• 3 Posts
  • 14 Comments
Joined 5 years ago
cake
Cake day: June 28th, 2020

help-circle
  • One of my banks properly uses TOTP which is independent & the other uses SMS which isn’t secure, but is also independent. I would straight up leave a bank if an app was required since there are always other options.

    Family is the easiest to convert since they have unconditional love for you & would me the easiest to understand your concerns. You could even roll out a Snikket instance for everyone to use together.



  • The adaptors are flimsy and hang funny. Both of these options are putting additional strain on the only port for charging & data transfer—which is also making you choose audio or charging / transfer. Or they want to push you into buying irrepairable, flaky, branded earbuds what generally have worse audio quality & always having latency. When all non-phone devices are still understandably using the standard 3.5 mm jack, why give any money & reward these companies putting out devices with user-unfriendly IO when I can support one that does meet my needs?

    You can make Linux more secure by various means, & we will never get to a better state until early adopters start adopting the ecosystems. I would rather do this than support more Google ecosystem stuff.

    GrapheneOS doesn’t really give you choice. This isn’t cool to me—& you will have a hard time convincing me otherwise since there are plenty of precautions I can take with my setups & my threat models without being told there is only one option.




  • Being able to have a decentralized form to accept patches is key to keeping the D in DVCS (distributed version control system). Pijul you can omit the email & even name if you want to be anonymous, or your key servers could offer better forms of communication.

    I totally disagree with letting Microsoft GitHub be a sink for email. Not only is it US-based, publicly-traded with shareholders to appease, & fully proprietary… but they are also a major data siphon with Copilot™ products trained on then sold back from code & conversation in what should The Commons which probably include these no replies. We are also talking about a massively centralizing platform saying omitting your email is fine since you can direct your contributors to use their closed, proprietary platform—something anyone with any sympathy for free software ethos or even basic privacy for contributors would never demand, endorse, or encourage the usage of MS GitHub in any form.


  • Pijul decouples your identity from you commits & proves your SSH key ownership. It is a beautiful thing that you can change your name or email & not have to get a force push to update all that info since you are now just identified by the primary key from the identity server. No more worries about being embarrassed by your old Protonmail or GMail account,no more dead names in the commit history, & no care about identity stealing by just changing the config.




  • toastal@lemmy.mltoPrivacy@lemmy.mlOpinion on the Matrix protocol
    link
    fedilink
    arrow-up
    10
    arrow-down
    2
    ·
    3 months ago

    Matrix literally syncs the entire data/metadata history to all other servers where someone pops in; chat is meant to have an ephemeral aspect to it. The whole network is de facto centralized on Matrix.org or the servers they host for others which means one org has access to almost everything—like the issue with Signal.

    What’s scary to me is how expensive it is to run this eventual consistency model, which should not be a protocol requirement for this style of communication. It sucks so much RAM, so much storage, so wasteful—which causes medium-sized servers to shutdown on maintenance costs alone which causes more users to leave for the Matrix.org. These are not the characteristics of a revolutionary protocol—revolutionary is users & collectives to reasonably be self-hosting this stuff for their privacy & autonomy.



  • FYI for the other commenters, UnifiedPush can work thru the Prosody mod_unified_push or any server with a up where Conversations (& its forks like Cheogram, Monocles, Blabber) can be a distributor. This has the added bonus of coming with an awesome decentralized XMPP chat server getting to reuse a single connection & single app to server instead of separate ones. Conversations is the most efficient chat client on Android in terms of resources (battery, network, RAM) so might as well keep it lightweight—which you are probably trying to get push notifications from the likes of Signal or Element, but what is the point when you have an efficient XMPP server for your chat needs?

    However, I think UnifiedPush might be a bit flawed—as if the startup that created ntfy is pushing others to try to adopt their standard instead of getting folks on board with the older & capable MQTT (which also can be ran thru mod_mqtt on your XMPP server). I am not yet sure if this is a tinfoil take or not.


  • Host your own XMPP node outside the country’s jurisdiction, turn on E2EE if it weirdly wasn’t on by default, & don’t trust the big centralized servers they could easily ban. Apparently everyone wants to dismiss XMPP since you can disable the E2EE (since it is a generic protocol for lots of stuff) despite encryption being on by default on every modern client—so there is your deniability 🙃 Unlike Matrix, the average user can afford to run it on a toaster too.