Just your normal everyday casual software dev. Nothing to see here.
- 0 Posts
- 34 Comments
I just wanted to let you know, I was wrong/just blind,
I reopened on my desktop to have it another read on an easier to use screen, and they have them listed under the list header, but it uses the term “affiliate” instead of referral, and claims they make no money on the links.
I don’t fully understand why referral links are necessary if they make no money off of it though, so I’m still on edge about the integrity of it.
Just a fair warning to other people navigating the page, the links the article provides all contained referral links. Not that it matters too much, but it put a sour taste in my mouth that a privacy oriented post would contain these without prominently disclosing them
edit: looking again they do somewhat disclose they are there, but are insistent that they don’t have anything to do with affiliation, so not as bad but, I still don’t like that they are there.
That right there is going to kill any chance of me getting any of my friends to use it. Which is unfortunate and a side effect of not having a centralized server.
But when you’re trying to get someone to start using your app, trying to convince them to at least open the app once a day to make it so it’s able to be open in the background is a pretty hard ask of a lot of people
I personally wouldn’t trust them with an email service myself. They have been known to accept sponsorships through Google and as of late seems to be heading more and more in the direction of more tracking services in favor of a monetary profit. I don’t trust their email service would be any different
I want to say I agree that Apple was put in a Lose Lose here. Building a backdoor would be detrimental, but removing the obstacle does no better. Now other countries can say “well shoot if we just force them to put a backdoor in they’ll just remove the issue entirely”. The main issue that the EU had with e2e is that they lacked the capability of accessing the data, Apple removing e2e in the EU moreorless said “yea sure whatever you can access the data, we just don’t want you to access the rest of the worlds data”
But whats the next step for when the next country (say the US) also decides they want a piece of that action. “Oh let me remove e2e in the US as a whole as well”.
This was an L across the entire board privacy and reputation wise. Apple has set the precedent that they will cave and cater to big brother corporations if it means they can stay in operation in that country. It completely destroyed all the trust that they got from the previous fight vs the US government as a result.
I don’t really know what they could have done differently then fight it though.
I dislike how little security and moderation it has myself. Too basic, IRC seemed to have better moderation support but granted they used bots for more advanced stuff. Not to mention how clunky it seems. That is ignoring the even higher bar required to even get started, having to find both a client and a server to get started is a pretty high bar for a lot of people.
It’s a privacy activist stance, privacy and security are always at a constant battle. There was a post about it a few weeks back, every attempt at security compromises privacy, because private info is the easiest way to lock security down, so it’s always the route that companies take. Personally I don’t think a corporation should have to risk their company over it, but I don’t think a company that isn’t privacy oriented should pretend to be. It’s misleading. I give them credit that they might be good for privacy but, the entire operation gets undermined when in order to sign up, it tries to force you into giving information that could identify you. The less information needed the better, and the less you can tell overreachers. If you don’t have the information you don’t have the information. That’s signals motto, it’s also Mullvads motto, and its the direction that proton runs in if you can find your way through it’s hoops.
Can you tell me which endpoint/region that you used? Cuz I just tried using a VPN endpoint from Switzerland Sweden and Ukraine and all three of them brought up a requirement to have a verification email
edit: disregard apparently it was a browser issue, switched from Firefox to Chrome and reconnected to a Switzerland endpoint and it let me solve a captcha instead of using email verification system
Proton does require you to have a dedicated phone number or email to sign up though, like that was my main thing that swayed me away from making a protonmail account was when I went to sign up I was met with a phone number requirement and I’m like “oh well this isn’t going to be helpful”
They claim it’s to prevent abuse of the service, and that it’s only the cryptographic hash which can be used to find out if the email has been used on an account before. But I dislike that it requires even going that info
ammendum: apparently this restriction may be based off of your region used and browser. I was able to finally successfully create an account using Chrome, but Firefox exclusively gave me email or phone number requirements
Changes it to a more friendlier term, it saying copy without tracking is acknowledging that the site is using tracking data, where would the new terminology if you don’t know what those parameters are then you just think it’s a shorter link.
Neither changes the fact that it’s happening in the first place, but one is directly addressing the elephant in the room where one is hiding under the rug
That being said reading that link, I do agree with some of the complaints that they have, but I still think it should have remained the same because that’s exactly what the system does. It best attempts to remove tracking information from the URI
Theoretically it’s meant for tracking a lost item, I personally find the cost of Entry to be too steep for it to be worth using as a lost item detector, anything that would be worthwhile having it on tends to be significantly cheaper than the tag itself which makes it not really worth it.
