• 20 Posts
  • 89 Comments
Joined 3 years ago
cake
Cake day: November 3rd, 2021

help-circle
  • wow:

    We use specifically crafted messages that trigger delivery receipts allowing any user to be pinged without their knowledge or consent

    That makes think that 1st, perhaps it would be a good idea to avoid “return receipts” on any messenger, though that breaks ability to know if the destination has actually received, and if the destination has actually read the message.

    Perhaps another thing, even though your messenger doesn’t identify users with phone numbers at all, still block the messenger to have access to your contact list. Not sure if this affects, for example if a xmpp client has access to a broader contact list, if it can only relate to xmpp addresses it wouldn’t pay attention to phone numbers, but I can’t really tell.

    And of course, don’t use any messenger which tights users with phone numbers, no matter if to share among contacts now usernames are used instead of the phone number, when the phone number is still the way to identify the user.



  • That’s great if not having to use any proprietary apps depending on google services, including push notifications, since part of divestos unsupported stuff includes:

    Google Apps or microG or Sandboxed Play Services are NOT supported.

    Which is fine, if you don’t need to use such apps. An alternative to /e/os, which now a days is actually murenaOS, is lineageOS for micro G, which does sort of monthly releases based on whatever is available as nightly releases on lineageOS. It does provide you with microG and also with F-Droid with privileged extensions installed and already set for you. This might be more suitable than divestos if in need for some such apps.


  • Yup, divestOS allows for booloader lock though unfortunately they don’t support microG. I hope they somehow help upstream their relock solution to LOS. I use LOS for microG instead, since I need stupid bank apps and also for the office some stupid proprietary multi factor authentication apps… If only LOS for microG could lock the bootloader at will (it needs to be unlocked for major upgrades, like on regular LOS), that’d be great.

    There’s as well CalyxOS, which uses microG and also locks the bootloader, however I do prefer LOS since the strategy from CalyxOS and GrapheneOS trying to deGoogle pure Android in my mind sound like having some limitations, as opposed to LOS approach to be based on AOSP instead. Though that’s just in my mind, I’m sure those guys in Calyx and Graphene are the best at security and privacy.


  • Not sure what updates you are expecting to happen.

    I’m not aware of any effort trying to identify the traffic going in and out on Thunderbird under android. The guesses from the one reporting about what happens when configuring a new email account is of no use since it’s easily associated to Thunderbird looking for ways to easy automation on new accounts settings.

    Unless there’s a throughout analysis of the traffic, I’m not aware of anything to be expected. You can try reaching the one reporting his concern, and ask if he has looked into how to report an actual issue/bug to Thunderbird, or if someone else has done it


  • Quick question, why not considering lemmy as your “blog” provider? If the “community” concept wouldn’t apply, perhaps creating your own “community” and becoming its “mod”, disabling posts from others except yours, wouldn’t that work? Lemmy already provide RSS feeds so others can follow/track your posts without any lemmy account, just like with any blog providing RSS/atom feeds, and you get “blog” feedback through lemmy, but the same applies to other blog providers, only the ones subscribed can provide feedback.

    I was looking for an anonymous blogging mechanism with digital signature (not to identify the author but to verify its authenticity). Long story short, nothing out there seemed to really fit into what I was looking for, but among the suggestions lemmy was there as an option. You can avoid following anything, and looking into lemmy’s default from page, just use it to post and get feedback, forgetting about the social networks characteristics of lemmy, and make it work as your blog provider…


  • What they’re saying there is that when trying to auto detect the server configurations, there are unexpected connections to cloudfare IPs, which didn’t usually happen with K9. Who posted the concern associated this to telemetry, but the answers are pointing a different direction. But at this point it just guesses, :(

    I guess some more formal traffic inspection needs to happen to understand if truly there’s unexpected traffic, where it is directed to, and hopefully infer somehow its purpose. The guesses about what’s happening suggest it’s just about the auto connection, but again, just guesses.

    I explored the configurations, and I didn’t find anything about telemetry, and so neither how to disable it. K9 does not have an about:config advanced configuration like desktop Thunderbird does, so if there’s truly telemetry or some other sort of information leakage, then after proving it, perhaps developers realize they can do better. But so far nothing really proving telemetry or information leakage.



  • Just so you know you can get push notifications on Jami. Jami has been supporting unified push notification for a while now, but it’s opt-in, some might not opt for it considering reducing privacy a bit, as some actually disable the proxy and some phone specific feature intending to prevent battery exhausting too fast.

    For unified push support you can take a look at jami’s article about its unified push support. I use ntfy BTW.


  • kixik@lemmy.mltoOpen Source@lemmy.ml*Permanently Deleted*
    link
    fedilink
    arrow-up
    7
    arrow-down
    6
    ·
    edit-2
    2 months ago

    This banning culture of hate is ridiculous, you can disagree with someone, or even just ideas, but procuring “canceling” and “banning” to everything we don’t agree is crazy. This mono culture of hate really saddens me. But perhaps you’re right on your appreciation.

