I want to preface this by saying that yes, I know that Instagram is bad. I am planning to get rid of it in the future but as of now I have to keep it for communication with people who are only on that platform.
So I have grapheneOS, use protonvpn (free version), use mull as my browser, and do not have google play services enabled on my phone. I do have some apps downloaded through aurora store such as Instagram, whatsapp, mychart, and mint mobile, but the rest came from f-droid.
I have noticed multiple times that after having private conversations on matrix, I get Instagram content in my feed that is scarily accurate to the conversation I had on the other platform immediately after. I know that things discussed in Instagram direct messages and group chat will give suggested content based on those conversations, but I get stuff that that is very specific to what I have ONLY discussed on matrix and didn't look up via my browser.
So my question is how is Instagram doing this and what can I do to mitigate the spying it's doing on my other apps. Thanks.
Jitsi Meet and Matrix are missing system-wide/background push-to-talk (PTT) (to replace Discord).
-
Tell Jitsi -> github.com/jitsi/jitsi-meet-electron/issues/210
-
Tell Matrix -> github.com/element-hq/element-web/issues/15284
-
Tell Element Call -> call.element.io (Settings > Feedback)
-
Tell SimpleX -> github.com/simplex-chat/simplex-chat/issues/2398
Alternatives (obviously must be cross-platform end-to-end encrypted libre software)?
From their About page:
Project Liberty is stitching together an ecosystem of technologists, academics, policymakers and citizens committed to building a people-powered internet—where the data is ours to manage, the platforms are ours to govern, and the power is ours to reclaim.
I just heard Frank McCourt on a podcast plugging his book "Our Biggest Fight".
It was great to hear someone with a voice talking about the problems we see with user data and social media, especially the problem of the Social Graph (the map of all your social connections, which includes weights and values).
Their solution to this problem was to develop a social networking protocol that enables any compliant app to use (think how email works - a standard protocol, SMTP), but encrypted and user data controlled by the user. They call it DSNP - Decentralized Social Networking Protocol.
I see both sides of their approach, I'm kind of ambivalent, lots of concern here long-term.
They've already acquired MeWe and have converted some users to this protocol. He wants to buy the US side of TikTok (if it becomes available) and convert it to DSNP, which would encrypt about 30 million US accounts.
I'm always cynical about stuff that sounds promising, but I don't have the tech background to really dissect what they're doing. Anyone understand this better?
I have no idea where to even start to combat such things. Healthcare professionals must appease the masses of their peers.
I've seen this first hand in the corporate world, where it's called a 360 review. It's a popularity contest.
While there's value in the idea of such reviews, they're ripe for abuse. It codifies an environment of dishonesty - where people who are good at masking (err, sociopaths anyone) excel.
I had two reasons, the first is because i found it way too easy to spend on my card without thinking, and the second because I wanted to regain a bit of privacy alongside everything else I'm doing. Ive set it up in my bank that on payday, an amount of my salary automatically goes to the bills account, some goes to long term savings, some to short term savings, then the rest I take out in cash.
It really does change my perception of spending I think: Ive found myself not buying things because I didnt want to break a note and carry change. I can physically see how much I have left. I can take £20 to the pub and leave when its finished. Plus it feels really good knowing every single transaction isnt stored forever. I have a small amount of money on a contactless ring for emergencies like a bus fare or somewhere that unexpectedly only takes card.
Is anyone else still predominantly using cash day to day?
I tried looking for lists but didn't find any.
The Work Number is US-specific and where your employers input your salary data for future employers to see. You can opt out here: https://employees.theworknumber.com/employee-data-freeze/.
@privacy Should I use my carrier messages app?
My network provider namely reliance jio also built an messaging app for Android. It have defiantly sms, mms support, and also RCS, organiser, etc.
So should I use it or not?
Asking as if I am not wrong all the sms info go by their server so they already know everything.
What else will they get from me if I use their app?
Basically I started with mullvad then turned to proton but after they introduced AI and a crypto wallet I’m just looking for what peoples opinions are.
EDIT: Thank you all for your suggestions and opinions :D
After almost 2 years, Privacy Guides has added a new Hardware Recommendations section to their website.
Thanks to Daniel Nathan Gray and others for implementing this new hardware guide
https://github.com/positive-intentions/chat
probably not... Because I'm comparing it to everything... but id like to share some details about how my app works so you can tell me what im missing. id like to have wording in my app to say something like "most secure chat app in the world"... i probably cant do that because it doesnt qualify... but i want to understand why?
im not an expert on cyber security. im sure there are many gaps in my knowlege in this domain.
using javascript, i created a chat app. it is using peerjs-server to create an encrypted webrtc connection. this is then used to exchange additional encryption keys from cryptography functions built into browsers to add a redundent layer of encryption. the key exchange is done like diffie-helman over webrtc (which can be considered secure when exchanged over public channels)
-
i sometimes recieve feedback like "javascript is inherently insecure". i disagree with this and have opened sourced my cryptography module. its basically a thin wrapper around vanilla crypto functions of a browser. a prev post on the matter.
-
another concern for my kind of app (PWA) is that the developer may introduce malicious code. this is an important point for which i open sourced the project and give instructions for selfhosting. selhosting this app has some unique features. unlike many other selfhosted projects, this app can be hosted on github-pages for free (instructions are provided in the readme). im also working on introducing a way that users can selfhost federated modules. a prev post on the matter.
-
to prevent things like browser extensions, the app uses strict CSP headers to prevent unauthorised code from running. selfhosting users should take note of this when setting up their own instance.
-
i received feedback the Signal/Simplex protocol is great, etc. id like to compare that opinion to the observation in how my todo app demo works. (the work is all experimental work-in-progress and far from finished). the demo shows a simple functionality for a basic decentralized todo list. this should already be reasonably secure. i could add a few extra endpoints for exchanging keys diffie-helman style. which at this point is relatively trivial to implement. I think it's simplicity could be a security feature.
