https://www.reddit.com/r/ProtonMail/comments/1i2ff6q/call_for_andy_yen_to_resign/

In an unexpected mask off "secure" email and VPN provider Proton took the stance of siding with the fascist MAGA Reps. Proton's services are no option for me and many others any longer. Let's collect and discuss alternatives (E2E encrypted email and VPN) here 🔐👇

Always try to provide:

-Server location (jurisdiction)

-Governance

-Integrity/trustworthiness/transparency

-User experience/ease of use (grade 1 to 10, lets take Proton as a benchmark with an 8)

-Pricing and links

If you know alternative setups, feel free to share, too.

#ProtonExodus

Background: https://lemmy.ca/comment/13913116

Edit:typo

The following is a cross-post from my mastodon thread

In the wake of metas enshitiffication I have seen people recommend Signal and Matrix as private open source alternatives to meta products. In the following thread I will outline how if your goal is software freedom anti surveillance and anti censorship the best option for direct and group messaging is neither Signal nor Matrix but instead the up and coming https://simplex.chat/

Signal is centralised meaning its vulnerable to censorship it almost got backdoored by uks online safety bill and that bill still has a damocles sword clause hanging over signal. Signal is also not anonymous, your account is linked to you through your phone number, if your contacts are compromised then your conversations can easily be linked back to you and your contacts all be correlated. In contrast simplex is like having "a burner phone for every contact" meaning even if one contact is correlated you have no consistent identity that can be compromised by default. Also simplex has a custom onion routing protocol to hide your ip from relay servers by default and it makes it very easy to connect over tor if simplex is blocked in your country im pretty sure signal doesnt do that. Matrix has been floated as potentially being a decentralised and e2ee open source alternative to Signal, but Signal shares one massive pro with SimpleX which is that both have post quantum encryption meaning that quantum computers that many researchers say are a few short years away from being able to decrypt all historical data that is encrypted using classical techniques ie not post-quantum encryption - such as the private messages you are sending across matrix today Afaik Matrix currently has no plans to add post quantum (PQ) encryption today and previously they were relying on it being implemented in MLS a standard that Matrix has been trying to adapt to their decentralised framework for years with stagnant process. Whats more afaict the motion to add PQ to MLS quietly expired and wasn't renewed so it's likely not coming any time soon. SimpleX has PQ on top of their classical encryption implemented and working today and you can download the app and have PQ rn (the additional classical encryption is insurance in case it turns out PQ has some classical attack vector, hybrid encryption is recommended by sec researchers at this stage) In conclusion both Signal and SimpleX are PQ unlike matrix but SimpleX and Matrix are decentralised and less vulnerable to censorship than Signal, while only SimpleX supports Tor connections and protects ur IP with or without Tor, and has no persistent unique identifier creating a "burner phone for every contact" scenario where compromised contacts cant necessarily be used to correlate ur other contacts/groups simply by looking at ur phone number/username in those groups

Heres some evidence and argumentation to support building post quantum encryption now, state and capital are hoovering up encrypted data rn to decrypt for profit as soon as it becomes cheap enough to do so with quantum computers https://www.youtube.com/watch?v=-UrdExQW0cs

And here's the best explainer of SimpleX on youtube, sorry about the racist thumbnail the guys a right winger but his knowledge on OPSEC is valuable. If you don't know why the thumbnail is racist search "Terry Davis glow in dark" (the search results for which I have to give a racist slur cw for but theres no slurs in this video) https://www.youtube.com/watch?v=0cRu98XSap0

edit: see whitepaper for technical privacy details https://github.com/simplex-chat/simplexmq/blob/stable/protocol/overview-tjr.md

I have never liked Apple and lately even less. F.... US monopolies

(I know many of you already know it but this incident I experienced made me so paranoid about using smartphones)

To start off, I'm not that deep into privacy rabbit hole but I do as much I can possibly to be private on my phone. But for the rest of phones in my family, I generally don't care because they are not tech savvy and pushing them towards privacy would make their lives hard.

So, the other day I pirated a movie for my family and since it was on Netflix, it was a direct rip with full HD. I was explaining to my family how this looks so good as this is an direct rip off from the Netflix platform, and not a recording of a screening in a cinema hall(camrip). It was a small 2min discussion in my native language with only English words used are record, piracy and Netflix.

