RCS is even less secure than SMS though — it’s unencrypted and by design, Google, Apple and the carriers all have to be able to inspect the content. And the way it’s designed makes it really difficult to have an open E2E encryption standard. So as a result, Google<->Google is encrypted, Apple<->Apple is encrypted, but combine even one device not of the same type in a group chat and it has to be unencrypted.
Heh… like him, I have an M1 Pro and an iPhone 13.
Unlike him, I maxed both out at the time so they’d last me 7 years. Also, unlike him, I’ve been in the Apple ecosystem for 41 years, been in the Linux ecosystem for 29 years, been in the BSD ecosystem for 32 years, and been in the Windows ecosystem for 27 years.
So far, so good… they still do everything I want them to.
For anything else, I have my Linux server I can remote into. Both devices are still beefy enough to run VMs as needed for most tasks that won’t run on bare metal.
My takeaways? Apple still has the most reliable out of the box experience for hardware. I’ve run macOS, Windows, Linux and BSD as my base OS, and get along fine with all of them these days. But I always have containers and VMs running other OSes so I can use the best tool for the job (or at least the best tool for me).
I generally want a computer I can pick up and use to get a task done these days, without having to spend a few hours on the update and configure cycle first. My hardware on hand can’t handle it? That’s what networked compute is for — I can even set up a container locally and deploy it to beefier inline infrastructure if I need to.
Maybe if I were a PC gamer who always wanted to play the latest games, this setup wouldn’t work — but for my actual needs, it works.
I use TP Link C100 cameras in local network mode and a Reolink doorbell in a similar manner. Standard RTSP feeds and an internal mini web server, plus plenty of privacy controls.
Both of these products are pretty cheap considering their configurability — they do both provide the option to do the whole cloud subscription thing, but work fine for me without it. I have Home Assistant on the back end to manage live streams, but find I usually just read data off the internal SD card instead.
The instructions suggest turning off features in two apps I don’t use.
Does this mean people only using webmail aren’t having their messages used for training, or just that they can’t opt out?
[edit] malwarebytes has updated their report— NONE of those settings is related to training data. This whole story was based on a misunderstanding of the settings.
I moved into a place with a Ring doorbell.
I bought myself a Reolink doorbell and swapped them out. Reolink doorbells can be configured to be local storage only with no callhome, and they support RTSP. You can essentially configure them to precisely the privacy model you use — I even have mine set up to black out the parts of the screen that show my neighbors’ property, so it’s not available in recordings or the streaming video.
All the benefits of a Ring without the privacy invasion.
I’ve been a two browser person for over 20 years. It might not be for everyone, but I do all my browser activity that has an information risk (banking certain types of ordering, health access, etc.) on one browser with a specific security profile to protect those sessions, and all my other browsing on a FireFox variant locked down with NoScript, Privacy Badger, uBlock Origin, etc.
This means that I always reach for the properly configured tool when doing something online, and attempts at phishing have one more hurdle to clear. Default browser points to a fully locked down profile, so any stray clicks will do minimal damage. Sites I know are sandboxed and not allowed to access anything on the rest of the Internet.
This configuration isn’t for everyone, but I’ve been on the Internet for over 35 years and still seem to have a reasonable amount of privacy and security.
I’ve used XMPP since shortly after it was developed. I still use it today.
HOWEVER, while the clients are relatively good, as long as they support the extensions you want to use, I’ve found maintaining the server to be a royal headache. Between protocol and extension improvements, security updates and general server instability, I find that it’s a constant struggle to have it running and compatible with whatever client someone is using, when someone actually uses it.
Signal, on the other hand, pretty much always works, has a single client, and nobody has to worry about managing the server except Signal. So as infrastructure, it makes a lot more sense.
Not quite; Chat Control hearkens back to Apple’s doomed attempt at on-device CSAM filtering - the idea is that on-device images and message contents would be scanned for known hashes. This means a nation state could go fishing on devices for known content, but it wouldn’t allow them to indiscriminately sift through all the content at rest — they’d have to know what they were looking for.
That’s where the steganography comes in, because the hash based approach will fail if the content they’re looking for is obscured in some manner.
Do local networking the way we used to do it before social media — make up business cards with QR codes advertising what you can do, and leave the on public and semi-public bulletin boards (community centers, sports and fitness places, churches and shopping malls, parks that have boards set up, farmers markets, etc.). If you need to, try going door to door. If you can afford it, buy bulk mail and distribute a flyer locally. Let your friends and neighbors know what you can do. Take a few jobs below cost at first ifyou need to, listing your regular rate and a promotional or loyalty discount.
Personally I never made enough money to survive on doing this, but it was enough to keep me above water between contracts.
Remember that fingerprinting can be your friend… because it’s much easier to fake an online fingerprint than a real one.
You can generate a unique fingerprint with each online interaction; this means that you will always have a unique identity.
Or, you can ensure you always have the same fingerprint as a large number of other people.
Think of it as the difference between using a different valid loyalty card each time you shop vs using one of the famous numbers that millions of other people are also using.
Of course, in both circumstances, you do give up the benefits of being uniquely identifiable.
There are an infinite number of programs that could do this. Will they? Probably not.
Best thing is to install a trustworthy personal firewall, and block all outbound network access for all processes, and then enable as needed. This won’t stop Windows itself, but it will give you a heads-up if something else is trying to send data somewhere and you can make an informed choice at the time.
The one I use is part of a hardware UTM, but I also use Lockdown VPN on iOS, and https://pi-hole.net/ in a container on my LAN, and then VPN all my devices to my home network when I’m not at home.
This is why using a local web proxy is a good idea; it can standardize those responses (or randomize them) no matter what you’re actually using.
Personally, I keep JavaScript disabled by default specifically because of this, and turn on those features per-site. So if a website has a script that requires the accelerometer for what it does, that script gets to use it. Other sites keep asking for it? I suppress the requests on that site and if it fails to operate (throws one of those ad blocker or “you have JS disabled errors), I just stop going to the site.
I’ve found that with everything disabled by default, browsing the web is generally a pleasant experience… until it isn’t.
This of course requires using a JS management extension. What I’d really like to see is a browser that defaults to everything disabled, and if a site requests something, have the browser ask for permission to turn on the feature for that particular script, showing the URL for the script and describing what the code does that needs the permission. This seems like an obvious use for locally run AI models.
Thing is, privacy isn’t binary; it isn’t even a spectrum. It’s an amorphous 3-dimensional cloud.
Total privacy means that nobody else knows you even exist. Nobody wants total privacy, even if they think they do.
What most people want is for governments and corporations to not be able to track their day to day activity, malicious actors to not have access to their identity and financial data, and individuals to only have the information about them needed to connect and relate in society.
The first thing anyone needs to do is create their own privacy and threat models. Identify your personal risks within those models and adapt as needed.
For instance, using a cellphone of any type means you’re using a location tracker. Same goes for any vehicle with a built in cellular device. That information is available to specific corporations as well as government agencies and sometimes third parties with money.
Is it worth giving up that level of privacy to be connected to other people in most places you’d be likely to go? That’s up to the individual.
Same goes for libre software and hardware.
I almost pivoted that way years ago. I even took the company’s mandatory drug test. At the end of the day though, it wasn’t a good match.
But I found that industrial automation companies and the companies that use their systems have their own degrading steps to the hiring process. It just doesn’t tend to involve AI and digital privacy invasion.