I have some small amount of experience with this, but based on the little I know, here’s what I can say. First question is what is your goal? To get customers, or to create a community? Below is general advice but it’s hard to say just talking about it in the abstract.
If you want a community, I would probably advise to just treat it as one more channel, have separate pages in Meta / X / Fediverse / Pinterest or whatever as separate communities, since in a lot of cases there won’t be overlap between them. I wouldn’t recommend abandoning your existing Meta or X pages to set up a Fediverse page instead, although making a contingency plan for the slow motion demise of Meta as a platform for the long term seems like a good idea.
If you want to drive sales, then for me Google Ads always worked better than buying advertising on Meta or X or etc anyway. Have you measured conversion numbers from Meta? They make it easy to spend money definitely, but I always found the ROI in terms of pure paid sales to be pretty bad from them.
Individual privacy and security is national security.
The “nation” in anything resembling a democracy is made up of individual private people with their own motivations, and their own sometimes considerable power, whose security is protected even when it doesn’t line up with the interests of whoever happens to be in charge of the government. Those nations can become extremely powerful, much more so than “secure” states, because they have within them powerful people who give good faith to the systems of government that can organize and wield state power. It has to be that way. Any government that betrays that relationship will collapse into something akin to modern-day Russia. Certain policies might be bad for “individual privacy” in the short run, and good for “national security” in the short run, but there’s a reason why the nations of Nazi Germany or the USSR who prioritized state security so high above that of individuals, weren’t at all secure in practice. On an individual or a national level.
In the absolute middle of World War 2, when Britain was fighting literally for its life against the literal Nazis, and losing, the government had to deal with paying rent to the sometimes disagreeable landlords for their military intelligence offices, and they had to face angry questions from civilians in government about firebombing in German cities and how it was inhumane. They weren’t allowed to just get on with whatever they decided they wanted to do. There was no question about “well this is a government matter so I don’t care what you think, as a private person, and I don’t have to.” That’s not how a democracy works. Some people might disagree, but in my opinion that’s why the side that Britain was part of ultimately won the war: Because the British people knew their rights as individuals would be respected, and so they in turn felt comfortable giving wholehearted support back to the government when the government needed it.
Anyone who describes “national security” as a thing that has to be balanced against the rights of the people who in actual reality make up the nation, is probably talking about something more akin to “state security” in the USSR or Nazi sense. Not the security of the actual nation, but the safety and convenience of policymakers and their friends, sometimes specifically their safety from the nation (i.e. the people).
The point I’m trying to make is, you don’t even have to do that.
There are already laws against revenge porn and realistic child porn. You don’t have to “prevent” this stuff from happening. That is, as he accurately points out, more or less impossible. But, if it happens you can absolutely do an investigation, and if you can find out who did it, you can put them in jail. That to me sounds like a pretty good solution and I’m still waiting to hear what his issue is with it.
What the hell is this guy?
“Here’s a case where people made and shared fake nudes of real underage girls, doing harm to the girls”
“But what the hell, that’s kind of hard to stop. Oh also here’s this guy who went to prison for it because it’s already illegal.”
“Really the obvious solution everyone’s missing is: If you’re a girl in the world, just keep images of yourself off the internet”
“Problem solved. Right?”
I’m only slightly exaggerating.
Yeah, email is unsafe, agreed. I addressed that below, saying I thought they just wanted to separate their real-world identity from their un-private emails. If you’re trying to use Proton to keep your un-private emails private, you’re gonna have a bad time and you should use some good end-to-end solution that isn’t email instead.
Librewolf?
I’ve been using that for a while since I ditched Chrome, and anecdotally it seems like it hits a pretty good sweet spot of “privacy-protecting to such an extent that I notice little annoyances as I browse the web, but they’re all trivial and easily bearable, which probably means it’s doing quite a lot to try to protect me.”
I’m not trying to argue or anything, but I think you should read this for a quite good overview of the issues involved with trying to secure SMTP email. You can also read any number of expert opinions saying the same thing, if you don’t believe me or that article.
If you’re communicating with someone you know who’s also running their own email server, there is no problem with using email.
