Brilliant.
Context for the uninitiated:
It’s definitely lossy
Browser engines are ridiculously complex, nearly on the level of operating systems. All of the Firefox forks are really just different UIs built around Gecko/Quantum - those other projects aren’t really maintaining their own engines, they’re dependent on Mozilla’s work to remain stable, secure and relevant.
Flatpak is not a container and should not be thought of as such for security/privacy purposes:
In general though we try to avoid using the term container when speaking about Flatpak as it tends to cause comparisons with Docker and rkt, comparisons which quickly stop making technical sense due to the very different problem spaces these technologies try to address. And thus we prefer using the term sandboxing.
https://flatpak.org/faq/#Is_Flatpak_a_container_technology_
It can provide container-like functions if specifically configured for that, but that’s not normal and it shouldn’t be relied on as a security barrier.
Where I live, there are security cameras all over the buildings and the lamposts and the traffic intersections and the parking lots, plus Ring/Nest doorbells everywhere. There are more cameras outside the buildings than inside. Everybody is carrying a smartphone and I see people taking pictures or video with them all the time.
Drones and satellites are really only outside.
So I don’t agree with your conclusion.
The CEO also claims that users’ Signal messages have popped up in court cases or in the media, and implies that this has happened because the app’s encryption isn’t completely secure. However, Durov cites “important people I’ve spoken to” and doesn’t mention any specific instance of this happening.
[…]
The Register could not find public reports of Signal messages leaking due to faulty encryption.
Claims made without evidence can be dismissed without evidence.
Durov’s entire criticism seems to be based on implications and have no actual evidence of any technical problems with Signal. He’s basically just throwing shade at a competing business, which amounts to whining.
Hmm, it seems that the real solution would be to change the database unlock process so that it requires a minimum number of the possible unlock methods, but allows you to set up all of them. So when you create the database, you set up all of the possible credential options, and to unlock you need (for instance) any combination of 2 of them. This way if one credential is lost for any reason it won’t cause a permanent lockout.
Another solution would be a recovery pool. The way this works is that you create a pool of stakeholders who can verify the identity of the admin, and each gets their own set of credentials. If the admin needs to unlock the database but can’t with their own credentials, they can contact the people in the recovery pool and with the credentials of 2 (or whatever minimum number you choose) of them the admin password can be reset. Preferably, the credentials of the recovery stakeholders would not have permission to unlock the database themselves, only to allow the admin password to be reset.
Both of these solve the single point of failure problem without reducing the security of the database, but they would probably require software changes in KeePassXC.
When the data is aggragated there’s no true anonymization:
https://techcrunch.com/2019/07/24/researchers-spotlight-the-lie-of-anonymous-data
https://www.fastcompany.com/90278465/sorry-your-data-can-still-be-identified-even-its-anonymized
Hmm, it is nice to see an outcome from a lawsuit that is practical and not just a cost-of-doing-business fine.
But “de-identify” doesn’t inspire a lot of confidence… anonymized data can be de-anonymized pretty easily most of the time. Also have they kept accurate internal records on all the places pieces of that data have gone inside their various projects and systems? Who would be capable of verifying that it had all been deleted?
- Don’t sign up for every rewards program or app, they all harvest data.
IRL tip, instead of signing up for the grocery store’s discount program, at most stores you can use local area code + Jenny’s number. It’s usually in the system already. ###-8675309
You won’t be able to use the coupon/reward points system but they’re usually not worth much anyway.
This is absolutely the big problem. Google already has a near monopoly on internet advertising, with Facebook/Meta being their only real competitor. If Google has full control over the interest tracking/targeting technology and it’s inescapable because it’s part of the browser engine then they are effectively the gatekeepers of all internet advertising. Meta could still operate as an advertising agency but wouldn’t be able to implement any of their own technology, they’d have to just use what Google allows them to.
Definitely bad, but is it worse than tracking pixels (which came out of Facebook Beacon)? From an end-user privacy sense, I think Topics might be better as it doesn’t keep track of your specific web activity, only general interest categories for the websites that you visit within a period of three weeks - and the record is kept locally in your browser, not on a corporate server.
Theoretically, Topics doesn’t track anything beyond general interest categories (e.g. fishing, shoes, technology, dancing, etc) and would replace current data collection systems for targeted ads. If actually implemented as described, it would result in the ad market collecting and sharing less data on users. Basically, Topics is a step in the direction that you’re talking about.
Google’s new ad system is called Topics. If you want to understand how it works, I would like to point you to Security Now Ep 935 in which Steve Gibson gives a pretty thorough analysis.
Marcus’ take in the image is overly simplistic and a bit FUD. The intention is for Topics to replace current ad tracking systems such as tracking pixels and other metrics. In conjunction with implementing Topics, Google is removing third-party cookies from Chrome, which will eliminate most of the current invasive tracking tools.
I’m not really a Google fanboy and I’ll probably just stick with Firefox personally, but everything about Topics sounds less privacy invasive than the way things are done now. If Google can force this change on the internet advertising market it will actually be an improvement for user privacy.
You could always try Red Star OS