Most of those things would only be possible by hiding them in a system update

It’s possible but complicated.

Since apps have access to the TPM API they can encrypt their own data in such a way that only the app’s own authorized processes can retrieve the decryption key from the TPM chip

There’s measures they could use in theory, but if you switch keyboard app away from Google’s and set private text mode, enable screenshot protection, etc, then you should be good.

For sites you visit occasionally, it’s better to enable tab isolation (use the containers feature) and then enable JS only for that domain (note the difference between allowing JS from that domain in any tab, vs only allowing that tab with that domain to use JS, you should do the latter)

https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/

If you’re switching to a different browser you may as well use the same browser but a second clean profile and use private tabs so it doesn’t retain history. Using private tabs in your main browser profile does also help but isn’t perfect because there’s still some metadata leaks occasionally.

Using a different browser could ironically make you easier to track - how unique you are is the main signal used to track you (user agent, OS, language, etc), and going for an even more rare config will help their tracking even if you delete session cookies. Especially if they have a tracker across multiple domains you visit from different browsers from the same IP, with similar device fingerprinting results across browsers. That’s a strong signal those sessions are linked. You want to NOT stand out to maintain your privacy.

Telegram has been under fire from the start, lol. 'we have math PhDs" 🤷

There’s also a big difference between published specifications and threat models for the encryption which professionals can investigate in the code delivered to users, versus no published security information at all with pure reverse engineering as the only option

Apple at least has public specifications. Experts can dig into it and compare against the specs, which is far easier than digging into that kind of code blindly. The spec describes what it does when and why, so you don’t have to figure that out through reverse engineering, instead you can focus on looking for discrepancies

Proper open source with deterministic builds would be even better, but we aren’t getting that out of Apple. Specs is the next best thing.

BTW, plugging our cryptography community: !crypto@infosec.pub

Looks like the same dev from reddit

https://www.reddit.com/r/crypto/comments/1iumxl3/how_far_can_i_push_closesource_code_towards_being/

It is encrypted, but the security of the encryption varies between implementations (some have been found to generate keys insecurely or screw up session management, etc). For most modern devices it’s decent, as long as you’re not actively targeted by some kind of intel agency

Spamhaus, spamcop

This is why I want supported ports of SteamOS to the competitor devices

But you can’t detect such things without either server side scanning (kills E2EE dead) or client side scanning (will always be limited in what it can detect, and it’s easy to patch out of clients, AND there’s still the risk of govs maliciously pushing detection of banned media)

Not fully encrypted unless you enable lockdown mode (and losing various features)

The perceptual hash algorithm was broken in hours, then so fully broken that modified images were visually indistinguishable from unmodified images, so you could send people images with hash values that match flagged photos.

Also, then there’s the thing of the risk of various jurisdictions pushing for adding detection of other banned content.

But once a process is running its trivial to get weeks of extremely detailed history and lots of secrets you thought were ephemeral

Recall was set to be default on for everybody and to record everything in a database which is trivial to extract data from.

There’s a lot of nonsense Apple is doing too (like the chatgpt integration) but they didn’t put keylogger into the system.

You could use an AI generated fake face and fake history too if your name is unique to make people think they either found the wrong person or make them unsure of the other listings mentioning you with only your name as an identifier

They don’t track username history and don’t have a server side list of plaintext usernames, and others can’t find your phone number from the username alone. That makes it harder to confirm which account is yours.

There has been multiple breaks, like the good old 2^64 bruteforce attack when they used too short session identifiers, malleability issues that could let the server/hackers change your messages, reordering attacks, etc.

Whatsapp is built on the Signal E2EE protocol, Telegram has a terrible homebrew encryption protocol with a ton of weirdness and it has had a long history of weaknesses which they lied aggressively about

By lying aggressively.

Lying about being the first phone app with E2EE (they’re not even close, by over a decade if we count J2ME apps) because Signal was called TextSecure back when telegram didn’t even exist yet. Lying about their protocol, lying about their backup system (if you’re using group chats or regular chats which are backed up they are visible to the admins and any other claim is a lie), bullshit propaganda against Signal, etc…

Oh and by the way, Signal has now finally launched usernames, so you don’t have to share your phone number to use it anymore.

FYI, regular Signal now has usernames available with the option to hide your phone number switched on by default (you may still need tithe beta release for the next few months since it’s staggered rollout)

Change the URL to old.reddit.com as the domain

E2EE doesn’t require servers to have access. See Matrix for federated messaging with encryption support

It has kinda been a meme that it’s coming for years

This is what the docs say.

https://support.signal.org/hc/en-us/articles/360007061452-Does-Signal-send-my-number-to-my-contacts-

Component cost, engineering cost, and it would change the performance target which could cause some devs to leave the old one behind

It depends on the size of your house and the amount of dirt and dust.

Some have their connected to their wife

What version of Firefox is it based on?

Fee speech

The purpose of that disclaimer is for the lawyer to not expose themselves to malpractice lawsuits from OP, which seems VERY unlikely to be relevant here

Depending on country there’s probably some regulator office which you can send a complaint to

They don’t get to make it harder to cancel than to sign up

Most apps just use a custom intent scheme and thus you can in fact intercept

https://play.google.com/store/apps/details?id=com.aboutmycode.betteropenwith

https://f-droid.org/packages/com.tasomaniac.openwith.floss/

It depends on what you’re mimicking. Just registrering the URL scheme? Any app can do that. Mimicking a signed APK with full package name? Can’t do that without root and privacy plugins for Magisk.

You can circumvent it using Intent intercept apps, so unless Whatsapp specifically looks for the APK and call it directly (and just use normal intent URL schemes) then you can simply redirect that request.

You need to add encryption on top with OTR plugins or equivalent

Or use Matrix where it’s on by default

Lots of lemmy clients have keyword filters

Like how Elden Ring ran better on Linux at the start because Wine could patch in cache precompilation which normally the game devs would need to do themselves

HDR on Linux is definitely a thing, KDE supports it