-
the key detail that makes this approach unique, is because as a webapp, unlike other solutions, users have a choice of using any device/os/browser.
i think if i stick to the principle of avoiding using any kind of "required" service provider (myself included) and allowing the frontend and the peerjs-server to be hosted independently, im on track for creating a chat system with the "fewest moving parts". im hope you will agree this is true p2p and i hope i can use this as a step towards true privacy and security. security might be further improved by using a trusted VPN.
i created a threat-model for the app in hopes that i could get a pro-bono security assessment, but understandable the project is too complicated for pro-bono work.
while there are several similar apps out there like mine. i think mine is distinctly a different approach. so its hard to find best practices for the functionalities i want to achieve. in particular security practices to use when using p2p technology.
(note: this app is an unstable, experiment, proof of concept and not ready to replace any other app or service. It's far from finished and provided for testing and demo purposes only. This post is to get feedback on the app to determine if i'm going in the right direction for a secure chat app)
Introduction
I am a fan of Louis Rossmann. This will be very evident in the rest of the message. I saw how many companies tried to get away with anything and everything they possibly could, and I began to get very upset. I wanted to know what a perfect software would be like, one that was ethical, open, and had no way to pull the rug out from under its users. Many of the things Rossmann says were introduced into this philosophy, as well as some of my own views. I wanted to create a sort of guideline for how software should be.
Early draft
This took multiple months to complete, multiple drafts (lots of which were written by hand), lots of sections compressed and decompressed, and lots of research and time to think. With all of that said, I am absolutely terrible at writing. I would either be too detailed, not detailed enough, or other various problems. However, I am including an early draft because it seems to hold its own slightly differing vision. This is an early draft written by hand:
-
Transparency and availability All of the software's code should be completely open source. No part of the software should be proprietary, including dependencies, blobs, drivers, extensions, website, installers, servers, etc. Those all fall under the same conditions listed in this whole document. No dependencies should be included unless they are essential for the software's core functionality or explicitly requested by the user. All dependencies should be clearly documented, and their purpose should be easily understandable by the user. The entire source code should be accessible to everyone, without any restriction, censorship, or moderation. There should be no requirement to create an account, verify identity, pay any amount, or any other extra steps to be able to access the source code in its entirety.
-
Legibility Every part of the code should also be understandable. Obfuscation, encryption, or any other attempts to create code that is not understandable is not allowed. All code should be well written, clearly understandable, and well documented. Documentation should be clearly understandable and falls under the same conditions as the code itself in terms of how it can be accessed. Furthermore, all documentation should be able to be easily accessible entirely offline. All code and its extensions should be free to study, edit, and distribute without restriction.
-
Availability, equality, and ease of use The entire software should be available to everyone for installation. There should be no restriction or censorship on who, when, or where (geographically and digitally) the software can be installed. There should also be no discrimination on who is able to use the software. Same installations of the software should be identical for all users. The software should be easy to install and uninstall, and all traces of the software should be removed after installation.
-
Free of cost The entire software should be completely free of cost. There should be no free trials, no subscriptions, no paid portions, etc. There should also be no paid alternative to the software with added functionality (such as a "premium" tier) The full version of the software should be completely free to download, install, and use to its full functionality.
-
Update availability and backwards compatibility All software updates should be optional. No updates should be required, no matter how important. Users should not be bothered about updates besides a single notifier when an update is available. There should be clear options to select which portions of the software get updated, if any, how the software is updated, and clear descriptions of which portions are receiving updates. There should be no restriction of censorship about who receives updates. All updates should be identical for all users. An offline update capability should be implemented, for users to download an update separately and update the software in an offline environment. All older versions of the software should be available to rollback to, or to install fresh.
-
Extension ease of use Extensions and plugins should be available to create and install for the software. These extensions fall under the same conditions listed in this entire document. Extensions should be easy to create and implement into the software. There should be no moderation, restriction, regulation, or censorship on which extensions can be installed and used.
-
Offline capabilities The entire software should be able to function to its full capabilities in an entirely offline environment. No part of it should ever rely on external sources such as cloud servers, website pings, etc. There should be no limitation on the functionality of the software in an offline environment.
-
Data control and interoperability All user data stored by the software should be easy and free to be able to import, export, modify, delete, and transfer at all times. This functionality should be clearly implemented, with no added steps. Data should also be completely interoperable with other similar softwares.
-
Account freedom and security The software should never ask or force the creation of an account, identity verification, or any other form of authentication. All portions of the software should be completely accessible without any further verification. However, if a user decides to credential protect certain portions of the software for security reasons, credentials should be stored entirely locally and securely.
-
Universal compatibility and freedom The software should strive to be compatible with as many systems and devices as possible. There should be no restrictions on which operating systems or devices the software can be installed on besides what is not possible to do. For all installations, clear debug messages should be present for errors in the software, as well as an easy system to manage these error messages.
-
Perpetual access The software should be available to install and use in full perpetually. There should be no time limit to be able to access the full functionality of the software. Trial versions of the software are not allowed. Users should have perpetual and unrestricted access to the complete software.
-
Optional legal agreements Users should never be asked or forced into any legal agreements, contracts, terms of service, terms of use, privacy policies, etc. If it is absolutely necessary that any of those are included, there should be a clear and easy way to opt out completely from all parts of the agreement. Users should be fully opted out by default from any agreements, and users should be clearly aware of what they are opting into. The agreement should be written in a manner that can be easily understood, and in a manner that is clearly visible to the user. Users should be able to change their preferences afterwards, in an easy and clear way.
