Ah, misunderstood your post. I think regular Signal still supports local backup. Doubt they’ll remove it when they add this.

Switching to Molly won’t necessarily give you free cloud backups. Someone will still need to pay for the storage costs.

I’ve seen posts by the GrapheneOS team about recommendations against using both F-Droid and Aurora. F-Droid had a decent sized list of issues they raised. One of the key ones they raised against both was that it added an extra person to trust. You always need to trust the code of the developer of the app. No way to avoid that. With F-droid you need to trust that their build system/infrastructure is serving you the app as per the developers code. With Aurora you need to trust the Aurora devs are giving you the app unmodified from Google.

There were other criticisms on F-Droid that they sign almost all apps with their own key rather than the developers. They do offer to serve apps with the developer keys, but it’s difficult to setup and not many apps implement it. Google Play also does the same thing though, so I feel this risk isn’t that big. Generally they seem to recommend getting apps directly from developers rather than via a 3rd party. They offer Accrescent in the GrapheneOS app store which is designed for this, just pulls files from Github AFAIK.

All that said. I prefer to get all my apps from F-Droid (NeoStore technically) and Aurora for anything without a F-Droid repo.

Well, still plenty of dogdy landlords who take advantage of people who don’t know about that requirement and either take it for themselves or push renters towards “resolving disputes between themselves” and not involving the bond authority at end of lease time.

It’s a requirement in Australia for it to be paid to the government bond agency. Typical method of paying it is a cheque payable only to the bond authority. Once you hand back the keys at the end of the lease you can apply directly to the bond agency for it to be refunded to you and the landlord needs to formally object to claim any of the bond.

Yeah, in self hosting MollySocket and my own Ntfy server. I’m in the process of moving it all to my NAS so I don’t have to leave my computer on all the time.

I really wish Signal would support it natively.

I’m using Molly with UnifiedPush for notifications and it works quite well.

Another recommendation for Proton Mail. As others have said I’d recommend getting your own domain for email so you can always migrate providers without having to change your email address.

The reason that Google got ruled against originally was that they were paying and offering incentives to developers to keep them from releasing their apps on other app stores.

Google also doesn’t support a user installing the Play Store themselves (and the required Google Play Services dependency). So phone manufactures have to choose to include it on everybody’s phone from the get go, or their users won’t be able to use it at all.

The UnifiedPush server is intended to be a single source your phone can keep a persistent connection open to, rather than needing a connection per service/app (this is how Google’s Firebase notifications work too).

As Signal doesn’t support UnifiedPush, MollySocket keeps a permanent connection open to Signal’s servers to listen for new activity and forward them to your UnifiedPush server. This saves your phone keeping a permanent connection open to Signal’s servers and draining your mobile battery more.

I’m self hosting both too. MollySocket’s docs are pretty clear that it never gets an encryption key for your account, so it can’t read your messages. It only gets/forwards alerts that something happened on your account AFAIK. So I’m not sure what data it has that’s worth encrypting.

For Signal/Molly, it’s less that the notification is encrypted as I understand it. It’s more the notification content is just “Hey! Stuff happened” for Signal. The app then reaches out directly to the Signal servers to see what’s new. So the message content is never sent via the push notification service (UnifiedPush or Google’s service).

I’ve got a few old PCI cards around somewhere. I should pull one of them out and give them a try at this.

That would require a lot of data privacy concerns to be addressed. Even if it’s an explicit opt-in. The current method uses sample text which can’t include PII. Using user supplied text would almost guarantee they’d get names and other PII in their data set.

I also imagine it’s harder to train the model when you don’t know exactly what the user was trying to type. I.e. Was the swipe detection wrong, or did the user delete the word because they changed their mind on what to write?

The issue isn’t a big deal for the average user. The vulnerability required them to first get your username and password, physically steal your Yubikey, spend half a day using $10-15k worth of electronics equipment to repeatedly authenticate over and over, they then could potentially make a clone of the key.

When I migrated emails last time, I setup my old email to automatically forward to the new email. Then on my new email, I setup an automatic label for any email that was addressed to the old address. Every week or two I’d review what was sent to it and either update the email address used or unsubscribe. Eventually it got to a level where I wasn’t getting much at the old email anymore and finally deleted it.

I’m just using Mozilla’s Multi-Account Containers extension. In my work’s infinite wisdom I have a total of five “single sign on” accounts. So I have different containers for each account so I avoid the endless “which account would you like to use” and “this account doesn’t have access to this resource”.

The extension allows me to set specific domains to always open in container X. That covers 90℅ of my use cases. Some sites I need to use different accounts with and for that I have to select which one to use each time.

I haven’t played it properly either. But there’s a community mod called Deus Ex Revision (It’s also on Steam). Which improves some of the graphics, and looks to include a bunch of QoL features.

https://www.moddb.com/mods/deus-ex-revision

Bridge doesn’t support the calendar yet from what I’ve heard.

I’d say the main benefit Futo has over Heliboard is that it has native swype typing with its own model (and also own voice typing model).

Still a bit light on customisation (certainly compared to Heliboard), but a nice first release certainly.