Later I walk off and open YouTube, and I see a 2 recommendations pop-up on my homepage, "How to record Netflix shows" & "Why can't you screen record Netflix". THE WHAT NOW. I felt insanely insecure as I was sure never in my life I looked this shit up and it was purely based on those words I just spoke 5min back.

I am pretty secure on my device afaik and pretty sure all the listening happened on other devices in my family. Later that day, I went and saw which all apps had microphone access, moved most of them to Ask everytime and disabled Google app which literally has all the permissions enabled.

Overall a scary and saddening experience as this might be happening to almost everyone and made me feel it the journey I took to privacy-focused, all worth it.

23andMe is not doing well. Its stock is on the verge of being delisted. It shut down its in-house drug-development unit last month, only the latest in several rounds of layoffs. Last week, the entire board of directors quit, save for Anne Wojcicki, a co-founder and the company’s CEO. Amid this downward spiral, Wojcicki has said she’ll consider selling 23andMe—which means the DNA of 23andMe’s 15 million customers would be up for sale, too.

23andMe’s trove of genetic data might be its most valuable asset. For about two decades now, since human-genome analysis became quick and common, the A’s, C’s, G’s, and T’s of DNA have allowed long-lost relatives to connect, revealed family secrets, and helped police catch serial killers. Some people’s genomes contain clues to what’s making them sick, or even, occasionally, how their disease should be treated. For most of us, though, consumer tests don’t have much to offer beyond a snapshot of our ancestors’ roots and confirmation of the traits we already know about. (Yes, 23andMe, my eyes are blue.) 23andMe is floundering in part because it hasn’t managed to prove the value of collecting all that sensitive, personal information. And potential buyers may have very different ideas about how to use the company’s DNA data to raise the company’s bottom line. This should concern anyone who has used the service.

DNA might contain health information, but unlike a doctor’s office, 23andMe is not bound by the health-privacy law HIPAA. And the company’s privacy policies make clear that in the event of a merger or an acquisition, customer information is a salable asset. 23andMe promises to ask its customers’ permission before using their data for research or targeted advertising, but that doesn’t mean the next boss will do the same. It says so right there in the fine print: The company reserves the right to update its policies at any time. A spokesperson acknowledged to me this week that the company can’t fully guarantee the sanctity of customer data, but said in a statement that “any scenario which impacts our customers’ data would need to be carefully considered. We take the privacy and trust of our customers very seriously, and would strive to maintain commitments outlined in our Privacy Statement.”

Certain parties might take an obvious interest in the secrets of Americans’ genomes. Insurers, for example, would probably like to know about any genetic predispositions that might make you more expensive to them. In the United States, a 2008 law called the Genetic Information Nondiscrimination Act protects against discrimination by employers and health insurers on the basis of genetic data, but gaps in it exempt providers of life, disability, and long-term-care insurance from such restrictions. That means that if you have, say, a genetic marker that can be correlated with a heart condition, a life insurer could find that out and legally deny you a policy—even if you never actually develop that condition. Law-enforcement agencies rely on DNA data to solve many difficult cases, and although 23andMe says it requires a warrant to share data, some other companies have granted broad access to police. You don’t have to commit a crime to be affected: Because we share large chunks of our genome with relatives, your DNA could be used to implicate a close family member or even a third cousin whom you’ve never met. Information about your ethnicity can also be sensitive, and that’s encoded in your genome, too. That’s all part of why, in 2020, the U.S. military advised its personnel against using consumer tests.