So, basically, never. I’ve run several SMTP servers in my time. I’m having trouble thinking of an example of when I might have been communicating from one of them to someone else who also ran their own secure SMTP server. If you’re trying to set up a secure end-to-end communication channel with one specific person which involves work on both your ends, it’d be way easier and more secure to use some other transport protocol at that point.
Email is a good protocol
It is. 100%. Sorry if I gave the impression I didn’t think it was. For all its age and some amount of minor stone-age baggage it brought with it, SMTP is genuinely quite well-designed and still serves its purpose 43+ years later, which is incredibly impressive. That purpose is, insecure but reliable and interoperable communication.
it runs over TLS.
Yeah, so does your HTTP connection with Proton. That doesn’t mean the end-result system keeps your messages secure, any more than using HTTPS means Proton is secure.
You can read the article I linked to above, but basically the short version is that email is by the design of the protocol subject to being stored or transmitted unencrypted at various intermediate places as it’s being sent around, in ways that are by the design of the protocol impossible to prevent.
You’re not required to agree with me; you can think what you want, but that’s how I see it.
But yeah, don’t use email if you don’t trust your email provider.
Not sure how much more I can simplify this: The “if you don’t trust your email provider” has no place in this sentence. Don’t use email if you need the content of your messages to be private. If someone’s looking at Proton because they think it’ll keep their emails private, then yes, that’s a bad idea. But that’s not because of the “Proton” part of that sentence; it’s because of the “emails” part, and setting up your own SMTP service will do nothing to remedy that (in fact it’ll make things worse because it’ll put your own IP address into the “Received-By” headers of every email you send out).
Wait… okay, I think we’re talking about two different things.
Emails you send or receive are not private. End of story. That’s nothing to do with the provider; they’re just not. SMTP is from the stone age of internet when nothing was private, and the attempts to graft a layer of encryption on top of it are from the bronze age, when encryption wasn’t very standardized or well-tested against real threats, and all of that shows. Even if you put a significant amount of work into grafting full end-to-end PGP encryption on top of the best your provider can do to keep your emails private, it doesn’t work. Emails are not private.
What I assumed you were interested in was in separating your non-private collection of emails from your real world identity. Proton + Tor will do that, bang on. If you’re trying to send and receive messages which are genuinely private, use one of the fairly good options which can do that (Signal or Matrix maybe). If you’re trying to send and receive your non-private emails without it being linked to your real world identity, use Proton + Tor. If you’re trying to send and receive SMTP emails without people being able to read them, you need to rethink what you want, because you’re not going to be able to get that.
Hm… I do kind of get what you’re saying now. I just don’t agree with this limited way of applying the term. I do know what a backdoor is, yes.
So: If you have a remote shell program like sshd, it can do what it does. There might be malicious code inside, there might not. But if we said specifically that it had a “backdoor,” that would mean that it can also accept arbitrary login requests (bypassing the normal authentication) for someone to log in and run arbitrary commands. That’s a backdoor. The code’s still running within the context of the terminal program, but what makes it a backdoor is that it’s doing it on demand from some remote user. Yes?
If you had a social media program like Tiktok, it can do what it does. There might be malicious code inside, there might not. But if we said it had a “backdoor,” that would mean that it can also execute arbitrary code (bypassing the normal authentication of downloaded apps) for someone to run arbitrary code. That’s a backdoor. The code’s still running within the security context of the app, but what makes it a backdoor is that it’s doing it on demand from some remote user.
There’s another related definition where “backdoor” means a secret way of escalating privileges, but that up above is the context where I’m using it, which is also consistent with Wikipedia’s definition. You’re free to not agree with my definitions, I don’t wanna argue any more than you do and I’m happy if you want to use the word however you want. But that’s how I see it.
Many apps do that to circumvent the update delays that apple and google put in place.
Source?
Browsers also download and run code from any website you visit.
Accurate, yes.
The security measures make sure that this code can’t just do anything, just like on android.
Lol can I send you an Android binary to run which has the ability to use your camera and microphone and read your text messages, files, and contacts? Like Tiktok does. Don’t worry, it can’t just do anything.
