• 0 Posts
  • 36 Comments
Joined 1 year ago
cake
Cake day: June 5th, 2023

help-circle







  • After reading that post and the linked github issues, with the latest updates and comments from the last 24 hours. Here’s the TL;DR:

    • This is only relevant if you want to use an email client with Proton Bridge.
    • If you’re just using Proton for encryption and signing (you can use the same PGP outside of proton too) then there is no issue at all.
    • If you want an external tool (like a hardware yubikey) to decrypt your messages that someone else has sent to you using the public key that corresponds to the external tool there will be signature validation shenanigans. This is because Proton expects to be the only entity doing any encryption.This is an important issue for those that need to send encrypted emails (and signatures) with specific keys.
    • It is not an issue for anyone using Proton email for a secure email service even if they want to use an external email client on desktop (like Thunderbird) with Proton Bridge.

    Please correct me if I missed something.

    CC: @howlingecko@sh.itjust.works



  • Re: port-forwarding, I used traefik as a reverse proxy and that worked well (having a single domain cert instead of per service DNS is another layer but it’s just obfuscation), but it’s always a risk. I finally started using Tailscale after hearing about it for years and it is actually very good and deserves the hype. I had meant to setup wireguard myself but this is a lot easier. And if you don’t want to use tailscale server, you can run headscale (on a cheap VPS?) instead.










  • Responding separately to the license bit…

    MIT licensed projects (like the libraries, etc.) you’re using allows it to be packaged with products that are governed by other licenses. MIT is a very permissive license and while I’m not advocating for a more restrictive license, I wanted to point that out.

    The other point that @Perhyte@lemmy.world pointed out is also a bit confusing about the conditional licensing. Can a commercial entity use this software as a MIT licensed software as long as the flag is set properly? If so, it would be helpful to delineate what functionality is restricted. I haven’t seen conditional licensing based on run time settings before so I can’t speak to that but it would concern me to use it in any commercial endeavor even if I agreed to the business license.

    I hope you’re taking these comments in the spirit they’re written, asking for clarification and providing feedback to help and not just a critique aimed at a takedown. Cheers!


  • Thanks for the reply, being able to see the data collected and then click delete is great. Does Bespoke keep all the data on its server and allows the customer to get aggregated results or does the customer get to download the raw data? If it’s the latter, the delete functionality becomes… less functional.

    Unsolicited advice from internet nobody: I think it’s great to allow any kind of transparency in a very opaque industry, thanks for doing that. Since you don’t/can’t control the data usage after collection, I think leaning too hard into transparency and alluding to data sovereignty/privacy (by presenting yourself as an alternative to exploiting user data) might create unrealistic expectations (like it did for me). This is inviting unnecessary critique and distracting from your main message.