-
Permissions The software's permissions should be easily changeable. Permissions include access to devices such as microphone and webcam, access to certain folders and files, access to modify and delete files, etc. These permissions should be clearly listed, and no unnecessary permissions should be enabled by default.
Disclaimer
Because I am terrible at writing, most of this was painstakingly generated using LLaMA 3.1 70B & 405B. Believe it or not, this was actually a lot of work. Not only did I have to give detailed enough explanations for it to give an output that aligned with my vision, but formatting and sorting each section took an insane amount of work. Not to mention hallucinations, outputs that did not fit the prompt, rate limiting, and multiple other issues. Finally, after months of planning, preparation, tweaking, and editing, I am happy with what has been created.
How to help
Even though I am happy with what has been created, it is by no means perfect and needs a massive amount of human intervention to improve it. Be nitpicky! I want to make this something the community is happy with, and something that is free of flaws and loopholes. I am very open to feedback here, since this is not the final version.
The Philosophy
Category: Open-Source and Licensing
-
Open-Source Ecosystem: The entire software ecosystem, encompassing the core codebase, as well as all supplementary components, modifications, and derivatives, should be transparently and freely accessible to anyone. This means that all extensions, add-ons, plugins, and integrations, regardless of their origin or purpose, should be developed and shared under open-source licenses. Similarly, any forks or variations of the original software should also be openly available, allowing the community to benefit from diverse perspectives and innovations. By embracing openness and collaboration, the software can evolve more rapidly, securely, and equitably, with the collective efforts of a global community driving its growth and improvement.
-
Free and Open-Source License: The software should be made available under a free and open-source license, allowing users to freely study, modify, and distribute the software. This means that the software should be released under a license that grants users the freedom to use, modify, and distribute the software, without any restrictions or limitations. The software should be made available in a format that is easily accessible and modifiable, such as source code, and should be accompanied by clear and concise documentation that explains how to use, modify, and distribute the software. The license should also allow users to create and distribute derivative works, such as modified versions of the software, and should not impose any restrictions on the use of the software for any purpose, including commercial use. By making the software available under a free and open-source license, the developers can promote collaboration, innovation, and community involvement, and can help to ensure that the software remains free and open for the benefit of all users. Additionally, the software should also be made available in a way that is accessible to people with disabilities, and should be designed to be usable by people with a wide range of abilities and needs.
Category: Code Quality and Development
-
Readability and Code Quality: The code should be crafted with the utmost care for readability, making it effortless for humans to comprehend its intent, logic, and behavior. This means that the code should be written in a clear, concise, and consistent manner, using a syntax that is easy on the eyes. Variables, functions, classes, and other programmatic elements should be assigned descriptive and meaningful names that accurately convey their purpose and role, avoiding ambiguity and confusion. Additionally, the code should be liberally annotated with high-quality comments that provide context, explain complex concepts, and highlight key decisions, making it easier for developers to understand, maintain, and extend the codebase over time. By prioritizing readability, the code becomes a valuable resource for knowledge sharing, collaboration, and collective growth.
-
Comprehensive Documentation: The code should be accompanied by comprehensive, accurate, and up-to-date documentation that provides a complete understanding of its functionality, behavior, and underlying architecture. This documentation should include detailed explanations of each component, module, and interface, as well as usage examples, tutorials, and guides that facilitate easy adoption and integration. Furthermore, the documentation should be written in a clear, concise, and accessible manner, using language that is free from technical jargon and assumptions about prior knowledge. By providing thorough documentation, the code becomes a self-contained resource that empowers developers to quickly grasp its inner workings, troubleshoot issues, and make informed decisions about customization, extension, and maintenance. This, in turn, fosters a culture of transparency, collaboration, and continuous improvement, where the codebase serves as a shared knowledge base for the entire community.
-
Modular and Extensible Architecture: The software should be designed with a modular and extensible architecture, allowing users to customize and enhance its functionality through the use of extensions or plugins. This means that the software should provide a robust and well-documented API, as well as a plugin framework, that enables developers to create custom extensions that can interact with and modify the software's core functionality. The software should also provide a user-friendly interface for managing and installing extensions, making it easy for users to discover, download, and install new extensions. Furthermore, the software should be designed to allow extensions to be developed for all portions of the software, including the user interface, data processing, and core functionality. This will enable users to tailor the software to their specific needs and workflows, and will also enable developers to create specialized extensions that can be shared with the broader user community. By providing a robust extension framework, the software can become a platform for innovation and customization, allowing users to create a tailored experience that meets their unique needs and requirements.
-
Transparent Development Process: The development process for the software should be transparent and clear, with documentation for each step of the process. This means that the development team should maintain a publicly accessible repository of documentation, including design documents, meeting notes, and technical specifications, that provides a clear understanding of the development process and the decisions that are being made. The documentation should be up-to-date and accurate, reflecting the current state of the software and any changes that are being made. Additionally, the development team should provide regular updates on the development process, including blog posts, social media updates, and email newsletters, that keep users informed about what is happening and what to expect. Any outages or disruptions to the software should be clearly communicated to users, with explanations of what happened, how it is being fixed, and when the software is expected to be back online. The development team should also provide a clear and transparent process for reporting and tracking issues, with a publicly accessible bug tracker and a clear process for submitting and resolving issues. By providing transparent and clear documentation and communication, the development team can build trust with users and demonstrate a commitment to openness and accountability.