Spelling out all the potential consequences of an unknown party accessing your DNA is impossible, because scientists’ understanding of the genome is still evolving. Imagine drugmakers trolling your genome to find out what ailments you’re at risk for and then targeting you with ads for drugs to treat them. “There’s a lot of ways that this data might be misused or used in a way that the consumers couldn’t anticipate when they first bought 23andMe,” Suzanne Bernstein, counsel at the Electronic Privacy Information Center, told me. And unlike a password that can be changed after it leaks, once your DNA is out in the wild, it’s out there for good. Some states, such as California, give consumers additional genetic-privacy rights and might allow DNA data to be deleted ahead of a sale. The 23andMe spokesperson told me that “customers have the ability to download their data and delete their personal accounts.” Companies are also required to notify customers of any changes to terms of service and give them a chance to opt out, though typically such changes take effect automatically after a certain amount of time, whether or not you’ve read through the fine print. Consumers have assumed this risk without getting much in return. When the first draft of the human genome was unveiled, it was billed as a panacea, hiding within its code secrets that would help each and every one of us unlock a personalized health plan. But most diseases, it turns out, can’t be pinned on a single gene. And most people have a boring genome, free of red-flag mutations, which means DNA data just aren’t that useful to them—at least not in this form. And if a DNA test reveals elevated risk for a more common health condition, such as diabetes and heart disease, you probably already know the interventions: eating well, exercising often, getting a solid eight hours of sleep. (To an insurer, though, even a modicum of risk might make someone an unattractive candidate for coverage.) That’s likely a big part of why 23andMe’s sales have slipped. There are only so many people who want to know about their Swedish ancestry, and that, it turns out, is consumer DNA testing’s biggest sell.

Wojcicki has pulled 23andMe back from the brink before, after the Food and Drug Administration ordered the company to stop selling its health tests in 2013 until they could be proved safe and effective. In recent months, Wojcicki has explored a variety of options to save the company, including splitting it to separate the cash-burning drug business from the consumer side. Wojcicki has still expressed interest in trying to take the company private herself, but the board rejected her initial offer. 23andMe has until November 4 to raise its shares to at least $1, or be delisted. As that date approaches, a sale looks more and more likely—whether to Wojcicki or someone else.

The risk of DNA data being misused has existed since DNA tests first became available. When customers opt in to participate in drug-development research, third parties already get access to their de-identified DNA data, which can in some cases be linked back to people’s identities after all. Plus, 23andMe has failed to protect its customers’ information in the past—it just agreed to pay $30 million to settle a lawsuit resulting from an October 2023 data breach. But for nearly two decades, the company had an incentive to keep its customers’ data private: 23andMe is a consumer-facing business, and to sell kits, it also needed to win trust. Whoever buys the company’s data may not operate under the same constraints.

Edit: Before you read, I made some mistakes here that I mention in my part 2

My mobile operating system of choice is GrapheneOS. I run it on a used Google Pixel 8, as I didn't have enough money for any of the phones in the Google Pixel 9 lineup, which offer a more secure ultrasonic fingerprint scanner. I used to use iOS, but I finally managed to switch. I wanted to share my thoughts on GrapheneOS, problems I had, and the apps that I use.

To install apps, I first check if it is available on GrapheneOS's built in app store. If not, it is installed via Accrescent. Because Accrescent is still very small in support, most of my apps are installed via Obtainium. One app however, ProtonVPN, is installed via Aurora Store, because that is the only installation medium that allows me to sign in as a guest.

I do have a Proton account, so signing in isn't an issue, but since I plan to use ProtonVPN until I can pay for Mullvad VPN, I might as well get as much anonymity as I can. I don't use the actual Google Play Store, despite claims of it being more secure, mainly due to me required to create a Google account. I only use Aurora Store for ProtonVPN. For apps that are not available for Obtainium but are available on F-Droid, I simply use the F-Droid repo inside of Obtainium. All apps are verified with AppVerifier.

For games I have a very small selection. Simon Tatham's Portable Puzzle Collection is a game collection I have been using since before I even knew it was open source. Antimine is a Mines client, which is a classic. I also play a game called Zoysii, which is only available on F-Droid. It passes the time. Code Word is a nicely made Wordle app, with some extra features. Open Sudoku is a nice Sudoku app, however I found that almost all of the available puzzles to install are very easily solvable. 2048 by SecUSo is a decent app to play 2048 that is still maintained, however it currently does not have a dark mode theme. blichess is a fork of lichess that simply adds the option to play over Bluetooth, which I really like.

