No, no, I’m saying it should have been reported there and I don’t get why they didn’t share it.

On the face of it, that is a massive own goal. TOR project surely has a fediverse account or a blog or something to announce these things. This should be common knowledge.

FairEmail has a good reputation.

Info here

Depends on your threat model - mine is to make it as annoying and difficult for data sellers and advertisers to profile me as possible so in that scenario a reputable VPN service makes perfect sense.

There’s no such thing as total privacy and each service/software is simply a piece of the puzzle. If my government really wanted my data I’m sure they could find a way but making it as difficult as possible for techno-fascists is fine by me.

Thats a good point, I might set that up myself!

At the moment I do a once-a-week encrypted export from BitWarden and Aegis (authenticator) and put those exports onto an encrypted USB pen drive to avoid the issues you mention but I think your way is probably better.

Info here

What assurances do you have they won’t go full proton in the future?

Absolutely none. That applies to all services that exist now or in the future. The only way around that is self-hosting but that path has its own issues including a very steep learning curve if you want to be secure as well as private. Maybe this could be a longer term project to work towards?

For services:

• Mail - Mailbox.org seems the best option right now
• Calendar - don’t know.
• Drive - either Cryptomator used with literally any service or a dedicated service like Filen
• VPN - Mullvad
• Password Manager - Bitwarden
• Documents - I just use LibreOffice offline or CryptPad occasionally if I’m collabing with someone.

In truth none of these are perfect. Privacy has got a lot harder recently as Proton and StartMail/StartPage have politically shit the bed and the UK seems determined to kill encryption which means I have to avoid really good services like IceDrive just because they’re in the UK.

EDIT: Calendars. Mailbox.org’s included one works fine. You can sync using CalDAV. The process for Thunderbird (desktop) is here.

The process for mobile is a little more complicated. First you need Davx5 to actually get the data, but thats all that app does. It’s not a Calendar app. It does work with the native Android Calendar but I used FossifyCalendar.

So install both of those then login to your Mailbox account in a browser and create a Calendar (or use an existing one). Get its unique URL by looking under the heading ‘My Calendars’, clicking the three bars icon, click ‘Properties’ and you can then copy your CalDAV URL.

On your Android device open Davx5, tap the plus icon then specify ‘login with URL and username’ tap ‘continue’ then paste in the URL you copied earlier, your email address and your email account password, tap ‘login’ and that should work.

Now, switch to your Calendar app. I used Fossify Calendar so if you are too, open that up, go to Settings, scroll down to the CALDAV section and turn on CalDAV sync. It might switch to your new Mailbox calendar now, but if it doesn’t, tap ‘Manage synced calendars’ and activate it there.

Such a weird thing for them to do - why would a Dutch company highlight a connection with a US Trump supporter? Is it a very recent thing? Like Proton’s CEO massaging Trump’s ego?

Not immediately or probably for some years. Facebook’s main problem is the fact its got an aging population and no young people joining. That’s why Meta bought Instagram and is desperate to get their grubby paws on TikTok or force it to close down in the West.

I think internally, over the next decade, FB will start to die off organically as Meta put ever increasing focus on retention and young people.

I’m not a fan of Apple at all but they could’ve done a lot worse. They’ve basically refused to backdoor encryption and instead announced (as opposed to silently doing it) its removal instead.

I think what we should be more concerned about here is the total silence from other companies who offer encrypted cloud services. Might that imply they’ve already (as per the terms of the UK’s edict) silently complied?

1. Do I actually need it? For example, I like the gnome ArcMenu extension but I don’t really need it, so no to that one.
2. Read the reviews and/or ask in the relevant community, or a Privacy community like this one.
3. If the code’s up to date in a repo see where (if anywhere) its phoning home to.
4. If its not but I still really need it, install it, then run Wireshark and see what its up to, if anything.

That’s why I replied directly to you. Are you new to how public, threaded conversations work?

Do be an adult. Lemmy isn’t that big that you don’t recognise usernames.

Are you trying to be wrong on every thread about this you post in? To follow up on @EldritchFeminity point about the LGBT community, one of the other groups first targeted by the Nazi’s were the disabled. Trump is on record as stating (as per his nephew) that disabled people should ‘just die’ and has openly mocked disabled people. His views are so close to 1930s/40s era Nazism as to make no real difference.

