Ulrich

I actually like Mattermost as a free slack alternative. Matrix is too complicated for normies and the encryption seems unnecessary on a local server.

Not necessarily. I’m not some sort of tech genius but she’s using some choice language here:

push notifications for Signal NEVER contain sensitive unencrypted data & do not reveal the contents of any Signal messages

metadata is not “contained” in the notification.

When pushed on this she basically changed the subject to “there’s no alternative”:

Another Twitter user pointed out that rather than the exposure of the text, the bigger issue is that “the push gets sent at all, not what’s in it. It lets an attacker identify somebody by when they get messages, messages the attacker may even have sent.”

To this, Whittaker replied, “So this is an issue worth clarifying. It’s not possible [right now] to build a mass [communications] app [without] push notifications, [especially with] calling. This is a problem, we agree.”

https://www.medianama.com/2023/12/223-signal-push-notifications-content-meredith-whittaker/

I could be misinterpreting these statements but that’s how it reads to me. Seems like encrypting metadata would require Google’s involvement and I’m sure that’s the opposite of what they want.

Yes. 100%. Some app creators will encrypt the contents but I don’t think they can encrypt the metadata.

Even the most “private” of companies like Signal and Proton don’t provide any alternative either. Third-party fork Molly adds UnifiedPush support to Signal.

From Signal CEO:

PSA: We’ve received questions about push notifications. First: push notifications for Signal NEVER contain sensitive unencrypted data & do not reveal the contents of any Signal messages or calls–not to Apple, not to Google, not to anyone but you & the people you’re talking to.

In Signal, push notifications simply act as a ping that tells the app to wake up. They don’t reveal who sent the message or who is calling (not to Apple, Google, or anyone). Notifications are processed entirely on your device. This is different from many other apps.

What’s the background here? Currently, in order to enable push notifications on the dominant mobile operating systems (iOS and Android) those building and maintaining apps like Signal need to use services offered by Apple and Google.

Apple simply doesn’t let you do it another way. And Google, well you could (and we’ve tried), but the cost to battery life is devastating for performance, rendering this a false option if you want to build a usable, practical, dependable app for people all over the world.

So, while we do not love Big Tech choke points and the control that a handful of companies wield over the tech ecosystem, we do everything we can to ensure that in spite of this dynamic, if you use Signal your privacy is preserved.

(Note, if you are among the small number of people that run alt Android-based operating systems that don’t include Google libraries, we implement the battery-destroying push option, and hope you have ways to navigate.)

https://mastodon.world/@Mer__edith/111563865413484025

Would be great if app publishers actually made it available. To my knowledge there are only 2 or 3.

There’s literally always going to be someone out there who doesn’t have the same information that you do.

And there’s going to be people who have information I don’t. That doesn’t mean they should run the same article over and over.

Wat.

You can typically pick them up the the grocery store or something and load them up. And then reload them.

We’ve known about this for a long time. Google too. Apple publishes it in their transparency reports now.

That’s no what I’m asking. If I open the site and create a workspace, then close the window, how do I get back into my workspace?

If there’s no account, how do I “log in” to my community or whatever

It’s peer-to-peer, there’s no server

The best way for self hosting is docker

🤔

Well. I don’t really think of TOR as a browser but I digress.

Zen will give you the most functionality. Librewolf will give you the most privacy and security.

Oh I didn’t even realize Brave had a search engine. Last time I used Leta it didn’t say anything about that.

What does it have to do with Brave?

Not entirely sure what you’re asking. Pirated software is just software you’ve copied without permission. It can be anything.

Yes. Anything with “ID” in the name should give you pause, especially when its designated to you by the largest surveillance company on the planet.

You can simply delete it.

Settings --> Privacy --> Ads --> Delete advertising ID.

It does not “use” AOSP, it’s built on AOSP, like every Android device.

AOSP is like the foundation of any Android OS.

Logging out and closing the browser does not delete your cookies.

the developers chose the method purposely

They chose it because it’s often the only way they can distribute packages to Ubuntu users. Which was the whole point all along; Canonical taking control of app distribution.