My mobile 2FA app is Aegis, which is really everything you would expect. Audire is an open source frontend for Shazam, which I use for music recognition. I'm sure there are some better apps with different APIs, but Shazam works really really well, and that is what I am looking for in the app. Aves is my photo manager, as it allows for proper photo hiding. It is available through Accrescent, which is nice. It is one of few apps that required me to sign terms and conditions, but it doesn't matter since it doesn't have internet access anyways. It allows me to view extensive details about photos, and even remove metadata in the app.

I use AndBible for Bible study, but the project seems to be abandoned and needs lots of improvements. I sincerely hope a good alternative is developed eventually. I would be willing to help out any way I can.

For messaging I use SimpleX Chat for my most personal chats, but for mostly everyone I contact them via Molly, which is a hardened version of Signal available on Accrescent. When I am offline, I contact nearby people through Briar over Bluetooth, which is awesome while camping. I don't have any cellular provider, so I occasionally have to make sacrifices in terms of contact.

The default GrapheneOS calculator has no dark mode, so I opt for OpenCalc as my default calculator. I tried both Etar and Fossify Calendar as a calendar, and have been much happier with Fossify Calendar. A lot of Fossify projects have been abandoned, sadly, so I may have to switch.

I use the default GrapheneOS camera for most of my pictures, but when I need high quality shots I will use Open Camera. It supports HDR and some post processing. The GrapheneOS camera has incredible support for code scanning, such as QR codes and bar codes. I don't plan to use the Pixel Camera, since those apps work just fine for me. To edit photos I use the GrapheneOS gallery, but it is somewhat lacking. I plan to stick with it as they add new features.

I have a ClearClipboard app that, simply, clears the clipboard when you open it. It's a small tool but I get very paranoid about clipboard access. I've found that my password manager doesn't reliably autoclear, which I will discuss later.

The default GrapheneOS clock app is fine. I wish there was an OLED theme, but it's worked for what I need. DeepL is what I use for translations, because I cannot seem to find an offline translator app. It's very upsetting. For my keyboard I use HeliBoard with the proprietary swipe to type module, and it's great. There are a few weird autocorrect suggestions, such as not recognizing the word "A", but it's honestly not been a huge issue.

I use Joplin to take notes. I had issues with Standard Notes when I was on iOS, and had switched to Joplin there. I now can't even imagine why anyone would even try to use Standard Notes, Joplin makes Standard Notes look like a joke. It has all (or at least all I care about) of the paid features of Standard Notes, for completely free.

My password manager is KeePassDX, which is honestly exactly what I would want from a password manager. The only issue I've had is that it sometimes disables biometric unlock and makes you unlock it yourself, which is super weird. Besides that, I will be using it until either it dies or I do.

For eBook reading I use Librera, but the UI is honestly atrocious. The best eBook reader I have ever used is Apple's stock Books app, and I honestly wish something of that polish existed on Android. Librera will work but it's not nice to use.

I have LibreTorrent in case I ever need to torrent something on the go. It's fine, I wish torrent software would include a hard toggle to disable seeding, but it's worked as intended. In a similar category I use LocalSend to transfer between any of my devices. I haven't tried KDE Connect because LocalSend has never caused me problems. The only issues I have encountered were because of strict VPN settings.

I eventually plan to use Mullvad VPN, but until I can afford it I am using ProtonVPN as I mentioned. I have no real comments because I have only used ProtonVPN. IVPN is on my radar, but Mullvad VPN is still at the top of my list. IVPN is available via Accrescent. I also have Orbot in case Proton or Mullvad are blocked.

Music players have been a struggle for me. All of them have their own various issues. All I really need is a nice way to play mp3 files offline and sort them into playlists. A night timer is nice. Vinyl Music Player is what I use for now, since Fossify Music Player seems to be abandoned. I'm open to some open source alternatives here, since the ones I have tried all have issues. Ideally these should be available by Obtainium.

I use Organic Maps for navigation. Support is alright in my city. OsmAnd has a pretty bad UI but it's gotten better. Organic Maps I've heard has a few issues, and OsmAnd has a premium tier, but I don't really care. I am just sticking with Organic Maps. I'm happy with it, so it's fine.

