Hmmm, is CloudFlare known for being a bad actor in terms of privacy?

Setting that aside, no matter what you pick, you’ll be exposing your IP address, from which your ISP and/or general location may be derived

If you don’t trust CloudFlare with that information then you basically cannot trust anyone else, so maybe you’d need to run your own service and ping that instead now that you’re in a situation where you can only trust yourself 🤷

The other issue that comes to mind is that you’re only testing reachability to one address, which means you could get a false negative where that address stops working but the rest of the internet is actually fine

Proton emails are stored in an encrypted form that goes beyond the simple authentication that is part of the POP/IMAP specifications

Proton does have open-source bridges/proxies, so they aren’t hiding these details from us

Perhaps Thunderbird could be enhanced to support the Proton features directly?

EFF still recommend Signal (and others) for people fitting various risk profiles: https://ssd.eff.org/

Google is also going with a combined approach: https://security.googleblog.com/2023/08/toward-quantum-resilient-security-keys.html

While it ended up shutting down, the fact that Google Stadia was also a Linux-based gaming platform might also have factored into the ecosystem improvements and interest, maybe just a little bit

It’s possible that SteamOS and the SteamDeck are part of the incentive that finally made nVidia get to work on open-source GPU drivers and Wayland-compatibility

Okay, you got me stumped here

Either I added my 3x Yubikey security keys prior to that feature being taken away, or there’s a bug, or there’s some condition that has to be met before you can add security keys to your account: are you using a compatible web browser (e.g. recent Firefox), and have you downloaded/viewed/printed your recovery codes?

Mobile phones are the least secure device that you are likely to own

Un-nuanced absolutist statements like this grind my gears a little, haha

SMS is plain-text, and codes from the authenticator apps (and possibly also the GitHub Mobile app) can be phished, so in this regard I agree that the security key option offers the strongest safety/privacy, but those other phone options are still better than nothing for the majority of users

As far as devices I own, the only TV I could buy here was one running Android 10 without any software updates in the last 2 years, I feel I can confidently state that the TV is less secure than the phone I bought this year with an OS patch from this month

Please stop sharing inaccurate information

There are many 2FA options, and you never need to add a phone number to your account if you don’t want to

There are a range of two-factor authentication mechanisms that can be added to your GitHub account, so this does not require sharing your cell phone number with them at all if you don’t want to

I’m not sure why people are complaining about this change, this seems like a reasonable security uplift that will hopefully be adopted across more services