So the argument isn’t that downloading a running a new binary will somehow give Tiktok new capabilities within the security model that weren’t there for the previous code. The argument is that (a) the security measures in place are way too weak and (b) the ability for any individual device to download and run new custom functionality on-demand enables someone to add new functionality to any individual device, outside the main channel of updates for everyone’s devices. What do you think the word “backdoor” means, if not that?
According to this guy, that’s exactly what it is – he claimed that at least on the Android version, it’s got functionality to download arbitrary new binaries and start running them when instructed to by its central servers. That’s alongside other worrying things like always-on location tracking and storage, code injection to any web site you visit through their browser, and perusal of all your contacts and messages.
I remember seeing the same thing claimed in more authoritative analyses of the thing, but for some reason I can’t find them now, so we have to take it with a grain of salt I guess. But in my mind (based on my memory of reading things like the link above) it’s extremely maliciously designed.
I don’t really know, any more than you do, but I assume that this is true yes. There’s a whole fascinating story to be written about it. This story isn’t it. Among other things, blaming Apple for that situation when they’ve explicitly told the US government to get fucked in re its surveillance requests when they had no reason to, is obviously misleading to the reader and unfair to Apple.
(Actually I’d take issue with “just as hard as Chinese stuff,” since Tiktok is more explicitly malicious than pretty much any other category of compromised software, which is saying quite a lot. But in general I agree with you.)
This is a masterclass in how to write a slanted story.
It’s definitely interesting that MI6 spied on the PLA through an Apple smartwatch. Did that happen because it was an Apple smartwatch? Or did they just break into it the same way they would break into a Microsoft, Samsung, or Jetstream device?
I don’t actually know the answer to that question, but the way the story is phrased makes me think that if it was the first one, we definitely would have heard about it explicitly.
Apple does have the ability to track at least the geolocation of its gadgets. As well as access other data, especially those stored in cloud services. Apple specialists can also remotely install any software on their gadgets, including spyware and malware, under the guise of updates without the owner’s knowledge.
I had the ability to wake up and eat a pile of wood chips this morning, but I didn’t. Has Apple actually done any of these things? Or are you just trying to make them sound shitty by implication, for reasons of your own?
Short answer: In theory, pretty much anything you’re doing on the modern internet can be traced back to you. It’s just a question of how much effort, sophistication, and time someone’s willing to invest in the tracing. Tor is a pretty high bar for them to clear, so it’ll protect you against a pretty high bar of attempting to track you down – but that’s only true as long as you’re not doing anything careless to compromise your own security, and it’s pretty easy to do something careless (especially in the long term).
This DEFCON talk goes into a lot of the nitty-gritty details and reality. The speaker sold drugs on the dark web for quite a while, but eventually got caught and went to federal prison, so he knows both sides of it.
Yah I thought so. There are enough problems with facial recognition, and the US is such a unique animal in terms of its eagerness and ability to spy on its citizens, that I actually do think this is a problem, but I’m seeing all these people in this thread saying “This is a disaster! They’ll be able to identify you now, when you cross the border!”
Like buddy I have some bad news for you
… because for most travelers, it’s already been provided via APIS to the CBP. Like I say, I think the main motivations are (1) making sure that the person traveling matches the identity that was provided to and checked by the computer, which seems legit and (2) trialing the system so they can expand it beyond the international border, which seems far too worrisome to justify the small benefit of #1.
Driving checkpoints I have no idea; I was honestly thinking only in terms of air and sea travel which is a little more formalized. Are they talking about scanning people’s faces when they drive to Mexico also?
?
I’m not at all a fan of this, but surely presenting your papers when crossing an international border is not a new thing. I’m actually pretty sure I’ve done this facial scanning when traveling in the EU, and in that case I assumed that it was to detect people who don’t match the passport they’re holding, which actually seems like a pretty valid law enforcement thing to do. They already know who you are.
I.e. I agree this is a bad thing but disagree with this particular reason for disliking it. Among other reasons, it surely won’t remain only at international borders once the US has gotten some familiarity with the technology.
Why is it a bad thing if someone you don’t like says something sensible?