I have RadioDroid installed to try it out. It lets you listen to radio stations over WiFi. I'm jealous of Motorola users for their built in AM/FM radio receiver antenna. I might not keep this app, since it's fairly useless when you think about it. Either way, maybe a GrapheneOS phone will come along with a built in antenna.

I have Tor Browser installed just in case I ever need to visit an Onion site or use a Gecko based browser. My main browser is Vanadium, and I did try Mull but it doesn't block advertising redirects even with uBlock Origin. Vanadium is fine for now.

I have Trail Sense as a compass and emergency survival app. I hope I never have to use it for survival, but at the same time, I hope this app saves my life. It's cool to see how many sensors it utilizes to help you out.

Tubular is a fork of NewPipe that has SponsorBlock support. I like it, it's not as polished as I would want but it's plenty usable. I wish it had DeArrow as well, but I'm sure it won't be long until it's added.

I use the Fossify Voice Recorder for voice recordings. It's what you would expect, not much to say here. For weather, I use Breezy Weather. For some reason some features were unavailable on the F-Droid version, but after installing with Obtainium I now have plenty of features at my disposal. It's almost as good as the iOS weather app, and has plenty more features. The accuracy where I am is slightly iffy, but it's good enough that I can rely on it.

I use a passphrase to lock my phone, and use biometric unlocking to ensure no one can shouldersurf passcodes. GrapheneOS only lets you add up to 4 fingerprints, which is a good enough limit, but I do wish it was higher. If I wanted only 4 fingerprints, I would choose that myself. I backup GrapheneOS using my own USB stick and the built in backup option. Some apps such as SimpleX refuse to be backed up automatically, but I can simply manually export the database and backup that file.

Even without any Google frameworks installed, GrapheneOS has been a really seamless and polished experience. The issues I would raise are actually with Android itself, such as weird management of app signing, but overall GrapheneOS has been incredible. GrapheneOS is honestly the minimum every person should expect in terms of privacy and security on their phones, because nothing else even comes close to GrapheneOS in those categories. The gap between iOS and GrapheneOS is absolutely massive, given that so many of the apps I use are Android specific.

"WASHINGTON (AP) — A judge on Monday ruled that Google’s ubiquitous search engine has been illegally exploiting its dominance to squash competition and stifle innovation in a seismic decision that could shake up the internet and hobble one of the world’s best-known companies..."

Hi! 2 and 4 months ago @Hellfire103 and @Charger8232 made a post about their privacy setup. So I though I would also share mine.

Remember these rules:

• Be respectful! Some people are early on in their privacy journey, or have a lax threat model. Just because it doesn’t align with yours, or uses some anti-privacy software, doesn’t mean you can downvote them! Help them improve by giving suggestions on alternatives.

• Don’t promote proprietary software! Proprietary software, no matter how good it may seem, is against the community rules, and generally frowned upon. If you aren’t sure, you can always ask! This is a place to learn. Don’t downvote people just because they don’t know!

-** Don’t focus solely on me!** I want to mention that this thread is not designed to pick apart only my setup. The point is to contribute your own and help others. That doesn’t mean you can’t still give suggestions for mine, but don’t prioritize mine over another.

• Be polite! This falls under “Be respectful”, but be kind to everyone! Say please, thank you, and sorry. Lemmy is really good about this, but there will always be someone.

Here is my setup:

Web browsing

• I use Librewolf for almost everything.
• For 3D stuff (games, 3d modelling) I use Brave.
• On mobile I use Vanadium.
• My preferred search engine is Kagi.
• Most if the time I have MullvadVPN enabled.

Desktop and laptop

• I have self-build Ryzen + Radeon PC and Ideapad with Ryzen CPU.
• I use Arch Linux BTW!
• I have disk encryption and Nitrokey as a decryption key (or a long password of course).
• I have secure boot with locked BIOS.
• I'm running self-compiled linux-hardened kernel.
• I'm using Gnome (Wayland).
• I have only open-source apps installed.

Mobile

• I have Google Pixel 7a with GrapheneOS.
• I have different 5 profiles: main, google, school, finance, anonymous.
• I have PIN on every profile and also fingerprint for main and school profiles.
• I always use VPN, either Mullvad or self-hosted Wireguard.
• I don’t use a privacy screen protector (for now).

