could the black box be lifted revealing the contents of what it covered
If we’re talking raster images, then no, you’re not using some mathematical model to morph an image, you’re just overwriting pixels arbitrarily, so there would be no way to recover what’s “under” the box because there’s no second layer.
If instead it’s something like a PDF (vector), then placing an object over another without flattening the result would allow you to move it out of the way to reveal what’s under.
I would add, of course, make sure that the black box covers enough to prevent the possibility of inferring what’s under, so if it’s text or other organic things that can be “statistically” regenerated with some model, don’t leave any borders that can identify the item, reconstructed data may be synthetic, but can provide informed guesses
That can only work if the apps you’re using, as you say, have that export feature and if it is also complete, because oftentimes it doesn’t carry everything over. I had compiled a list of my apps to get all those details written down and many had incomplete exports.
I was asking about the native feature specifically to know from someone else how good it is, since I’ve only had my first Graphene OS device as of now
Their stance on open source is really questionable, I just can’t buy their excuses when there’s so many counterexamples out there of both keeping their software actually open/libre and with a revenue stream
Since when is encryption dependent on the service’s jurisdiction? When Signal has got subpoenaed it has always been incapable of providing data that involves the content of the conversation https://signal.org/bigbrother/
The app is also open source with reproducible builds (and you can use Molly instead, if you prefer) and when the clients of an end-to-end encrypted system are sound, that is all that matters to secure the content of the communication.
Audits are also performed as listed here https://community.signalusers.org/t/overview-of-third-party-security-audits/13243
I don’t understand where this doomerism comes from tbh, (online) privacy will cease to exist when either maths does or it becomes globally illegal to use encryption and the government’s intrusion is really so pervasive that they constantly know what you’re doing. Luckily we don’t yet live in that world, though the pressure is real and we are the first that have to fight for this basic human right
It isn’t really opposing the network effect, because you enable who is on the platform you want to avoid to keep using it and staying in touch with you, so they have no incentive to try your platform, if most of their contacts remain on theirs.
As you said, an automatic response is a thing that would make a difference, there is something at stake and the contact either tries your proposed platform or sees you as too extreme and drops the conversation altogether
Oh, this is Revolt, didn’t know they had rebranded.
As far as privacy goes, they’re stuck at no end-to-end encryption https://github.com/revoltchat/revolt/issues/207, otherwise, they are probably (I don’t know this for sure, because just being open source isn’t enough for this kind of service) slightly better than Discord
Basically this document will not stop illegal working (because you know, people who hire illegal workers don’t check paperwork)
Totally agree on this, but as for the rest, I’m guessing this only expedites linking up information by virtue of it being in a computerised system rather than enabling it at all.
It is very worrisome that a party like that could get into power, but it doesn’t change how it’s always been, we are at the “mercy” of our government, if they want to single out a demographic and actively hamper it, they will find a way regardless of the tools in use.
To focus on this as a bad aspect looks to me like it’s sort of missing the point, this more or less should provide an easier management of information.
What could be argued instead, is that it is locking out people who don’t have the access to devices enabled to it, which is a real problem if they want to phase out papers completely. Here in Italy already with the IO app we can (so it’s currently fully optional) have our driving licence digitised, but that single feature doesn’t work (at least for now, and it’s been almost a year by now that support hasn’t been added) on GrapheneOS, for example.
I think the real issues are two: a hostile government, which holds true regardless of methods, and lack of support for secure and private platforms which the citizens should 100% be entitled to use
This is just one of the comments on the Revolt E2EE issue, I guess the author felt so proud of their opinion to make it into a blog post, I wouldn’t say anything if they at least revisited the whole discussion and tried to make a reasonable summary.
The argument provided in the article against features is simply “too hard to develop, too hard to maintain, nobody cares enough”.
If nobody cared, nobody would go on Matrix, if everything that was hard to develop were just dropped before even trying, we would have stopped at the hello world (not implying I’m not a lazy developer, but I surely don’t want to imply that there aren’t brilliant people out there who can undertake scarily big tasks).
Giving another feature as a sort of replacement: federated identities, is not a replacement at all, it’s a completely different scope. I just can’t empathise with the point that they try to make
when during job interview the recruiter ask if you code on the weekend
I think it’s more to see if you’re actually passionate about what you do and you don’t “just” do it for work, which definitely is a bit of a twisted view, when on average you’ll already be spending 40 hours a week doing that, but I think people tend to make this sort of evaluation, because people who love programming so much to also do it on their free time will usually be better, since they simply have more experience than those who only do what they’re assigned to do
The tool presents a significant privacy risk, and shows that people may not be as anonymous in the YouTube comments sections as they may think.
