That’s if you are using a file to store additional data. Also JPEG and other lossy formats can have all sorts of artifacts that may (depending on the size of hidden data) seem typical.

What I thought they were referring to was encryption at the filesystem level which doesn’t require file blocks to be contiguous, allowing blocks to be interlaced with the hidden data.

You’re right, it is pretty common to do that but there’s always the chance they just cancel the discount around renewal. If you have autopay then you probably already committed to the new price before you realized what happened.

I looked on the website. This is actually an “early bird” special price that is ~80% discounted. So after a while, it’s going to be $162/year and $310/2 years.

Matrix’s encryption algorithm was broken for a while and when it was fixed it it took app devs years to migrate to the new requirements. It still might even be the case for a lot of them, I haven’t looked in a while.

SimpleX should be secure AFAIK though, but I’ve heard that it may not be able to scale well to larger user bases. It seems everything has pros and cons.

There are ways to successfully circumvent Google’s tracking methods. It’s all based on how much you care about being tracked and how much convenience you’re willing to give up.

I would say it’s likely related to ColorOS or Play Services (or both) tracking something behind the scenes and feeding it to your ad profile. You’ve done a lot to try to reduce your fingerprint but it sounds like it could be something harder to track down.

Have you considered switching to another version of Android that uses microG to reduce Play Service permissions or another phone with GrapheneOS? That may be the next option unfortunately.

I think OPs question is still relevant in that context. Does that case reduce their effort towards privacy? I believe the answer is yes.

Let’s go RISC-V!

Sounds like they might have the capability to just network block the device from their router too. At least that’s what I do, just in case someone tries to use it.

Thankfully it only lasted 2 years. But during that time it sounds like it was a plan to suppress the presidential competition that backfired. It’s good to know that humanity has always sucked.

Have you considered using Bitwarden Premium? It has TOTP support and is $10/year currently.

Also, regardless of how your hosting your data, it’s probably good to keep a secured backup of your vault or two just in case something unexpected happens.

Fair points. I’d say it depends on what we’re focusing on.

Maybe a good compromise would be to have the account that sent the message generate the preview. At least that way you’d maintain E2EE and save the webserver some unnecessary demand.

I can also see how this could be less reliable (because we’re now relying on a client with all sorts of variables) and less safe (malicious sender could mask malicious links with benign previews) than the server method but it all depends on which you prefer more.

After thinking about it in this situation, previews are just a nightmare to deal with privately and I’d probably just want to turn them off.

I agree. That’s a terrible choice to me.

Why would they not just offload this as a feature for the client to handle? At least then the security and privacy ultimately would be up to the user’s decision.

This isn’t exactly a platform specific problem because having local network access while using a VPN is actually a feature called “split-tunnelling”. The tunnelcrack issue goes beyond this but can be mitigated by using full tunnel VPN that resolves the server by IP address instead of DNS.