Snapchat does not use end-to-end encryption for messages, so it doesn’t even belong in the conversation.
WhatsApp and FB Messenger are somewhat defensible choices since they at least use E2EE by default (Messenger did not until recently). However, there are a few good reasons to favor Signal:
- It is open source. Interested parties can actually verify that Signal’s encryption claims are true. Interested parties can also audit new versions as they released.
- Facebook/Meta, as a company, has a long history of tracking users, leaking user data, and even conducting psychological experiments on users without consent and in secret.
- WhatsApp and Messenger only allow 6-digit PINs to secure your messages. With that PIN, you can decrypt those messages. Signal allows for longer alphanumeric passcodes.
- Facebook makes no promises not to track your usage of Messenger or WhatsApp, only that the messages themselves are encrypted.
Additionally, you can set Android to use an ad-blocking DNS server without apps. In Settings > Network & Internet > DNS, select “Private DNS” and set the hostname to a custom server, like base.dns.mullvad.net (Mullvad’s DNS server is free to the public, does not require a VPN subscription).
The per-app controls sound neat! I might give that a try. Google killed the ability to restrict apps’ network access years ago, specifically so ads would always work. I’ve never tried a local VPN as a workaround.
Weird. That used to say “container-native”, which at least makes sense – it heavily emphasizes container technologies like Flatpak, Docker/Podman, and Distrobox.
There’s no yum or dnf like on a standard Fedora system (though you can use rpm-ostree if you are desperate). As an “immutable” distro, it’s designed so that you do not install apps at the system level.
I’m running Bazzite on my desktop now. I hopped distros again because wrestling with GPU drivers was just too much trouble. After I upgraded my GPU, I couldn’t get it working optimally in Debian (see my previous thread about OpenCL). On Bazzite, it’s handled for me out of the box.
To me, the only difference between a “gaming” distro and a regular distro is that gaming distros come with smarter hardware drivers and configs out of the box. I see no downside.
It was a rough learning curve, though. There were so many major things that were new to me, such as:
- “Immutable” distros in general (weird term but okay)
- Wayland (first time it was viable for me, and I still kind of hate it tbh)
- Plasma 6 (I was previously stuck on Plasma 5)
- Flatpak-first mentality (previously more of a last resort for me)
- Distrobox (never used it before)
My biggest advice to anyone making the switch is, do not fear Distrobox. I didn’t realize how easy it was to make both GUI apps and command-line tools available as first-class citizens within the host OS. For example, I installed Signal within my Debian box, then exported it with distrobox-export --app signal-desktop and boom, it operates like any other app within Bazzite. I slept on Distrobox for years and now I feel like a fool. It’s awesome. You can use Boxbuddy as a GUI to help you get started.
I’m overall very happy with Bazzite now.
They have a big IRL ad campaign in major US cities. See https://mullvad.net/en/blog/advertising-that-targets-everyone
These ads certainly aren’t the worst, but they’re still a bit misleading. Using a VPN is not going to prevent tracking in general. Your phone apps will still send GPS data to all the same places. Web sites will still use all the same cookies. Facebook is still gonna be Facebook. 🤷
That said, Mullvad does include domain-based ad and tracker blocking with their DNS server (which is free and available to the public, btw), and that’s also optional on the VPN, so it does help to a point.
(Pinging @countrypunk@slrpnk.net to avoid double-replying. )
Sure. I’m referring to the ones that run big ad campaigns, like Nord and Mullvad. They tend to overstate how a VPN can protect you, sometimes in ways that barely make sense. There is no epidemic of criminals stealing personal credit card information over insecure wi-fi, for example. The ads play into ignorance and fear.
That said, yeah, I’d rather be on a VPN when on a public wi-fi network. But I’m not really worried about someone sniffing my encrypted HTTPS traffic (which is pretty much everything nowadays; Firefox by default won’t even load unencrypted web sites).
Some VPNs allow multi-hopping, similar to Tor. I couldn’t give you an exhaustive list but most popular ones support this. Mullvad and Proton do, for example. There are also strategies to add noise into VPN traffic.
This is not a silver bullet, of course. Tor has similar problems as you describe if an adversary has visibility into enough nodes. As always, this comes down to your threat model.
On the one hand, I find the advertising of VPNs outright dishonest. On the other hand, I would trust any reputable VPN provider much more than I trust my ISP or cell carrier.
Thanks! I didn’t see that. Relevant bit for convenience:
we call model providers on your behalf so your personal information (for example, IP address) is not exposed to them. In addition, we have agreements in place with all model providers that further limit how they can use data from these anonymous requests that includes not using Prompts and Outputs to develop or improve their models as well as deleting all information received within 30 days.
Pretty standard stuff for such services in my experience.
I’m not entirely clear on which (anti-)features are only in the browser vs in the web site as well. It sounds like they are steering people toward their commercial partners like Binance across the board.
Personally I find the cryptocurrency stuff off-putting in general. Not trying to push my opinion on you though. If you don’t object to any of that stuff, then as far as I know Brave is fine for you.