I don’t understand how this makes the privacy on YouTube any worse when all the information it sources from is already public, this is just automated doxxing, which, while we’ll agree to be unethical, was never a privacy violation, it is just the consequence of the actions of who posted the information to begin with.
Also does it really violate YouTube’s privacy policy?
It’s new to me that service consumers can be subject to the policy when it’s not the third parties that YouTube actively sends the information to, that sounds more to me like Terms of service, which are hardly enforceable fully (thank goodness, so we can have our yt-dlp and PipePipe)
That’s different, it’s technically possible not to comply with that statement because the location data is sent and stored, it takes just not deleting it to violate that, it just evaluates to a pinky promise that has to be verified by inspecting their systems.
This, on the other hand, is a technically verifiable claim, the code is open and it all runs locally on the same machine, the TEE will give the green light and that’s how apps will accept your biometric verification, the only thing that might be suspicious is with the implementation of the TEE, I don’t know if every manufacturer keeps the data it gets on the device or secretly communicates outside, this unknown is also a good reason to use a Google Pixel device if you care about that
Google Pixel phones use a TEE OS called Trusty which is open source, unlike many other phones.
From the Privacy Guides Mobile phones page
Proton explicitly enabled keeping 2 free accounts on the mobile apps quite some time ago, probably more than a year, so they’re cool with you having 2 like that.
If you get more, you’ll be hampered at the application level, but, unless it’s like a load of accounts for spam purposes, having just a handful shouldn’t get you banned, I believe
Honestly if you don’t want to think too much about it, go with Briar, it’s way more battle tested, while Berty seems like it hasn’t seen much adoption since it’s younger, both have a bit of development activity I saw, so I can’t say if one is more or less maintained than the other
As for the actual question of gauging which has the better cryptographical implementation, I don’t know either, beside the most surface level information I know very little.
I believe if you want to look into it, you’ll have to start from their whitepapers
Besides the files that are easy enough to move over, for app data there really is no other choice than to either haves ones that support their own export/import functionality or if you’re not lucky enough to have eliminated the apps that don’t have it and need their data you can only go back to papa Google and ask to politely get all your stuff for restoration on the new phone.
Takeaways:
- If you care more about salvaging data than privacy, use a Google account on your phones, otherwise, if you still value privacy but not so much security, root a phone as soon as you get it (not always possible or desirable) so you can use other backup solutions that require root access.
- Prefer installing apps that have an embedded backup functionality so you can be sure it’s always possible to get the data out regardless of what you did about point 1
- (Bonus) Ask for said backup functionality to be added to apps you’d like to use with a feature request on the app’s repo when it’s open source, I’ve been doing that for the past year or so and I saw that quite a few have gone and implemented it, love these dudes :)
- (super extra bonus) Fuck Google for artificially preventing a full backup solution that doesn’t rely on their cloud being involved
I’ve been using LinkedIn with addy.io’s aliases a couple years without issue, I can’t say if that somehow makes your profile less promoted, I can only say that I’ve been receiving a few proposals here and there, don’t have a lot of experience, so I think it’s reasonable I don’t get swamped in them.
To be fair though, the real privacy concern is all the information you have to share about yourself and that can’t be avoided, regardless of the platform, you have to give details about you because that’s the entire reason you would be on such a platform to begin with, to make yourself known.
What you can do is leave out all the details you’re not comfortable sharing publicly and instead wait for recruiters to eventually ask you for those themselves, so you know that it only goes with one party that you have interacted with and can “trust”, rather than the wider internet.
As for the email spam, there are a LOT of bs emails you receive by default from LinkedIn, but you can disable them, it took a while for me to figure out which is which because they have so many settings, but now I managed to have only what I care about, which is pretty much requests for connection and messages.
Also you don’t have to install their mobile app even if they bug you about it, you can get by with the mobile PWA and if you want to do any Easy Apply job applications, you can just temporarily switch to desktop mode
You mean unrestricted battery usage? If so, I don’t exactly understand how it differs from keeping the unifiedpush integration off and relying on the app, does it make it so that it’s only “ready” to be triggered by ntfy when it would otherwise poll the server on its own very frequently (so you end up actually saving some battery)?
Piped always does, it’s the way it works. Invidious is not always like that, at least if what is said in this issue is still true, it depends on the instance
To measure them, actually!