• 0 Posts
  • 102 Comments
Joined 1Y ago
cake
Cake day: Jun 16, 2023

help-circle
rss

“After years of pushing their proprietary and closed solutions to privacy minded people Proton decided that it was in their best interest to further bury said users into their service as a form of vendor lock-in. To achieve this they made yet another non-standard implementation of something that already existed, this time a crypto wallet." :)




Here’s the thing, malware protection is supposed to deliver protection and one important aspect of that is making sure there’s business continuity… what they did was to completely fuck over their customers in that aspect, they become the problem and I bet that most companies running their solution would never suffer any catastrophic failure this bad if they didn’t run their software at all. No hacker would be able to take down so many systems so fast and so hard.


Yeah, those same people totally paranoid about govt tracker are now carrying smartphones around no problem, how ironic isn’t it? :)


Yeah Fairphones all are fair and whatnot until you find out their software isn’t fair and they don’t give a shit about managing security properly nor collaborating with others such as GrapheneOS.


I’m not in favor of a cashless society but looking at how Apple and Google are pushing their wallets (and how practical it is) you guys need to come to piece with the fact that cash might die with the millennial generation. Most Gen X don’t have / want a physical wallet and money needs to be digital.

With that said, I believe this Crowdstrike fiasco just proved that the biggest threat to IT lies inside the companies themselves and on the managers who decide to use this kind malware without properly understanding the risks. Yes, I’ve said it and I’ll say it again Crowdstrike is malware, anything that messes with Windows at that level is malware, there’s no other description and shouldn’t be allowed by Microsoft to exist.


For a website hosted at Cloudflare I was expecting to see it there 😂



. I just started working in IT and I am a bit worried if I were to restrict myself from using it. I definitely don’t want to stick with using ChatGPT,

Don’t worry, the hype will pass soon. LLMs are the new crypto.

… Pyramid Schemes > Forex > ETFs > Crypto > LLMs > ?? those influencers have got to sell something.


No, Matrix is just a privacy disaster that is run by a for profit company.


Link wasn’t there when the original post was made.


When your device requests an IP it sends over a significant amount of data.

Like…?


Those are alternatives not the 100% compatible solutions that professionals who spend 8h/day in front of those tools need.


. I think once we critical mass joins with their buying power, things should change.

Yeah me too, but for that to happen you need to get: Adobe CC, MS Office, Autodesk and a few others the masses use as native desktop apps. The Linux Desktop year will not come until those exist… and until GNOME fixes their shit and stop thinking their users are stupid and desktop icons are useless.


They might have done their stats and figured out that only 0.0000001% of their users would benefit from it and there weren’t much profit there to make.


“After years of pushing their proprietary and closed solutions to privacy minded people Proton decided that it was in their best interest to further bury said users into their service as a form of vendor lock-in. To achieve this they made yet anoter non-standard groupware feature - a document editor.



Here’s the problem, RCS isn’t a truly open thing and Google kind of maintains a lot of the software that even carriers use for it. It essentially opens the door for the tech companies to take over yet another big chunk of the carrier services and tap into more user’s data at the network level.

In June 2019, Google announced that it would begin to deploy RCS on an opt-in basis via the Messages app, with service compliant with the Universal Profile and hosted by Google rather than the user’s carrier, if the carrier does not provide RCS

In October 2019, the four major U.S. carriers announced an agreement to form the Cross-Carrier Messaging Initiative (CCMI) to jointly implement RCS using a newly developed app. This service was to be compatible with the Universal Profile.[33] However, this carrier-made app never came to fruition. By 2021, both T-Mobile and AT&T signed deals with Google to adopt Google’s Messages app.[34][35][36] In 2023, T-Mobile and AT&T agreed to use Google Jibe to implement RCS services, and in 2024 Verizon agreed to use Google Jibe.

Apple stated it will not support Google’s end-to-end encryption extension over RCS, but would work with GSMA to create an RCS encryption standard.


XMPP lacks coherency and is kind of a mess.

Yeah, this is a problem. Cisco used to drive XMPP but right now with MS Teams and whatnot they kinda lost interest.


Yeah, no security there, but I wasn’t expecting to see providers doing that. What’s the point.


I have an online business. How f*cked am I ?

Very f*cked. Advertising forces you to sell your data to those companies in order to get decent results, if you try to go around it you’ll be losing customers, that’s what it is.


if you’re sending or trying to receive a text message with swear words in the U.S., chances are the carrier will block it.

So much for the land of the free. Not even the EU with their chat control bullshit is pushing it so far.

Thanks for sharing the article.


. For one, there’s comparatively zero users across XMPP anyways, and it has a big problem with compatibility across different software packages.

This isn’t a problem, the problem is that we lack decent clients. XMPP is the most standardized thing ever, both the core thing and extensions are covered by RFCs but currently there isn’t much investment into creating solid clients.

server operators unknowingly hosting copies of it across the world.

Well, at least a properly configured XMPP server with the relevant extensions won’t be a metadata clusterfuck like Matrix is. Nor it will be centered around a spec and software made by a single for profit organization.

Then there’s the privacy and GDPR minefields that come with any decentralized/federated service.

Email is federated and nobody is complaining about it.


Matrix is developed by a for profit entity, a group of venture capitalists and having a spec doesn’t mean everything. The way Matrix is designed is to force into jumping through hoops and kind of draw all attention to Matrix itself instead of the end result.

XMPP is the true and the OG federated and truly open solution that is very extensible. XMPP is tested, reliable, secure and above all a truly open standard and decentralized it just lacks some investment in better mobile clients.

