Introducing the Proton Drive Windows app
Cambionn @ cambionn @feddit.nl Posts 0Comments 37Joined 2 yr. ago
Cambionn @ cambionn @feddit.nl
Posts
0
Comments
37
Joined
2 yr. ago
Privacy is not a black & white thing. Every step you take matters. And being entirely private without digital footprint is impossible unless you isolate yourself from the internet entirely.
To answer your question. Yes, they spy on you. To what degree depends on the OS and your settings. But they always cost you some privacy.
But it's never useless to take other steps just because you don't want to or can't switch OS. Because you'll still give them less data if you do. They might still have info on you. But the less, the better.
Taking easier steps like switching mail provider and other services you use to privacy-minded ones are a good and easy start anyone can do. Replacing apps/programs on your system with FOSS or privacy-minded ones is another good one.
Even the biggest noob can make a Proton account and use it instead of Gmail/Outlook. Use 1Password instead of your device/browser's password manager. Use LibreOffice instead of MS Office. Check F-droid for apps before Google Play (and perhaps even use Aurora when you do need it). Use FireFox instead of Edge or Chrome. Install a FOSS keyboard on your phone. Get rid of Social Media. Use Signal instead of WhatsApp. Those are just some example of easy my-grandpa-can-do-this level of difficulty options that already greatly improve your privacy (in fact, after I installed it for him, my grandpa does many of these!). Is it as private as an extremely hardened custom device by a security expert? Nah, but it's definitly much beter than a default device full of big-tech apps. Even if you just do 1 of them!
Since every step counts, I think we should apploud people for caring and starting to take steps instead of deminish them for not going in to the max. Changes like this are slow, especially with a big mass of people. The more people show they care, the more privacy-minded alternatives grow and show up and the more normal it becomes to care about privacy.
Deleted
Permanently Deleted
Jump
Not sure which game was first, but I have early memories of Tomb Raider, COD2 and Larry on a Win95 PC. My first used console was an PS2 while the first I owned was an original Xbox. My first used handheld an original GameBoy, with the Advance SP being the first I owned myself.
The oldest ones I used are different tho. I'm not that old but I went back to try a few older devices over the years.
Well, I also have both atm. Altrough I need to admit my DS Lite is only used as GBA console and for stuff that requires the GBA slot because of weird accesouries (like Guitar Hero On Tour).
I think it's because of that. I play the old DS games on my new 3DS. And while the games did improve, the games on 3DS still wheren't that advanced even for most of the time it was alive, since it laster quite long. So it easily feels more "backwards" than "last gen”. I also don't see as much difference between them as the jump from PS1 to PS2 to PS3. Or the jump from GameBoy to DS serries, and 3DS to Switch for that matter. For the most part, the different DS' feel more like different models than different consoles.
While the 3DS was released in 2010, the DS is only 6 years younger releasing in 2004. The hardware isn't thát far apart. And while the last game for the 3DS was released in 2021, that still was made for at that moment 11 year old hardware (and by now 13 year old). And while the size of games may have quadruppeld between the first DS and the last, 4GB games where nothing in 2021. They bassically kept making games with restrictions of old hardware longer, rather than having a huge improvement.
Personally, for me PS2 era and older is retro for sure. There is a clear distinction where many PS3 games share similar feeling with modern games, while my PS2 ones feel from a past time. We also still had things like memory cards, altrough obviously not all consoles in that generation do. Still, I would put generations on one line, as most console games where ports of the same game across consoles of the same generation, so then that's the last generation with these kinda old ways of storing. PS2's gen is also the last generation console games where completely different from PC, and in my childhood gaming up to then wasn't mainstream but a nerd hobby, causing it to have a very different community. With the generation of the PS3, all of that changed to modern standards.