Literal thought policing (“what you privately think”)

Are you suggesting that a statement that he made is not what he thinks?

quasi-religious purity logic (“has tainted Proton”)

lol, sorry you’re incapable of processing descriptive language :) I’ll rephrase it to ‘has negatively affected Proton’s image in the eyes of some’.

This nicely reveals the kind of busybodying inquisitorial mindset that keeps losing elections for US progressives and thus landing the rest of the world with Trump.

Neither I, nor Proton, are American so its difficult to see how my opinion keeps landing the world with Trump.

Trouble is Andy, we now know what you privately think and all the follow up statements in the world can’t put that genie back in the bottle.

Proton is an org that exists in an industry whose customers do not trust easily. Publicly aligning with someone utterly untrustable, either as an individual or as a board, has tainted Proton and adversely affected peoples ability to trust. How can we ever know when Proton will find it acceptable again to respond positively to a Trumpian decision or how it might affect our privacy?

The privacy community is always told to verify, not trust. The board of Proton have decided to publicly state something that leads a lot of people to be unable to trust them - namely supporting the choices of an extreme right wing leader who has repeatedly demonstrated the foolishness of trusting anything he says or does.

This CEO is totally free to have their own thoughts but its verging on the ridiculous to think that other people aren’t going to have a negative reaction to them and seek alternatives. Its next to impossible to trust a company that express approval of Trump decisions because its impossible to trust Trump. And Proton going out of their way to publicly state their approval when they are not even a US org and would’ve lost nothing by simply not saying anything suggests a board that was keen to publicly express support for Trump. It inevitably makes people who are already on the receiving end of Trumpian hate legislation, or who soon will be, wonder what else Proton might be willing to do for Trump in the future.

Great to see another brand new browser under active development!

A few little things rather than one or two big things - email advertised as private but they won’t let you use anonymous addresses (like anonaddy or duck.com) for recovery addresses, an ever growing portfolio of products that seem unfinished or incomplete or lacking in standard features like they’re trying to corner the whole privacy market rather than making one or two products but making them really good, poor customer service and support as a continual theme throughout their existence.

To be clear, I’m not suggesting they’re doing anything dodgy, I just feel that I don’t really trust them. They just make really odd choices and it all feels like a haphazard rush.

You would think that someone at Proton would’ve had the foresight to realise the reputational damage this (along with the LLM announcement) would do to the company.

Without wanting to sound smart after the fact, I’ve been suspicious about Proton for years. I briefly had an email account with them but I could never quite shake the feeling there is something off about the whole company. This move just confirms to me I was correct to be suspicious.

It is worth noting though, that Proton doesn’t allow you to use certain domains for recovery addresses. Admittedly this was awhile ago and maybe things have changed there but when I first joined Proton they wouldn’t allow me to set a duck.com or simplelogin.com or addy.io address as a recovery email.

Obviously using an apple ID is stupid but Proton could make more of an effort too.

That’s true, there’s always going to have to be some trust, but a provider that takes the time and expense to invest in a privacy audit or defend their clients by not logging and establishing that in court certainly indicates they’re worth having that trust in.

Do ISP’s monitor or sell or pass on your data? Yes.

Do VPN’s? Depends on the VPN. Find one that doesn’t and can back that up with 3rd party audits and legal encounters.

So can a good VPN protect your privacy? No, not by themselves. A VPN is part of an overall toolkit to be as private as you personally would like to be. It can help protect your privacy, that’s all.

It’s really that simple.

That’s an excellent point that I don’t see mentioned very often. Quite aside from the fact that Threads has popular scumbags like Libsoftiktok on it, they have 100 million users.

The existing fediverse is already struggling to moderate effectively. Various communities on Mastodon have already been exposed to vitriolic trolling and tools like fediblock are struggling to deal with it. Over here on the threadiverse, there have been numerous spam and CSAM attacks which, again, the existing tools are struggling to deal with.

If even just 1% of the Threads userbase are bad actors, that’s still one million bad actors all at once. Just the weight of numbers alone is going to swamp most instances.

Sure, but even the most ‘normie’ of my friends have heard of FFox. I think it’s fair to say it’s pretty mainstream even if its not widely adopted. You’re right that they do claim to be privacy respecting and I think they are when compared to the immediate competition. It’s a matter of degree. Are they more private than Chrome? Yes. And that’s a step in the right direction whilst at the same time people like you and I know they could do a lot more.

I don’t disagree with you that Mozilla are not exactly on the ball, all I’m saying is that Brave comparing their privacy hardened fork of Chrome with a non privacy hardened mainline browser is, at best, disingenuous.