    Some of these periodical rebirths of the debate about RMS, what are really looking for is discredit on the Free software, which is not the same as open source software. Drew is one of those, if I’m not mistaken because his blog is prolific, who believe free software has no hope, and the total triumph of open source, which in practice is correct, but ethically I’m not so sure. We should be aware of what’s behind all these attacks, and I believe it’s naive to think these attacks are just about RMS. Free software is ethical in the sense of the freedoms it seeks for the users, but that has no place on enterprises and corporations, open source has enjoyed a different fate because it’s not as strict on respecting those freedoms, which under enterprises and corporations are believed to be too restrictive and against their interests. And here we are over and over attacking the organizations (yes, the FSF is attacked not only because RMS is part of it, it was founded by him as well) and people defending those principles, because in the end our minds tend to disqualify everything way too easily, made easy with this banning culture of hate. I’ve read about how useless it is the FSF, and also about how useless it is the copyleft, and these recurrent intend to discredit the one who started all that of course discredits what came from him, one way or another. I wish I’m wrong on this, and that there was no pun intended towards free software…

    The original post was most probably included into the wrong community for sure BTW, this is an open source community, so looking to empathize about free software stuff in here is not going to happen, even less for RMS.



  • Are you sure the phone it doesn’t work on is older than android 7? According to its f-droid jami URL its latest version as well as two more also documented there, they all work on android 7 or later.

    I use LOS4uG, and I’m currently on android 14, so no need to build jami myself. Can you enable “unstable updates” on f-droid’s “expert mode”? Perhaps then you get latest app, and that one works better. Otherwise you can report an issue to the android client, and perhaps you get guidance from them. You can also use their forum to ask questions. I have filed issues only so far.


  • dino is a gnu+linux software, built with gtk4. If you’re using windows then the option is gajim, which in order to support omemo needs a plugin, though I can’t tell much more than that about it since I can’t even recall when was the last time I used windows.

    That said, conversations has one important setting if syncing devices, which is indicating that the client won’t delete messages, the server will. Not sure why that is not the default, I guess statistically most xmpp users just make use of conversations and that’s it. The other important setting is configuring security for omemo always. Dino doesn’t need any setting for letting the server delete messages (it does when there’s no pending device to be synced) and doesn’t offer that option, and at the moment the user must be careful and set each conversation to be secured by omemo with no exceptions, but it’s already merged on master, and waiting for a new release, the option for omemo always, as on conversations.

    That said, using xmpp doesn’t imply not having jami installed and keep trying it. Who knows, maybe you like it and it works fine for your purpose, and you decide for it to be you main messenger application.


  • I do !

    works pretty well on both AOSP phones and gnu+linux desktops. Sad thing though is that I don’t like using flatpak, and I prefer distro native built software, and on Artix/Arch, there are times where the version between the distro version is slightly outdated with regards to the mobile version, and that makes things not to work. This is mainly an issue ever since jami decided to stop supporting the gtk client on the desktop, to me the qt experience have been sad. Not sure if someone has forked the gtk client, that would be great.

    So I’m using xmpp as my main messenger, and keep trying jami when it works.

    I really like the p2p approach from jami, and also the way they care for those with no huge batteries phones, given they added support for unified push notifications, which can be of course avoided if required for extra privacy. Given my use case, I can’t turn jami into my main messenger yet, but I keep trying, :) Meanwhile xmpp is there for me.


  • Is it something you have to trust they comply with what they say?

    Nice that it has its own indexes, but according to this comparison its proprietary SW, running on UK servers without tor interface, and being backed or debated at least by UK politicians. We’re not talking about a not for profit organization either, and they do have individualized answers as well, so they have the mechanisms to individualize results to queries, meaning they keep information about your queries. So in the end, it boils down to the user trusting its service it seems.

    Yes, meta search engines do not provide their own indexes, but searxNG is at least open source, you can select the search engines to use, included mojeek, and they serve as a front end preventing the underneath engine to track you (whether it’s against their public policy or not) as if you were to use such engine directly.




  • Actually xmpp is low on metadata compared to matrix which has to replicate a bunch of metadata everywhere. SimpleX look interesting, though by not being federated (considered by simpleX a privacy feature) whether you like their client or not. Just so you know privacyguides has explained why they don’t advertise xmpp as privacy oriented, and the reason is not that it isn’t, it’s simply that given it’s federated, they consider some clients are not as compliant or up to date, which is up to the user to select on XMPP, and also up to the user to file bugs against their preferred client or even contribute it with changes.


  • Not a hurricane tracker, but I’d like understand a bit about open-meteo and breezy weather. I notice for my country there’s no way to be more specific than the whole country, therefore location needs to be enable, or so I guess.

    Does open-meteo requires some information exchange such that it’s easy to identify the user/device? Does breezy weather actually attempts to anonymize the user or fake it to make them non identifiable?

    Just wondering.

    Thanks !