What people fail to see is that XMPP is the only solution that treats messaging and video like email: just provide an address and the servers and clients will cooperate with each other in order to maintain a conversation. Everything else is just an attempt at yet another vendor lock-in.

People need to get this through their heads, XMPP is the only solution for their problems.

Instead of wasting money into making yet another protocol, closed system etc. what about just work on a cross platform XMPP client that actually supports everything and has a decent UI. For eg. iOS clients are all shit. Without decent clients and push notifications people won’t be using XMPP ever.


How does it come “clean out of the box” when you literally just said it requires modifications to the settings to improve its privacy?

iOS comes with reasonable privacy defaults and blocks things such as apps running in the background for long time. Going into the settings is the extra-mile that still easier than having to install a cleaner ROM or deal with 3rd party tools.

Samsung and Xiaomi apps are vendor-specific and can be disabled, even without the use of UAD (which works fine, not sure why you’re lying about that).

I’m not lying about anything here, you know as well as I do that many vendors don’t allow you to remove all of their Apps and most install permanently running daemons that you can’t remove without UAD or other methods.

Android applications have been sandboxed for several versions now.

Yet the sandboxing isn’t even comparable. One key aspect of the iOS sandbox is that is not only restricts filesystem access but also executes applications with way less privileges than Android does.

To complement the sandbox iOS apps are forced to use Apple’s APIs in order to access user data (eg. Contacts and Photos) which will apply strict restrictions such as allowing you to limit at a system level what photos an application may access. Since all apps are required to be summited to Apple for review (even on Alt Stores) they’ll enforce the usage of their APIs making it way harder to bypass restrictions.

Comparatively, on Android, you can install applications from random sources that typically resort to hacks to get around the sandbox restrictions and access more than they should.


That tools doesn’t always work, besides an iPhone comes clean out of the box. No constantly running spyware on the background, no Samsung/Xiaomi apps. Almost everything can be easily turned off under Settings unlike an Android where you’ll be forced into a 3rd party tool or a ROM like GrapheneOS if you want a clean experience.

When you buy an iPhone you’ll also have a guarantee that you won’t be installing malware, even with the new Alt Stores in Europe, all the apps are code-signed and require validation. You also are sure that your apps won’t be able to get system-wide access and run all over your data and battery like we see on Android.

Yes, the iPhone is less open but it provides a level of security, privacy and “cleanliness” out of the box that Android devices can’t just match. If you don’t have much time / interest / tech skills to mess around with a phone then the iPhone is the best phone you can buy.


In terms of privacy? What’s the alternative? I’m sure that stock Android phones are way way worse in terms of privacy than any Apple device ever made.

Android is great in theory but the amount of pre-installed garbage, material design and Google / vendor powered spyware is way too much for my liking. I’m not saying that Apple doesn’t track things, because they do, but at least there’s no vendor garbage and you can go through the Settings and disable everything you don’t need, restrict Apps from running in the background etc. If you don’t upload your data into iCloud it will be way more private than the average Android phone.

Another thing I dislike about non-Apple phones is that, besides the Pixel and a few others, their bootloader and storage security is a joke, if someone gets your device you can assume they’ll get to your data.

GrapheneOS is great, it would be the one and only alternative to the mess that Android is however I can’t daily drive that as it lacks features (nice things) I do want to have.


They could steal your private keys, as could any program you install with root access

There you go.

and it’s open source.

Are you sure that what you download from https://tailscale.com/download is 100% open-source and the same thing that is published on their repos?

But it would comepletely destroy their business (…) I really dont think they have anything to gain by tricking everyone

Same goes for Cloudflare. Maybe Tailscale is secure and good people, or maybe they copy all keys to somewhere and covertly share them with govt agencies.


And then there’s people using Cloudflare tunnels, Tailscale and others for self-hosting stuff… that also may have your keys or inject clients at some point…

But we’re about to get downvoted to hell for pointing this out because our community is self-hosters that pride themselves on sovereignty can’t deal with the cognitive dissonance of having their favorite corporate solutions unmasked for what they are - spyware on steroids.


Yep, adguard is a bit shady, besides it was founded as a Russian company. The fact that they do SSL interception also raises a few extra concerns.


I mean, they’re trying to sell a service but at the same time they aren’t wrong about the rest.


Okay that’s fair, even if remove that and assume they hold zero influence / there are no cleaver backdoors Signal is still not good when it comes to performance and reliability.


Yes, yet telegram isn’t a piece of shit of an app that runs slowly on every device, can’t sync messages because “something went wrong” and doesn’t depend on electron to run. Also, not funded by the CIA.


Yes, that’s true but I’m no longer doing that. Everything sync to the NAS using Syncthing that in turn is set with file versioning and weekly snapshots.


And rEFInd, GParted Live… SystemRescueCd.


SMB (NAS), Syncthing, FileBrowser, snapdrop.net, email and sometimes public cloud services…


And here I was under the impression that using USB storage for anything else than installing operating systems was a thing of the past.


Yes, but those things need to have procedures and employee authentication. If someone employee is found to be accepting bribes for SIM swaps then it should be fired on the spot and hold legally liable for all the damages - you can easily add this into a work contract. If a carrier doesn’t do this and doesn’t log those kinds operations then it’s just poor management and people shouldn’t buy services from it.


If you require KYC for buying and changing cards then SIM swapping becomes impossible as nobody can get a new SIM card with your phone number by social engineering the carrier.