It’s not that they’re especially fragile. It’s really only when you combine them with a sync process. I once had a sync go wrong and it resulted in the contents of a vault being unreadable. Because all you have are a bunch of encrypted files with meaningless names and a flattish structure, which Cryptomator interprets and mounts as a different directory structure, when something goes wrong it’s not easy to know where in the vault files the problem lies. You can’t say “ah, I’m missing the documents folder so I’ll restore that one from backup” like you could with an unencrypted directory. And if you’ve made changes since the last vault backup you can’t just restore the whole vault either. You could mount a backup of the vault, from a time when it was intact, and then copy files across into your live copy, but I feel safer having a copy in another format somewhere else. Not necessary, I guess, but it can make recovery easier.
It depends how the backup is encrypted. Most backup solutions will give you an encryption key, or a password to a key, that you have to keep safely and securely somewhere else. If you have an online password manager or a Keepass database in cloud storage, that would be a reasonable place to keep the key. Or on a USB stick (preferably more than one because they can fail) or a piece of paper which you mustn’t lose.
Cryptomator is good but it’s important also to keep backups of the unencrypted content of the Cryptomator vault that are not encrypted by Cryptomator. (You could encrypt the backups with another system.) Cryptomator vaults are more fragile than the underlying file system, and it’s easier for a glitch in the sync process to corrupt them so they’re unrecoverable. I have lost data due to this in the past. So it’s best to make sure all the contents of your vaults also exist somewhere else, encrypted in another way.
From Discord’s age verification page, under “Privacy and Data Security”:
Q: Is my data stored when I use Face Scan or Scan ID verification?
A: Discord and k-ID do not permanently store personal identity documents or your video selfies. The image of your identity document and the ID face match selfie are deleted directly after your age group is confirmed, and the video selfie used for facial age estimation never leaves your device.
So is that a lie?
Doesn’t matter whether people buy it when their views have no effect on government policy. It seems many governments are simultaneously deciding to require ID to use the internet, and you have to suspect it’s coordinated.
I think we neee to protest, but we also need to work hard to set up more robust ways to use at least the non-corporate web anonymously. If it’s left to governments we’ll get to the point where only licensed corporate publishers are allowed to run a website and only licensed users can access it.
Fairphone 6 looks quite interesting and has a Google-free option. People are saying it’s a bit buggy but they’re fixing the bugs rapidly. And two-day battery life sounds pretty good.
https://shop.fairphone.com/the-fairphone-gen-6-e-operating-system
Probably why Google is also taking steps to make custom ROM development significantly more difficult. They evidently want to kill off all Android ecosystems except the ones they control and watch.
When a preventative measure very obviously won’t solve the stated problem, that may not be what it’s really there to solve. This is another of Google’s anti-open-source moves designed to bring all Android devices entirely under their control and surveillance. It goes along with their bringinh all Android development in house and making it harder for third parties to make their own custom versions of Android (Graphene OS etc.). It also seems a little odd that this happens right when several countries are introducing requirements that users supply ID to visit websites.
It’s about surveillance and control. Censor what people can see, require ID so you can monitor who’s viewing what, and let people know you see what they’re doing so that they become wary of using the internet for political organization. Pedophiles and terrorists are just convenient bogeymen to scare people into assenting to this.
There’s still the risk of GPS coordinates leaking out of the social media phone, and that leading Google to be able to correlate it with the person’s main phone. Even without GPS there’s the position based on nearby wifi networks etc. So you’d have to be sure all location services were disabled. Still, someone knows which cell towers your phones connect to and could correlate their locations if they repeatedly come close to one another, though Meta probably don’t have ready access to that data. Something’s always being sold to data brokers though, and it’s very hard to prevent them from spotting patterns that reveal who you really are.
Apple’s “find my” network can find your phone when it’s turned off, because the phone continues to transmit low-energy Bluetooth which other devices in that network receive and report. So if you’re in a crowd with a switched-off iPhone and other people have their devices on, it’s still possible for your location to be tracked. There may be other modern phones that do this too, continuing to transmit low power signals to nearby devices. If you really don’t want to be tracked, you can’t be sure Airplane Mode or turning the phone off will be sufficient.
Zuckerberg hung out with Trump at Mar a Lago and attended the inauguration, then got rid of Facebook and Instagram’s fact checking, relaxed their rules on posting hate speech and discrimination, ended Meta’s diversity initiatives, removed bathroom facilities at meta for transgender and nonbinary employees, made speeches in defence of Trump and expressed gratitude for finally being able to have “a productive partnership with the United States government”, while removing communications channels for employees and threatening them with being fired if they talked to media about any of this. He has gone full MAGA.
This article covers most of it: https://www.nytimes.com/2025/01/30/technology/mark-zuckerberg-meta-trump.html
There are virus scanners for Android - I have Bitdefender on mine - but I don’t know how effective they are. Back in the day they were a bit of a gimmick; I don’t know whether they’re better now.
I have seen other apps from F-Droid do this. NewPipe, I think, used to prompt me for updates even though I had installed it from F-Droid. But I was always a bit unsure so I tended to just go back to F-Droid to install newer versions. Maybe it’s a thing some apps do but I don’t know why they should need to and I don’t entirely trust it.
I don’t see this as the USA turning into China. China has many problematic aspects, and being an immigrant or an LGBTQ+ person in China is probably not fun, but China at this point is less stupid and understands competitiveness. China would not defund all its science overnight, hamstring its technology and trash its whole economy with tariffs on goods it cannot produce domestically, withdraw vaccines in the face of new epidemics, and cancel sustainable energy projects and funding while denying climate science. The new US Government is just shooting the country in the foot again and again.
Chrome excites arbitrary code from google.com (this wasn’t something widely known until recently and appears to effect all the chromium downstream browsers).
I hadn’t heard about that. Can you link me to some info about it?
My comment was just advising people to be media-literate and consider the source, though I also said that this in itself doesn’t make the article questionable (I actually think it’s quite credible). And I linked to Wikipedia’s article about this news website. I wasn’t trying to defend Israel or be controversial, and it was a bit of a surprise to see this get deleted.
MintPress News is pro-Iran, Syria and Russia (Wikipedia). But that doesn’t mean what they say here is false, just that we should approach it with our critical faculties working.
My favorite is the sites that silently truncate your password to a maximum length only they know, before storing it. Then when you come back you have to guess which substring of your password they actually used before you can log in. Resetting doesn’t help unless you realize they’re doing this and use a short one.
Possibly because deleting or recreating the data is resource-intensive on the servers. It might actually be a good sign that Microsoft really removes the data, not just mark it inactive, when you turn the feature off.