• 0 Posts
Joined 1Y ago
Cake day: Mar 31, 2021


It’s 2 years old, just that is enough to dismiss it

It depends on what hardware you host it. Most people can’t affort powerful hardware. My experience with self-hosted matrix on a raspi 4 and on an old desktop pc hasn’t been great, and the problems grow with the number of users

I constantly see this argument but let’s face it, it’s very unlikely that enough people will ever switch to something like Matrix. I like decentralization and the matrix protocol is brilliant, but it brings many problems:

  • Many people will have to care enough to host their own servers (which now is not remotely as common as it should be) otherwise everyone will just use the biggest severs, weakening the advantages of decentralization
  • It’s way harder to implement new features that people care about
  • People are not used to Element’s UI and there aren’t clients good enough to compete with Telegram, Whatsapp or even Signal
  • The performance wouldn’t be as good exept for the biggest servers, causing centralization again
  • If people don’t use it, it becomes useless, which is the same problem other alternatives have. This means that people must want to change naturally to it, meaning clients, ease of use and performance would have to be at least on par with what they’re using at the moment

On the other hand, Signal:

  • Is very similar to the way Whatsapp works, which is what most people are used to
  • The Android and iOS clients are getting better with time (the desktop client needs to abandon electron but it’s hard with only few developers and it’s a lot of work)
  • The protocol is robust and audited
  • It doesn’t leak metadata, as Matrix does
  • Even if it’s centralized and Signal runs their servers on AWS, the only useful information third parties could gather are timestamps and the recipient of the message, not even the sender
  • It’s easy to jump on Signal, the network of contacts already exists and you wouldn’t need to ask for usernames or email addresses
  • Don’t foget that the clients and the server are open source, and even if the Signal Foundation decides to stop working on Signal, shutting down the services (VERY unlikely), we could fork the projects and bring them back up

Centralization can be problematic, but if it’s done correctly the pros may outweigh the cons, and in my opinion this is the case for Signal, but I’d happy to be proved wrong in future

This makes sense if you have a basic configuration of i3, if you run on i3 many other programs as polybar, rofi, redshift, etc. you’ll find yourself spending way more time recreating something you already have with different software, just to find out that most of the applications you used to run need XWayland to work on sway. I really like the idea, but until applications get a decent support for wayland, I’m sticking with i3 (and I’m really looking forward to switch)

Yeah, maybe OP has something to do with them? They teach to stay away from MLM everywhere, it’s not just reddit. And that’s positive, because it’s a scam

Before reading it I though it was another poorly written blog post, but it actually brings up great points

Imho the doubts about signal are legitimate but way too overblown. Signal has sealed sender, so nobody could (easily) know who sent the message, a VERY strong cryptographic protocol and encrypted profile information. Sure, it’s centralized and it collects your phone number when you sign up, but your messages are safe, they are not stored in the cloud and even if they were collected, all the information would be useless thanks to the signal protocol. I understand that the doubts are in good faith but they dismiss every effort made to bring a solid, private messaging app like signal to the general public. You can’t self-host, third-party clients are not officially supported and the service it’s centralized, but that’s a matter of freedom, not privacy. If it makes you feel better you can use matrix, but the problem you’re trying to solve doesn’t exist

I agree with you that FLOSS doesn’t mean automatically better and there is no reason to wear a tinfoil hat. You ultimately have to trust someone if you don’t inspect the source code yourself. I was just saying that being revolt centralized and having access to every information isn’t the best design for a discord privacy-respecting alternative, but they do have a good privacy policy, so if you trust they respect it (atm no reason to doubt that) then it will be surely better than discord. Discord does collect chat history though. On discord privacy policy:

Information You Provide: We collect information from you when you voluntarily provide such information, such as when you register for access to the Services or use certain Services. Information we collect may include but not be limited to username, email address, and any messages, images, transient VOIP data (to enable communication delivery only) or other content you send via the chat feature.

They don’t say that they sell said information to advertisers (even if they send some data to third parties) and I don’t have seen any report about them getting caught doing that, I’m sorry I assumed. But I admit I get a bit carried away with doubts about companies who offer closed source software to a very large userbase. If there is a chance of making more money, they usually take it.

