(He/him) Marxist-Leninist and amateur writer. I like cats, foxes, sci-fi, science fantasy, and Pokemon Mystery Dungeon. Message me for my roleplay ideas!


Discord: LinuxFennekin#5514

Reddit: /u/HiddenLayer5

  • 0 Posts
Joined 4Y ago
Cake day: Aug 14, 2020


Related: how good privacy wise is the default AOSP keyboard found in no-Google-services ROMs like Lineage and /e/? Does it still phone home?

Not safe at all because it was not designed to be, it even tells you as much. Use them to exchange e2ee contacts and then use that.

I’m shocked. SHOCKED I tell you! Who could have seen sweet old Google doing something like this!

On any non-open source or cloud based software, assume all opt out switches go to /dev/null

But then you have to trust, 1, the auditors (I assume by your comment you mean the people given closed door access to the code, reviews it, then publishes a statement saying their claims are valid, that kind of third party auditing?); 2, the code they disclosed to the auditors is the actual complete codebase; 3, that between the current version and the next they did not add anything fishy; and last but not least, 4, the binaries they give you is actually built from that codebase and nothing else, since you can’t build it yourself if you’re really that worried.

I don’t fully disagree that you can have a private and secure proprietary app, sure you can, but I argue that there are some really big hurdles and you can never have 100% trust in it. Whether these things is a dealbreaker depends on your own values, opinions, and threat model, of course. If you’re choosing between this and Google Maps, then this is almost certainly better in terms of privacy and security.

I suppose you can also decompile it and analyze it that way, but that’s very difficult and compared to reviewing an open source app, pretty much no one is going to do it. You also don’t have the same level of community attention and contribution on the code itself as an open source project would where people are forking it, implementing features they want and sending pull requests, and going through the codebase to learn how it’s implemented in order to develop their own projects. All of which gives many opportunities for other developers, usually ones very concerned about privacy and security themselves, to notice and sound the alarm on unethical or insecure code in the app, basically getting tons of community driven audits all the time.

Oh ok so there is no way to independently verify its privacy or security. Doesn’t belong in this community then IMO.

Remember: the corporate meetings and university lectures are the tip of the iceberg of the kind of data Zoom has on people.

Zoom is used by teenage couples to call each other and hang out, which might turn into discussing sexual themes as teenagers dating often do.

Zoom is used by general-care doctors when their patients describe the rash on their anus.

Zoom is used by psychiatrists and therapists talking to their patients during some of the most vulnerable and precarious times of their lives.

Zoom is used by lawyers talking to their clients in all kind of cases, criminal, civil, divorce/family, inheritance, etc.

Zoom was used by actual fucking courts to hold actual fucking criminal trials. Like bruh the fucking US judiciary department couldn’t have self-hosted one of the many open source and E2EE solutions?

The fact that they can do this with no oversight or regulatory bodies intervening is utterly ridiculous. Zoom has probably some of the most sensitive data of people’s lives. It is not a social media platform where people know that they shouldn’t put too sensitive information on, it was literally intended and marketed for people to use for sensitive communications. They shouldn’t even be keeping any amount of data after the call ends, IMO, but using it to train an AI (to presumably sell later) is utterly morally bankrupt, and so are the regulatory agencies and lawmakers who could have intervened. Fuck you Zoom, fuck you FCC/FTC/whoever handles data privacy in the US. You want to ban TikTok because of its “national security implications” but don’t bat an eye when it’s a US company doing something far worse huh? Not implying I like TikTok, but TikTok doesn’t have access to live court trials or doctor-patient discussions.

Yes, we shouldn’t have used Zoom in the first place. But that ship has sailed and most people were forced to use it against their will if their company/university/doctor/lawyer/judge decides to use it, and/or they did not realize the terrible data security/privacy implications of using it. It’s entirely unhelpful to victim blame and go “well you shouldn’t have used Zoom then! Sucks for you” as I see so many people in the FLOSS/privacy community doing. Additionally, that also does not address the actual societal/legislative issues of them being allowed to keep that information and use it for profit.

Under a bed of money and propaganda that they’re the only force that save the world.

Also, isn’t Tor still funded by the US govt? I feel like of you wanted a honeypot, there is no better option than Tor which is already under your wing.

The reality is that there is NO completely anonymous network or proxy that can be 100% trusted. None. Because you have zero ways of independently verifying any of them. You’re better off, especially if you’re political dissident, using a network that might be/probably under surveillance from a country that aligns most with your ideology (Chinese networks if you’re a communist trying to push for communism in the West, for example). It’s a shame for us that it’s actually really hard to get access to a Chinese run VPN in the West. Don’t use a US-developed privacy network if you know the US is not going to like what you send on it is what I’m saying.

Swedish government*

All EU countries have surveillance laws pretty similar to the US yet no one seems to think it’s a problem.

I’d be interested in how the fact that the Tor browser in Tails has uBlock Origin pre-installed affects the security/anonymity of the browser instance. I’m all for blocking ads and trackers everywhere, but since regular Tor doesn’t have an ad blocker, wouldn’t fingerprinters be able to identify at least that you’re on Tails and not a normal OS? And therefore also know when you change where you’re accessing Tor from?

(Also, I totally thought this was referring to Tails from Sonic for a second lol)

Interesting how it was a climate activist that they used this on first. Not a sexual predator, bomber terrorist, human trafficker, or drug kingpin, the genuinely undoubtedly horrible kinds of people that the State tries to convince the public these surveillance legislation are targeting.