I think it’d be great to live in a world where this technology required warrants, transparency, and other oversight from the start.
Me too.
It boils down to the fact that this technology is widespread, and will continue to be widespread regardless of my actions
That same reasoning has been used innumerable times throughout history. I suppose each of us must decide whether we think it holds water. It reminds me of an old adage: No single drop believes it is responsible for the flood.
Predator does way more than just ALPR.
I know. I looked it up. I mentioned the name not because I think it represents what it does, but rather to point out that it will affect how people feel about you and your work, even if in subtle, imperceptible ways. It’s up to you to decide whether you’re comfortable with that.
I don’t have a specific suggestion, but here is what comes to mind:
- Violation of human rights and civil liberties in order to gain power over others is always justified with noble-sounding excuses like protecting people and property. The reality does not match the claim.
- Once violated, privacy of information is almost impossible to restore.
- Anything that can be abused to someone’s gain will be abused eventually, if not immediately.
- Relying on a benevolent gatekeeper (even yourself) to prevent abuse of your tech will eventually fail.
- The name V0LT Predator evokes the feeling that it’s something the world needs less of, not more.
Whenever I find myself on a fine line like the one you’re trying to walk, I consider whether I’ll look back on my life and be proud of what projects/causes/changes to the world that I advanced with the time and talents that I have.
Look for an instance with these qualities:
- Does not use Cloudflare or any other large content delivery network. Instances that use thse allow the CDN to monitor everything your read and write on Lemmy, which can reveal a lot about you even if you haven’t used your real name. Cloudflare can then correlate that information with your other browsing habits, and possibly your real identity, because they operate as a middleman for a huge number of popular web sites.
- Maintains a sizable local image cache. Images served from other instances instead of your local one can be abused by remote parties to track what is viewed on Lemmy with your IP address (and sometimes your browser signature). Alternatively, you could block off-site images using a browser extension, but that would mean not getting to see as many pictures.
I avoid Apple devices, so I don’t have a first-hand recommendation, but something like Nextcloud would seem to fit.
Why go through someone’s service when you could go direct?
+1
In case you don’t have an optical drive, new ones cost only slightly more than a CD these days.
Here’s some guidance on which models are especially good at audio ripping:
https://pilabor.com/blog/2022/10/audio-cd-ripping-hardware/
(Note that the best ones cost a bit more and don’t come with a USB enclosure, but could be mounted in one.)
Matrix literally syncs the entire data/metadata history to all other servers where someone pops in
How else would you expect a decentralized and persistent chat room to work? If that stuff wasn’t synced among the servers that were invited to participate in a room, then it wouldn’t be decentralized; one server going down would kill the room (or at least lose data).
The only way I can think of is not to use servers at all, but go fully peer-to-peer. Matrix has done some proof-of-concept work toward this, but I’m not aware of any service that does it successfully while being practical for most people, yet.
chat is meant to have an ephemeral aspect to it.
There are use cases where that makes sense, but for general use? No thanks. When I lose my account password or my phone breaks, I want to be able to sign in on another device and still have my message history.
It sucks so much RAM, so much storage,
Synapse is indeed a heavy server implementation. Several lighter ones are in development, some of which people are using already.
encryption regularly breaks in weird ways, usually you see a message that you can’t read
This was once common, but it’s somewhat rare now in my experience, and the upcoming Matrix 2.0 apparently addresses most (all?) of the remaining causes.
if you enable encryption in a chat room you cannot disable it
I consider this a good thing, for the sake of the people who joined or wrote in the chat with the understanding that what they write is and will remain encrypted. If you want to abandon encryption, you can always create a new room.
we now have two official clients for Android (Element and Element X) in the first one encryption breaks in weird ways, in the later there is no way to use Spaces properly
No, there is one officially released client for android: Element. Element X is in beta. When it leaves beta, it will take over as the one officially released client.
direct messages between people don’t work well - it is like they are a room with the two people
It works well for me. How is it a problem for you? It looks just like the person-to-person chats on other platforms I use, including SMS.
privacy wise matrix is weak,
Privacy of message content is not weak at all.
leaks metadata,
It’s true that some metadata can be read by admins of the servers that have been invited into a chat. Given all the features that Matrix uniquely offers, that’s an acceptable tradeoff for many of us. Also, the developers have stated that moving most of that metadata to the encrypted channel is planned.
attachments are not encrypted, etc.
This is just plain false.
https://spec.matrix.org/latest/client-server-api/#sending-encrypted-attachments
Matrix is good for private general messaging. The fact that it’s decentralised means it can also withstand things like government-ordered shutdowns or back doors, since there is no central point that controls the whole network.
Two things to be aware of:
- Some non-message bits (e.g. room topic text and membership) have not yet been moved to the encrypted channel, so those could be read by the administrator of a homeserver that participates in your chat room. Since most people care primarily about keeping the message content private, this is an acceptable trade-off to get all the things that Matrix offers.