Short answer: inserting affiliate links into results, and weird cryptocurrency stuff. https://www.theverge.com/2020/6/8/21283769/brave-browser-affiliate-links-crypto-privacy-ceo-apology
I don’t know if that’s “worse than Microsoft” because that’s a real high bar. But it’s different anyway.
If you click the Chat button on a DDG search page, it says:
DuckDuckGo AI Chat is a private AI-powered chat service that currently supports OpenAI’s GPT-3.5 and Anthropic’s Claude chat models.
So at minimum they are sharing data with one additional third party, either OpenAI or Anthropic depending on which model you choose.
OpenAI and Anthropic have similar terms and conditions for enterprise customers. They are not completely transparent and any given enterprise could have their own custom license terms, but my understanding is that they generally will not store queries or use them for training purposes. You’d better seek clarification from DDG. I was not able to find information on this in DDG’s privacy policy.
Obviously, this is not legal advice, and I do not speak for any of these companies. This is just my understanding based on the last time I looked over the OpenAI and Anthropic privacy policies, which was a few months ago.
Yeah, I wouldn’t be too confident in Facebook’s implementation, and I certainly don’t believe that their interests are aligned with their users’.
That said, it seems like we’re reaching a turning point for big tech, where having access to private user data becomes more of a liability than an asset. Having access to the data means that they will be required by law to provide that data to governments in various circumstances. They might have other legal obligations in how they handle, store, and process that data. All of this comes with costs in terms of person-hours and infrastructure. Google specifically cited this is a reason they are moving Android location history on-device; they don’t want to deal with law enforcement constantly asking them to spy on people. It’s not because they give a shit about user privacy; it’s because they’re tired of providing law enforcement with free labor.
I suspect it also helps them comply with some of the recent privacy protection laws in the EU, though I’m not 100% sure on that. Again, this is a liability issue for them, not a user-privacy issue.
Also, how much valuable information were they getting from private messages in the first place? Considering how much people willingly put out in the open, and how much can be inferred simply by the metadata they still have access to (e.g. the social graph), it seems likely that the actual message data was largely redundant or superfluous. Facebook is certainly in position to measure this objectively.
The social graph is powerful, and if you really care about privacy, you need to worry about it. If you’re a journalist, whistleblower, or political dissident, you absolutely do not want Facebook (and by extension governments) to know who you talk you or when. It doesn’t matter if they don’t know what you’re saying; the association alone is enough to blow your cover.
The metadata problem is common to a lot of platforms. Even Signal cannot use E2EE for metadata; they need to know who you’re communicating with in order to deliver your messages to them. Signal doesn’t retain that metadata, but ultimately you need to take their word on that.
Interesting. Are there any other accounts on your phone that provide contacts? Maybe social media or other chat platforms? On Android you can see accounts in Settings > Passwords & Accounts (or somewhere similar; it varies a little between brands). You can also check inside your Contacts app by expanding the sidebar (again, varies by brand).
Just a thought. I don’t have any other contact providers on my phone so I can’t test it myself.
Please keep us posted if you get any official response or learn anything new!
I’ve been using the free version for a couple years now. If the app wasn’t so janky I would have upgraded but now. Camera sync sort of works, but only if I manually open the app. It doesn’t function in the background like FolderSync or most cloud storage apps, even when I disable battery optimization. I also can’t manually upload large files easily; usually it fails halfway through.
This is on Android and has been fairly consistent since Android 11.
I’m still on the hunt for encrypted cloud storage that can sync arbitrary folders, like my camera and Signal backup folder.
That’s the wrong link (same as OP). I think you meant this one: https://www.youtube.com/watch?v=kv8gvXPwWjY
I jumped on a lifetime deal they had a few years back. I mostly use it via the web UI and Android app, so I cannot comment on desktop or CLI client functionality.
The Android app is “okay”, but not great. Background photo sync doesn’t work consistently; I need to manually launch the app periodically to jog it. I know Android is kind of aggressive about background services, but other apps do this better so I think this is on Filen. Perhaps they should run a permanent notification to stay alive 24/7, like Syncthing does?
As with pretty much every other cloud storage app, it does not let me sync arbitrary folders/files, only photos and videos. *sigh*
It uses Android’s file provider API, so you can open and save files in most apps directly from/to Filen. However, this only seems to work for one-time use, not for apps that need to regularly open/save the same file. For example, when using Keepass2Android, you can have it store your password database on a cloud storage service. This works pretty well with Google Drive, but with Filen it loses the connection frequently because the pseudopaths the API returns are not stable over time (which makes sense, I guess, and is one more reason I want arbitrary local file sync instead). Personally, I went back to storing my Keepass database locally and then periodically backing it up rather than keeping it on live cloud storage.
It’s one of the cheapest E2EE cloud storage services I’ve seen (definitely the cheapest for me with the lifetime promo I got), and the core functionality of uploading and downloading files (and folders) works. That’s good enough for me to give it the thumbs-up.