This is just one of the comments on the Revolt E2EE issue, I guess the author felt so proud of their opinion to make it into a blog post, I wouldn’t say anything if they at least revisited the whole discussion and tried to make a reasonable summary.
The argument provided in the article against features is simply “too hard to develop, too hard to maintain, nobody cares enough”.
If nobody cared, nobody would go on Matrix, if everything that was hard to develop were just dropped before even trying, we would have stopped at the hello world (not implying I’m not a lazy developer, but I surely don’t want to imply that there aren’t brilliant people out there who can undertake scarily big tasks).
Giving another feature as a sort of replacement: federated identities, is not a replacement at all, it’s a completely different scope. I just can’t empathise with the point that they try to make
when during job interview the recruiter ask if you code on the weekend
I think it’s more to see if you’re actually passionate about what you do and you don’t “just” do it for work, which definitely is a bit of a twisted view, when on average you’ll already be spending 40 hours a week doing that, but I think people tend to make this sort of evaluation, because people who love programming so much to also do it on their free time will usually be better, since they simply have more experience than those who only do what they’re assigned to do
The tool presents a significant privacy risk, and shows that people may not be as anonymous in the YouTube comments sections as they may think.
I don’t understand how this makes the privacy on YouTube any worse when all the information it sources from is already public, this is just automated doxxing, which, while we’ll agree to be unethical, was never a privacy violation, it is just the consequence of the actions of who posted the information to begin with.
Also does it really violate YouTube’s privacy policy?
It’s new to me that service consumers can be subject to the policy when it’s not the third parties that YouTube actively sends the information to, that sounds more to me like Terms of service, which are hardly enforceable fully (thank goodness, so we can have our yt-dlp and PipePipe)
That’s different, it’s technically possible not to comply with that statement because the location data is sent and stored, it takes just not deleting it to violate that, it just evaluates to a pinky promise that has to be verified by inspecting their systems.
This, on the other hand, is a technically verifiable claim, the code is open and it all runs locally on the same machine, the TEE will give the green light and that’s how apps will accept your biometric verification, the only thing that might be suspicious is with the implementation of the TEE, I don’t know if every manufacturer keeps the data it gets on the device or secretly communicates outside, this unknown is also a good reason to use a Google Pixel device if you care about that
Google Pixel phones use a TEE OS called Trusty which is open source, unlike many other phones.
From the Privacy Guides Mobile phones page
Proton explicitly enabled keeping 2 free accounts on the mobile apps quite some time ago, probably more than a year, so they’re cool with you having 2 like that.
If you get more, you’ll be hampered at the application level, but, unless it’s like a load of accounts for spam purposes, having just a handful shouldn’t get you banned, I believe
Honestly if you don’t want to think too much about it, go with Briar, it’s way more battle tested, while Berty seems like it hasn’t seen much adoption since it’s younger, both have a bit of development activity I saw, so I can’t say if one is more or less maintained than the other
As for the actual question of gauging which has the better cryptographical implementation, I don’t know either, beside the most surface level information I know very little.
I believe if you want to look into it, you’ll have to start from their whitepapers
Besides the files that are easy enough to move over, for app data there really is no other choice than to either haves ones that support their own export/import functionality or if you’re not lucky enough to have eliminated the apps that don’t have it and need their data you can only go back to papa Google and ask to politely get all your stuff for restoration on the new phone.
Takeaways:
- If you care more about salvaging data than privacy, use a Google account on your phones, otherwise, if you still value privacy but not so much security, root a phone as soon as you get it (not always possible or desirable) so you can use other backup solutions that require root access.
- Prefer installing apps that have an embedded backup functionality so you can be sure it’s always possible to get the data out regardless of what you did about point 1
- (Bonus) Ask for said backup functionality to be added to apps you’d like to use with a feature request on the app’s repo when it’s open source, I’ve been doing that for the past year or so and I saw that quite a few have gone and implemented it, love these dudes :)
- (super extra bonus) Fuck Google for artificially preventing a full backup solution that doesn’t rely on their cloud being involved
I’ve been using LinkedIn with addy.io’s aliases a couple years without issue, I can’t say if that somehow makes your profile less promoted, I can only say that I’ve been receiving a few proposals here and there, don’t have a lot of experience, so I think it’s reasonable I don’t get swamped in them.
To be fair though, the real privacy concern is all the information you have to share about yourself and that can’t be avoided, regardless of the platform, you have to give details about you because that’s the entire reason you would be on such a platform to begin with, to make yourself known.
What you can do is leave out all the details you’re not comfortable sharing publicly and instead wait for recruiters to eventually ask you for those themselves, so you know that it only goes with one party that you have interacted with and can “trust”, rather than the wider internet.
As for the email spam, there are a LOT of bs emails you receive by default from LinkedIn, but you can disable them, it took a while for me to figure out which is which because they have so many settings, but now I managed to have only what I care about, which is pretty much requests for connection and messages.
Also you don’t have to install their mobile app even if they bug you about it, you can get by with the mobile PWA and if you want to do any Easy Apply job applications, you can just temporarily switch to desktop mode
You mean unrestricted battery usage? If so, I don’t exactly understand how it differs from keeping the unifiedpush integration off and relying on the app, does it make it so that it’s only “ready” to be triggered by ntfy when it would otherwise poll the server on its own very frequently (so you end up actually saving some battery)?
Piped always does, it’s the way it works. Invidious is not always like that, at least if what is said in this issue is still true, it depends on the instance
I feel like most have misunderstood the point of the question, they offer to use newpipe, yt-dlp and the like, but those aren’t private, they just allow you to watch without signing in, just as you could through the official website with maybe uBlock origin, you’re still exposing your IP.
The only fitting suggestion I saw is that of downloading from invidious through yt-dlp, which sounds pretty neat, I had no idea you could when the web frontend is apparently not working
For the most surface level concerns like risking them accessing any app on your phone, you can enable app lock on those that support it. Usually the most sensitive do: WhatsApp, Signal, banking apps and others.
If they don’t, take advantage of the private space which locks apps until you unlock, and you can relock whenever you want
100% agreed, use the right tool for the right job, that’s what the author doesn’t get