Messenger

• Signal for my family.
• Viber for my schoolmates.
• MS Teams for school.
• Matrix for help with some open-source projects.
• Discord for voice chat and local scouts group. I have Aliucord on mobile and Armcord on desktop.

Online accounts

• Passwords are safe in self-hosted Bitwarden (Vaultwarden).
• I use 2FA if I can. Either hardware 2FA - Nitrokey, or TOTP with Aegis.
• I use SimpleLogin for email aliases and randomly generated usernames and passwords.

Video streaming

• I watch only Youtube. Newpipe on mobile and Invidious on desktop.

AI

• I do not use AI a lot, but if I do I use locally running LLama3 8B or Duckduckgo's LLama3 70B

Social Media

• I had Instagram, Snapchat and Viber accounts, but I've deleted them.
• I use only Lemmy on clearweb and Dread on darkweb.
• I have Mastodon account, but I don't use it.

Email

• I use ProtonMail.
• One of the best privacy things you can do is use SimpleLogin (or other email alias service).

Shopping/Finance

• IRL I use cash most of the time.
• Online I use Monero if I can, otherwise just my credit card.
• Cashew app for helping managing my purchases.

Music streaming

• I use only RiMusic on my phone, that's it.

TV shows

• I use a VPN, that's all I'm gonna say...

Gaming

• Minecraft, Veloren, SuperTuxKart, and some Steam games.

Programming

• I forgot how to code in Python, because Rust is so much better.
• VS Codium.

Productivity

• LibreOffice for simple stuff.
• Typst for proper documents.

Paid services

• ProtonMail - 4$ per month
• SimpleLogin - 30$ per year
• MullvadVPN - 5$ per month
• Kagi - 10$ per month. For 5$ you get 300 searches, I use ~350 searches so I will try to lower my searches.
• Domain - 13$ per year

Self-hosted

• Everything runs on Raspberry Pi 4 with encrypted micro SD card.
• Pi-Hole for blocking ads on network level.
• Bitwarden (Vaultwarden) for storing all my passwords.
• Wireguard server (with pihole as DNS) for connecting back home from anywhere.
• Ntfy for self-hosted push notifications.
• MollySocket for Signal push notifications.
• FindMyDevice if I lost my phone.
• Cloudflare DDNS, because I don't have static IP.
• Nginx Proxy Manager.
• Watchtower automatically updates docker containers.
• My website.

Misc

• I have Samsung Galaxy Watch 4 classic. I'm trying to do something about it...
• I'm using Syncthing to sync documents and pictures between my devices.
• I don't have a car (because I can't - I'm 17) and I won't have one for quite some time. I have a bicycle and my parents have 2 (smart/spy) cars.
• I'm into crypto (mostly XMR) and I'm trading a little (making a trading bot) on MEXC. I also have Ledger Nano S Plus.
• I have a 3d printer and it's fun and usefull :)

TODO

• self-host Git repos for my projects.
• Buy a privacy screen protector when I break my current one.
• Buy a faraday bag, just in case.
• Do something about my spywatch (maybe sell).
• Make backups... Yep, I don't have any yet.
• Monitor and harden all my devices.
• Memorize cryptowallet's private key in case it gets lost.

Thanks for reading!

I have an extension that can individually disable all the most useless/addicting components of the Youtube site, such as shorts and whatnot. On the search page, I have turned on:

hide Shorts

hide For You

hide Trending

hide 'People Also Searched For'

hide Search Categories

hide Promoted Videos

hide Promoted Websites

hide Suggested Products

Do you know what Youtube has started doing? They are now inserting engagement slop DIRECTLY into the search results, as seen in the image above. It's literally a short, yet it's inserted like a video so you're forced to see it. The only possible way to remove it is by using a privacy frontend, as even on incognito mode, Youtube will look at the three videos you've watched and start inserting shit based off that.

Louis Rossman is right, they all have rapist mentalities... "just let me stick it in"

I installed NetGuard about a month ago and blocked all internet to apps, unless they're on a whitelist. No notifications from this particular system app (that can't be disabled) until recently when it started making internet connection requests to google servers. Does anyone know when this became a thing?