Category: Deployment and Updates
-
Uniform Deployment and Updates: All users should receive the same version of the software, with identical features, functionality, and updates, regardless of their location, device, or usage patterns. This means that the software should be deployed and updated uniformly, without any hidden variations, experiments, or segmentations that could create unequal experiences or introduce unnecessary complexity. No user should be unwittingly enrolled in A/B testing, beta programs, or other forms of differential treatment that could compromise their experience or create uncertainty about the software's behavior. By maintaining a single, unified codebase and deployment process, the software can ensure consistency, reliability, and fairness for all users, while also simplifying testing, debugging, and support processes. This approach also helps to build trust and transparency with the user community, who can rely on a predictable and uniform experience across the board.
-
Access to Previous Versions: The software should maintain a comprehensive archive of all previous versions, making it possible for users to access, download, and install any earlier version of the software that meets their specific needs or preferences. This means that users should have the freedom to choose the version that works best for them, whether it's due to compatibility issues, feature requirements, or simply a preference for a previous user interface. Furthermore, the downgrade process should be straightforward and reversible, allowing users to seamlessly transition between versions without losing data, settings, or functionality. By providing unfettered access to previous versions, the software acknowledges that users have different needs and workflows, and empowers them to make informed decisions about their own software experience. This approach also demonstrates a commitment to user autonomy, flexibility, and choice, while also facilitating testing, debugging, and troubleshooting efforts by providing a clear and accessible version history.
-
Optional Updates: Updates to the software should be optional, with users having complete control over what updates are applied and when. This means that the software should provide a clear and transparent update process, with detailed information about what changes are being made, why they are necessary, and what benefits they will bring. Users should be able to select which updates to apply, and which to ignore, with the ability to easily opt-out of any update that they do not want. Furthermore, the software should provide a clear and easy-to-use interface for managing updates, with options for selecting specific updates to apply, viewing update history, and rolling back to previous versions if needed. The ability to easily undo any and all updates should be a key feature of the software, allowing users to quickly and easily revert to a previous version if an update causes issues or is not desired. This approach recognizes that users have different needs and preferences when it comes to updates, and provides them with the flexibility and control to manage their software experience in a way that works best for them. By making updates optional and providing clear selection and undo options, the software can help to build trust with users and ensure that they feel in control of their software experience.
Category: Portability and Compatibility
-
Portability and Compatibility: The software should be designed to be maximally portable and compatible, with the goal of running seamlessly on a wide range of systems, hardware configurations, and architectures. This means that the software should be developed with a focus on platform independence, using technologies and techniques that enable it to adapt to diverse environments and ecosystems. Whether it's running on a desktop computer, laptop, mobile device, server, or embedded system, the software should strive to be compatible with various operating systems, processor architectures, and hardware platforms. By embracing this philosophy, the software can reach a broader audience, increase its utility and value, and provide a more inclusive and equitable experience for users across different technological contexts. This approach also promotes flexibility, resilience, and future-proofing, as the software can more easily adapt to changing technological landscapes and evolving user needs.
-
Interoperability: The software should be designed to be completely interoperable with other programs and systems, allowing users to seamlessly integrate it into their existing workflows and ecosystems. This means that the software should support open standards and formats, enabling users to easily import and export data, and exchange information with other applications and services. The software should also provide APIs, SDKs, and other integration tools, making it easy for developers to build custom integrations and extensions. Furthermore, the software should be compatible with a wide range of operating systems, devices, and platforms, ensuring that users can access and use it regardless of their technical environment. The software should also support multiple data formats, protocols, and interfaces, allowing users to easily integrate it with other systems and applications. By prioritizing interoperability, the software can provide users with a flexible and adaptable solution that can be easily integrated into their existing workflows, and can help to break down silos and promote a more connected and collaborative environment. Additionally, the software should also be able to work with other software and systems that are not yet known or developed, by using open and extensible architecture and protocols.
-
Universal Accessibility: The software should be designed to be universally accessible, available to everyone regardless of their location, nationality, age, sex, background, or any other characteristic. This means that the software should be free from any geographical, cultural, or linguistic barriers that could limit its accessibility. The software should be translated into multiple languages, and should be compatible with different operating systems, devices, and platforms to ensure that it can be used by people from diverse backgrounds and with varying levels of technical expertise. The software should also be designed to be accessible to people with disabilities, with features such as screen reader compatibility, high contrast mode, and keyboard-only navigation. Additionally, the software should be available to people of all ages, with a user interface that is intuitive and easy to use for both children and adults. The software should not discriminate against any individual or group based on their nationality, ethnicity, sex, or any other characteristic. By being universally accessible, the software can promote global understanding, collaboration, and equality, and can help to bridge the digital divide that exists between different communities and regions.
Category: Security and Privacy
-
Security: The software should be designed with security as a top priority, incorporating the latest security standards, best practices, and technologies to protect users' data and prevent potential vulnerabilities. This means that the software should be built using secure coding practices, such as secure coding guidelines, code reviews, and static analysis, to minimize the risk of common web application vulnerabilities. Additionally, the software should be regularly audited and tested for security vulnerabilities, using both manual and automated testing techniques, to identify and address potential weaknesses. To further enhance security, the software should also implement a bug bounty program, which incentivizes security researchers to identify and report vulnerabilities, allowing the development team to quickly address and fix them. The software should also stay up-to-date with the latest security patches and updates, ensuring that any known vulnerabilities are promptly addressed. Furthermore, the software should use secure communication protocols, such as HTTPS and TLS, to protect user data in transit, and implement secure data storage practices, such as encryption and access controls, to protect user data at rest. By prioritizing security and continuously monitoring and improving its security posture, the software can provide users with a safe and trustworthy experience.
-
User Privacy: The software should be designed with a strong commitment to user privacy, ensuring that it does not collect, transmit, or store any personal data or usage information without the user's explicit consent. This means that the software should not include any telemetry or tracking mechanisms, such as analytics, crash reporting, or usage monitoring, that could potentially compromise the user's anonymity or reveal their behavior. The software should also avoid any form of data harvesting, profiling, or behavioral analysis, and should not share any user data with third-party services or advertisers. Furthermore, the software should provide users with complete transparency and control over their data, allowing them to easily inspect, modify, and delete any data that is stored locally on their device. By respecting user privacy and avoiding telemetry, the software demonstrates a commitment to trust, transparency, and user autonomy, and helps to protect users from the risks of data exploitation and surveillance.
