dontvisitmyintentions

dontvisitmyintentions said ()

How friendly to free speech is riseup? It certainly doesn't present itself as such.

For example, would it be less likely to kick off somebody using their email service in a flyer they don't like than Protonmail? Everybody gushes over these little services, yet the first change they have of calling you a racist for something you didn't even do with their service, they will cut you off.

What's the point of feeding communists, who hate me, all my data voluntarily?

0

dontvisitmyintentions said ()

It's registered in AU and they have operations there, but they claim the "main servers" are in the US.

The CEO griped that secret code added to their platform, required by the law, could foul their operations or get accidentally fixed, so they certainly think they're subject to it.

3

dontvisitmyintentions said ()

Fastmail is based in Australia, which subjects it to the "Assistance and Access Bill" which introduces secret warrants, gag orders, and backdoors. Like VPNs in similar jurisdictions, you can not take seriously any claims to deleting logs or other privacy trust.

3

dontvisitmyintentions said ()

Proton is the end of a long-overdue overhaul of the UI to fit with the modular, quicker backend, if I understand it correctly. The addon API was more painful but similar. Both should have happened a long time ago, and would have saved countless developer time spent on the old codebase.

They could have done it all at once with a full experimental browser again, which is what Phoenix originally was. But that doesn't fit with the branding and telemetry obsession Mozilla has.

It's not as bad as they make it out.

1

dontvisitmyintentions said ()

It's believable, because Vimeo always leaned lefty.

But were they paid members? Did the membership lapse, making some unavailable? Do the missing videos say they were removed for any particular reason?

I don't see any posts on covid19criticalcare.com from the 10th, and the 11th ones don't look related. Do you have a link to their post or to the posts with missing videos?

1

dontvisitmyintentions said ()

The article leaves the question of "who" open, but the latest gist comment puts it in perspective (emphasis mine):

In all cases, we can see the headers set-cookie, server, cf-ray and expect-ct with values set by Cloudflare, which would not be possible if TLS termination was done directly on matrix.org/vector.im servers.

Unfortunately the "Grid" project which claims to want to resolve the privacy issues in defaults and docs seems to want to re-architect the protocol, instead. From a year-old question on the project's status (emphasis mine):

Grid is definitely not stalled, but all the work is currently happening between people who are exchanging and trying new things on a test network. Once we have conclusive data and an API we are happy with, we will update this repository. It will happen at some point this year. It is simply not the only project we are working on, so it all looks slow/stalled from the outside, but it is actually not. At some point there will be an update. But the network and the protocol is in use at the moment, if that can reassure you.

BTW, that gist the article links to is apparently an old version, and the new ones are at https://gitlab.com/libremonde-org/papers/research/privacy-matrix.org/-/tree/master/. And that's a year old. Even chasing down updated docs from these people is tedious. No wonder their code is absent.

All I want is a doc that details how it is and isn't possible to secure a server and client, what you configure and what you patch. Give that a name to fork it, sure. Instead, these are just treatises and blog posts. Many such cases.

2

dontvisitmyintentions said ()

Some Twitter replies express frustration in their being so cagey about something they claim is so easy. A few others condemn Pillar's privacy violations, but obviously those are built in to the software.

Still others question whether they contacted the right person in the RCC. I'm beginning to wonder myself whether they went more for bombast than concern. Did they show his superiors the data, or is this all a "trust me, bro" situation? We can't expect the mainstream media to care about the distinction, but this guy's organization would. I imagine they found a lot of other correlations. Was this just the first guy to resign?

I wish we had more information.

2

dontvisitmyintentions said ()

In addition to keeping it out of sight, consider a decoy

For example, a broken safe (like a firesafe with a cracked wall or broken lock) or a heavy box that could pass for one, from a thrift store or craigslist. Make it look nice on the outside, put some low-value keepsakes, costume jewelry, or funny money, and non-sensitive copies or fakes of documents in there.

Stick it somewhere out of sight but not out of reach: under the bed, front corner of the closet, a dark shelf. Then if it's been tampered with, you know you have a problem, and it may satisfy them that it's your only hidden stash.

2