I still recommend it. I’m not fully happy with the situation but for now I consider it my best option.

1. I consider Chromium-based browsers out of the question as they give too much power to Google. This is already showing to be a problem with new APIs and “features” that Google is pushing into the web platform and the bigger the market share gets the more control they have.
2. Web browsers are the biggest attack surface that most people have. Displaying untrusted webpages and running untrusted code is incredibly difficult and vulnerabilities are regularly discovered. I don’t yet know a Firefox fork that I trust enough to reliably respond to security vulnerabilities quickly and correctly.

So for now I am staying with raw Firefox. Not to mention that as a disto-built Firefox I have some insulation from Mozilla’s ToS. But I am very much considering some of the forks, especially the ones that are very light with patches and are mostly configuration tweaks.

Wine will mount your root folder as a Windows drive by default. So if the malware is scanning all connected drives and encrypting/uploading them you still have a problem.

It’s definitely an option. It will do the things that you want (as long as your phone is online, but that is the same for any other solution).

sending Signal messages with it would be less secure

Yes, this is because Beeper converts the Signal protocol to the Matrix protocol and vice versa. In order to do this it needs to access the messages. So it needs to decrypt the messages, then re-encrypt them on the other side. This means that the bridge (in this case operated by Beeper) has access to your messages. This is often referred to as “end-to-bridge” encryption, as it isn’t end-to-end anymore.

This is going to be true of any bridge you use that is hosted by a third party. You are always adding one additional trusted party into your communication.

the recommended bridge instructions sends me over to Beeper, since I don’t have my own server

Yes, to practically operate a bridge you need your own Matrix server. This is because the bridge will create a new Matrix user for every remote participant (every phone number you communicate with in this case). Doing this with regular mechanisms would be difficult (as signup is likely restricted in some ways) and inefficient (as each account would need to be checked for new messages separately). Beeper runs their own homeserver so that they can operate their bridges. However Beeper’s bridges are only available to users on the same homeserver (this is not a protocol limitation, just their choice). So in order to use their bridges you need to make an account with them (which you can, it is free IIUC). Beeper also offers custom clients which have special features for interacting with their bridges (for example making it easier to start a conversation with a new phone number).

The alternative would be to run your own server and bridge (or hire someone to it on your behalf).

Oops, I linked the wrong one and got fooled because the most recent post is actually open again.

[email protected] is more active. (Although not bustling either)

[email protected] is active enough.

Yeah, public trackers definitely raise your chance of a notice by at least an order of magnitude. New content also tends to be more noisy than old content. I also found a drop by selecting “require encryption” although I can’t imagine why it would help (IIUC most of these scanners just connect to everyone in the swarm, not sniff random internet traffic.

I’ve been using nginx forever. It works, I can do almost everything I want, even if more complex things sometimes require some contortions. I’m not sure I would pick it again if starting from scratch, but I have no problems that are worth switching for.

The most likely situation is that the torrent isn’t good. I would also force a recheck of the torrent to double-check that the files on your disk haven’t been corrupted. But if that file is still saying “0 B” remaining (don’t just look at 100% as it may be rounded) after the recheck then I would bet pretty good money on a broken torrent. If this is a public tracker it is fairly common.

However even if it is broken you may be able to play by using a different players. Different apps can skip over different forms of corruption, so you may get lucky.

Why fail when you can just do the wrong thing “successfully”?

Nice. There were a few comics that I followed on Twitter due to lack of them posting other places. But it is nice to know that if I find another account that I am actually interested in I will be able to get a feed.

If you don’t need to watch Jeopardy live it is pretty readily available via torrents. Probably in better quality and without ads.

Sports are much harder to find. There are trackers but they are much harder to get into and I can’t attest to the completeness (I’m not really into sports) and watching it live is probably more relevant.

It would be wasteful to upload the full size image only to throw most of it away. JPEG compression is very cheap, especially at low resolutions (I assume that image search uses a pretty low-resolution source image). Doing it this way is actually what I would do for best user experience. (Not saying that they aren’t doing other malicious things, but doing the resizing on the client is actually a good idea)

This is my strategy. If I can’t bank on the website I find a new bank.

It is mostly about giving users tools to do moderation. So managers of communities can effectively apply policies and make it easy for people to share moderation decisions so that the work can be shared among communities that trust each other’s moderation decisions.

I’m very exited for this. Just boosting a post always seems so impersonal and out of context. I almost always want to add my own message to my followers. I regularly decide not to boost because of this. I would do it a lot more if I can add my own message/context.

The main issue is accepting incoming connections. When you are behind a NAT (as most VPNs are for IPv4) you need some solution (such as port-forwarding) to make your torrent client connectable. This causes a number of issues when torrenting.

1. When someone starts a download they will try to connect to the seeders. If the seeders are not connectable this will fail.
2. As a fallback when the seeders notice the leachers they will try to connect to them. If the leacher also isn’t connectable this will also fail.

If neither party is connectable the download can’t happen, so you may fail to get content that you want.

This is extra relevant if you are on private trackers where seeding is tracked, has direct value and is competitive. If you are not connectable every new downloader will immediately connect to the connectable seeders and finish the download before your client even knows that they exist. (reannounces for seeders can be very infrequent, such as hourly, so it will take an average of 30min for you to notice a new seeder and try to connect to them). This makes it very difficult to acquire much upload unless there are very few other seeders.

NAT is evil, all hail IPv6.

It would be nice if there was a shortcut to go “back to previous site”. Because on one hand using back to navigate around map moves is often very convenient, but sometimes I want to go to the site before the map. Having a two-level history with page and site would be super useful.

#1 items should be backups. (Well maybe #2 so that you have something to back up, but don’t delete the source data until the backups are running.)

You need offsite backups, and ideally multiple locations.

That isn’t what that document says. It says that they can impersonate you in non-E2EE scenarios. The clients I use warn me when a message isn’t properly encrypted so someone without E2EE keys can’t impersonate someone in an E2EE room.

That being said the general concept is a problem. I would love to see progress where all events from a user are signed by a device key and non-forgable. There is some thinking about this with portable identities (such as MSC2787) where you server is basically just storing and forwarding events but the root of trust is your identity and keys that you control. But none of this will land soon, not for many years.

Probably yes, it depends on your threat model.

If you are using E2EE on a matrix.org account then your message content, attachments (images) and most other traffic isn’t accessible to anyone but the people in the chat. However Matrix isn’t the most private option, it has a number of leaks such as reactions and chat topics (these are being worked on but aren’t close to happening).

For most people Matrix is a very private and secure option and the fact that it is federated is a huge plus. If you want something more secure you are probably looking at Signal (which you don’t want to use and isn’t federated) or Simplex Chat (which doesn’t have multi-device support).