Wasn’t privacytools the original, before they were bought out and the original people moved to privacy guides?
Can’t you run ddg without javascript, on their plain html version?
Here’s my main argument for more private services (I try to make all my arguments short).
According to a study done by proton, a single company makes a minimum of $200 dollars off of each person, each year. Of course, they probably gain more money via clandestine deals or the government buying data directly to get around the 4th amendment.
But that money, doesn’t go solely to the companies dedicated to collecting data, or those parts of other companies. It goes to lobbying the government to strip away privacy further.
And then I have two endings, depending on the situation:
-
Of course, I recognize that in today’s connected world, I can’t get privacy unless I go live in the woods. But I can decrease the amount of money companies make off my data, which I do like.
-
Organizations like the EFF, lobby on the other side, for more privacy for us. But they are opposed by when massive companies like google also lobby. So when I deny google $100, that’s money they can’t use to lobby anymore. Rather than thinking of it as denying google money, think of it as making a donation to the EFF, that they use to ensure our rights are in place.
Along with the other bits that people like and dislike about it, I have another problem with it.
In order to deploy software in a manner that is resilient, it’s necessary to deploy it in a “High Available” manner. This usually involves duplicated the service across multiple machines, and then automatically switching from one server to the next if one machine goes down. I consider this necessary for something to be a true alternative to the big proprietary software like discord/slack/etc, for smaller groups or nonprofits who want more reliability. Someone losing internet at their house should not result in the whole service going down. A datacenter going up in flames should not result in that lemmy instance going down (forgot which one this happened to, but I’m referencing a real thing).
The most common way (and arguably, one of the easiest) to do high availability is Kubernetes. Kubernetes has a sort of package manager, called helm where you can quickly spin up services in a highly available manner. Many services offer official helm charts (Unofficial ones are not going to be maintained reliably, so I don’t like them).
The helm chart for Synapse and the rest is enterprise only meaning you have to pay. Discovering this is what finally really soured me on Matrix as using it as a discord alternative.
Of course, I never really considered Matrix a discord alternative. It lacks certain features that people want, mentioned below, like voice rooms (although voice rooms are by definition, metadata leakage, meaning people who dislike matrix for the metadata leakage would dislike voice rooms lol).
Rocketchat appeals to me because of this. Kubernetes/helm, single sign on, and interestingly, it seems to be able to federate with matrix (although I don’t know if it supports e2ee with matrix). It seems that rocketchat has it’s own e2ee, though I don’t know how it works (or if it’s any good). It also seems to support matrix clients, but doesn’t seem to actually be based on matrix.
But otherwise, rocketchat seems like a much better discord alternative.
This is so horrifically wrong, I don’t even know where to start.
The short version is that phone and computer makers aren’t stupid and they will kill things or shutdown when overheating happens. If you were a phone maker, why tf would you allow someone to fry their own phone?
My laptop has shut itself off when I was trying to compile code while playing video games, while watching twitch. My android phone has killed apps when I try to do too much as well.
You’re probably going to end up on Jitsi meet, but I’m also going to drop a recommendation for bigbluebutton.
I recently noticed that it was integrated into the open source Learning-Management-System Canvas, which every school I have gone to so far uses.
Although bigbluebutton doesn’t seem to explicitly support e2ee (but maybe this counts for something), if you are already using Canvas, BigBlueButton definitely worth looking at.
I really, really wish people at my school would use the integrated bigbluebutton instead of using zoom, especially given I’ve seen people occasionally have issues with authentication for zoom, but all of that stuff is handled with bigbluebutton because it’s fully browser based and integrated into Canvas.
Is there a specific android app you need?
https://gitlab.com/android_translation_layer/android_translation_layer/
And of course waydroid. Both these solutions let you run android app on Linux, but like wine, they won’t work for every app.
Waydroid probably works for all apps not dependent on google though. But it’s more difficult to set up than the android translation layer.
https://help.kagi.com/orion/faq/faq.html#oss
We’re working on it! We’ve started with some of our components and intend to open more in the future.
The idea that “open-source = trustworthy” only goes so far. For example, the same tech company that offers a popular open-source browser also has the largest ad/tracking network in history, with that browser playing a significant role in it. Another company with a closed-source browser (using WebKit like Orion) is on the forefront of privacy awareness and technologies in its products.