PS3 and DS I'm a bit in dubio about. Whenever I feel bored with modern games, PS3 and my (3)DS are on the list of "old" consoles I grab back to (together with PS2, PS1, and recently GBC/GBA which I'd consider retro for sure). On the other hand, at least half the games released on it are games I still play on my PC as "modern games". DS is extra hard, as I barely distinct between 3DS as DS in my mind, unless it's using the GBA port for stuff. After all, I play them on the same console and the transition was quite smooth between the DS models making it not feel like a huge gab, unlike the PS2 to PS3. But at the same time, early DS is much older than late 3DS, which I would consider too new for sure.
Anything after that, modern for sure.
(One of) the biggest tech sites in my country uses "at least two generations old" as definition, making PS3 the last retro generation currently. I like it because it fits my usage, but as said I'm a bit in dubio about actually calling the PS3 retro. It doesn't feel old fashioned enough. I mean, that would technically make Skyrim retro. But that's definitly one of those games that are in my "modern gaming" list on PC and Switch...
I can at least personally attest that PS3 is currently the newest gen where people either think you're awesome for buying it now because they get the fun of old stuff, or stupid because they think the old stuff is crap and only the new is cool. For that reason I would agree to allow it on retro places, as modern gaming places just wouldn't appriciate it at all while people who are already into older stuff do on a somewhat regular basis. But that doesn't make it truly retro per se, and it really should take over or be all you use.
it would be possible to bypass the correct accounting of funds. Financial fraud
Well, sure but it'll be quite difficult to hide a large increase in revenue still. Large unussual transactions generally have to be flagged by banks, so receiving and moving around revenue of sold data from your non-profit wouldn't be thát easy unless they only allow crypto or cash. Surely it's possible, but financial fraud on that level is quite difficult and often falls trough sooner or later. Or, the other option is that they don't earn that much from it making it easy to hide, but that sounds like a lot of effort and potential risk for little gain.
Either way, the financial numbers is just one of the reasons. But trust is never build on one thing, it's built on the combination of them. With all things I mentioned, I don't exactly get the feeling it's all hanging on finacial fraud.
The question is also how to check the traffic on the iPhone, if there are even no monitoring tools there.
Use a network you controll (like your home WiFi) and check in- and outgoing traffic network wide instead of on-device.
You cannot check other peoples stuff all the time, but I'd suggest not sending sensitive information to people you don't trust as they could leak it (be it on purpose or not). And depending on level of sensitivity, just speak face-to-face in a private place. There is always a form of digital footprint when doing stuff digital. In the end, you should always assume that nothing is 100% safe, and anything cán be hacked. Trusting digital communication to be 100% safe is foolish. Look at situations like the Encrochat debacle for example. The question is more, which risks are worth it in your threat model. For most people, Signal is good enough as the risks it does have aren't in their threat model at all.
Well outside of the general open source and E2EE stuff, there are a few more things.
They're under a non-profit foundation and charity to which donating is tax-deducatble. That means they have to publicice their financial numbers. Selling data would generate a sudden revenue, which would draw attention.
They also regularily do external audits, both from external audit organisations as individuals. This list was made in august 2022, you can likely find a newer list somewhere. I just did a quick search for you. https://community.signalusers.org/t/overview-of-third-party-security-audits/13243
Signal also runs perfectly fine without anything Google btw. It uses PlayServices only if you have it on your phone (otherwise it just uses WebSockets), as it preserves battery life. However, it doesn't actually send data to Google over PlayServices. Instead it sends an empty notification, which wakes the phone and is recognised by Signal as a trigger to make it connect to Signal servers to grab data directly from there. If you wish, you can check this in the code yourself. I guess you may also be able to confirm this looking at network traffic from and to your phone.
Also a note on the E2EE. Another important thing is that not only the message is encrypted, but also the metadata. Unlike most other chatapps like WhatsApp; who knows where you are, who you talk to, how often, etc. You could theoretically also check this by checking outgoing traffic if you wish.
This also means that unless they somehow secretly have a copy of your private key, there is no data for them to sell anyways. The fact that even in court they've didn't have data to show, them passing many external audits without this being a point (sometimes issues are found, which is normal. If audits are always perfect I'd be more warry. But never on this point afaik), and that nothing in the code nor internet traffic points to them possibly having this, makes me not that worried about the idea that they secretly got a copy of peoples private keys.
