Hey! Thanks for this. I’ve worked with Ubuntu and Debian but mostly work on Mac. I’m interested in going deeper into Linux distros and am completely fine with working from terminal. I’m just curious what exactly makes the Fedora and secureblue distros more difficult to understand how far I am from running a secure distro.
I‘m referring to them handing over the data to law enforcement of the US and other unknown governments.
What exactly they hand over I can’t tell you, it might be harmless. In the case that they revealed they used push notifications data to identify a pedophile who was using some encrypted messaging service. I hope he gets what he deserves but for us it means we shouldn’t trust anything that uses Apple‘s or Google‘s push notification servers.
Yeah I know about Molly etc., but the point is, no one I know is going to degoogle their phone and use that. It would be easier if they’d just use a more private, decentralized app that also doesn’t ask for a phone number ffs.
Oh boi I’m trying to get people to use simplex exactly because of this. I managed to bring most people to Signal and they’re cool with it because it just works, but I don’t trust them at all. Sure there was this court order where they didn’t have any user data except account created date and last active date, but since almost everybody uses either Google‘s or Apple‘s push notification servers turns out that doesn’t matter so much from what I undertstood.
Yeah the device limit is annoying. I switched to AirVPN when Mullvad stopped doing port forwarding and it’s been fine so far. I’m not a network expert so I honestly don’t know the difference between the two protocols enough to say that they’re any benefit of one over the other, but there might be a reason that WireGuard is becoming the default? Idk honestly.
Anyway, AirVPN still suports port forwarding and supports OpenVPN so might be an alternative for you. They don’t do security audits which is imo sketchy and makes me question if they are honest about their no logs policy, but otoh they have been around for a long time and there hasn’t been any incidence, which makes me think they’re probably good enough for torrenting.
Yeah what can be done is create a clean Google account registered through an anonymous phone number and a throwaway user name & password, and best to secure it with a hardware key just to make sure no one can get into your OTPs by somehow getting access to those credentials. That should allow you to save credentials in an account at least if you make sure to not login to it on the same device as your other accounts.
But also not blaming anyone for not trusting Google in the first place.
I read their article but didn’t understand their methodology. This is pretty much in contrast to this video where a bunch of apps got audited and to everyone’s surprise Google Authenticator seemed like one of the most private alternatives.
Really not trying to defend Google here because… they’re fucking Google, but I’m wondering why the results are so different.
Ah got it: https://simplex.chat/downloads/#desktop-app
You can link your mobile device with desktop to use the same profile remotely, but this is only possible when both devices are connected to the same local network.
That’s cool I’ll look into that, any alternative to a centralized service that requires phone number auth is appreciated and I think competition will make these apps only better.
I like SimpleX because you can self host, create hidden profiles and even throwaway invite links. What platforms are you missing for SimpleX? I think you can run it on Android, iPhone and through Fdroid plus you could even run it on Tails. I don’t really need interconnectivity so never tried it, but I think it exists. Anyway, for me it really doesn’t matter, just stumbled upon SimpleX and liked it.
Yeah tbh if you’re a software engineer there’s barely a way around using LinkedIn, I got almost all my jobs through being contacted by recruiters on LinkedIn. I kinda hate that my info is out there but otoh with every switch you get more money and I guess unless you’re some kind of whistleblower or government dissident you’ll have to live with exposing yourself to an extent or miss out on good opportunities.
Somehow I always end up hating Proton. I was using TOR Browser to create an account and they wouldn’t let me. I had to give either another email or my phone number, and I’m not willing to do either. I even tried creating a throwaway with mailbox.org (works using TOR) and sending the confirmation email there but it never arrived, so I gave up on Proton.
I also tried Tuta and they wouldn’t let me create an account at all using TOR. So eventually I’m sticking with mailbox.org
No I get that, thanks a lot for explaining! I work with a bunch of other stuff where help is mostly also only available on discord so that’s fine.
I really need to read into the whole Android stuff more. I know privacy and security are different topics, it’s just a weird thing to wrap my head around that Android would be the most secure option.
Another issue is that for what I’m doing I need to rent VPSes and there you’re already quite limited as to what you can run on them, probably Android wouldn’t be an option right? And let’s say I want to deploy some apps there would this work on Android out of the box? I know it’s Linux under the hood I’m just not really deep into the more advanced Linux stuff tbh.