Right, but what I said was that those of us who care about privacy know is that FFox is a starting point, not an end point. FFox is a more private browser than Chrome. But Brave is a privacy hardened fork of Chrome, therefore a more valid comparison is between Brave and a privacy hardened fork of FFox.

I think those of us who care enough about privacy issues to even be aware that Brave exists are well aware that out of the box FFox is a starting point, not an end point. FFox vs Chrome is a valid basis for comparison in a way that this simply isn’t. Comparing Brave with LibreWolf or Mullvad is a more valid comparison.

US to UK English and vice-versa.

Nope, no issues :) Debian is (as you know) pretty rock solid and Mint is too. It’s pretty much like having a system as reliable as Ubuntu but with none of the Canonical bullshit.

Depends on what level of privacy you want. I’m using Linux Mint Debian Edition with GNOME installed on it and it hits the sweet spot between privacy respecting and Mint’s ease of use.

I think the thing with open source (re: your free labour point) is that it’s entirely voluntary free labour - I know that wasn’t the thrust of your point but there are pros and cons to it. The lead dev could one day say ‘fuck it’ and walk away, but for a project of any size/popularity there’s a lot of people ready and willing to fork it or ask for ownership to be transferred. It’s not very often a very popular bit of code is totally abandoned.

Open source, to me, offers a sort of peer review system. Most people developing open source stuff already care about code quality and privacy, contributors also do and the myriad of people using it have a core set of people who also do. That’s a lot of eyes. There’s also tools to diff code so its pretty easy to spot changes. And I do do that.

But I take your wider point - it all eventually comes down to trust. But that’s true of legal requirements too. And also organisation behaviour. Brave for example have been caught at least 3 times doing very dodgy stuff and yet as far as I can tell they continue to grow. I don’t necessarily accept that one instance of law breaking or otherwise poor behaviour is instant death for a company. If it was, G and Meta would be long gone.

All I can do is reiterate that all of us have different things that we choose to place some trust in and we all have different ways of assessing what leads us to trust. But at the end of the day, there are no cast iron guarantees.

I self host just about every service I can, including search.

You’re asking for a guarantee, which I’ve repeatedly admitted I can’t offer because absolutely no one can provide that. No provider, no service, no software. All we can do is decide what we each consider to be actions/behaviours indicative of trust and use their offering in a way that maximises privacy for us as individuals. I put more trust in software/services that has code that anyone can read, that has been independently audited, that is trusted by the community and possibly tested in a legal environment. You might put more trust in things like privacy policies and other legally binding documents. Neither of us can guarantee anything however. I’ve lost count of the number of companies who’ve violated privacy laws and users only find out years or even decades after the fact.

But I’ll say it again - whats right for me might not be right for you and that’s fine.

That’s absolutely your call mate. I’m not here to tell you you’re wrong. I just know what it is that I personally consider to be active steps towards establishing trust and that I base my opinion on them. If yours and mine don’t align, so be it - to each their own.

Again, I’m not considering them to be intentionally malicious or deceptive, I’m saying without the basics in place, we’re being asked to just trust them.

I’m aware of the limitations you describe and you’re right that there’s no way to 100% guarantee anything, there has to be some element of trust. So the services/software I choose to use have done all the things I mention, or I run them locally. Does that mean they’re 100% perfect? No, of course not but the fact they’ve gone to great lengths to establish at least a basis for trust means a lot to me. Some of them have gone on to be tested in some sort of legal encounter where again, they performed well.

Trust is a personal thing, we all have different perceptions of what makes an org trustable - if Kagi match yours, good for you.

I don’t suspect or accuse them of anything. Quite the reverse - what I’m saying is that without things like open source code, privacy audits etc, we’re being asked to take their word for it all. They might well be the most privacy respecting company ever and they equally might not be. If you’re happy to take their word for it, that’s entirely your call. I’m not trying to change anyone’s mind, I’m just answering OP’s question with my own opinion.

That’s a security audit, looking at its vulnerability to attack.

Deciding to trust a provider - any provider - isn’t just any one thing. So, the most basic step to me is all the relevant code being open source. The next step is getting their infrastructure audited. The step after that is seeing what happens if they get court ordered to provide data.

They do none of that and I’m just too cynical to accept ‘trust me bro’ as a convincing sales tactic.

Because claiming they don’t is not the same as being able to verify they don’t by making their code open source.