAQ page:

Where do you deliver to?

We currently deliver to all of the Australian mainland, Tasmania and Australian Island and Territories *.

* Exclusions include:

  • Australian Antarctic Territories
  • Norfolk Island
  • Christmas Island
  • Cocos Island

I appreciate the explanation. It definitely does seem 50x easier than it seemed 6 or so years ago when I last looked into it.

Out of curiosity, what does the “e” stand for in regards to the dongle, lightbulb, switch, and sensor as mentioned above?


You probably just used a server they didn’t block. I probably just hit ones they did on each of the three I chose. Lol.



I had 2 days off work and was playing video games. Sorry.



Bastards really don’t like me using a VPN. Tried 3 different servers and still hitting the block page.

What’s that page of?


Very good point about the low-tech method.

As for the Home Assistance route, honestly, I’ve never really gotten into the whole “Internet of Things” thing.


Imagine losing your wife. That’d be a strange experience!

(Also, excellent idea. I used to do that, but didn’t work 100% of the time; maybe with some modifications it might work better than it did…)

 


Edit: I just realized that put me in a bookstore and suddenly I’m the wife that someone would lose. Lol.


Recommendations for private tracker for keys?
**Follow-Up**: It's going great! I've stopped using my Tile tracker, I haven't lost my keys (yet), and I feel like I'm a LOT less trapped by my circumstances regarding them. Many thanks everyone! Many thanks indeed! ---   (See bottom for tl;dr.) I'm the kind of person who loses their keys easily, so I love the idea of trackers: little devices that you can attach to your wallet, phone, or keyring that connect via bluetooth to an app on your phone to help you find it. Problem is pretty much all the options I can find are run by companies with shitty privacy policies: Tile, Apple AirTag, Chipolo, and so forth. - Tile collects shitloads of data and is partnered with Amazon to boot; - Apple Airtags AFAIK only work with Apple devices, and besides it's Apple so no thank you; and - Chipolo also collects shitloads of data and shares information with data brokers and data collection companies of all stripes. No thank you. In any case, I really don't need a location network larger than maybe 200 meters (about 650 feet). If I lose my keys, odds are it's either in my car or in my house, and my house is like 100 square meters (about 1000 square feet). So Bluetooth is really all I need. I don't even need to see it on a map; I just need for it to ding or something. I'm currently using Tile but I *really* want to get away from it. Worst case scenario, I'll stop using the Tile, but I really am a forgetful little shit. Lol.   *tl;dr – Looking for recommendations for ideally short-range Bluetooth trackers for keys, with decent privacy. Max required range = 200 m (650 ft). Also, pie tastes great. Cheers.*   --- **Edit**: Added a single comma (because fuck syntactic ambiguity) and added follow-up. :)
fedilink








Already use F-Droid and Obtainium a lot, so seems like it wouldn’t be a big leap. Thanks.