So overal while it's perhaps technically possible they secretly run something else on their server and build a back door to read your messages, they are many things that show they don't, and literally nothing that would say they do. And neither does there seem to be any reason why, since they can't sell it nor give it in court. So unless you believe they have some evil bigger plan, I don't see the reason to doubt.
And a little note. Privacy people can be crazy, and I say that in a positive way! If you can check it, people no doubt have, and issues would've been found. Yet many people deep into it still vouch for it. That says something. And the less crazy people profit of this. This is similar to why many big FOSS projects are considered safe even if you didn't check all code yourself. And before you say "but if everyone thinks like that", realise that the craziest don't trust other people either. While smaller projects could hide perhaps, the real big/famous projects like Signal, Linux, LibreOffice, etc would fall trough as soon as they start doing shit.
Used OpenBoard, but switched to Florisboard because OpenBoard seems abandoned and the developer of FlorisBoard came back with an update of what he's working on. So far I'm not mad, the lack of autocorrect did make my typing much better. But as a dyslectic person I can't wait for proper autocorrect to be implemented.
Using FCITX5 for Asian languages.
Business software has very different requirements. It's much harder to implement stuff for them without breaking those requirements. Think compliances like (ISO) norms and laws regarding commercial businesses, contracts, or even the software being made to work and be administrated on a whole different scale. You can't compare really...
While I agree it could go worse from here into a downwards spiral of enshitification, all I meant was that the title is a bit misleading into the other direction; making it sound like they would force telemetry onto users. If they wouldn't say shit about this option, no one would sign up, even if they wouldn't mind it. And basically, they're explaining how they tried to make it as anonymous as possible and that's it's opt-in, which would also be a way to go if you legitimatly want to get data for improvement only. If that's truly what they want, time will tell.
The moment it stops being optional I'm looking for a different password manager right away, I switched more complex and important things for similar reasons. But since my experience with them has been good, I'll give them the benefit of the doubt for now.
Small nuance:
"Later this summer, you’ll see the option to participate in our telemetry system and help improve 1Password. You don’t need to take any action right now, and we won’t collect any usage data without your awareness and consent first. Participation will be optional for Individual and Family plan customers. And at this time, our telemetry system won’t be rolled out to any team or business using 1Password."
Aka, it's an opt-in that you can simply not opt-in to and if you don't nothing changes and then it won't be used on you.
Yup I got the whole Proton suit mainly for email and calendar, but use the rest too for specific use-cases.
I also like that Proton has a few VPN servers with adblocker and tracking blocking built in, so you can use the default DNS and have the same settings as other users which helps with avoiding fingerprinting while still having an easy system wide adblocker and tracking blocker.
Deleted
Permanently Deleted
Jump
I don't think that's true. By now, my whole family and almost all my friends are on Signal. Only a few of them are into IT to start with, let alone privacy. In my family, it was my not exactly tech-savvy grandpa that came to Signal first after I quit WhatsApp! When I quit WhatsApp most of them first went with SMS, but overtime they switched to Signal because it's easier. After a year pretty much everyone is over.
Really, all it takes is someone who's on there but not on WhatsApp (or whatever is the norm around you). Most people don't care much about privacy, and won't switch if they don't have to. But neither do they care much for installing another app if it benefits them (in this case, the benefit was easier chatting with me). Even less they care if that app is Telegram or Signal, especiallly if they use neither already.
And no, I didn't fight with any of my family or friend, nor did I loose contact with anyone I cared about in the process. If you handle quiting WhatsApp with a bit of tact and respect, no decent human being will hate you. Just don't be a jerk about it, but that counts for anything...
Matrix might be a bit more complex, but Signal is really not thát much trouble with "friends outside the privacy niche" other than that they have no need for it (a need which would be created by you switching to it).
I guess the problem is mainly, as someone mentioned, Twitter is for following, Reddit for interacting.
