Linux on desktop, self-hosting and GrapheneOS too.
I have a few smart watches, namely PineTime and Watchy by SQFMI but… honestly I don’t wear them anymore simply because I try to be as minimalist as possible. In fact just yesterday afternoon I was wondering if I could do without GrapheneOS because I might actually NOT need a phone.
So… what do you want out of watch?
I can recommend both but honestly it depends on your need.
Interesting, it’s also not a chapter in https://browser.engineering/
That being said I imagine Google messed up the whole landscape with its Manifest V3 situation.
Also I imagine after a certain expertise threshold, one can relatively easily re-create an addon themselves. I’m thinking people who are familiar with Tridactyl or GreaseMonkey might not be as sensitive as this problematic.
FWIW I don’t recommend starting a post about selling data where the very first link points to a Google product.
Consider next time not linking to YouTube but instead the blog post that linked to it and ideally an alternative more privacy conscious frontend, e.g. invidious.
you shouldn’t run software that accesses such intricate personal information if you don’t trust it, if it can be updated to change to grab all that data.
Yes, and you should also brush and floss your teeth, do physical activities, buy local produces, recycle everything, do your due diligence on all political candidates, etc, etc. In practice we ALL have to make pragmatic choices. There are not a lot of browsers and basically for fully featured engines there are (arguably) only 2, Chromium by Google and Firefox by Mozilla. One is an advertising for profit company, the other is not. If you genuinely care a lot about privacy though you might not have to use either, you might be perfectly fine with much simpler browsers like Links or even lynx and I can tell you with a lot greater confidence that there no data will leak. You can also containerize your browser using e.g. https://docs.linuxserver.io/images/docker-webtop/ and then run within there whatever you want.
since Mozilla seems to potentially give itself a license to all your data, apparently.
That’s not correct, you mean some data from your browser usage. I think it’s important to be precise here otherwise through shortcuts you try to convince yourself, and others, about a problematic situation that just does not exist.
So which browser do YOU trust and why?
then optionally, after a short while if you are convinced
No matter what you do you will be “left behind” but at least you have time to learn something useful in the meantime then reassess.
I know you ask this question in jest but basically it cascades, e.g. if I trust Debian or F-Droid, then I trust that the applications they include in their distribution or store is both secure enough (no piece of software is perfectly secure) and actually does what it say it does. In turn I believe they do the same, namely that initially when an application is added to their collection, they do review the application and the code yes. Then each update is only a gradual check, if ever done, assuming nothing special happened, e.g. no main maintainer change. If it’s far from perfect, and as somebody linked else there are limits (e.g. https://en.wikipedia.org/wiki/XZ_Utils_backdoor ) but in “normal” situations it’s enough for me.
Anyway that’s just my perspective on the matter, on your problem specifically after a brief ~5min search I haven’t found exactly what you are looking for but here are still some examples of what I do find helpful :
Those though are mostly around security. They are definitely linked to privacy but still distinct. If I genuinely cared about the topic I would directly ask if organizations, non-profits, etc do think about the topic, e.g. Access Now, EFF, Exodus Privacy.
If by any chance you do find something helpful there please do share back.
a Jia Tan type of actor
Yes, absolutely, yet the fact that we even know who they are proves that it’s definitely an odd case. It’s important to remember it but it’s definitely not a normal situation.
I haven’t but I did built relatively large projects before (e.g. browsers) and basically it depends mostly on 2 things :
I think it’s interesting to do but honestly as someone else mentioned, builds are signed. In fact at the end of https://grapheneos.org/install/web#verified-boot-key-hash you get the verified boot hash. The goal is precisely to check that you actually get what you are supposed to have running. Basically the big picture of reproducible builds is that you do NOT have to do it and can STILL verify that you have exactly, up to a single bit, what should have.
Be mindful that such a program would have to be safer than the situation without. A program on a public repository that isn’t used by any distribution, isn’t audited, hasn’t a lot of comments (and thus eyes on its code) might be a disproportionate risk compared to the default settings of a popular open source distribution IMHO.
