Device-wise, have you considered separating your project and personal computer? You could coreboot a small light Chromebook as a personal, ultraportable device, and get a hefty laptop or even a desktop for the hard stuff.

Chatwise, there’s Matrix, XMPP and SimpleX at least. And Briar and Session. But Signal with its phone number registration is the easiest for others to jump to.

And yes, it’s a constant balancing act between privacy and convenience… and the IA of the security triad, and open source principles. Just like with most things, there’s no perfect solution, you just learn to live with the least bad ones.

Yup! Even just LUKSing a partition is hacky. And I lose things often, so it’s an important thing to me.

I didn’t realise iodé supported relocking on FP4. I don’t suppose it’d also happen to support microG in work profile only, deleted from the personal profile?

Because I’d love to return to ethical hardware from Graphene/Pixel, and the lack of FDE on Ubuntu Touch really rubs me the wrong way.

Don’t get me wrong, Graphene would still be my choice for privacy & security. But what started out as a quest for privacy has somehow morphed to include FLOSS idealism, even AOSP derivatives feel “too google” now and I feel bad carrying a Pixel.

deleted by creator

1. “Easy and painless” depends on your point of view, and we here tend to be biased. For example, just a couple of months ago I had to explain to “a normal person” how to make backup copies of a folder to a pen drive. She did not want additional backup software (and I still don’t know if W10 would have had the functionality out-of-the-box). Copypasting files was too difficult. In the end she decided to go with “save as”, which sounded like a horrible idea to me, since she’couldn’t remember how to open anything in Word that wasn’t in the recently used list when starting the software, and she is going to lose track of which file is which at some point. I doubt it would be “easy and painless” for people like her, who are very common outside our little bubble.

2. Making someone change their opinion is not a sprint, but a marathon. State your opinion openly when relevant, don’t get into an argument, let it brew, mention it again when it comes up, live as you “preach”. That person I mentioned? Happily using Signal with me. Eager(!) to try Linux once W10 support runs out. I’ve told her I’ll install Mint DE on my laptop and loan it to her for unhurried testing and learning this summer while having her familiar backup to lean on if it gets difficult, and to install the same on her own computer when the support runs out, if she still wants me to.

Ehhh.

As much as the traditition of yearly votes on some version of Chat Control sucks, it’s just two mentions (The Register missed the reference to COM (2022) 209 under “Fighting serious crimes/child sexual abuse”, because of course it’d be there) in a document with way juicier tidbits. Like

• actual enforcement of the DSA (finally some consequences for social media giants gleefully profiting from manipulation, or an affront to freedom of speech, depending on your opinion)
• overhauling Europol’s mandate to make it “a truly operational police agency”, whereas the current mandate doesn’t cover such things as “sabotage, hybrid threats or information manipulation” (cool or creepy)
• “strengthening border security”, “countering weaponised migration”, “security considerations in EU visa policy”, and “revision of the Visa Suspension Mechanism” are all probably necessary steps, but taken together paint a picture of something that shouldn’t be allowed to go too far

The DSA enforcement is something strongly opposed by social media giants, so I’d expect more denigration of the document as a whole in the future.

Same. Hetzner has a solid business in hosting, they don’t make their money from mining my data. They’d hand it over for a lawful request, but the data is not -that- secret and thus possible false accusations aren’t really an issue.

I’ve barely hosted anything and those must have leaked like a sieve. Trusting Hetzner way more.

Oh, they trust the government too, or would say so if asked. Kinda “work with the system and the system works with you” trust, firm belief in not making waves or drawing undue attention to yourself. And, well, it works for upper middle class native white people in EU, if you can look away or give your silent consent to whatever is happening.

Big companies and the government are familiar 🙄, known 😐 and thus safe 😑.

My messenger needs to be one my 70+ parents, who trust big companies and mistrust anything too small, or different, or “extreme”, are willing to use. Getting them to install Signal so we could still have our family group chat after I deleted WhatsApp was a major win. Scanning each others’ QR codes, having to go through some process when they change phones…? Yeah, they would’ve been scared of being “put on a list” and wouldn’t have gone through the technical stuff even for me.

As a relative newcomer to the privacy community, I don’t remember constantly hearing about things being overreacting. What I do remember hearing is to think about your threat model and behaving accordingly, to not over-sacrifice convenience for things that aren’t a priority to you.

Amen to that. Everyone has their own balance point, Calyx seems to hit that for many.

Calyx also comes with MicroG, right? So mitigates many problems with a bit more Google.

And Fairphone 4 here, partly for Divest (had it on Oneplus 6 before this and just used to it), partly because of a good deal for a barely used one.

There’s also the Lineage-based DivestOS that attempts to keep up with more security updates, and relocking the bootloader in phones that support it.

https://divestos.org/

I don’t know how the Play Store version does push notifications, but Molly, and I think the apk from their site, work just fine on degoogled phones without Google services.

I don’t remember what name it has, but missing it breaks push notifications on most “normal” apps. Many FLOSS ones are coded to have their own methods that don’t transmit data to Google, and it appears at least some versions of Signal do too.

My threat model doesn’t include state level actors taking an active interest in me, so for my purposes Signal would be secure enough, if only I got people to adopt even it.

https://molly.im/ Especially the FOSS version. Need to manually add the repository though.

They’ll keep bringing this up again and again and again until it passes, huh.

Next Council deliberations and vote in October-December.

Depends a lot on your peer group, but I have even fewer contacts that use PGP than ones that use either service. :/ Just tried to keep it simple.

What all do you consider “synchronizing” to include? I mean, the calendars won’t, but using Etar+NextCloud for calendar, and Tuta for email, has worked fine for me. Of course it means that my calendar isn’t encrypted.

I just tested sending an ICS event to both. The Tuta app offered to open it on Etar, and Etar offered the default calendar with dropdown for others, just like normal. (Strangely it didn’t even offer to open on Tuta’s own calendar, which is in the same app; maybe because I’ve added no calendars there?) Proton’s app (which may be out of date, the mail app isn’t on F-droid, either publicly or in an official repository, and I’m a lazy updater) wanted to open it on Proton Calendar only when I don’t even have it installed.

Proton’s bridge OTOH worked really well for me for syncing to Thunderbird, probably works as well for Office too.

multipost