The fact that you have to look for people to follow or you'll have an empty timeline together with the fact that many famous people aren't on Mastodon makes the switch more difficult for Average Joe than Reddit to Lemmy, as this kind of SNS doesn't require specific people, just people.
I wasn't using Twitter for anything but customer care, so as long as I could find some interesting instances and tags I'm fine there. I didn't switch, just joined, so nothing to miss that I had before.
I guess in that way, Meta has been smart to give their Mastodon-based SNS first to populair influencers before releasing it to the public. Altrough I can imagine Meta's version possibly getting blocked everywhere due to privacy concerns tho.
Well, while everything tarketed to Europeans (having EU domains is enough) should follow GDPR including the right to be forgotten, the whole issue is a bit more complex than most people seem to think.
For one, things not marketed to EU citizen don't count. And the owner of a website, this case the hoster of an instance, is responsible for this. Not the software they use (Lemmy). I don't think Lemmy tracks you specifically, as the code is open source and people likely would've noticed that by now. But servers could theoretically. That's why you need to choose a server you trust, or host your own.
An instance aimed at USA people hosted in the USA doesn't need to be GDPR compliant while a German one hosten in Germany would. An instance aimed at the world hosted in the USA also would, but likely breaks GDPR simply by being hosted in the USA. That's part of why big social media need EU servers.
A federated system is not in one place, and another issue is that while deletion requests could be send (and Lemmy supports this accourding to their website), it can't be as easily enforced to be followed by third parties. Of which, there are a lot in a decentral place.
Think of this: If I post something on Reddit, it get's reposted to 4chan, then I remove my original post, then it's still on 4chan. I could ask them to remove it, but that would likely be declined. Since 4chan has little to do with the EU and it's citizen, and doesn't actively market itself, they have little to do with the GDPR. At best you could make a copyright based claim, but that'll change it into a whole other topic.
Federated systems similarily take eachothers content. It's important to note that generally Federated networks don't push their content to other instances. Instead, other instances grab them from each other. How often has federation not gone smoothly causing deleted Mastodon posts to still show up on otger instances because they grabbed the post but not the deletion request (I've seen it happen multiple times already).
The right to be forgotten forces them to make it anonymous and untracable upon request, but not to delete every word you ever typed. Anonymising your account and deleting traceble info only would be enough. That means, if the server you requested to deletes their part + send a request to third parties they deliberatly send info to themselves, they did their job as far as law is concerned.
Any third party that grabbed the info by themselves, would require you to send a new request to them. Considering federation works by grabbing other instances, not by pushing your instance to others, any federated post that still has your old info could still be up if changes or deletion requests haven't been processed.
So is Lemmy bad for privacy by default? Not anymore than the rest of the web, as long as you understand that the whole point of decentral systems mean it's not one place. Best to always keep in mind that everything on the internet is forever and public, even if you delete it or use filters on who can see it, as you can never ensure no one copies it and post it elsewhere.
If your issue with Mastodon was mainly the interface, maybe you could try using a third party app like Tusky. Mastodon's own app isn't great, but when using Tusky it's quite nice.
I was never a fan of Twitter, but I use Mastodon quite a bit. Both for following news and projects as for just posting random crap. I never used Reddit much either, only read when it would come up on an online search. But Lemmy so far has been nice, if not a bit silent. I've got good hope for it.
Most of my intrests are there and have some activity. Mainly the computerstuff and all. But others exist but aren't active. Take for example kpop, japanese music, horses, the elder scrolls. I wouldn't mind a community for western style RPGs as those are nearly the only games I play, with a few exeptions. General gaming ones seem too general for me, too little I care about.
I am trying to post here, but also don't want to spam a community with only my posts and make it looks like some kind of echo chamber. Feels like a delicate balance on the (nearly) inactive ones.
I know I'm a minority in this, but I unironically prefer vanilla Minecraft, it's simple in a good way 😅.
Article says:
Based on Proton's trackrecord in development times I'ld say a far future, but I must admit they've been making meters lately when it comes to releasing stuff. It may be sooner than expected (or it might take years, we'd have to wait and see).