As far as I know, modern cards don’t just send your CC info to terminals, they do some form of a cryptographic handshake (probably a pubkey signature or similar) which gets confirmed by your bank. I believe Caveman was talking more about online shopping, where you have to enter your card number, expiration date, CVC and often your name too.
That’s why I love virtual card systems like MB NET. You just generate a random virtual card for every purchase (or a recurring one for each subscription vendor, for example) and move on. Your bank still knows what you’re doing, of course, but vendors can’t correlate anything. Preventing your bank from knowing where you’re spending your money is much harder, for very practical reasons: fraud detection. The only real way is to use a secure crypto coin like Monero, but very few places accept it and you still have to deal with volatility.
encrypted email
Besides being a form of messaging (so the text somewhat contradicts itself), typical email is a deeply insecure protocol.
In my opinion, it’s probably impossible to secure without making a new protocol or making such drastic changes that it might as well be considered one.
Here are some key concerns regarding the usual PGP-powered encrypted email:
This isn’t to say people should definitely stop using and promoting encrypted email, since it can be useful.
It’s just it gives, more often than not, a false sense of security and can lead less proficient users to send sensitive data through this medium which isn’t nearly secure enough for such use cases. Preferably, people with such threat models should opt for better alternatives, most suggested in that article (such as, but definitely not limited to, Signal, SimpleX, Matrix+Olm, XMPP+OTR/OMEMO, sharing files via MagicWormhole, encrypting with tools like age).
On a slightly tangential note, I think someone should make a Matrix client with an email client interface. I started working on a new traditional chat client (completely nonfunctional still, very much in-dev), but I’ve been honestly thinking more and more about making one looking like an e-mail client, where there isn’t much focus on instant room-based chats, but rather on longer-lived 1-to-1 and list-like exchange of messages.
Yeah Mullvad’s system is better than Proton’s, since the latter asks you to place your username inside the envelope. Mullvad’s random token is better in that regard.
More info on Proton’s cash payments: https://proton.me/support/payment-options#cash
Disclaimer: I’ve never paid in cash on either of these services.
I’m not familiar with any service that works at the international level, but over in Portugal, the biggest ATM network, Multibanco, has had a service called MB NET (now integrated with the newer MB WAY app), which allows you to create temporary cards with 3 different behaviours: one-time, monthly, multiple uses. The first one always has 1 month of validity, while the others only expire after a year, and you can define a maximum capacity.
It works perfectly well in foreign online services, but you have to have a card from one of the associated banks (presumably from their Portuguese branch?).
Another commenter said goldwarden implements that through the Remote Desktop XDG Portal, which only GNOME and KDE support at the moment (wlroots doesn’t implement it yet).
BitWarden is really good. Has (nearly*) everything I want, works well across all platforms and the free plan is very featurefull. Even though I don’t really use any of the premium features, I still pay for the plan, to help fund development, it’s only 10€ a year.
Ah right, airplane mode makes a ton of difference. I also tend to have it enabled as much as I can, usually when I’m home (and thus reachable through VoIP services) or at work. And I (almsot) never turn it off, I just leave it in airplane mode. I limit the charge to 75/80%, with ACCA, so I get even less juice.
And I’m sorry, I also dislike big phones with huge screens and batteries, there’s no real need for that. But I know that you can fit better batteries in smaller phones as well. My previous device was smaller than the Pixel 4a, but had a bigger battery, while having almost identical weight.
I wish manufacturers would make smaller phones, really. I’m very unsure what other device I will get after this one dies or gets broken…
After my 6 year old Redmi 4X’s screen touch decided to die, I got an opened-not-used Pixel 4a (in perfect condition) at the end of 2022, because it was one of the few small-ish phones that had good modding support (Pixel phones are ofc known to be very good to degoogle). I love it. Feels good, works well, has a great camera (got a GCam mod too), etc. Only downside is the smaller battery (3100 vs 4100 mAh), but honestly it isn’t that big of a deal, I can just carry a powerbank on my backpack or, you know, use my phone less.
Back then, it was the perfect choice for me. Now, I don’t know, haven’t been keeping up with current models.
I understand.
You could look into getting a domain either way, it really is pretty simple — you go to a registrar website (I like porkbun.com), choose your domain name and purchase it. To get the email stuff going, it’s just a bit of copy pasting between their guide and the domain’s control panel.
Like I said, this domain stuff is useful outside of Migadu and similar services, but for a more 0-config option, I think disroot is alright. You also have a mailbox.org and StartMail (from StartPage).
If you have your own domain, I recommend Migadu. They take care of all the boring parts of hosting email, while being cheap and very reliable. All you have to do is[1] follow their guude to setup some DNS records and double check everything is right. After that, you have a working email account with unlimited addresses, inboxes and a bunch more nice features.