- The upcoming Matrix 2.0 features and design choices simplify the UI and fix some occasional errors. It might be worth waiting until this stuff officially lands in the client apps before bringing your contacts to Matrix, for a better experience all around.
Sync to a CalDAV/CardDAV server instead of to Google. If you’re up for self-hosting, Radicale is a good and simple one.
I use DAVx⁵ on Android and Thunderbird on the desktop. Other sync clients are listed here: https://radicale.org/v3.html#supported-clients
How would the sender prevent messages from going to the admin user that joined the room?
It wouldn’t matter if a rogue admin eavesdropped on an E2EE room, because they would see encrypted blobs where the message content would be. That’s what E2EE is for.
https://en.wikipedia.org/wiki/End-to-end_encryption
How would the sender prevent messages from going to the admin user that joined the room?
You’re conflating multiple things. Merely joining a room does not grant access to message decryption keys.
I respect your curiosity, but I think you’re going to have to familiarize yourself with the software and concepts to get a detailed understanding of how all this stuff works. If you’re technically inclined, I suggest reading the protocol spec, or at least the parts that interest you. You could also drop in to the public chat room and ask more questions there: #matrix:matrix.org
SimpleX has some interesting ideas, but also some shortcomings for people who want a practical messaging service. For example:
- It is funded by venture capital, which calls into question its longevity, and even if it does manage to stick around, suggests that it will be leveraged to exploit people once the user base is large enough.
- Its queue servers delete messages if they are not delivered within a certain time frame (21 days by default). Good luck if you take a vacation off-grid for a few weeks.
- No multi-device support. (This means a single account accessed concurrently from multiple independent devices.) The closest it comes is locally tethering a mobile device to a computer.
- Establishing new contacts requires sharing a large link or QR code, which is not always convenient.
- No support for group calls.
I would not recommend it for talking to family members and people in general, which is what OP requested.
a compromised or hostile home server can still take over the room
A compromised server could affect a denial of service attack against its users, of course. The attacker could do the same thing by simply turning off the server. That’s true on all platforms that use servers. A reasonable response would be to switch to a different server.
That admin (or even a newly minted user) can then send events
Exactly what events do you think would be dangerous?
or listen on the conversations.
No. End-to-end encryption ensures that only the intended endpoints can read the messages. Older Matrix clients have a setting to block the user from sending messages to unverified devices/sessions, in case they somehow don’t understand the meaning of a bright red warning icon. I think newer ones (e.g. Element X) enforce that mode; if you’re concerned about this, you could check for yourself, but…
not everyone will pay attention to unverified warnings
…unfortunately, there are no guarantees when trying to fix human behavior. If you need a messaging app to make it hard for your contacts to do something obviously foolish, then I suggest waiting until Matrix 2.0 is officially released and implemented in the clients. The beta versions of Element X, for example, look like everything is locked down to avoid human mistakes like the one you’re describing.
even with E2EE, the admins of a homeserver can still impersonate you
No, they cannot. Your homeserver admin could create an impostor login session on your account, but it would be pointless with E2EE, because it would be flagged with an obviously visible warning. You and all of your contacts would see that the impostor session was not verified as you (this typically shows up as a bright red icon on the impostor and another one on the room they’re in). Also, the impostor would be unable to read your communications.
Mainly Organic Maps
Occasionally OsmAnd~, though I mostly avoid it because I found building it from source to be more annoying than it should have been, and didn’t care for a marketing campaign they ran a while back.
[Citations needed] or it didn’t happen.
I think this mindset is naïve and unrealistic.
People were saying the same thing for decades in response to a small minority warning about government surveillance, often dismissing them with labels like “paranoid”. Eventually, Snowden came along and produced the citations, at extreme risk to himself and his loved ones. It’s an anomaly that they were ever revealed at all.
History is replete with examples of bad stuff going on for ages before irrefutable evidence of it became widely known. In general, if something can be abused to someone’s advantage, it will be, and likely already is.
There’s precious little extra information that a “nefarious” instance can harvest that any basic web scrapper can’t.
You have a point there, but consider also that effective web scraping uses significantly more resources than having the data you want handed to you. Monitoring Lemmy through federation would be much more efficient.
Signal is fundamentally centralised. It’s not going to become a distributed system like the fediverse, because the protocol’s design doesn’t work that way. (Also, its maintainers haven’t shown any interest in adopting that approach.)
If e2ee email is really what you want, you can already have it with PGP. Various email clients exist that make using PGP possible for a mortal. Good luck getting many of your contacts to use it.
If you also want modern encryption guarantees, like forward secrecy, then consider Matrix instead of email. It already does e2ee and is already decentralised.
