Zak @ Zak @lemmy.world

Posts

10

Comments

1,244

Joined

2 yr. ago

What do you expect a low-volume phone with an alternative e-paper display to cost?

I never said anything to that effect. The ancestor comment discussed running Signal for Android inside an Android emulator for account creation, after which it could be linked to Signal desktop.

Someone could presumably fork Signal desktop to allow the scenario you're describing, but I'm not aware of any such efforts.

I imagine search of server backups would be pretty hard to do securely. Better management of locally stored media would be nice, but you can sort by size, export, and delete media from inside the settings.

The problem I have isn't so much that they're blue, but that they're bright. I have flashlights with modes dimmer than the average modern indicator LED.

If anyone is actually going to get that right in a mainstream product, it will probably be Signal.

If it's true that he did that, yes.

After he's federally pardoned, each affected state can prosecute him sequentially.

A phone number that can receive SMS is required, but it doesn't have to be associated with the device that's running Signal last I checked.

It would be nice if the backups were split into time-indexed files so I could move the old parts to cheap external hard drives and only keep recent backups on my expensive phone storage.

I never set auto expiry and often search messages. Sometimes it's because I want to find a specific fact or datum from two years ago; other times it's just for a reminder of a memory. On occasion, if the history wasn't there, people might remember something important differently.

This comment implies DOGE is for what it says it's for.

DOGE is a political purge and fiscal responsibility is its smokescreen.

Rumor has it they're expensive to manufacture. Add to that a small market and some patents and you get elevated prices.

Amazon might sell Kindles below cost because it drives book sales on their platform, but it's hard for anyone but Amazon to make that model work.

This exploit involved Meta and Yandex apps running servers on your phone which Javascript embedded in trackers would communicate with. You'd have to both allow their trackers and have their apps installed to be affected.

There seem to be two main arguments put forth here:

1. F-Droid does not thoroughly audit the apps it distributes, so they might include bad behavior that is not initially obvious.
2. It is theoretically possible to provide a package to F-Droid that does not match the source code it claims to be based on.

To which I respond:

1. No app store thoroughly audits the apps they distribute. You must ultimately decide if you trust the developer enough to run their app, or audit the code and build it yourself.
2. This creates a theoretical opportunity for a developer or maintainer to upload a package that doesn't match its purported source code, but it's possible to check for this manually, and to automate that process. It's likely anyone exploiting this would be caught and their reputation tarnished. It comes back to the first point: do you trust the developer or maintainer enough to run their app?

If you have average security needs, you probably don't need to worry about this. If you have reason to believe someone well-resourced and dangerous wants to compromise your phone, you should probably be extremely selective about what apps you install and where you get them.

You can editorialize in the body on Lemmy; there's no need to use a title that obscures what the link is about.

It passed the house with a veto-proof majority and the senate unanimously. It is almost certain to become law whether the governor signs it or not.

Isn't Microsoft Authenticator just a password manager and TOTP app? You can replace it with Bitwarden and Aegis (or a dozen alternatives).

It was (and maybe still is) trendy to avoid gluten without any medical reason so it doesn't surprise me you would encounter a lot of people lying about having an allergy or intolerance. Of course people with celiac disease can have a severe reaction to it, so it has to be taken seriously.

It usually wasn't conversations that were at issue. People would engage in criminals acts, such as trading child sexual abuse media in large unencrypted group chats. Law enforcement would find links to those chats, join them, and observe criminal acts, leading to court orders to Telegram to disclose whatever identifying information it had about the offenders, such as phone numbers and IP addresses.

Telegram intentionally split storage of that kind of information across jurisdictions that do not cooperate so that it was effectively impossible to obtain orders for all of them. They bragged their marketing materials that they have never complied with a court order for user information. Taken as a whole, I see that as intentionally facilitating child abuse.

Signal's approach is pretty much the inverse; rather than hoard data about users and shield people they know have done evil, Signal has ensured that it does not know the contents of any conversation, nor anything about users other than when they created the account and most recently accessed it.

Collaborating with Xitter is not the most distasteful thing Telegram has done. Its marketing model has been to consistently lie to people about being encrypted when that's only true in very limited cases. It has also catered to criminals by attempting to make it difficult to comply with legal demands for information, while holding that information for its own purposes.

Signal, on the other hand is always encrypted and does its best to hold as little information about users as possible.

Also I don’t think it’s worth the effort to teach my parents yet another messaging app, like signal.

What is there to learn? Every popular messaging app has pretty much the same UI.

Thanks for the (partial) citation. That's enough for me to believe someone important outside Google actually believes there's a security concern rather than Google just using it as an excuse to be controlling.

That doesn't mean I actually accept the concern as legitimate. I'd find a postmortem of a real data breach where that was a factor at least a bit persuasive, and there are enough countries with disclosure laws I'm inclined to think there would be some if it was a problem in reality.

This is a battle big tech cannot afford to lose.

I don't like this framing. This is about privacy for all of us, and some of the most important providers of encryption software and encrypted services are nonprofits and small companies.