-
Privacy-Invasive Features: The software should be designed with a strong commitment to protecting user privacy, ensuring that any feature or functionality that could potentially compromise user privacy is carefully evaluated and implemented in a way that prioritizes user control and consent. This means that any feature that could be considered privacy-invasive, such as data sharing, tracking, or profiling, should be explicitly opted-out by default, requiring users to actively choose to enable it if they wish to do so. Furthermore, the software should provide clear and transparent explanations of how each feature works, what data it collects, and how it is used, allowing users to make informed decisions about their privacy. Any feature that is deemed to be potentially privacy-invasive should be clearly labeled as such, and users should be provided with easy-to-use controls to disable or configure it to their liking. By prioritizing user privacy and providing transparent and granular controls, the software empowers users to take control of their own data and make informed decisions about their online activities.
-
Anonymity: The software should be designed to be completely anonymous, ensuring that users can interact with it without revealing their identity or providing any personal information. This means that the software should not collect, store, or transmit any data that could be used to identify the user, such as IP addresses, device fingerprints, or browser cookies. The software should also not request or require any form of identification, such as usernames, passwords, or email addresses, and should not prompt users to provide any personal information, such as names, addresses, or phone numbers. Furthermore, the software should be designed to operate independently of any external services or systems that may collect or store user data, ensuring that users can use the software without being tracked or monitored. By prioritizing anonymity, the software can provide users with a safe and private experience, allowing them to use the software without fear of surveillance, data collection, or identity theft. Additionally, the software should also be designed to resist any attempts to de-anonymize users, such as through traffic analysis or other forms of surveillance, by using techniques such as encryption, secure communication protocols, and decentralized architectures.
-
Sandboxed Environment: The software should be designed to operate in a sandboxed environment, where it is completely isolated from the rest of the system and cannot access or modify any sensitive data or system resources. This means that the software should be executed in a virtualized environment, such as a container or a virtual machine, that provides a strict separation between the software and the underlying system. The sandboxed environment should be configured to restrict the software's access to system resources, such as the file system, network, and hardware devices, and should prevent the software from making any changes to the system or its configuration. The software should also be designed to operate within the sandboxed environment, with no dependencies on external libraries or services that could potentially compromise the security of the system. By operating in a sandboxed environment, the software can provide a high level of security and isolation, preventing any potential security vulnerabilities or exploits from affecting the rest of the system. Additionally, the sandboxed environment should also provide a clear and transparent way to monitor and audit the software's activity, allowing users to easily track and understand what the software is doing and how it is interacting with the system.
-
Granular Permissions: The software should be designed with a robust and granular permissions system, allowing users to control exactly what data and functionality the software has access to. This means that users should be able to grant or deny specific permissions, such as camera access, file access, or location services, on a case-by-case basis. Furthermore, the software should only request the permissions that are absolutely necessary for its core functionality, and should not request extraneous permissions that could be used to collect unnecessary data or compromise user privacy. By default, all permissions should be turned off, and users should be required to explicitly opt-in to each permission before the software can access the corresponding data or functionality. This approach recognizes that users have different needs and preferences when it comes to data sharing and access, and allows them to tailor the software's behavior to their individual circumstances. The permissions system should also be transparent and easy to understand, with clear explanations of what each permission allows the software to do, and why it is necessary. By providing users with granular control over permissions, the software can demonstrate its commitment to user autonomy and data protection, and can help to build trust with its users.
Category: User Experience
-
Simplicity and Ease of Use: The software should be designed with simplicity and ease of use in mind, making it accessible to users of all skill levels and backgrounds. This means that the software should be easy to install, with a straightforward and streamlined installation process that requires minimal user input. Once installed, the software should be intuitive to use, with a clear and logical interface that makes it easy for users to find and access the features and functions they need. The software should also be easy to uninstall, with a simple and complete removal process that leaves no residual files or settings behind. Updates should be seamless and automatic, with clear notifications and explanations of what changes have been made and why. Navigation within the software should be straightforward and intuitive, with no obscured or hidden menus or options. All features and functions should be clearly labeled and easily accessible, with no unnecessary complexity or clutter. The software should also provide clear and concise documentation and support resources, including user manuals, tutorials, and FAQs, to help users get the most out of the software and troubleshoot any issues that may arise. By prioritizing ease of use and simplicity, the software can reduce user frustration and anxiety, and make it easier for users to achieve their goals and accomplish their tasks.
-
User-Friendly Agreements: Any legal agreements or terms of service associated with the software should be designed to prioritize user autonomy and flexibility. This means that users should have the ability to opt out of specific or all parts of the agreement, and that opting out should be the default behavior. In other words, users should not be required to opt in to any terms or conditions, and should instead be able to choose which parts of the agreement they wish to accept or reject. This approach recognizes that users have different needs and preferences, and allows them to tailor their relationship with the software to their individual circumstances. By providing users with the ability to opt out of specific or all parts of the agreement, the software can demonstrate its commitment to transparency, fairness, and user empowerment. Furthermore, the software should also provide clear and concise language in its agreements, avoiding legalese and technical jargon that could confuse or intimidate users. The goal should be to create a legal framework that is fair, flexible, and user-friendly, and that prioritizes the needs and interests of users above all else.