[1]: Besides getting a domain name, which you should get anyway, since it gives you more control over your digital identity and makes it much easier to migrate providers in the future.
Yeah I feel you. It’s often hard to be fully alert of what you’re sharing all the time. I have slip ups but it’s usually fine, I’m only mega careful regarding things that could give away the city/town/village I live in, and where I work. If I ever really want to talk about it, I will use a different (often temporary) alias.
While this may be a good end goal, these comments are really more harmful than anything else. Removing your dependency on some proprietary service can be very far from trivial, or even doable, there is a wide-range of internal or external factors preventing you from ditching it.
For example, part of my work and a bunch of good online friends of mine use Discord, so I keep it around. If you do any social gaming as well, you’ll also most likely find it hard to ditch the platform, as it’s grown deep roots in the community.
Anyway, it’s better to take small steps in the right direction than trying to make a U-turn and fail miserably.
Yeah, they have upped their “paranoia” quite a bit in the past couple of years. A while back, I discovered smspool.net while trying to register for Claude (wanted to give it a shot, was disappointed) and was so satisfied by their interface and prices I’ve used it again in 3 other occasions. There may be other similar services out there, you should give one a try next time Discord prompts you for a number.
Depends a lot on your threat model, of course, but here’s what I do:
Using a hardened browser and not giving them your real phone are likely the most effective steps, everything else is either less relevant or overkill. As I said, depends a lot on your threat model and on your requirements (some things may be unachievable if you’re forced to use Discord by your employer, for example).
Revolt is an amazing project and has a lot of great energy behind it, but one must not forget the issue that is scale. Discord is absolutely humongous, serving millions of concurrent users with pretty good performance overall. I’d love to see Revolt reach such userbase, but realistically, two 2nd year CS students are unlikely to get there. For a platform to reach such volume there needs to be money, which is likely to come with strings attached. Though what you say is true – Revolt has strong open-source roots while Discord has always been a VC fueled company, so I’ll keep my hopes hehe
Regarding Nitro, I agree it is a bit too much, but I actually think a subscription of sorts with bigger upload limits, streaming quality and so on (the original point of Nitro) is a pretty nice model to sustain a platform since it helps cover the cost of all needed infrastructure. Of course, Discord Nitro has since gained a lot of extra fluff and nothing impedes Discord from both selling a subscription and our data (which they’re likely to do), but the premise is quite reasonable.
Like others have said, on Discord the data rests entirely on their servers, without E2EE (so completely visible to them). They claim not to sell any data to anyone on their privacy policy (at least last time I checked, might not be up to date), and if you believe that (which isn’t entirely unreasonable, though I’d find it unlikely) the platform is probably more decent than the other giants. It also lets you browse communities without a real account (you can just open the browser app with a guest temporary account by just giving a name), which is really neat for exploring certain communities, as you were saying.
Now, I’d like to add a couple of points.
First, it’s easy to dismiss this because of the general anti-privacy stance regarding Discord, but it is absolutely undeniable that they have the absolute best platform to run and manage an online community based on chats. They have, in my opinion (and I’ve tried nearly every platform that is remotely known), the best implementation of text and voice channels, reactions, roles, onboarding, events, statistics and bots as well. Guilded was (is?) an excellent platform in terms of features as well, but they lack the massive network effect Discord carries, which is another undeniable big factor. As much as I dislike it, the network effect is really strong and, in my experience, with exception of very close friend circles and generally privacy-oriented folks, realistically adopting other alternatives is really tough.
Second, the corporate feel you mention is a bit lost on me. Certainly they are not as down-to-earth as some community-run projects can be, however they are visibly better than similar platforms like Slack.
Why all this? Am I a Discord shill?
Quite far from it. I don’t like them, nor do I hate them. Hate is a pretty strong word which unfortunately is thrown around quite a lot in topics as this one. Discord is really not ideal from a privacy perspective but let’s not completely disregard its many merits. I find that more often than not, conversations in pro-privacy circles revolve around hating on companies and platforms and dealing with absolutes, but the truth is that privacy need not be dealt in absolutes. It’s all relative and dependant on each person’s needs, and failing to see that more often than not harms the whole cause and people trying to get in.
Anyways, went a bit offtopic, sorry for that. Rant over, I suppose.
Adding onto what’s already on the thread, you can try look at the newer Element Call, which is an implementation of Matrix’s native calls.
I’ve been using it a bit recently, since Jitsi seems to have stopped working reliably for me (to be frank, I’ve not put much effort into debugging it yet). It works well, but it’s still early stage, lacking some features Jitsi has. If that one works for you, I recommend you stick to it.