But I dislike that it requires even going that info
I never understood this stance… do people really think a corporation is going to risk their entire company over your anonymity when their country’s government does not allow this? Nobody is going to jail for you.
Plus, if everyone could easily sign up anonymously, then like they said, it would be overrun with bots and the reputation of their IPs would quickly deteriorate to where most other email providers would just block them, making the service almost worthless.
How would you know?
You probably wouldn’t have heard about it simply because it’s illegal to publicize a secret subpoena/warrant. Such orders are given as National Security Letters with a permanent gag order, going so far as to preventing the recipient from even seeking counsel; it’s a massive abuse of power and due process in the US to get companies to lie and do whatever they want.
Yes but I think you still need a unique fingerprint in order to tie that data to a single person… and there are much less people who use ad-blockers than those who don’t, so to me it’s an extra bit of identifying information; obviously this puts the privacy-conscious user in a difficult position and I don’t know that there’s a perfect answer.
why change the title
As I mentioned, I felt it was more transparent to say where the money comes from and let people draw their own conclusions. Of course there will always be dissenting opinions no matter which title is used, I think that just comes with the territory, and I’m ok with that; I don’t think there is a single right or wrong answer. I’m sorry that you disagree with my choice. I encourage you to make similar posts wherever you’d like with your own desired title.
Thank you for your perspective.
I don’t think it was meant exactly that literally. If you use online banking then of course you have to allow whatever they require for it to work. But for non-necessary services that have an account feature… any time you use those of course will have more of your information out there to sell and track.
Original title was “F-Droid Awarded Open Technology Fund’s FOSS Sustainability Grant”. Not trying to be tinfoily but I thought it would have been even more irresponsible to not make it clear where the money really comes from as I think most people aren’t aware.
Either way, please do your own research and draw your own conclusions and I promise I have no intentional agenda in reporting this… besides transparency.
I have read the spec, used the service and also implemented my own clients before, that is why I’m so confused by what you’re saying, because this has not been my experience at all. If a user joins a channel, whether they are an admin or not, whether it is encrypted or not, then unless the channel is explicitly setup to only allow verified users to talk (not the default), my understanding is there is nothing preventing that new user from seeing all new messages in the chat.
I don’t understand. How would the sender prevent messages from going to the admin user that joined the room? It sounds like you’re implying new users simply can’t join a room? That makes no sense to me… I’ve certainly never experienced that. I see new users join encrypted rooms all the time and they can talk just fine… so what’s the deal? And isn’t verification off by default?
What do you have to say about this then?
In an encrypted room even with fully verified members, a compromised or hostile home server can still take over the room by impersonating an admin. That admin (or even a newly minted user) can then send events or listen on the conversations.
Perhaps we have a different definition of “impersonate”… not everyone will pay attention to unverified warnings, and afaik they can still communicate with people (just maybe not read old messages)… but I would love to be proven wrong.
Unfortunately even with E2EE, the admins of a homeserver can still impersonate you or take over your channel.
Of course you could run your own instance, or maybe none of this is part of your threat model, but I felt like bringing it up either way.
Most packages/installs of Signal contain proprietary code. I suggest Molly-FOSS instead.
Even if Section 230 didn’t require providers to terminate the user’s service, providers further upstream could technically punish that ISP for breaking their own ToS depending on what it is.
People like Liz Fong-Jones and Keffals have successfully lobbied multiple Tier 1 ISPs to blackhole websites that have posted information about them that they didn’t like based on this fact, behavior which the EFF has specifically called out as a threat to the free and open Internet. Even the CEO of Cloudflare has openly admitted to being personally involved in blocking sites without a really good reason.
Contains proprietary code. I recommend Molly-FOSS instead.
Honestly I find his attitude to be quite commendable and I think that speaks much louder than whatever it is you disagree with.
Maybe he should have just left Trump’s name out of it entirely as that seems to be what really pushed people’s buttons.
People are going to twist things around no matter what is said though. Don’t forget hindsight makes everyone look guilty.
What’s the benefit for them?
Not being targeted by a President.
https://www.cnn.com/2024/10/29/business/ceos-trump-revenge-nightcap/index.html
https://www.cnn.com/2024/06/05/politics/trump-prosecute-political-opponents/index.html
Why they wouldn’t want to please previous administrations?
Those administrations weren’t targeting them.
I think it’s always about the money, plain and simple. If there is a threat to their gravy train, they will bend over backwards to keep it going. Otherwise, they don’t care about you.
I find it disappointing that people interested in privacy would have such little respect for a private individual’s right to have their own thoughts.
Ding ding ding.
It seems the vast majority of people do NOT want to allow speech they don’t like, no matter the consequences. That requires too much forward thinking. Excuse me while I watch history repeat itself…
Japan’s penis festival comes to mind
F-Droid not being trusted. They build and sign a developer’s code on their behalf, so there is a chance for injection there.
There are reproducible builds, but I would argue it’s not taken seriously enough. Like right now nobody is publicly verifying Signal’s supposed reproducible Android builds and they’ve historically had problems keeping it working.
Also how most (or all?) Play Store apps (including FOSS) contain proprietary code.
jmp.chat