Edit 2: I bought my Pixel 6 phone outright, directly from Google's Australian store. I have no creditors.

Were the courts not enough control for creditors? Since when are they allowed to lock you out of your purchased property without a court order?

I don't even live in the US, so what the actual fuck?

Edit 1: You can check it's installed (~~stock~~ Pixel 6 android 14) Settings > Apps > All Apps > three dot menu, Show system > search "DeviceLockController".

I highly recommend getting NetGuard, you can enable pro features via their website if you have the APK for as low as 0.10€, but donate more, because it's amazing. You can also purchase via Google Play store.

I saw today the infamous pop-up of YouTube again that they will block the video player after 2 more videos if I keep using uBlock Origin. ** Google.

We all know PGP is old and got a myriad of problems, like key management.

Thus, I'm looking for a generic encryption and signing tool that also available on mobile devices, both Android and iOS.

I know age+minisign is the preferred choice but unfortunately there ain't an mobile app for them.

I know Magic Wormhole is great for P2P data transfer but it's slow and not reliable. I often have corrupted files even the size is small. I would much rather encrypt locally, upload to GDrive, and share it.

I know Signal, WhatsApp and other messaging apps now offers E2EE to exchange many data forms but the political sphere is shifting and given the current trend, they might forced to backdoor the protocol, drop E2EE entirely, or cease operation. Something independent from messaging tool is needed.

I'm not seeking perfect forward secrecy as that wasn't achievable for non conversations use case unless parties manually negotiate a session key.

I don't care the web of trust either. Putting PII on a key server for public viewing doesn't fit today's privacy trend.

Nor anonymity. I'm talking to my family members and friends and I don't find a reason to hide that. The only thing matters is the content.

While it will be great to follow some kind of widely used standards, it is not a requirement.

Thanks for the input.

EDIT: Added GPG to the title

Commodification of everything you think off Past/Present/Future.

https://fosstodon.org/@jimsalter/110441094176772187

Does anyone else feel as if it's over when it comes to really owning your own things?

As of now:

• You don't have the option of having a phone with decent specs and replaceable parts
• You have to have really good knowledge in tech to have private services that are on par with what the big companies offer
• You have to put up with annoying compatibility issues if you install a custom ROM on your android phone
• You cannot escape apps preventing you from using them if you root your device
• Cars are becoming SaaS bullcrap
• Everything is going for a subscription model in general

And now Google is attempting to implement DRM on websites. If that goes through, Firefox is going to be relegated to privacy conscious websites (there aren't many of those). At this point, why even bother? Why do I go to great lengths at protecting my privacy if it means that I can't use most services I want?

It sucks because the obvious solution is for people to move away from these bullshit companies and show that they actually care about their privacy. Even more important is to actually PAY for services they like instead of relying on free stuff. I'm not optimistic not just because the non privacy conscious side is lazy, but because my side is greedy. I mean one of the most popular communities on lemmy is "piracy" which makes it all the more reasonable for companies not to listen to privacy conscious people.

I wouldn't say that this is the endgame but in this trajectory, privacy is gone before 2030.

I'm not sure if it is entirely accurate to compare them in this way, as "Matrix" refers to simply the protocol, whereas "Signal" could refer to the applications, server, and protocol. That being said, is there any fundamental difference in how the Matrix ecosystem of federated servers, and independently developed applications compares to that of Signal that would make it less secure, overall, to use?

The most obvious security vulnerability that I can think of is that the person you are communicating with (or, conceivably, oneself, as well) is using an insecure/compromised application that may be leaking information. I would assume that the underlying encryption of the data is rather trustworthy, and the added censorship resistance of federating the servers is a big plus. However, I do wonder if there are any issues with extra metadata generation, or usage tracking that could be seen as an opsec vulnerability for an individual. Signal, somewhat famously, when subpoenaed to hand over data, can only hand over the date that the account was created, and the last time it was used. What would happen if the authorities go after a Matrix user? What information about that user would they be able to gather?

And since you won't be able to modify web pages, it will also mean the end of customization, either for looks (ie. DarkReader, Stylus), conveniance (ie. Tampermonkey) or accessibility.

The community feedback is... interesting to say the least.