The only use case I can think of is putting it in a luggage suitcase when going on a train or plane, but even then the first thing anyone who steals a suitcase is going to do is throw the tag out and even if they don’t you still have to somehow get to the suitcase and retrieve it, which means you’ll need to get law enforcement involved so you remain safe while doing so.
and what is that going to give them? The information that they have is yes, they have an account, and that’s also saying that they used an actual number and not a VOIP number for registration. but if they are asking via phone number, they will already have that information at hand. They won’t get any information about what chats that number is part of, or even any info really at all, anything about the account is encrypted and not visible.
If they are able to provide my phone number without knowing the info you said there, there is some other leak already involved, and either way they won’t get anything but a “yes he has an account and he was last connected on X”
In terms of end-to-end encryption I don’t mind if they have my phone number or not, if it’s done right.
Let’s use signal for example, because honestly they do it pretty decently, the most information that you can obtain from signal in a data information request is the date and time that an account is created, and the last time the account went online.
Actual content such as the user’s contact list, the people that user was talking with(including groups), and of course the messages that you sent are fully end to end encrypted meaning that signal does not have access to it meaning that they cannot give that information out in a data information request as they never had it in the first place.
The most that signal is able to confirm in a data information request, is yes this specific account ID has a signal account and this is the last time they went online.
I know you didn’t directly say it but it’s implied so I wanted to clarify.
telegram chat isn’t E2E, the only E2E on the platform is secret chats, which is only available to mobile users of the platform and not enabled by default. It does have client-server encryption but, in the terms of privacy that is worthless if you don’t trust the host (and it opens the host up to legal information requests as it has the capability of decrypting the messages)
Yeah but the two party consent states for recording imply that it’s in a private location, there is nothing stopping anyone from recording someone in a public location.
It doesn’t matter what the Stateside law of indicates whether it’s public or private, it’s already been decided by the Supreme Court that recording in a public area is a protection that’s given under the First Amendment. This right to record has been challenged a few times by state representatives such as the 2007 case in Massachusetts where it went up to the first district appeals court, and back in 2021 in the Fraiser versus Evan’s case which went all the way up to the Supreme Court.
As a general rule of thumb, if you’re in a public area there is no expectation of privacy so therefore anything goes, this protection generally includes someone standing in a private area recording an area that is considered a public area, and in some cases even include someone who is standing in a public area recording it supposed to private area due to lack of obstruction from that public area (such as someone standing on the street outside a house recording an unobstructed window)
But as you said IANAL
edit:
That being said, because I realize I forgot to add this to the post. I am super against the entire idea of AI based goggles that’s able to identify people in real time. That is such a violation of what should be basic privacy that honestly I think it’s too far
Surprise level: 0
I’m not sure how anyone expects any form of privacy from any company Under The Meta umbrella. I would be more surprised to be told that they weren’t selling your data to every company that offered to buy it.
I would say this should be ruled out / illegalized but personally I’ve hit that point where I really don’t think we’re ever going to have any right to privacy in this country(US), and the government itself benefits far too much from the same privacy Outreach. It will just end up being a slap on the wrist or another pop up saying “Hey by using the site you agree to XYZ” or “by making this account you accept to give away your first born child”. But considering the alternative is probably them making the service a subscription based, I’m expecting the majority of their users would prefer it this way.
That being said, Facebook’s biggest push right now is all your chats are now end-to-end encrypted, so what this tells me is that either Facebook knew this PR was going to get out there and they wanted to do damage control early, or that Facebook is not doing true end-to-end encryption and that it’s still server client encryption between both clients with Facebook holding the shared key.
yes that was what he was doing was selling Hardware mod chips that you could hook to it to be able to run custom firmware which allowed you to pirate games, the issue stemmed from how they were advertising the project. They weren’t advertising the project as a run your own custom firmware/ backup solution, they were selling the product with the intent that it was being used to pirate
I disagree with selling pirated roms but, he also wasn’t part of the development team he was closer to a sales associate then anything. the punishment given to him was cruel and unusable and honestly a failure of the legal system.
I see this on the same level as forcing a sales associate at Walmart to pay the fine of all the wage violations the company as a whole did. It’s rediculous.
I personally will never be buying a Nintendo product again out of principle.
The way privacy cards work are very similar to when you close a bank account where The account still exists for a certain amount of time afterwards It just can’t be charged too further, so refunds or canceling of previous ones will work fine. However, charging new stuff to the card will not.