Yeah, we should just ditch email for sensitive communications.
Anyway, my point was that I lost trust in Proton back then over this and went to Tuta that has native clients. It makes no difference to my security since I don’t think I ever sent or received a single mail that was actually e2e encrypted. But Tuta’s more serious approach to e2ee made me slightly more confident in it as a company.
Now it kinda looks like it was the right choice.
doesn’t impact the security sufficiently to make a difference for the average user.
I think it is borderline. I am not advocating for PGP, I like the Signal model where you trust signal for introductions but have the ability to verify, even in retrospect. Trust but verify. Even a few advanced users verifying Signal keys forces Signal to remain honest or risk getting caught.
I think the lack of meaningful verification for proton is a significant security weakness, though average user probably has bigger things to worry about.
Bridge did not exist back then.
As for it being sophisticated attack, I think it is relative.
Regardless, if Proton said it did not matter to most people, I would respectfully disagree and move on. They did not. They claimed it is not at all less secure than a native app, which is BS.
It is nuanced, but having the ability to selectively serve malicious javascript stealing keys to specific people only on one access is considerable issue in practice, compared to distributing binary where you would generally have the same binary for everyone and you are able to archive and analyse it. Especially if you use third party distributions, like github releases or flatpaks.
Was it ever? I ditched them years ago when they tried to gaslight people that e2ee in javascript in browser is secure.
The easiest and most secure solution is probably tailscale. Just VPN into your local network instead of exposing Jellyfin to the internet.
An alternative I am using is Caddy reverse proxy with Authelia for authentication. So I have to log in to Authelia before I can access Jellyfin. Beware though, it took me like 2 days to properly configure Authelia. It is rather complicated.
I don’t see any reason why you couldn’t with default settings. Beware of enabling any setting that stores data next to the media like nfo metadata storage, as those could maybe cause conflicts.
I don’t want to convince you here, you do you.
But it seems funny to say that while you are using Linux, where almost nothing has official support.
I personally love that even if GoG shut down or otherwise was inaccessible, I would still have offline installers (that can be installed to wine manually). Obviously having a launcher is nicer, but I hate that there is no backup with Steam.
I just switched to Linux and there are multiple Launchers that support GoG. It is not official but honestly, that makes it better in my eyes. They are open-source, no bloat, no tracking, …
Games not being on GoG is much more of an issue. :(
Honestly, if the app was open-source so we can check it does not leak data, I would probably have no issue with it.
Making it a separate app makes sense if google wants to allow other apps to re-use the code. No reason to have the same functionality bundled into each app separately.
And the feature, as long as it is configurable, seems useful.
The auto-install is bad but understandable. As far as I am aware, there is no easy way to mark an app as a dependency of another app so it gets automatically installed only when needed. This should be fixed, but auto-install for all is not terrible temporary solution. This does not apply when the app is closed source and may steal your data.
Again? Didn’t they try this once already?
I think this is a bit beyond just “getting out of hand”. US is now few steps away from outright having a Ministry of Truth and a lot of media are actually going along with it voluntarily.
If you told me this would happen even a month ago, I would have probably laughed at you.
I recently started to use “/s” online, because comments like this now also hurts my brain.
Idk if it bypasses limitations, you can try. As for bullshiting, no. The AI almost certainly does not have the ability to go and open a webpage. If it was trained on wikipedia, it may or may not give you the age listed at the time of it’s training. If not, it will likely take a different source and pretend it is from wikipedia. Either way, it will likely bullshit you about doing what you asked while giving you outdated/missourced information.
Now the number may be correct, I imagine Bernies real age is readily available, but it will confidently lie about how it got the information.
Anyone using a good proton drive alternative?
I run Synology NAS at home and I love it, but it was expensive to set up.
Other extreme is Syncthing for completely free device sync, but no backup beyond your devices and both devices must be online to sync.
I self-hosted Nextcloud on cloudamo with Cryptomator for e2ee but I can’t really recommend it. Nextcloud is pain to administer and tends to be buggy.
More accurately, it traps any web crawler
More accurately, it does not trap any competent crawlers, which have per domain limits on how many pages they crawl.
Because their entertaining videos with cool rare/expensive tech are entertaining. I avoid reviews from them at this point (which is disappointing since Labs had potential), but the cool home server stuff or x Gamers 1 PC are just cool and there is not much like it elsewhere on YT.
Right, so if you massively extend your proposal, it could maybe make sense to a nontechnical person. Congratulations. Your original idea of just blocking google is still stupid and counterproductive to your stated goal.
Anyway, the real issue isn’t lack of competitors. It is vendor lock-in and lack of independent data backups. It would take significant effort for most companies to migrate from one cloud provider to another, since different providers use slightly different, incompatible technologies. And of course, if a cloud provider went down suddenly, a lot of data would be lost.
There is 0% possibility the US gov could do it covertly.
Sure, they could force it overtly but the rest of the world would have forks of Browsers like 15 minutes after it went through.
Besides, there is no need to go after the browsers. If you want a fake cert for a few days, EU has trusted certificate authorities just like the US that can issue a cert for any website (CAs are usually not restricted to specific TLDs). The CA would just get removed from browsers within days, same as browsers being replaced.
PS: Btw, iTrusChina is also a trusted CA. If the US is not concerned about their main adversary, China, forging certificates, why should EU be worried about an ally doing so?
“We don’t accept ideologically motivated changes” = White supremacist language… Yeah, sounds about like what I expected…