To paint a more complete picture, PrivacyGuides.org comes from the subreddit of the same name. When I was last there (about a year ago) some of the people behind that subreddit had a habit of pushing misguided views as if they were facts, and did so with an air of authority that came from their control of the subreddit and the site.
My point is not to support either group, but just a warning: They are not “the privacy community”. Please take their advice with a grain of salt. Sometimes it’s good, and sometimes it is not so good.
I believe Matrix has this in beta, sometimes referred to as MatrixRTC or Element Call.
Edit: Recent status update here:
https://matrix.org/blog/2024/10/29/matrix-2.0-is-here/#3-native-matrix-group-voip-video-matrixrtc
SimpleX has some interesting ideas, but also some shortcomings for people who want a practical messaging service. For example:
- It is funded by venture capital, which calls into question its longevity, and if it does manage to stick around, suggests that it will be leveraged to exploit people once the user base is large enough.
- Its queue servers delete messages if they are not delivered within a certain time frame (21 days by default). Good luck if you take a vacation off-grid for a few weeks.
- No multi-device support. (This means a single account accessed concurrently from multiple independent devices.) The closest it comes is locally tethering a mobile device to a computer.
- Establishing new contacts requires sharing a large link or QR code, which is not always convenient.
- No support for group calls.
I look forward to seeing how its design decisions develop in the coming years, but outside of a few niche use cases, it is not a suitable replacement for Matrix or Signal.
Facebook/Meta (the owners of Instagram) have been extorting phone numbers and IDs from people for years. They don’t target everyone all at once, but a few hundred here, a few hundred there. I don’t know if they do it for all new accounts, but the practice is definitely not new.
This is one of the many reasons why I stopped using their services.
Why would they do that? They are probably american feds.
Maybe, but I can think of another possibility:
There is a certain personality type that loves to feel like an authority in whatever community they frequent, and will jump at the chance to criticize someone whose concerns, experiences, or approach to solving a problem differs from their own. It has been very common in tech support forums for ages, and I think it’s becoming common in privacy forums as the topic becomes important to more people.
So, while it’s possible that some of what you are describing comes from government agency-sponsored influence campaigns (this would not surprise me), I strongly suspect that at least some of it is just mundane egotism. There are a lot of jerks on the internet. Many of them even believe they’re being helpful.
Whatever the reason for it, I agree with you: Those people should be told to knock it off, and if they don’t, then they should be shown to the door.
This article mentions using Global Privacy Control as a replacement for Do Not Track, but doesn’t bother to explain what GPC does. Its adjacent article incorrectly claims that GPC uses the DNT: 1 header field, fails to explain further, and links to a Mozilla page that doesn’t explain it, either.
Even the GPC web site fails here, offering several pages of vague, abstract fluff about their intentions and a useless document full of marketing industry acronyms, without anything substantial about how it works. The single mention of a spec fails to state where to find it. The closest it comes is a tangential sentence containing a broken github.io link.
Finally, and only because I happen to know github.io’s URL format, I was able to guess my way to an organization page, and from there to a project page, which has a README file containing a footnote linking to the proposed spec:
Geez… it’s as though the people involved don’t want anyone to know how this proposed safeguard is supposed to work.
After reading it, it looks like these are the main differences in Global Privacy Control vs. Do Not Track:
- Replaces the
DNT: 1header field withSec-GPC: 1. - Adds a javascript property to indicate the same thing.
- Does not honor preference changes after the first navigation to a site. (Having changes respected apparently requires clearing site data from the browser and reloading. A helpful browser might prompt the user to do this.)
- Defines a way for sites to indicate that they are aware of GPC (but does not require them to honor it).
- Expresses a wish that your data not be shared, but says nothing about it being collected.
- May be considered legally binding in some jurisdictions. It’s not clear whether the few that currently recognize it will enforce it in any meaningful way.
I would like to know the answer to this:
It’s unclear what will happen to users who have DNT enabled when they upgrade to the affected Firefox version. They may see a message stating that “Firefox no longer supports Do Not Track,” or the signal may still be sent to websites. We have asked Mozilla to clarify this and will provide an update when we receive a response.
Neither isolates everything. Both have some isolation features. The features enabled by default vary from package to package, so you would have to look at the permissions on each package to find out.
For a bit more isolation than a flatpak/snap, I suggest creating a separate user account for running chromium (or any other moderately nosy software). Note that linux lets you log in to two accounts at the same time, each with its own desktop, and switch between them. Check out your desktop environment’s “switch user” function.
For even more isolation, you could run chromium in a hypervisor-based virtual machine.
- mox to
- •
- www.reuters.com
- •
- 9M
- •
Do these accept cash, or only ATM cards? (The latter would link your transaction to your bank account, of course.)
What do they give? A printout of a wallet address?