• 0 Posts
  • 54 Comments
Joined 4 months ago
cake
Cake day: February 13th, 2025

help-circle

  • pinball_wizard@lemmy.ziptoPrivacy@lemmy.ml[Deleted]
    link
    fedilink
    arrow-up
    12
    arrow-down
    1
    ·
    4 days ago

    These are mostly very popular, very well attended liberal demonstrations. Is it a big deal that there is digital evidence that you were in the area at that time?

    This is a “remind me in five years” question.

    Probably we turn this thing around and nobody gets disappeared for their phone records showing attendance of a peaceful protest.

    But that “probably” is doing a shit ton of lifting in the previous sentence.


  • Fair, but there’s a worse experience possible.

    For a time, many people’s first encounter with vi was when it auto-opened a temporary editor to ask them to submit a commit message for the git command they just ran.

    This experience skips the vi “welcome” screen, because a file is open.

    As a bonus challenge, git did not inform the user what editor is in use, and the user had no particular reason to even expect an editor to appear, based on what they were just doing.

    None of this was the fault of vi, really. But it was a terrible introduction.

    It got better when various operating systems changed their default command line editor to nano, and git added some helpful adjustments - “if certain settings are not configured, assume a new user and show verbose welcome messages”.



  • pinball_wizard@lemmy.ziptoPrivacy@lemmy.ml[Deleted]
    link
    fedilink
    arrow-up
    11
    arrow-down
    1
    ·
    10 days ago

    Do you think we can find a way to bypass these,

    Yes. Direct physical access always wins. A device in my hands is my device.

    or is the future of the digital world just authoritarian and dystopian?

    Yes. Many people aren’t going to explore the solutions, or be willing to give up the convenience that comes with not changing what they’re doing.



  • There is probably no way to opensource it without also making it easier to bypass.

    I want to highlight this in case OP missed it. Your point here is critical.

    Now I’m going to nerd out a bit about it:

    To expand on your points above (for OP), there’s an impasse here between the anti-cheat developer and the distro developers.

    The anti-cheat developer needs support from the distro developer to get their anti-cheat packages signed, to allow them to run in the kernel. Any package not signed by the distro developer that tries to run at kernel level will be treated by the OS as a virus. (Windows has this protection as well.)

    Getting the code signed is pretty easy. The only requirement is sharing the source code, so the distro developers can make sure there’s nothing nasty in it.

    But the anti-cheat developers feel that they need to never share their source code, to prevent cheating. In some cases, they have even have contracts that prevent them from legally sharing parts of their source code (if licensed from a third party).

    That’s also not a problem. All they have to do is sign a binding contract for secrecy with every contributor to the distro, and then privately share their source code, and get it signed.

    On Windows, that means signing a contract with Microsoft. On Mac, with Apple.

    But on Linux, is just means tracking down and making separate agreements with a few thousand independent individuals…

    So the technical solution is pretty simple: share code, get code signed, run in kernel.

    But the contrasting needs of everyone involved make it unlikely on Linux.

    Interestingly, an Anti-cheat developer who felt very confident that their code was unbeatable, could just publish it publicly, and get it signed and running quite quickly.

    But uh… Most anti-cheat is also pretty low quality code, according to most estimations.










  • Most Lemmy apps support switching quickly between instances.

    In theory, this could ease the transition when an instance closes, I guess.

    In reality, the Internet is for pornography.

    It presumably makes it easier to quickly switch between porn-free and porn-full subscription sets.

    I say “Presumably”, because I’m above all that… here on my non-porn account.

    Plus…there’s probably someone here who carefully separates their Linux Lemmys into one account and their railway and mass transit news Lemmys into another.



  • pinball_wizard@lemmy.ziptoPrivacy@lemmy.mlIs F-droid insecure?
    link
    fedilink
    arrow-up
    4
    arrow-down
    1
    ·
    edit-2
    14 days ago

    To answer your top level question:

    If it’s not Linux from Scratch, then we don’t know exactly what is running, and we need to consider that.

    We made rocks think. There’s some trust decisions involved.

    Should I blindly trust every app I find on F-Droid? No. The article correctly lays out reasons why.

    Most of them also apply to Google Play and to Aurora.

    Your decision which to trust depends which threat protections you need the most:

    • Google Play provides stronger protections against people who are trying to run up your credit card through Google Play purchases. Many of the protections cited in the article were developed for this reason. Google Play store apps can fraudulently charge your credit card. But Google works hard to prevent this, with mixed results.

    • Aurora serves the same apps as Google Play and effectively benefits from the same protections.

    • In addition, Aurora adds additional context about malicious corporate behavior. Google has slowly added some, but not all, of these to Google Play. But at the end of the day, Google is being payed to look the other way by some corporations.

    • Like Aurora, F-Droid includes details meant to protect you from abuses by corporations. I would argue that F-Droid’s protections are stronger than even Auroras.

    • F-Droid does not include a method to charge your credit card. This makes a number of security differences in the article much less important, to most people. Of course, there’s more harm that an app can do than credit card charges.

    Because I am aware of many harms caused by individual bad actors and corporations, my preference order goes:

    • F-Droid - Preferred. I find the arguments in the article weak, and a bit out of date. I also feel that F-Droid had dramatically less need for the protections discussed, because there’s no mechanism available to F-Droid apps to run up my debit card.
    • Aurora Store - Acceptable. Some useful apps aren’t of F-Droid.
    • Google Play Store - Unacceptable to me. Aurora provides the same apps, but gives me better insights into the privacy impact of each app. Google Play is getting better over time, but the Google team has financial incentives to present trading my privacy for convenience as a good idea.