-
Efficiency and Performance: The software should be designed to be efficient and optimized for performance, using only the necessary processing power and resources to accomplish its tasks. This means that the software should be written with a focus on minimizing computational overhead, reducing unnecessary computations, and optimizing data structures and algorithms for speed and efficiency. The software should not intentionally introduce lag or delay, nor should it use more processing power than necessary to discourage certain behaviors or to create a perceived sense of complexity. Instead, the software should strive to provide a seamless and responsive user experience, with fast and efficient performance that allows users to complete their tasks quickly and easily. The software should also be designed to adapt to different system configurations and hardware capabilities, ensuring that it runs efficiently on a wide range of devices and platforms. Furthermore, the software should be designed to minimize its impact on system resources, such as memory and CPU usage, and should not consume excessive amounts of power or battery life. By prioritizing efficiency and performance, the software can provide a better user experience, reduce frustration and annoyance, and help to minimize the environmental impact of computing.
Category: User Control and Autonomy
-
Perpetual Access: Users should have the freedom to access and utilize the software to its fullest potential, without any artificial restrictions, limitations, or time constraints. This means that the software should not be designed with expiration dates, subscription-based models, or other mechanisms that could potentially limit its use or functionality over time. Once a user has obtained the software, they should be able to continue using it, without interruption or degradation, for as long as they see fit. The software should not be subject to vendor lock-in, forced upgrades, or other forms of coercion that could compromise the user's autonomy or freedom to choose. By granting users perpetual access to the software, the developers acknowledge that the user has invested time, effort, and resources into learning and utilizing the software, and that they should be able to reap the benefits of that investment without fear of interruption or loss of functionality.
-
Offline Capability: The software should be designed to function fully and independently in an offline environment, without relying on a constant internet connection to operate. This means that all core features, functionality, and data storage should be self-contained within the software, allowing users to work, create, and interact with the software without any dependency on external networks or servers. Unless a specific feature or module explicitly requires an internet connection to function (e.g., online collaboration, cloud syncing, or data fetching), the software should be able to operate seamlessly in offline mode, without any degradation or loss of functionality. By prioritizing offline capability, the software ensures that users can work efficiently and effectively, even in areas with limited or no internet connectivity, and that their productivity and workflow are not disrupted by network outages or connectivity issues.
-
User Data Control: Users should have complete control over their data, with the ability to easily import, edit, delete, and export all of their data in a format of their choice. This means that the software should provide a straightforward and intuitive interface for managing data, with clear and concise options for importing data from other sources, editing existing data, deleting data that is no longer needed, and exporting data to other applications or formats. The software should also support a wide range of data formats, including CSV, JSON, XML, and others, to ensure that users can easily exchange data with other applications and services. Furthermore, the software should provide users with the ability to customize the data import and export process, with options for selecting specific data fields, filtering data, and transforming data into different formats. The software should also provide users with a clear and transparent view of their data, with options for viewing data in different formats, such as tables, charts, and graphs. By providing users with complete control over their data, the software can empower users to manage their data in a way that meets their needs, and help to build trust and confidence in the software.
-
User Content Ownership: Users should have complete ownership and control over any content created or generated by or using the software. This means that users should be able to export, share, and use their content in any way they see fit, without any restrictions or limitations imposed by the software or its developers. The software should not claim any ownership or rights to user-generated content, and should not use such content for any purpose without the user's explicit consent. Users should be able to export their content in a format that is compatible with other software and platforms, and should be able to use their content for any purpose, including commercial use. The software should also provide users with the ability to delete their content at any time, and should ensure that all user-generated content is stored securely and in accordance with the user's preferences. Furthermore, the software should be designed to ensure that users' content is not used for any purpose that is not explicitly authorized by the user, and should provide users with clear and transparent information about how their content is being used and shared. By giving users complete ownership and control over their content, the software can promote creativity, innovation, and freedom of expression, and can help to build trust and confidence in the software and its developers.
-
Complete Uninstallation: When the software is uninstalled, it should be completely and thoroughly removed from the user's system, leaving no residual files, folders, registry entries, or other remnants behind. This means that the uninstallation process should be designed to delete all files, settings, and data associated with the software, including any configuration files, cache files, and other temporary files that may have been created during use. The software should also remove any registry entries, system hooks, or other system modifications that were made during installation, restoring the system to its original state. Furthermore, the software should not leave behind any hidden or obscure files or folders that could potentially be used to track or monitor the user's activities. The uninstallation process should be transparent and straightforward, with clear notifications and progress updates to let the user know what is happening. Once the uninstallation is complete, the software should be completely gone, with no lingering presence or influence on the system. By ensuring a complete and thorough uninstallation, the software can demonstrate its respect for user autonomy and system integrity, and help to maintain a clean and organized system.
-
Decentralized Operation: The software should be designed to operate in a decentralized manner, where no single central server or authority controls the flow of data, updates, or functionality. Instead, the software should be able to function autonomously, leveraging peer-to-peer networks, distributed architectures, and decentralized protocols to enable users to interact, share, and collaborate without relying on a single point of failure. This means that the software should be capable of self-organization, self-healing, and self-updating, using mechanisms such as blockchain, distributed hash tables, or other decentralized technologies to ensure its continued operation and evolution. Furthermore, the software should provide a decentralized means of distribution, allowing users to download and share the software using peer-to-peer networks, such as BitTorrent, or other decentralized file-sharing protocols. By decentralizing both the software's operation and distribution, users can enjoy greater autonomy, resilience, and freedom, while also promoting a more open, inclusive, and community-driven development process.
