For example it is terribly difficult to self host email, and very few people actually do it.
I read this a bunch of times and put off trying it because it sounded like such a hassle. Eventually I did and… it wasn’t bad at all. I just had to add a few extra DNS entries. I haven’t had any delivery problems.
Sort of. This is apparently done on-protocol so anyone can issue verifications, but they’re only shown in the official client if they’re from BlueSky or someone approved by BlueSky.
A better way to do this would be to let users subscribe to verifiers the way they can labelers. Better still would be for the label to indicate what the verifier has verified about the account, like “nytimes.com says this person is an employee of the New York Times”, which is something labelers can already do.
So I really think they should have just leaned into labelers.
It appears to depend on Bluesky designating entities to do the verification.
I think the existing domain-based verification system is a better way of doing that. Something like Mastodon’s verified links might be a nice addition. This more centralized system is… not what I hoped for.
Instagram and Tiktok are usable in a web browser, though they do want you to make an account.
Terms like “safe” and “private” are not binary.
Are the contents of your Signal conversations on an iPhone private with regard to mass surveillance conducted by governments and ISPs? Probably. Apple uses security and privacy as marketing points, and there are a whole lot of people looking for vulnerabilities in its products who are incentivized to disclose them (possibly with a delay for patches). Signal itself takes steps to prevent data leaks to less secure parts of the OS and other apps.
Would your conversations remain private in the face of a targeted attack against your device by a nation state willing to spend a significant amount of time and money when you’re using Signal on an iPhone that’s presumably used for purposes other than secure conversations with a small set of people you know? Almost certainly not.
I’ve read that it’s because fairphone has to pay a fee for each unlocked device, but it sounds a little weird so no idea if that’s real.
The posts seem to suggest that Google is charging them a fee in that case, but that would be a little surprising given Pixels have a no-fuss unlock, and Google permits third parties to redistribute its proprietary add-ons to Android free of charge for installation by end users.
In any case, you’ve convinced me this probably isn’t Fairphone being evil, though some sort of public explanation would be nice.
I don’t understand why this requires a code rather than a toggle in developer settings like a Pixel. That doesn’t seem like openness and a commitment to treating users fairly since they could change their policy at any time.
TOR is designed to resist surveillance and censorship by ISPs or national governments. Communications are encrypted in transit, and there’s no way for a node to tell whether it’s talking to another relay node or the end user.
It’s fairly easy for a website to detect that a user is accessing it via TOR; there are lists of exit nodes like this one which a firewall or intrusion detection system can update programmatically. Many websites block or limit access via TOR using such lists, making it unsuitable for use cases such as the one I’m discussing.
I couldn’t care less what the employer wants. This almost certainly doesn’t violate any criminal laws, but could lead to loss of employment.
I care that my friends can be somewhere they’re physically safe while making enough money to be OK.
They are going to find out regardless
Probably not. This is the sort of organization that will do the bare minimum to tick a compliance checkbox and no more. That likely includes IP geolocation and maybe checks against well-known datacenter IPs. It’s very unlikely to include latency checks, and does not include monitoring agents on remote machines. My friends have accepted there’s some risk of employment loss, but would prefer to mitigate it.
Stop trying to cheat the system
Fuck the system.
This is similar to what I had in mind. I was thinking of software and a paid subscription while this is a hardware device with free access. It does appear to reward people for acting as exit nodes in a more or less ethical manner (depending on how you feel about weird cryptocurrencies).
This is a concern about a remote employer detecting that they’re working from outside the USA, not surveillance. TOR is not an appropriate solution.
There are many, some of which are easily found with a web search for “residential VPN”. That also comes up with a bunch of untrustworthy listicles with affiliate links to the “best” options.
Some of these are extremely shady, using malware to turn unsuspecting victims into exit nodes. Some gain access with consent by offering payment or some other benefit; this probably violates ISP TOS, but I don’t care about that.
Yes, this is the DIY VPN server at a relative’s house option.
Tried this; continued to see no ads for anything at all. Am I doing it wrong?
I use Matrix, and I’ve moved some conversations with people I met in public rooms there to Signal because it kept failing to transfer keys rendering it unable to decrypt messages. I haven’t seen that in a while so maybe it’s fixed, but I haven’t been using it for one-to-one conversations lately.
Unfortunately, I’ve found most people have a lot of resistance to adding another messaging app. I don’t really understand why that is, but it’s true. Asking someone to install a messaging app when I’m their only contact who uses it and they have another way to contact me has a success rate near zero.
Maybe. The bad actor here seems to be the government of China, and the linked page says:
The individuals most at risk include anyone connected to: Taiwanese independence; Tibetan rights; Uyghur Muslims and other ethnic minorities in or from China’s Xinjiang Uyghur Autonomous Region; democracy advocacy, including Hong Kong, and the Falun Gong spiritual movement.
I can imagine them casting a wide net.
What is this? A Twitter post?
Just about. JWZ is known for his cynical hot takes on tech in general.
I don’t think any of his complaints are invalid, though his conclusions are uncharitable at best. Making a communication tool that’s both reasonably secure and sufficiently palatable to people who don’t know how to use computers to achieve broad adoption is a hard problem with no perfect solutions. If he has a better idea, well… he’s a skilled and somewhat famous programmer; he’s better equipped than most to implement it.
It’s on a VPS. Whether that’s really self-hosted may depend on how much of a purist you are, but it’s fully self-managed, not SAAS.
It’s recommended to have a PTR record mapping your IP address to your domain, which you wouldn’t be able to do with a residential connection from a typical ISP. I do send mail from multiple domains though and I haven’t had issues with deliverability. What I do not send is any kind of high-volume mail, which would likely attract a different kind of scrutiny.