There’s a lot of natural alliance between the anti-establishment on the right and the left… that’s why the establishment spends so much money and effort making propaganda, trying to make sure that the natural rage of the screwed-over gets channeled to the far right. The rage gets aimed at the left, instead of being properly directed at the people who are screwing them.
I don’t feel like it’s helping if someone who’s a victim of that propaganda makes a good decision, and people on the left don’t want to acknowledge it.
So:
Sounds like a recipe for a lot of frustrating interactions to me.
I don’t know anything about you as a person and it’s hard to judge anything from text. But the way you’ve approached this comment thread comes across as mad rude, yes. And I think that’s why you’re getting such a negative reaction (more so than anything to do with Firefox).
If you were at a party or in some group chatting, and you had a point to make but said people weren’t allowed to talk to you on the topic until they’d completely watched a 15-minute video, and people mostly said they didn’t want to do that, but some person did go off and watch around 10 minutes of the video and came back and started trying to explain to everyone some of what was in it, and you just turned to him and said, “You miss some important points,” and then turned away without saying anything else — taken as a whole that’d be pretty rude, right? Or do you not think so?
A lot of video platforms judge the quality of a video and promote it or not according to how long people watch, so if people obey things like “Watch until the end,” it has the effect of rigging the metrics so that it’ll get spread more widely (as compared with a video that people click away from whenever they personally feel they’ve seen enough.) That’s why that type of statement is clickbait-y; I’m not saying that was your intent in saying it, just that that’s the impact it has and why some people react negatively to it.
What are these important things he said at the end? Why are you resisting just laying out the high-level theses of the video in a manner that people can digest in a minute or two? This whole approach of coming out of the gate ordering people to devote 15 minutes of their time watching a video, whether they decide based on watching a little bit that they want to finish it or not, is just being commanding to people and incredibly disrespectful of their time. I think that’s probably the main reason you’re getting a negative reaction.
I’ll put it this way: I generally agreed with a wildly popular (edit: unpopular) “anti-Mozilla” post if you want to call it that, I devoted enough time to watch the majority of this video before I decided I’d had enough, I devoted enough time to neutrally summarize some of its points to people and I agree with the validity of some of them. Personally I prefer Chrome over Librewolf. As not at all a “Firefox fan,” there were also definitely elements of this video that moderately pissed me off. Mainly I’m trying to relate to you why I think this post is getting a negative reaction. I can’t make you want to hear that if you’ve already decided to yourself what’s what, but that was my feeling if you’re open to hearing it.
I think people may just be hyper-sensitive because of that article about Mozilla foundation’s finances that came out a few weeks ago (which the maker of the video clearly cribbed from at one point).
FWIW, I think the article raised some pretty valid points, and I didn’t agree with all the hate that it got, so I’ve got no issue with including the points in the video. If I were to provide some constructive criticism for the video, I would say it should dive into more of the factual basis behind a lot of these things, providing some analysis, as opposed to just touching on twenty different subjects throwing a little drop of shade at Firefox for each one and then moving on to the next one right away.
Edit: Also, trying to set rules for other people’s behavior, that they’re not permitted by you to comment or downvote until they’ve watched the whole video, is a little clickbait-y and mostly likely to just irritate people, no matter how valid or invalid is the “requirement” that you’re trying to get them to follow.
Partial summary:
It’s not an uninformative video, but it’s also very high-level and with a heavy opinion to fact ratio, I think. I started taking mental notes partway through about some things I had issue with factually, but I’ll admit I sort of stopped caring most of the way through.
Hm, yeah, I would just start up a Mastodon page in parallel with the Meta page. Pick the right “home” server to join; that’s critically important for Mastodon in a way that it’s not for Meta. Put in charge of the page someone who’s genuinely excited about participating in Mastodon, and would be engaged with the gaming community there whether or not they were in charge of the page. I don’t think I would recommend spending anything on ad promotion of the Mastodon page, but like I say I’m not convinced of the utility of spending money on Meta promotion either. YMMV
Anyway like I say my level of knowledge about it is pretty minimal but I’m happy to talk more in depth on details of my experience also if you like.