Category: Community and Cost
-
Community-Driven: The software should be designed to be community-driven, with a decentralized governance model that allows for collective decision-making and shared ownership. This means that the software should not be controlled by a single entity, such as a corporation or individual, but rather should be maintained and developed by a community of users and contributors. The community should have a say in the direction and development of the software, with opportunities for feedback, suggestions, and participation in decision-making processes. The software should also have extensive community support, with a strong and active community of users, developers, and contributors who can provide help, guidance, and resources to one another. This can include online forums, social media groups, documentation, and other resources that facilitate communication and collaboration. By being community-driven, the software can ensure that it remains free from corporate or individual interests, and is instead guided by the needs and values of its users. This approach can also help to foster a sense of ownership and responsibility among community members, who can work together to maintain and improve the software over time.
-
Cost-Free: The software should be completely free of cost, with no fees, charges, or subscriptions required to use it. This means that the software should be available for download and use without any financial obligation, and that users should not be required to pay for any features, updates, or support. Furthermore, the software should not have any paid or premium alternatives, such as "pro" or "enterprise" versions, that offer additional features or functionality for a fee. Instead, the software should be a single, unified product that is available to all users at no cost. By being entirely free of cost, the software can be accessible to a wider range of users, including those who may not have the financial resources to pay for software. This can help to promote digital inclusion and equality, and can also help to ensure that the software is used for the benefit of all users, rather than just those who are willing or able to pay for it. Additionally, the software should also be free from any advertising, sponsored content, or other forms of monetization that could compromise the user experience or create conflicts of interest.
-
No Account Requirement: The software should never require users to create an account or provide any personal information to use its full functionality. This means that users should be able to download, install, and use the software without ever being prompted to sign up, log in, or provide any identifying information. The software should be designed to operate independently, without relying on any external services or systems that require user authentication. Furthermore, the software should not use any tracking or analytics mechanisms that could be used to identify or profile users, even if they choose not to create an account. By not requiring an account, the software can provide users with a truly private and anonymous experience, free from the risks of data collection, profiling, and targeted advertising. This approach also respects users' autonomy and freedom to use the software without being forced to surrender their personal data or create a digital identity. The software should be designed to work seamlessly without an account, providing users with the same level of functionality and performance as if they had created an account.
Explanations
You may be wondering about why I added certain things I did. Here are a few:
-
Readability and Code Quality: This is to prevent obfuscation or other things that prevent open source code from being easily readable and modifiable. It also means you can't release a compiled program and call it open source.
-
Modular and Extensible Architecture: Things like sideloading exist so that developers don't create a monopoly on proprietary-in-nature ways to change or extend software.
-
Uniform Deployment and Updates: Lots of companies (Google and Meta, to name a couple) will release slightly different versions of software to different people as a way to collect usage data for different designs and code adjustments. YouTube has also released a tool to do this with thumbnails. While I see the benefit, I personally do not agree with the idea that different users should be running different types of the same software.
-
Sandboxed Environment: Lots of software (such as games with anticheat) require you to run it in an unsandboxed environment and abuse those rights to gain privacy invasive access to the system
-
Efficiency and Performance: This section is due to one of my own personal experiences. Before I started my privacy journey, I had gotten a brand new flagship phone and installed Instagram on it. Instagram should have no problem running on the latest and greatest of devices. I noticed in a convoluted menu where you could set ad preferences, whenever I tried to change (manually, one by one, for each ad category) my ad preferences, my phone would get extremely hot and start slowing down until I exit the menu or closed the app. While I can't confirm, I can absolutely see motive for them to intentionally make the device commit digital suicide when you try to grasp any shred of privacy, and even if that isn't what happened, I don't like the possibility.
Thank you!
Thank you all for taking the time to read through my philosophy. It took a lot of time and effort to create, and I hope I can make it better for everyone!
Is there a Foss TTS ( it's ok if it relies on local Ai ), I'm using RHvoice but it's really robotic ... It's painful.. 😅
Is there's something that could compete with Google TTS which is preinstalled on stock Android ?
I am looking for a new Android smartphone (currently on iOS).
Obviously I read about GrapheneOS as the „Gold Standard“ of alternative OS. But the downside is that it only runs on Pixels. Which is kinda weird to buy a device from a company you want to „boycott“ (de-Google).
On the other hand I kinda like the approach of Fairphone: most parts are easy repairable, parts are available and cheap compared to Google and Apple. But the downside here is that it isn’t supported by GrapheneOS, doesn’t have the most capable hardware for the price and probably won’t get 7 years of updates like the Pixel 8a in comparison.
So that leaves me with a „analysis paralysis“: I have to choose a device and a CustomROM.
/e/OS does seem interesting but I read some comments that it isn’t that secure like GrapheneOS. I don’t need that high-level of security but it should be significantly more than stock Android to be worth all the hassle by installing/using a CustomROM. On the other hand I don’t want to sacrifice every comfort for the sake of the last bit of (theoretical) security.
Did someone go down this path as well recently and can share some experiences? Maybe there is even some better alternative.
I'm just curious This people just randomly started following me on twiter. I found it a odd and the site looks bit... Not serious, lacking better word
Do you think it's worth keeping 2FA OTPs in a separate source from your password manager? Currently I keep them in Bitwarden. I was thinking keeping them separate could add a little extra security in case my BW was cracked, but not sure it's worth the hassle of loading a second app for logins.
Do you know of an app that does 2FAs as conveniently as Bitwarden, in that it has mobile apps, browser extension, etc that can all access the same vault?
here's one i came across from an awesome-selfhosted list. i would need to test the PWA experience https://github.com/Bubka/2FAuth
Is there any up-to-date method to keep the Meta Quest 3 as privacy friendly as possilbe? I know it can't be made perfect, but maybe some known working block lists etc.?
i'm thinking about getting one but their data hoarding is the reason i don't want to. Unless i can somehow make it less invasive.
Gait biometric systems capture step patterns using video images and then convert the collated data into a mathematical equation. Gait as a biometric measure can be influenced by several factors, including footwear, terrain, fatigue, and injury.