For the same reason facebook is one of the biggest companies in the world. Having access to thousands of users’ chat history is very useful for ad personalization and could be worth a lot of money. To fight this decentalization and encryption are crucial, you can’t trust that they will never use that data for advertisement purposes, maybe introduced in a privacy police change. Solid encryption algorithms are feasable for smaller groups, but as I said, at least DMs could be encrypted

Since it doesn’t have any encryption the only advantage I see is the fact that it’s open source and that there won’t be (hopefully) any data collection, but conversations will still be completely unencrypted, which is not that great. Nothing tells me that whenever this revolt’s userbase grows in size, they won’t start collecting data, including every message previously sent. Encryption exists so you don’t have to trust anyone to keep your messages safe, I hope they implement some sort of e2ee protocol at least for DMs

This article doesn’t make any sense:

  • In my opinion tabs-on-top has been definitely an improvement. You can switch between them easily, you can see all the tabs available without pressing any key and you don’t need to depend of your desktop environment to switch between these. I use a tiling window manager and this would have been particularly painful if it wasn’t for tabs. In this way you can also have features for tabs like muting tabs and sending them to other devices.

  • I don’t know what the writer means with “Then the about:config option was removed”, as far as I can remember I’ve always been able to use about:config. The only exception is the new firefox for mobile, which has been definitely a step backwards, in terms of customization (very few extensions available and no about:config except in nightly) and usability (I’ve been reporting bugs since it was in beta and they are still not fixed).

    Type in “Firefox Proton” on Google to look at the most commonly searched suggestions if you think I’m in the minority

    This is clearly an example of silent majority. If you like the new design you don’t feel like writing posts here and there to say that. Obviously searching “firefox proton” will show negative feedback, because that’s the only feedback you can get using a search engine. Everyone I’ve spoken to irl has said positive things about the new design, but they’re just opinions.

  • I can’t say anything about bad coding paradigms and poor memory mangement, I’ve never actually looked at the source code and I’ve never encountered problems with memory mangement (but I have with chrome)

  • The section about privacy is just absurd:

    Hidden telemetry that isn’t disabled when you click “disable telemetry”.

    Any source to back up these claims? Based on this detailed post in ghacks it’s actually the opposite, and telemetry is collected without any identifier anyway.

    Auto-updates you can’t switch off, pinging every 10 minutes

    You can easily switch those off in about:addons

    “Experiments” which require a separate opt out

    Oh no, a separate mouse click. Definitely switching to chrome.

    Now the latest offence is enforcing app based 2FA to login to a Firefox Add-on account just to make a custom theme, which you wouldn’t need in the first place if not for forced add-on signing.

    Why would this be a privacy issue?

In conclusion I think this article is just written in bad faith, most of the claims are either personal opinions or just wrong

The problem is that you can’t fact-check a closed source application. They use encryption? Yeah, right, I could monitor outgoing traffic to check if they really are, but how could I even know that the encryption keys are stored safely? Besides backups on google drive are unencrypted, so every effort in encrypting messages end-to-end just for eavedroppers is useless, since they are already protected by TLS. I’ve deactivated gdrive backups and every now and then it shows me a prompt to enable it again, I can bet that the great majority of non tech-savvy people have them enabled. This isn’t a question of fact-checking or reddit teenagers, we only speculate about WhatsApp e2ee, but knowing FaceBook I don’t think there is much doubt about the reason they run a free “encrypted” service for hundreds of million of users.

This kind of extensions don’t need several commits every week, for example updating a software once per month could mean that it’s more stable and has less bugs than one that updates every day. About the feature though, you’re right, localCDN does block a lot more CDN requests

Really depends on which extension you actually install. For example using something like ClearURLs has no way of impacting your fingerprint. Telling people that they can’t install extensions in general is deceiving, instead you should just suggest to consider the pros and cons of each one specifying that some are counterproductive.

For the second part, Bromite is great and I’ve been using it for quite some time, but you have to be aware that using a chromium-based alternative still indirectly depends on google. Using firefox or firefox-based alternatives is the best option

Agreed. I tried many different desktop environments and I still come back to gnome when I want a more polished and modern DE. I can completely understand the critiques but it’s a matter of taste after all