anyone who objects to mass surveillance obviously hates puppies

Signal protocol is awesome for privacy, not anonymity

The “privacy, not anonymity” dichotomy is some weird meme that I’ve seen spreading in privacy discourse in the last few years. Why would you not care about metadata privacy if you care about privacy?

Signal is not awesome for metadata privacy, and metadata is the most valuable data for governments and corporations alike. Why do you think Facebook enabled e2ee after they bought WhatsApp? They bought it for the metadata, not the message content.

Signal pretends to mitigate the problem it created by using phone numbers and centralizing everyone’s metadata on AWS, but if you think about it for just a moment (see linked comment) the cryptography they use for that doesn’t actually negate its users’ total reliance on the server being honest and following their stated policies.

Signal is a treasure-trove of metadata of activists and other privacy-seeking people, and the fact that they invented and advertise their “sealed-sender” nonsense to pretend to blind themselves to it is an indicator that this data is actually being exploited: Signal doth protest too much, so to speak.

100% of options funded by western governments

One of their four, SimpleX, is not funded by western governments (…but it instead has some venture capital 🤡)

a wifi access point that gets online via a cellular network is called a mobile hotspot, regardless of if it’s running on a phone or a dedicated router device

huh? mobile hotspot is double-bad

https://en.wikipedia.org/wiki/Operation_Metro_Surge is (according to DHS) “the largest immigration enforcement operation ever carried out”

I don’t think anyone called those “web apps” though. I sure didn’t.

As I recall, the phrase didn’t enter common usage until the advent of AJAX, which allowed for dynamically loading data without loading or re-loading a whole page. Early webmail sites simply loaded a new page every time you clicked a link. They didn’t even need JavaScript.

The term “web app” hadn’t been coined yet but, even without AJAX I think in retrospect it’s reasonable to call things like the early versions of Hotmail and RocketMail applications - they were functional replacements for a native application, on the web, even though they did require a new page load for every click (or at least every click that required network interaction).

At some point, though, I’m pretty sure that some clicks didn’t require server connections, and those didn’t require another page load (at least if js was enabled): this is what “DHTML” originally meant: using JavaScript to modify the DOM client-side, in the era before sans-page-reload network connections were technically possible.

The term DHTML definitely predates AJAX and the existence of XMLHTTP (later XMLHttpRequest), so it’s also odd that this article writes a lot about the former while not mentioning the latter. (The article actually incorrectly defines DHTML as making possible “websites that could refresh interactive data without the need for a page reload” - that was AJAX, not DHTML.)

A cascade of satellite collisions is called Kessler syndrome and the risk of it happening is rapidly increasing due to megaconstellations like Starlink:

Here we propose a new metric, the CRASH Clock, that measures such stress in terms of the timescale for a possible catastrophic collision to occur if there are no satellite manoeuvres or there is a severe loss in situational awareness. Our calculations show the CRASH Clock is currently 5.5 days, which suggests there is limited time to recover from a wide-spread disruptive event, such as a solar storm. This is in stark contrast to the pre-megaconstellation era: in 2018, the CRASH Clock was 164 days.

Kessler syndrome could be a solution to the Fermi paradox.

Weird this article doesn’t mention Hotmail and RocketMail, which both had email client web apps in 1996.

thank you OP for allowing me the opportunity to read this entire image here on lemmy prior to seeing the creator’s mastodon username, so that i could believe it was real for a minute :)

(for anyone unfamiliar with it, check out her other amazing work…)

also ping and thankyou to @NanoRaptor@bitbang.social (in case mentions on lemmy notify mastodon users?)

now do gtkmm

Sadly there are none I can recommend wholeheartedly, all have various problems 😢

There are some controversial picks in there like Proton Mail or Brave. They do have a pretty wide adoption but have severe downsides. I’ll probably remove them again. What do you think?

here is a comment i wrote recently listing some of the reasons not to use proton. i’d also recommend against vivaldi (proprietary), brave (so many reasons), and everything in your messaging category besides matrix (and matrix also has lots of problems but it is the least bad of the ones you’re recommending). sorry that i don’t have time to elaborate right now (it’s a lot), but for the inevitable “what about signal” question see my comment here and more here.

ps. if you do use signal, consider adjusting your Who Can Find Me By Number setting (see that link for a fun implementation of the attack against signal users who leave it as it is by default). note that the same thing could technically be done in matrix too, albeit by matrix ID instead of phone number. 😬

pps: here are my comments about tuta 🙄

Why not just use proton?

A few of the many reasons not to use Proton:

• their e2ee is snakeoil (see my comment here about why - but tldr it requires completely trusting them and if you completely trust them you wouldn’t need e2ee, the point of e2ee is to avoid needing to trust the service provider)
• their server-side code is closed-source
• they’re a freemium service which can and does arbitrarily decide to start charging for previously-free features
• they’ve suspended a number of users who they should not have
• their CEO is a trump fanboy.

…

Its Swiss based.

You know who else was Swiss based? 🙄

Not sure about purism but I think its US so avoid it like a plague.

I don’t know enough about Purism to endorse them but afaict they don’t have any of the above problems.

Purism’s e2ee is PGP; you can use their service via their client software or whatever other client you want, and can communicate with people who are using different implementations with different mail providers. I don’t see any mention of them even offering webmail but I expect that if they do they would probably offer PGP there using a browser extension instead of having extremely-impractical-to-verify-before-running-it js code being sent anew from the server every time you load the page (which is how Proton’s webmail works, and also what they offer for non-Proton users to receive mail encrypted using their nonstandard encryption).

I’d rather have US legal jurisdiction and credible e2ee which doesn’t allow the operator to trivially circumvent it for targeted users than to have Swiss jurisdiction and snake oil.

the suggestion that you should maybe write down an eight digit hex string “in case you need it” is just adding insult to injury. i guess anything less than a 32bit space for error codes would be insufficient

ugh. this page has some other nice stuff, but the basic browser typesetting is glaringly wrong for this historic document. see a scan of the original here

is that jesus?

The “girls FTW” mail in that bluesky post is indeed fake, but the daily beast article linked by this post does not include that one.

It is noteworthy how the existence of a fake thing which can be debunked can cause people to assume that similar-but-real things are also fake 😭

that screenshot is almost^[1] definitely fake; unlike the ones in the dailybeast article, phrases from it do not find anything in the search.