So, does anyone here remember when all chromium browsers had a secret api that sent extra data to google? Brave, Opera, and Edge got hit by this one, but I think Vivaldi dodged it. They all removed this after they found out, but still…
When it comes to things like browsers, due to the sheer complexity and difficulty to truly audit chromium, I don’t really consider chromium to be “open source” in the same sense as many other apps. Legally, you can see and edit the code. But in practice, it’s impossible to audit all of it, and the development is controlled by a single corporation who puts secrets in it, or removes features that harm their interests (manifest v3). Personally, I consider Minecraft Java to be closer to open source than chromium is.
To say that:
The idea that “open-source = trustworthy” only goes so far
is really just a cop-out and excuse for not being transparent with their code and what they are doing.
Is it possible to allow DRM content for just 1 website ( Netflix ) , while other websites on the same browsers are not allowed to do it?
I would use multiple firefox profiles for this. If you go to about:profiles or use the command firefox -P to launch firefox, you can view and create other firefox profiles. Each firefox profile is essentially it’s own instance of firefox, complete with different history, extensions, and setting. You could have a “Netflix” profile and a regular browsing profile.
Thorium’s entire focus is on performance. As another commenter has noted, that means no security updates, and no privacy features.
I wouldn’t recommend it for daily use, but if you are playing a browser based game it’s worth testing out. I used to play krunker.io and I tested it to see if I could get more FPS (FPS equaled faster movement speed back then), but I didn’t see any major performance improvements over the major krunker clients or Microsoft Edge (other most performant browser).
I cannot find anything related to that in their documentation, their about page, or their whitepaper.
They talk a lot about decentralized computing, but any form of secure enclave or code verification isn’t mentioned.
Compare that to this project, which is similar, but incomplete. However, quilibrium uses it’s own language instead of python or javascript, like golem does. The docs for golem do not explain how I am supposed to verify a remote server is actually running my python/javascript code.
There is concern amongst critics that it will not always be possible to examine the hardware components on which Trusted Computing relies, the Trusted Platform Module, which is the ultimate hardware system where the core ‘root’ of trust in the platform has to reside.[10] If not implemented correctly, it presents a security risk to overall platform integrity and protected data
https://en.m.wikipedia.org/wiki/Trusted_Computing
Literally all TPM’s are proprietary. It’s basically a permanent, unauditable backdoor, that has had numerous issues, like this one (software), or this one (hardware).
We should move away from them, and other proprietary backdoors that deny users control over there own system, rather than towards them, and instead design apps that don’t need to trust the server, like end to end encryption.
Also: if software is APGL then they are legally required to give you the source code, behind the server software. Of course, they could just lie, but the problem of ensuring that a server runs certain software also has a legal solution.
Crowdstrike didn’t target anyone either. Yet, a mistake in code that privileged, resulted in massive outages. Intel ME runs at even higher privileges, in even more devices.
I am opposed to stuff like kernel level code, exactly for that reason. Mistakes can be just as harmful as malice, but both are parts of human nature. The software we design should protect us from ourselves, not expose us to more risk.
There is no such thing as a back door that “good guys” can access, but the bad guys cannot. Intel ME is exactly that, a permanent back door into basically every system. A hack of ME would take down basically all cyber infrastructure.
First things first: Check if any data was actually leaked/breached.
Many times, the data leaks news sites like to report in the most alarmist manner, don’t actually contain any new data, and are just aggregations of older breaches that already happened. Although still worth reporting, sadly, due to the way ads and clickbait works, they are incentivized to play it up and report it as the LARGEST DATA BREACH EVER 2024 CLICK ME IMMEDIATELY.
But yeah. My recommendation: Find high quality sources which either don’t report this stuff, or I like lemmy (and used to like reddit), because when stuff like that gets posted, it gets called out by users in the comments.
Disabling javascript increases security, and offers a little bit of privacy. Those are both separate from anonymity, but people conflate the three often.
For example, javascript can be made to do arbitrary websoccket or http connections to any ip/hostname your computer has access to — even local networks or localhost.
I use the browser extension Port authority to block it.
Of course, port scanning is used by ebay to scan users computers, and discord.
Disabling javascript prevents websites from tracking exactly what you do on each site, or what local ports you have open. This is definitely an increase in privacy, as it relates to hiding what you’re doing. However, you noted it comes at the cost of anonymity, as you become uniquely identifiable.
Anyway the centralized nature of Revolt Chat makes it no very appealing for me.
I agree with this. I will probably stick with either matrix or xmpp due, to their federated nature, and strong E2EE. Matrix is a better discord replacement, as it has more features, is more standardized, has a better web client, and has “spaces”, which are somewhat analogous to discord servers.
Xmpp however, is much more lightweight on both servers and clients than matrix, and it’s E2EE works more reliably (none of that "failed to decrypt nonsense), and makes a better E2EE messenger.