...Love this sub, I don't have hardcore needs in terms of privacy, but wanted to know for people that enjoy a covid mask, their opinion on Gait Rec. Technologies, and does any one have any intel in throwing these systems off, whether or not that is impossible?
Hello,
I want to buy a flip phone to reduce distractions and am planning on getting rid of my Pixel. I currently have Cheogram installed on my Pixel and want to forward calls/texts to my SIM phone number. I'm not sure if the current flip phones support Cheogram well (due to the small screen), that's mainly why I want to setup call forwarding.
Any help is appreciated.
Yesterday, I started watching a video on YouTube but closed out of my browser (Firefox) only a few minutes into the video.
I've got my Firefox set to delete all cookies, history, form data, etc on every close. (Pretty much everything but bookmarks.) The image on this post is a screenshot of my relevant settings.
Today, after having exited my browser and fully shut down my computer for a while, I remembered the video and decided to continue watching it.
In Firefox, I searched for the video (I used the search term "gnu taler" -- something worth looking into especially for folks interested in this particular Lemmy community by the way). In the search results, the video I was searching for showed the red bar at the bottom indicating I'd watched only the first few minutes of it.
Which seems weird given that I'd cleared all my browser data since I watched the first few minutes.
So I did some experimentation. I closed my browser completely again and opened it back up, searched in YouTube, and it still had the indicator. I updated to the latest version of Firefox in the Arch package repository. Same indicator. I tried the same in Chromium (which I've also got set to delete all browser data on close). Still the indicator. I installed Tor Browser Bundle (specifically torbrowser-launcher on Arch Linux), changed none of the default settings at all, and searched in YouTube. The indicator is present. In Tor Browser Bundle.
W
T
F
?
Anybody have any idea how that's possible?
My only guesses are:
- That search is so niche as to be literally unique (which if true makes me sad -- I really hope GNU Taler takes off and becomes widespread) and YouTube is using that to identify me.
- YouTube doesn't know where I left off at all. Not even my browser knows (because if it was my browser keeping track, it wouldn't persist between browsers). It's something else on my system that my browsers depend on or tap into.
The only other pieces of relevant info I can think to share:
- There's another video (also about GNU Taler) that I watched all the way through the same day that I started the video this post is about. It doesn't show any indicator.
- I tried searching on my phone's browser. No indicator. But then I'm not sure my phone ever shows indicators. I haven't tried this on any other devices on my network or anything.
- I still haven't watched the video in question. Heh.
Thanks in advance for any insight you might have.
Edit: Sorry for neglecting to mention previously that at no point during any of the above did I log in to YouTube. And the "Sign in" button was visible at the top of the page indicating I wasn't logged in. Since multiple people asked, I figured I should edit my OP with that info.
Edit2: Two more things to mention. I think some folks are thinking I copied the link and pasted it between browsers during the above test or something? The only reason the timestamp is included in the link I posted above is because when I copied it into this post, I didn't think to remove the timestamp. But I didn't do anything like copying the link from the search results in one browser and then paste the link into TBB or anything. In each separate browser, immediately after opening the browser, I went to YouTube (by typing "youtube.com" into the address bar) and put "gnu taler" into the search bar and hit enter. And in each browser, YouTube somehow remembered where I'd left off in a whole different browser -- with a different IP address in the case of the switch from Chromium to TBB. And no urls were copied between browsers in any of the above.
The other thing to mention. Changing my search term to the full title of the video ("Building an Open Source Payment System - Sebastian Javier Marchano, Taler System" sans quotes) gives the relevant video as the top search result, but no "left off" indicator. And I'm in the Firefox in which I first noticed it had remembered.
Oh, actually, one more thing to mention. After posting this, I continued watching. I'm probably about 3/4 done with it now. But I closed my browser again before completing it, reopened my browser, and searched "gnu taler". It gives the indicator, but the position of the indicator is roughly (possibly exactly) where it was when I first noticed it had remembered. Not where I left off after watching to roughly the 3/4 mark.
Edit3: Wow! Ok. I'm 99% sure folks smarter than me have hit upon what's going on here. Thanks in particular to Tony N and Chozo for the right answer. It looks like YouTube has a feature where, depending on your search terms, it may automatically skip you a certain ways into the video. (Like "oh, you searched for 'gnu taler'? Well, in this video result, this bit in the middle is the part that's relevant to your search terms, so we'll just start you such-and-such-many seconds into the video.") The red bar doesn't mean "you've watched this" at all. And YouTube isn't "remembering me" between browsers. It's just consistently (as long as I use the specific search terms "gnu taler") suggesting that I start that video 273 seconds in rather than from the beginning. And anyone who searches that exact search term should get similar results... unless they're on mobile for some weird reason? That paired with the coincidence that I'm pretty sure I just happened to have stopped the video yesterday right about at the same place where YouTube recommends you start had me very confused. Whatever the case, I'm satisfied this must be the right answer. Thanks again, ya'll!
One example would be state disability programs, they already need my real name and identity to work with me. Are there any downsides to sharing a simplelogin alias containing my real name vs no containing my real name? I just think it would be easier record keeping for them.
I've been using Microsoft todo for a good while now after failing to find any decent private todo tools some while back. To my disappointment, there seems to be nothing much, perhaps with this one exception.
Everdo is one I recently ran into. It is focused on a the “Getting Things Done” Methodology, but if you are uninterested in that you could presumably ignore the extraneous stuff. It offers a local-network sync (pretty unique) as well a hosted E2EE (if I read it correctly) cloud sync service. You can see more here https://help.everdo.net/docs/sync
Privacy policy seems fine https://everdo.net/legal/#privacy-policy
It is local first, albeit on some internal database, not local files
Privacy
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)