Hi there, how about keeping history of past messages? I mean if all participants leave the channel, can they all keep history using e.g. localStorage and when they come back, see what has been shared until now including when they were away thanks to history of that channel from others?
It doesn’t have to be though. It could be BOTH convenient AND private. It’s only because we, as a society, didn’t fully understand the “cost” of “free”. We thought it was just so nice to get a good search engine without having to pay. We didn’t grasp that it was the beginning of surveillance capitalism. We didn’t understand that this business model would be so successful every company, from news ones like Meta, to “old” ones like Microsoft or Amazon, would try to be hybrids, both selling stuff and but also re-selling data to advertisers.
So no it’s not a false choice, it’s a corner we strategically got pushed into.
I believe, maybe naively, that initiatives like https://uattest.net/ or even https://www.taler.net/ are trying to show that it can be both convenient and private, but NOT while relying on surveillance capitalism which is precisely investing a lot of money to bring the maximum convenience, including free (hard to beat) but at the cost of privacy.
Edit: seems GrapheneOS isn’t into UAttest initiative https://grapheneos.social/@GrapheneOS/116200110686604617 but I’m not sure what alternative they propose.
trust that they won’t add any collection without telling people.
It’s open source so you can inspect it. If you don’t know how to do that you can pay for a 3rd party audit.
Also if it were to be found out, even without being open source via some pack inspection (e.g. using a software that checks if data is being sent to a server, e.g. imagine starting Firefox on a virtual machine then checking if any data goes to e.g. firefox.com) and it were to be published then their entire brand would be dead. So rationally speaking I don’t think that’s a worthwhile bet.
FWIW not on income but on top wealth, Musk has $792 Billion (ffs…) so ~$1000B and we are 8.4B Earthlings so ~10B. If we were to spread equality his wealth (which I’m all for) it would “only” gives each of us ~$100. Conclude from that what you will but to me it’s just a reminder of just how many people we are. A lot.
PS: this isn’t about income and it might be totally different there. If you have a better metric and approximation I’d be all ears.
assuming you trust JMP
Any 3rd party security audit that would help on this specifically?
I think that’s precisely what this is questioning : is this helping fund critical FOSS?
What if a fraction of that money instead went to Signal infrastructure? Wikimedia? FSF which initially made GNU PG? FSFE? NLNet which supports Delta Chat? Sovereign Tech Fund? etc rather than individuals?
I don’t think anybody is criticizing that hard working people contributing to a good project are well paid. I believe the question is rather what’s the cost to OTHER projects when there is 1 project, not an umbrella projects which funds others (again like NLNet or the Sovereign Tech Fund).
What model are we reproducing and what’s the risk?
FWIW the question isn’t new. It happens also with Mozilla with the compensation of its C-suite staff, not the “random” software engineer.
It’s not about TomsGuide or OP, it’s about Securitum (who did the audit) and their methodology. If you don’t trust the audit then please out why and we’ll see if they fix the problem. It’s genuinely valuable.
Checkout https://splintercon.net/ and follow the advice given to political dissidents and journalists.
Sure but that’s about 8 years too late https://en.wikipedia.org/wiki/GitHub#Acquisition_by_Microsoft
So for the PineTime the most popular firmware is https://infinitime.io/ and by default you get
and the PineTime is relatively slick, large bezel but frequently people told me, surprised if they knew me, they though I had an Apple watch, which was a brilliant moment to open up the discussion about open source, free software, open hardware.
Meanwhile Watchy has e-ink and the 3D printed frame is very bulky. It’s definitely a lot more noticeable and I received few compliments for it. By default its firmware is https://github.com/sqfmi/Watchy and…
… and that’s about it. Honestly the Watchy ecosystem is a lot less lively than InfiniTime. Sure you get some different watchfaces but that’s about it in terms of popular customization AFAICT. Basically I’d only recommend it if you only want a watch for time and if you are adamant about e-ink.