I attempted to find evidence to support this.
I found one reddit post claiming this, but they themselves did not provide any evidence.
freedom of religion is a human right bruh i did not say anything but i believe in god the banned me and claimed i was being homophobic 1. i said nothing about it 2. stfu even if i was
Not exactly the most compelling piece of evidence, and this was all I could find.
No way to protect emails, google chats, or many other things AFAIK. Yeah, I hate it too.
However, freshtomato is another router firmware, that isn’t as feature rich or well supported as opwnwrt, but is focused on supporting broadcom chipsets.
https://wiki.freshtomato.org/doku.php/hardware_compatibility
I flashed it to my netgear router with a broadcom chipset, it works wonderfully!
Because much of mozilla’s funding is from a deal with google, that’s why.
US$300 million annually. Approximately 90% of Mozilla’s royalties revenue for 2014 was derived from this contract
From https://en.wikipedia.org/wiki/Mozilla_Foundation
A lot of money, but not enough to actually to actually do a lot. They keep cutting features their “customers” like. Why?
Because development is expensive.
Google props mozilla up to pretend they don’t have a monopoly on the internet. Just enough money to barely keep up, not enough to truly stay competitive.
Mozilla wants to not rely on google money, so they are trying to expand their products. AI is overhyped, but still useful, and something worth investing in.
Mozilla: ignores years of customer complaints and requests
Are these customers donating, or purchasing mozilla products or services so that mozilla doesn’t have to rely on google’s donations?
Mozilla: creates new product nobody asked for
https://github.com/Mozilla-Ocho
Nearly 10k and 400 stars on those respective repos.
A way to run a large language model on any operating system, in any OS, in a simple, local, and privacy respecting manner?
For linux we have docker, but Windows users were starving for a good way to do this, and even on linux, removing the step of configuring docker (or other container runtimes) to work with nvidia, is nice.
And it’s still FOSS stuff they aren’t being paid for, currently. But there are plenty of ways to monetize this.
Here’s an easy one: tie in the the vpn service they have to allow you to access the web ui of the computer running the llamafile remotely. Configure something like end to end encryption or or nat traversal (so not even mozilla can sniff the traffic), and you end up with a private LLM you can access remotely.
With this, maybe they can afford some actual development on firefox, without having to rely on google money.
They could. But in countries where internet access is restricted by authorities, running any more than an insignificant amount of traffic over a VPN, even protocols as stealthy as the ones that make them indistinguishable from website (http/s) traffic, can be noticable… and being noticed can get you killed.
Snowflake, on the other hand, runs proxies to users of the snowflake browser extension, who act as entry points. It’s named so because connections are ephemeral, and last for a short time, like snowflakes. This makes it much harder to distinguish.
It’s not only about what internet traffic, it’s also about where.
And of course, the how is relevant too. Not many people want to spend the time to set up an ssl vpn (and multiple people using it makes it easier to spot).
You need to understand what you’re asking when you suggest people set up their own proxy. You’re asking them to learn a skill, most likely in their free time (free time and energy they may not even have), and without many resources to learn (censored internet), and then rest their lives and livelihoods on that skill. Depending on the regime, maybe the lives of their friends and family, as well.
Comparatively, it’s like two clicks to select snowflake as an entrypoint in the tor browser configuration options.
In my experience, best with science, math, and technology stuff:
But I’ve found it to be very good for finding scientific articles.
I disagreed particularly with:
Furthermore, F-Droid doesn’t enforce a minimum target SDK
While yes, this may be a bad thing for some, certain apps, like termux (terminal emulator, even lets you make a linux chroot, some ppl play games using wine in it) only work properly on sdk’s older than a certain version, since newer versions can be somewhat locked down.
I don’t want to say that that article is “google good, f droid bad”, but that’s what a lot of what it’s points are. It completely neglects to mention the downsides of google’s various security models, especially for a foss community like this one. App bundles, for instance, are secure yes. But they are also an advanced form of drm (at least when made by google), must be compiled server side for each device, and other things that make them not work for the foss community.
And criticizing f Droid because it has multiple repos? That criticism is completely incompatible with the common FLOSS ideas that things should be less centralized.
Don’t get me wrong, some of the points it brings up are valid, but they are biased, only focusing on on one side.
And I also don’t feel the need to be alarmed by these points. What does it matter that google signs everything (in a supposedly better way) when “everything” includes malware?
As usual, no app or product can replace human discernment. Security is a process, not a product.
On a Samsung Galaxy? I have one and am also similarly frustrated with the changes, but it seems like the support for custom roms is poor.